jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add mealie

Browse source
This commit is contained in:
Jakob Lechner 2025-04-15 12:25:43 +02:00
parent 96de741c61
commit 1c0fa7606b
6 changed files with 44 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
hosts/iron/secrets/mail-users.nix
View file

Binary file not shown.

1
hosts/magnesium/persistence.nix
View file

@ -32,6 +32,7 @@
"/var/lib/acme"
"/var/lib/hedgedoc"
"/var/lib/nixos"
"/var/lib/private/mealie"
"/var/lib/private/ntfy-sh"
{
directory = "/var/lib/trilium";

1
hosts/magnesium/ports.nix
View file

@ -8,6 +8,7 @@
coturn-tls = { tcp = [ 5349 5350 ]; udp = [ 5349 5350 ]; };
forgejo-ssh.tcp = 2022;
hedgedoc.tcp = 3000;
mealie.tcp = 9000;
nginx-http.tcp = 80;
nginx-https.tcp = 443;
ntfy.tcp = 12474;

7
hosts/magnesium/secrets.yaml
View file

@ -3,6 +3,7 @@ turn-static-auth-secret: ENC[AES256_GCM,data:rzhixUemFPwKj1BcVPZd7KtUO9OA6A2R4qE
gitlab-runner_fablab-nea-hcloud-labsync: ENC[AES256_GCM,data:+znVO8cQxjDdhch7oUALZvt84iJmWnAx6lTM0+WGkGtaRWTCTPjgnst5waSJpw/Oysrd1PkXZKmLHyHuU7K/CHQij7sWH50G3ZcUum58klJc3dCPztlrLpDVHeSwyYiLpsqkQTfjqLPfrMkxuxBgTEVXlq2ZnFuyOGbFx9hubPxLeyQKakiW3qZWGjbFXYAps7Gl61AVdKJj3y1otX2JbCjG9x2i6FHZpl5ywwQCjKNM,iv:7v+I/oJtWDap6PNIJ4Qm3Si9dGs7a79SaMhnr/tbe1A=,tag:7jgoLtdWAEKMkWoXZ10owA==,type:str]
forgejo-mail: ENC[AES256_GCM,data:eZv9dM0a06wFJaDUZjo=,iv:L32ab5k/AX8HqSACJA5w+WbzLlBijA5++Gcr2SrnYIU=,tag:ddyTXikWTMnxq86IijgyYg==,type:str]
hedgedoc-session-secret: ENC[AES256_GCM,data:AYUiUF7R+5C3F5kNRL0R95e1l3Y59tIP388uY0IYCskBhR0H0XMVvyrX/gIM33Twwkc5it+fQtNPNXsbrAnoKQ==,iv:Q6pDEdFplp845/DCHutwni/g7Ch39pTCvfNs4Eh28CQ=,tag:aqVGs3iThmepT7iJusLOMA==,type:str]
mealie: ENC[AES256_GCM,data:4LlxJjDstTPZCD7Xyb+0CRkeDafP9a9oMuYDnXznINe+LrfkJGKwQIwP0B3VpeMmZ0Rwe7Tvje0ZWySFGADireb2r7TjDyASAoXJDyNNJ8byRc5Zt77zL2dp/W4xVt8WpQvwsXosjDv3NN6we831wWUrfNtp0g34YLqSU3F/9i7AaU7nVKnQ9QtJRVg5O57nhs/ZXopKOBUdiKAmxcl0hNNdQdaQX6xkDCWrV4432IOckqyqEQyd9KeCURuWeTUgPmTmnt9Cj8KkaQ39fd0LAGRjOBsKo4C4,iv:o5BPW4Wcg4KcFkJHc/mdrO4Rh+1nifxulYkF+iM3LEw=,tag:KXwDr3VHxjeHkyo23SPJgA==,type:str]
sops:
kms: []
gcp_kms: []
@ -18,8 +19,8 @@ sops:
elNwdVlJS2NCWUlXcEZvZWsvZ29FRnMK/qa6Qj1yQc91PWk9tMKSyFkMfYcHIKpQ
jcPmGWbpi2NPL/F0Xz2X/zQQxWzs9uzlS1VH+y8JRe1EPMYJ78NXZw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-11T15:28:59Z"
mac: ENC[AES256_GCM,data:1RnyUrbEI2JKpicmA3QV+5ob+vByahMjc4+ZpLbcMyZv/KXn02VP+OQaLm9NgPfpZmSmRgbdPNQAP4f71z/EjcceyANAhnvql3zuYgSXNp5l/IYo5UFZdWgQa14XTGO518969CDLW1zJnlkBtbtLEVlMJiQ/EraV1eNtgCr5UEU=,iv:0fLjboGiejUI9LxHW80ed+/Lf+jlN5UH7tVqfBptq0w=,tag:4Tyrqy9XwQAm0etooVBNZg==,type:str]
lastmodified: "2025-04-14T23:06:22Z"
mac: ENC[AES256_GCM,data:FSJSzA9xGKH9FBMWHPJwgbltkeRoumgpeFeftsgUWrMcc2O+sldNa/Gl1Pnmz5AwXNT5zRGv/zcnrt3lQMY+1vPrg3+DRrv5fn2OtHIZxN0cz+okqEoE40w7WLUZSyj9IESjlJKOL/nOdXf7EkXL64ZWDAZ6YKYe7JwD5oCGMOM=,iv:xKFdHYTqLCWtJFWIiZjtzJZpG1RZWPdeE1i6PQqYNsk=,tag:DfzN2iDjavGA/uEjLKZotw==,type:str]
pgp:
- created_at: "2025-04-08T22:53:53Z"
enc: |-
@ -33,4 +34,4 @@ sops:
-----END PGP MESSAGE-----
fp: 3044E71E3DEFF49B586CF5809BF4FCCB90854DA9
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.9.4

1
hosts/magnesium/services/default.nix
View file

@ -4,6 +4,7 @@
./forgejo.nix
./gitlab-runner.nix
./hedgedoc.nix
./mealie.nix
./ntfy.nix
./public-ip-tunnel.nix
./trilium.nix

37
hosts/magnesium/services/mealie.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, ... }:
let
domain = "mealie.jalr.de";
cfg = config.services.mealie;
in
{
sops.secrets.mealie = {
sopsFile = ../secrets.yaml;
};
services.mealie = {
enable = true;
credentialsFile = config.sops.secrets.mealie.path;
port = config.networking.ports.mealie.tcp;
listenAddress = "127.0.0.1";
settings = {
BASE_URL = "https://${domain}";
ALLOW_SIGNUP = "false";
SMTP_HOST = "hha.jalr.de";
SMTP_PORT = 465;
SMTP_FROM_NAME = "mealie";
SMTP_AUTH_STRATEGY = "TLS";
SMTP_FROM_EMAIL = "no-reply@jalr.de";
SMTP_USER = "mealie@jalr.de";
};
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
}