update port and address for gitea

flake.lock

@@ -7,26 +7,27 @@
         ]
       },
       "locked": {
-        "lastModified": 1707607386,
-        "narHash": "sha256-hj/RgQMTvCWQVInkZwiMMieumkfOjHXhtWhfuXHop/8=",
+        "lastModified": 1699368917,
+        "narHash": "sha256-nUtGIWf86BOkUbtksWtfglvCZ/otP0FTZlQH8Rzc7PA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "bfd0ae29a86eff4603098683b516c67e22184511",
+        "rev": "6a8444467c83c961e2f5ff64fb4f422e303c98d3",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
         "repo": "home-manager",
+        "rev": "6a8444467c83c961e2f5ff64fb4f422e303c98d3",
         "type": "github"
       }
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1707211557,
-        "narHash": "sha256-LTKTzZ6fM5j8XWXf51IMBzDaOaJg9kYWLUZxoIhzRN8=",
+        "lastModified": 1711352745,
+        "narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
         "owner": "nixos",
         "repo": "nixos-hardware",
-        "rev": "6e5cc385fc8cf5ca6495d70243074ccdea9f64c7",
+        "rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
         "type": "github"
       },
       "original": {
@@ -37,26 +38,26 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1707650133,
-        "narHash": "sha256-ESHjN3syUAZvuV9z6lToesNeMYiXCPKgsx4+jhxOuVA=",
-        "owner": "nixos",
+        "lastModified": 1701282334,
+        "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9002908215ae609210c2168494b387ff5728220a",
+        "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "type": "github"
+        "id": "nixpkgs",
+        "ref": "23.11",
+        "type": "indirect"
       }
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1707603439,
-        "narHash": "sha256-LodBVZ3+ehJP2azM5oj+JrhfNAAzmTJ/OwAIOn0RfZ0=",
+        "lastModified": 1711233294,
+        "narHash": "sha256-eEu5y4J145BYDw9o/YEmeJyqh8blgnZwuz9k234zuWc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d8cd80616c8800feec0cab64331d7c3d5a1a6d98",
+        "rev": "ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68",
         "type": "github"
       },
       "original": {
@@ -82,11 +83,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1707620614,
-        "narHash": "sha256-gfAoB9dGzBu62NoAoM945aok7+6M+LFu+nvnGwAsTp4=",
+        "lastModified": 1711249319,
+        "narHash": "sha256-N+Pp3/8H+rd7cO71VNV/ovV/Kwt+XNeUHNhsmyTabdM=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2eb7c4ba3aa75e2660fd217eb1ab64d5b793608e",
+        "rev": "405987a66cce9a4a82f321f11b205982a7127c88",
         "type": "github"
       },
       "original": {

machines/cj/configuration.nix

@@ -123,12 +123,12 @@
   security.rtkit.enable = true; # recommended for pipewire
 
   # enable acme for certbot
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "jacob.hinkle@gmail.com";
-    };
-  };
+  #security.acme = {
+    #acceptTerms = true;
+    #defaults = {
+      #email = "jacob.hinkle@gmail.com";
+    #};
+  #};
 
   virtualisation.oci-containers.containers = let
     ips = {
@@ -144,6 +144,8 @@
   in {
     home-assistant = import ./home-assistant.nix ips;
     pihole = import ./pihole.nix ips;
+    unifi = import ./unifi.nix ips;
+    vaultwarden = import ./vaultwarden.nix ips;
   };
 
   # List services that you want to enable:
@@ -186,7 +188,9 @@
     timesyncd.enable = true;
 
     unifi = {
-      enable = true;
+      # This was causing a full build of mongodb on every nixos-rebuild.
+      # Instead, let's migrate to using the docker image
+      enable = false;
       openFirewall = true;
       unifiPackage = pkgs.unifiStable;
     };

machines/cj/gitea.nix

@@ -13,7 +13,9 @@
       DOMAIN = "git.jhink.org";
       ROOT_URL = "https://git.jhink.org";
       HTTP_PORT = 3000;
-      HTTP_ADDR = "127.0.0.1";
+      HTTP_ADDR = "0.0.0.0";
+      START_SSH_SERVER = "true";
+      SSH_PORT = 22222;
     };
   };
 }

machines/cj/hardware-configuration-zfs.nix

@@ -90,6 +90,11 @@
       fsType = "zfs";
       neededForBoot = true;
     };
+  fileSystems."/serverdata/unifi" =
+    { device = "rpool/serverdata/unifi";
+      fsType = "zfs";
+      neededForBoot = true;
+    };
   fileSystems."/serverdata/vaultwarden" =
     { device = "rpool/serverdata/vaultwarden";
       fsType = "zfs";

machines/cj/nginx.nix

@@ -1,10 +1,10 @@
 {
-  enable = true;
+  enable = false;
   recommendedProxySettings = true;
   virtualHosts = let
     simpleProxy = ip: {
-      forceSSL = true;
-      enableACME = true;
+      forceSSL = false;
+      enableACME = false;
       extraConfig = ''
         proxy_buffering off;
       '';

machines/cj/unifi.nix

@@ -0,0 +1,19 @@
+{ serverIP, serverIP6 } : {
+  image = "jacobalberty/unifi:v8.1";
+  ports = [
+    "8080:8080"
+    "8443:8443"
+    "3478:3478/udp"
+  ];
+  environment = {
+    TZ = "America/New_York";
+  };
+  volumes = [
+    "/serverdata/unifi:/unifi"
+  ];
+  extraOptions = [
+    "--cap-add=NET_ADMIN"
+    "--network=host"
+    #"--no-hosts" # do not populate internal /etc/hosts with container host's
+  ];
+}

machines/cj/vaultwarden.nix

@@ -0,0 +1,18 @@
+{ serverIP, serverIP6 } : {
+  image = "vaultwarden/server:1.30.5";
+  ports = [
+    "8022:80"
+  ];
+  environment = {
+    TZ = "America/New_York";
+  };
+  volumes = [
+    "/serverdata/vaultwarden:/data"
+  ];
+  extraOptions = [
+    #"--cap-add=NET_ADMIN"
+    #"--network=host"
+    #"--no-hosts" # do not populate internal /etc/hosts with container host's
+  ];
+}
+