temp

2024-06-18 11:26:35 +02:00 · 2024-06-18 11:26:35 +02:00 · 40648d4041
commit 40648d4041
parent cb4a8f024f
10 changed files with 14 additions and 4 deletions
--- a/hosts/modules/server/adguard.nix
+++ b/hosts/modules/server/adguard.nix
@ -1,8 +1,10 @@
+# Network-wide ads & trackers blocking DNS server 
+# Change your router primary DNS server to {this server IP} to make it network wide.
 {
    services.adguardhome ={
        enable = true;
        host = "0.0.0.0";
        port = 3000;
-        openFirewall = true;
+        openFirewall = true; # Open port 53(dns) & 3000(webui)
    };
 }
--- a/hosts/modules/server/cloudflare-dyndns.nix
+++ b/hosts/modules/server/cloudflare-dyndns.nix
@ -1,3 +1,4 @@
+# CloudFlare Dynamic DNS client
 {
    services.cloudflare-dyndns = {
        enable = true;
--- a/hosts/modules/server/homepage/default.nix
+++ b/hosts/modules/server/homepage/default.nix
@ -25,7 +25,7 @@ let
  '';
 in {

-  ."startpage/index.html".text = ''
+  # fix "startpage/index.html".text = ''
    <!DOCTYPE html>
    <html lang="en">

--- a/hosts/modules/server/nextcloud.nix
+++ b/hosts/modules/server/nextcloud.nix
@ -1,3 +1,4 @@
+# Nextcloud
 { pkgs, ... }:
 let
    hostname = "cloud.anotherhadi.com";
--- a/hosts/modules/server/nginx.nix
+++ b/hosts/modules/server/nginx.nix
@ -1,3 +1,4 @@
+# Nginx Reverse Proxy & ACME certs
 {config, ...}:{
  services.nginx.enable = true;
  security.acme = {
--- a/hosts/modules/server/ntfy-sh.nix
+++ b/hosts/modules/server/ntfy-sh.nix
@ -1,3 +1,4 @@
+# Push Notification Server
 # https://mynixos.com/nixpkgs/options/services.ntfy-sh
 let
    hostname = "ntfy.anotherhadi.com";
@ -9,7 +10,7 @@ in{
        settings = {
            base-url = url;
            listen-http = "${port}";
-            # auth-file
+            # auth-file = "/etc/ntfy-sh/authfile"
            auth-default-access = "deny-all";
            behind-proxy = true;
        };
--- a/hosts/modules/server/openssh.nix
+++ b/hosts/modules/server/openssh.nix
@ -1,3 +1,4 @@
+# SSH server
 {
  services.openssh = {
    enable = true;
--- a/hosts/modules/server/security.nix
+++ b/hosts/modules/server/security.nix
@ -1,3 +1,4 @@
+# Firewall & fail2ban
 {
    networking.firewall.enable = true;
    services.fail2ban = {
--- a/hosts/modules/server/unifi.nix
+++ b/hosts/modules/server/unifi.nix
@ -1,6 +1,7 @@
+# unifi controller service
 {
    services.unifi = {
        enable = true;
-        openFirewall = true;
+        openFirewall = true; # 8443(webui) and other port use by AP
    };
 }
--- a/hosts/modules/server/vaultwarden.nix
+++ b/hosts/modules/server/vaultwarden.nix
@ -1,3 +1,4 @@
+# Password manager
 let
    hostname = "vault.anotherhadi.com";
    url = "https://"+hostname;