Setup heimdall

machines/tounge/configuration.nix

@@ -71,22 +71,37 @@
   # Setup home manager
   home-manager.users.nathan = import ./home.nix;
 
-  # Setup pi hole
-  virtualisation.oci-containers.containers."pihole" = {
-    image = "pihole/pihole:latest";
-    ports = [
-      "10.0.0.10:53:53/tcp"
-      "10.0.0.10:53:53/udp"
-      "100.75.37.98:53:53/tcp"
-      "100.75.37.98:53:53/udp"
-      "3080:80"
-      "30443:443"
-    ];
-    volumes =
-      [ "/var/lib/pihole/:/etc/pihole/" "/var/lib/dnsmasq.d:/etc/dnsmasq.d/" ];
-    extraOptions = [ "--cap-add=NET_ADMIN" "--dns=1.1.1.1" ];
+  # Containerized applications
+  virtualisation.oci-containers.containers = {
+    # Setup pi hole
+    "pihole" = {
+      image = "pihole/pihole:latest";
+      ports = [
+        "10.0.0.10:53:53/tcp"
+        "10.0.0.10:53:53/udp"
+        "100.75.37.98:53:53/tcp"
+        "100.75.37.98:53:53/udp"
+        "3080:80"
+        "30443:443"
+      ];
+      volumes = [
+        "/var/lib/pihole/:/etc/pihole/"
+        "/var/lib/dnsmasq.d:/etc/dnsmasq.d/"
+      ];
+      extraOptions = [ "--cap-add=NET_ADMIN" "--dns=1.1.1.1" ];
+    };
+    # Setup heimdall
+    "hub" = {
+      image = "lscr.io/linuxserver/heimdall:latest";
+      environment = {
+        "PUID" = "1001";
+        "PGID" = "1001";
+        "TZ" = "America/New_York";
+      };
+      ports = [ "4080:80" "4433:433" ];
+      volumes = [ "/var/lib/heimdall:/config" ];
+    };
   };
-
   # Nginx virtual hosts
   services.nginx = {
     enable = true;
@@ -107,6 +122,17 @@
           '';
         };
       };
+      "hub.mccarty.io" = {
+        forceSSL = true;
+        useACMEHost = "mccarty.io";
+        locations."/" = {
+          proxyPass = "http://localhost:4080";
+          extraConfig = ''
+            allow 100.64.0.0/10;
+            deny all;
+          '';
+        };
+      };
       "sonarr.mccarty.io" = {
         forceSSL = true;
         useACMEHost = "mccarty.io";