Lucas/Homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Extensible DDNS

Browse source
This commit is contained in:
Lucas Thelen 2025-10-03 18:13:26 +00:00
parent 82cd5fb545
commit e08c4b27e2
4 changed files with 85 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

65
CLAUDE.md Normal file
View file

@ -0,0 +1,65 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Overview
This is a NixOS homelab configuration using Nix flakes. The setup includes a self-hosted Jellyfin media server, personal website hosting, VPN access via Tailscale, and automated DNS management with AWS Route53.
## Development Commands
### System Management
- `sudo nixos-rebuild switch --flake .#homelab` - Apply configuration changes
- `sudo nixos-rebuild test --flake .#homelab` - Test configuration without making it default
- `nix flake update` - Update flake inputs (updates flake.lock)
- `nixfmt-classic *.nix` - Format Nix files using the installed formatter
### Git Operations
- Configuration is version controlled - commit changes after testing
- Current branch: main
- Modified files: flake.nix, users.nix (check git status)
## Architecture
### Flake Structure
- `flake.nix` - Main flake definition with inputs (nixpkgs, agenix, personal site)
- `configuration.nix` - Default NixOS configuration (mostly commented out)
- `system.nix` - System-level settings (boot, power management)
- `packages.nix` - System packages (neovim, git, tools)
- `users.nix` - User configuration for lucas user with fish shell
### Modular Organization
- `networking/` - Network configuration modules
- `host.nix` - Static IP, firewall, Avahi discovery
- `ssh.nix` - SSH daemon configuration
- `adblock.nix` - Ad blocking setup
- `vpn-host.nix` - Tailscale VPN with auto-connect
- `services/` - Service modules
- `jellyfin.nix` - Media server with Deluge torrent client
- `site.nix` - Nginx reverse proxy, ACME SSL, Route53 DDNS
### Secret Management
- Uses agenix for encrypted secrets
- `secrets/aws.age` - AWS credentials for Route53 updates
- `tailscale.age` - Tailscale authentication key
### Key Services
- **Jellyfin**: Media server on port 8096, proxied via jellyfin.per-aspera.space
- **Personal Website**: Static site from GitHub repo served at per-aspera.space
- **Deluge**: Torrent client with web interface
- **Route53 DDNS**: Automated IP updates every 5 minutes
- **Tailscale**: VPN access with firewall rules
### Network Configuration
- Static IP: 192.168.0.10/24
- Hostname: homelab
- Firewall: Configured per service (HTTP/HTTPS, Jellyfin, SSH via Tailscale)
- Custom nameservers: 205.171.3.25, 8.8.8.8
## Important Notes
- System is configured as a server (no hibernation/suspend)
- Uses systemd-boot EFI bootloader
- Multimedia group for media file permissions at /data/media
- Fish shell is the default for the lucas user
- ACME certificates automatically managed for per-aspera.space domain

1
flake.nix
View file

@ -34,6 +34,7 @@
environment.systemPackages = [ agenix.packages.x86_64-linux.default ]; environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
age.secrets.tailscale.file = ./tailscale.age; age.secrets.tailscale.file = ./tailscale.age;
age.secrets.aws.file = ./secrets/aws.age; age.secrets.aws.file = ./secrets/aws.age;
nixpkgs.config.allowUnfree = true;
} }
]; ];
}; };

25
services/site.nix
View file

@ -1,13 +1,23 @@
{ config, pkgs, inputs, ... }: { config, pkgs, inputs, lib, ... }:
let let
domain = "per-aspera.space"; domain = "per-aspera.space";
hostedZoneId = "Z09728753LLLNSYFXIBIM";
# Configurable list of DNS records to update
dnsRecords = [
domain
"jellyfin.${domain}"
# Add more records here as needed
# "api.${domain}"
# "mail.${domain}"
];
updateRoute53 = pkgs.writeShellScript "update-route53" '' updateRoute53 = pkgs.writeShellScript "update-route53" ''
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
HOSTED_ZONE_ID="Z09728753LLLNSYFXIBIM" HOSTED_ZONE_ID="${hostedZoneId}"
DOMAIN="${domain}" DNS_RECORDS=(${lib.concatStringsSep " " (map lib.escapeShellArg dnsRecords)})
SUBDOMAIN="jellyfin.${domain}"
# Get current public IP # Get current public IP
CURRENT_IP=$(${pkgs.curl}/bin/curl -s https://ifconfig.me) CURRENT_IP=$(${pkgs.curl}/bin/curl -s https://ifconfig.me)
@ -46,9 +56,10 @@ let
fi fi
} }
# Update both records # Update all configured records
update_record "$DOMAIN" for record in "''${DNS_RECORDS[@]}"; do
update_record "$SUBDOMAIN" update_record "$record"
done
''; '';
in { in {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];

2
users.nix
View file

@ -7,7 +7,7 @@
shell = pkgs.fish; shell = pkgs.fish;
packages = with pkgs; [ eza ]; packages = with pkgs; [ eza claude-code ];
hashedPassword = hashedPassword =
"$6$X.mw03yY/VFjDThj$t1I68HZz6NBihZGhiJ6Ct8ZuOufX6ZX9pydnK4puTjT1XKfMO1FY5VL1DwywJHrXOEJtohV99TmrABfjdBQY21"; "$6$X.mw03yY/VFjDThj$t1I68HZz6NBihZGhiJ6Ct8ZuOufX6ZX9pydnK4puTjT1XKfMO1FY5VL1DwywJHrXOEJtohV99TmrABfjdBQY21";