rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update docs: add new services to readme, remove obsolete go2rtc-readme

Browse source 
- readme.md: add authelia, fail2ban, homepage, arr-interconnect, nginx
  description updated to mention ACME. Remove omnisearch, add cachyos
  kernel to flake inputs table.
- cloudflare-ddns.md: document shared token usage with ACME, note
  Zone:Zone:Read permission requirement.
- Delete go2rtc-readme.md (documented Docker setup, now native NixOS).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
ediblerope 2026-04-07 20:42:19 +01:00
parent 372275da5e
commit 08669d7eb5
3 changed files with 23 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

9
readme.md
View file

@ -32,13 +32,16 @@ Flake-based NixOS configuration for three machines, built and deployed directly
│ ├── FredOS-Macbook.nix # Broadcom WiFi, Intel GPU, Bluetooth, filesystems, bootloader, hostname │ ├── FredOS-Macbook.nix # Broadcom WiFi, Intel GPU, Bluetooth, filesystems, bootloader, hostname
│ └── FredOS-Mediaserver.nix # Intel CPU, data disks, mergerfs pool, GRUB, hostname │ └── FredOS-Mediaserver.nix # Intel CPU, data disks, mergerfs pool, GRUB, hostname
├── services ├── services
│ ├── arr-interconnect.nix # Cross-service API key wiring for *arr apps
│ ├── authelia.nix # SSO/2FA gateway (protects homepage & camera)
│ ├── bazarr.nix # Subtitle management │ ├── bazarr.nix # Subtitle management
│ ├── cloudflare-ddns.nix # Cloudflare dynamic DNS │ ├── cloudflare-ddns.nix # Cloudflare dynamic DNS
│ ├── fail2ban.nix # Intrusion prevention (SSH, nginx, Authelia, *arr, etc.)
│ ├── game-servers.nix # Game server definitions │ ├── game-servers.nix # Game server definitions
│ ├── go2rtc.nix # Camera/RTSP streaming │ ├── go2rtc.nix # Camera/RTSP streaming
│ ├── homepage.nix # Homepage dashboard with auto-extracted API keys
│ ├── jellyfin.nix # Media server │ ├── jellyfin.nix # Media server
│ ├── nginx.nix # Reverse proxy │ ├── nginx.nix # Reverse proxy + ACME wildcard cert via Cloudflare DNS-01
│ ├── omnisearch.nix # OmniSearch service
│ ├── prowlarr.nix # Indexer manager │ ├── prowlarr.nix # Indexer manager
│ ├── qbittorrent-nox.nix # Torrent client │ ├── qbittorrent-nox.nix # Torrent client
│ ├── radarr.nix # Movie management │ ├── radarr.nix # Movie management
@ -158,9 +161,9 @@ After this succeeds, the plain `update` alias works from then on.
|---|---| |---|---|
| nixpkgs | `github:NixOS/nixpkgs/nixos-unstable` | | nixpkgs | `github:NixOS/nixpkgs/nixos-unstable` |
| home-manager | `github:nix-community/home-manager` | | home-manager | `github:nix-community/home-manager` |
| omnisearch | `git+https://git.bwaaa.monster/omnisearch` |
| zen-browser | `github:0xc000022070/zen-browser-flake` | | zen-browser | `github:0xc000022070/zen-browser-flake` |
| nix-flatpak | `github:gmodena/nix-flatpak` | | nix-flatpak | `github:gmodena/nix-flatpak` |
| nix-cachyos-kernel | `github:xddxdd/nix-cachyos-kernel/release` |
## Notes ## Notes

26
services/cloudflare-ddns.md
View file

@ -1,15 +1,23 @@
1. Store your API key securely ## Store your API key securely
Create a file outside your /etc/nixos directory to store your Cloudflare API token: Create a file outside your /etc/nixos directory to store your Cloudflare API token:
bashsudo mkdir -p /var/secrets
```bash
sudo mkdir -p /var/secrets
sudo nano /var/secrets/cloudflare-token sudo nano /var/secrets/cloudflare-token
Put your Cloudflare API token in this file, then set appropriate permissions: sudo chmod 600 /var/secrets/cloudflare-token
bashsudo chmod 600 /var/secrets/cloudflare-token
sudo chown root:root /var/secrets/cloudflare-token sudo chown root:root /var/secrets/cloudflare-token
```
This token is shared by both `cloudflare-ddns.nix` (DDNS updates) and `nginx.nix` (ACME wildcard cert via DNS-01 challenge).
3. Get your Cloudflare API Token ## Get your Cloudflare API Token
If you haven't created one yet:
Go to Cloudflare Dashboard → My Profile → API Tokens Go to Cloudflare Dashboard → My Profile → API Tokens and create a token with:
Create a token with Zone:DNS:Edit permissions for your specific zone
Copy the token to /var/secrets/cloudflare-token - **Zone : Zone : Read**
- **Zone : DNS : Edit**
Both permissions are required — Zone:Read for ACME to locate the zone, DNS:Edit for DDNS updates and ACME challenge TXT records.
Copy the token to `/var/secrets/cloudflare-token`.

67
services/go2rtc-readme.md
View file

@ -1,67 +0,0 @@
cat authelia configuration.yml
---
theme: dark
server:
address: 'tcp://0.0.0.0:9091/'
log:
level: info
authentication_backend:
file:
path: /config/users_database.yml
access_control:
default_policy: deny
rules:
- domain: camera.domain.topdomain
policy: one_factor
identity_validation:
reset_password:
jwt_secret: ""
session:
secret: ""
cookies:
- domain: domain.topdomain
authelia_url: https://auth.domain.topdomain
expiration: 1h
inactivity: 5m
storage:
encryption_key: ""
local:
path: /config/db.sqlite3
notifier:
filesystem:
filename: /config/notification.txt
fred ~/docker/authelia
cat users_database.yml
---
users:
username:
password: "secret"
displayname: Name
email: email
username:
password: "secret"
displayname: Name
email: email
##########################################
cat config.yml
---
streams:
kids_bedroom:
- rtsp://username:password@IP-address:554/stream1
api:
listen: ":1984"
webrtc:
listen: ":8555"