Nix configurations for my homelab
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

Adjust torrenting setup on lily

- Use the correct external interface
- Allow lutea to access the WebUI without a username/password combo

yemou 650ef9ea 2cd6e818

+35 -6
+2
lily/config.nix
··· 14 14 ../modules/network-info.nix 15 15 ../modules/nix.nix 16 16 ../modules/openrgb.nix 17 + ../modules/qbittorrent.nix 17 18 ../modules/remote-build-machines.nix 18 19 ../modules/remote-builder.nix 19 20 ../modules/smartd.nix 21 + ../modules/vpn-container.nix 20 22 21 23 ../modules/services/caddy 22 24 ../modules/services/caddy/atproto-did.nix
+20 -2
modules/qbittorrent.nix
··· 1 - { lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 { 3 8 environment.persistence."/data/persistent".directories = [ 4 9 { ··· 8 13 group = "qbittorrent"; 9 14 } 10 15 ]; 16 + 17 + networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = lib.mkIf ( 18 + config.networking.hostName == "lily" 19 + ) [ 8082 ]; 11 20 12 21 users = { 13 22 users.qbittorrent = { ··· 31 40 isReadOnly = false; 32 41 }; 33 42 }; 43 + forwardPorts = lib.mkIf (config.networking.hostName == "lily") [ 44 + { 45 + hostPort = 8082; 46 + containerPort = 8082; 47 + } 48 + ]; 34 49 }; 35 50 36 51 garden.container.vpn.config = [ ··· 78 93 WebUI = { 79 94 LocalHostAuth = false; 80 95 AuthSubnetWhitelistEnabled = true; 81 - AuthSubnetWhitelist = lib.strings.join ", " [ "192.168.2.1" ]; 96 + AuthSubnetWhitelist = lib.strings.join ", " [ 97 + "192.168.2.1" 98 + (lib.optionals (config.networking.hostName == "lily") config.garden.info.network.lutea.netbird-ip) 99 + ]; 82 100 }; 83 101 }; 84 102 };
+7 -1
modules/vpn-container.nix
··· 16 16 networking.nat = { 17 17 enable = true; 18 18 internalInterfaces = [ "ve-vpn" ]; 19 - externalInterface = "enp5s0"; 19 + externalInterface = 20 + if (config.networking.hostName == "lutea") then 21 + "enp5s0" 22 + else if (config.networking.hostName == "lily") then 23 + "enp0s31f6" 24 + else 25 + ""; 20 26 enableIPv6 = true; 21 27 }; 22 28
+6 -3
secrets/lily.yaml
··· 11 11 adminPass: ENC[AES256_GCM,data:zQ/3bvzI27B7kcZ/rnaG8C/b3Pk/Cp0m+cDC5qN5Rqo=,iv:5A1WuK26asHKYoNUhfsAMVZtBA+bRFCl+zxw2phH2Rs=,tag:kS6A/N9K+2yYc7VkOqCbug==,type:str] 12 12 jwtSecret: ENC[AES256_GCM,data:Ueday7XtlsxHC+/Nbx5T+FWwXABvV8Z+M+6PEGpypQU=,iv:+7o5cjW+3Xi+LhiBLdijEHwXiEZ4UnYW9qmOejQzCsM=,tag:7Fic+08fBOam8+gakM6iEg==,type:str] 13 13 plcRotationKeyK256PrivateKeyHex: ENC[AES256_GCM,data:2tpAI5RGc2fz09KoOeMr9OVheo34zhttaiYwhQHVPKvRz9p/PLtSxnkSHdiKyeqPT046kgq0+GJphxATRDweGA==,iv:ETfC1h10k2QS9tCO2t0874UNw57kJIwECJp8AH0bWWI=,tag:Chd1nRVE75jakFL2Uw/frA==,type:str] 14 + protonvpn-torrent: 15 + private-key: ENC[AES256_GCM,data:trGHNbt68+Io4gX73lFB/TIKhkspn30Gzv80PP5VZaZlCSXO79GO6XDJNh8=,iv:lqBJf9k/ZayXYynYIbUookM72sCwQwzLoPc//092/S0=,tag:kazt/mvUe9sXlbvqVmNjYA==,type:str] 16 + public-key: ENC[AES256_GCM,data:dtdaavrVu7u6skDHETewiIactzqFJLNfzjndzagPIuld890aheevdpbfyj8=,iv:zf+B9w7qZxhB0oSKCG/k0KIqZReJ/KmHiN3C8TXUvn0=,tag:McaVvqwWcSgcYdXHKRTHuw==,type:str] 14 17 sops: 15 18 age: 16 19 - recipient: age1amaa55e7nusv904a9ucfvtnjlw4srtet42suehey6u3yc4t2xc5sdldepj ··· 22 25 cHlWQjF3ZkU5NUs0Y1hodUlabkxpdzAK91EV34EhJMrxxdVrRCwZlGKuRs7AU7v3 23 26 dU8XRhjAzJs2Vu5UnCVOGB5Zl6w7FkXICYY0IP2dA0b477dI5rXNBg== 24 27 -----END AGE ENCRYPTED FILE----- 25 - lastmodified: "2025-08-26T00:11:08Z" 26 - mac: ENC[AES256_GCM,data:jE8a2jiTbQlEn1oEIfb9paeppkt6NxMOimN68xuyw2CUIIvI6T63+FX36mEVFW+LTXEiMcYlCei/Ml63OXVDKP9oImK43QYR18MIoqeTe6TO/gbxxpQzDKi1aGraOfKQeQ0XxLQEexmW4gmtsSBouMCnGNgDG9aJQRMRGE4CHi8=,iv:z8iWOIZua/7I+qdpso7D1FBT3AjRKb3iSk/arcovnZg=,tag:oIB55/ZBUo22F7GB+X2EQA==,type:str] 28 + lastmodified: "2025-10-25T02:25:30Z" 29 + mac: ENC[AES256_GCM,data:HHMLS2fp9oo4URY5D0BA/z1LRvF7tFzyURYOOkz22TuMSyJYPJdZ9JIWPGwvlI9DwvmPdggwuOxSK7Xit6EK6wIgYUQ33k1WaOmElXqp3BaTtPkvL5sgMgL7+sYAocfZnE03hXvHQ/LBHpa+/PuO4p2EQRMphkJmV6rWShJMpZ8=,iv:ud9d1iJBI3EJAe8NDqe1RhoFxxr3ZgDl1flLX5iLUqw=,tag:vDtsrnFjh2JdJ3c2O5brSw==,type:str] 27 30 unencrypted_suffix: _unencrypted 28 - version: 3.10.2 31 + version: 3.11.0