diff --git a/common.nix b/common.nix index b15c8c8..fee2569 100644 --- a/common.nix +++ b/common.nix @@ -41,6 +41,7 @@ ./services/sabnzbd.nix ./services/forgejo-runner.nix ./services/code-server.nix + ./services/memos.nix ]; ### Make build time quicker diff --git a/services/authelia.nix b/services/authelia.nix index 180686a..e3a9d79 100644 --- a/services/authelia.nix +++ b/services/authelia.nix @@ -82,6 +82,7 @@ in { domain = "profilarr.nordhammer.it"; policy = "one_factor"; } { domain = "sabnzbd.nordhammer.it"; policy = "one_factor"; } { domain = "code.nordhammer.it"; policy = "one_factor"; } + { domain = "notes.nordhammer.it"; policy = "one_factor"; } ]; }; diff --git a/services/memos.nix b/services/memos.nix new file mode 100644 index 0000000..6bae24b --- /dev/null +++ b/services/memos.nix @@ -0,0 +1,20 @@ +# services/memos.nix — Lightweight self-hosted notes at notes.nordhammer.it +# Uses Flatnotes with auth disabled — Authelia is the only gate. +{ config, lib, ... }: +{ + config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") { + + virtualisation.oci-containers.containers.flatnotes = { + image = "dullage/flatnotes:latest"; + ports = [ "127.0.0.1:5230:8080" ]; + volumes = [ "/var/lib/flatnotes:/app/data" ]; + environment = { + FLATNOTES_AUTH_TYPE = "none"; + }; + }; + + systemd.tmpfiles.rules = [ + "d /var/lib/flatnotes 0750 root root -" + ]; + }; +} diff --git a/services/nginx.nix b/services/nginx.nix index 2c5e018..3c86c45 100644 --- a/services/nginx.nix +++ b/services/nginx.nix @@ -115,6 +115,7 @@ in "profilarr.nordhammer.it" = protectedProxy 6868; "sabnzbd.nordhammer.it" = protectedProxy 8085; "code.nordhammer.it" = protectedProxy 4444; + "notes.nordhammer.it" = protectedProxy 5230; # --- Local-only: serves update history JSON to Homepage's customapi widget --- "homepage-updates.local" = {