william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Massive refactoring and migration

Browse source 
Changed some wezterm settings
Refactored some hosted-services
Migrated some services from docker to a nixos service
This commit is contained in:
baduhai 2022-12-23 22:07:13 -03:00
parent a57cf2cd3f
commit 467c028fa4
9 changed files with 190 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/servers/alexandria/default.nix
View file

@ -5,5 +5,6 @@
./hardware-configuration.nix ./hardware-configuration.nix
./hosted-services.nix ./hosted-services.nix
./security.nix ./security.nix
./users.nix
]; ];
} }

275
hosts/servers/alexandria/hosted-services.nix
View file

@ -1,29 +1,29 @@
{ inputs, config, pkgs, libs, ... }: { inputs, config, pkgs, libs, ... }:
{ {
users.users.nginx.extraGroups = [ "acme" ]; age.secrets = {
paperless-pass.file = ../../../secrets/paperless-pass.age;
};
services = { services = {
nginx = { nginx = {
enable = true; enable = true;
group = "hosted";
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; root = inputs.homepage; }; "baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; root = inputs.homepage; };
"bitwarden.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; };
"detect.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8001"; };
"cinny.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8002"; }; "cinny.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8002"; };
"jellyfin.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8003"; }; "librespeed.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8003"; };
"librespeed.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8004"; }; "pyload.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8005"; };
"paperless.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8005"; }; "shiori.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8006"; };
"pyload.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8006"; }; "sync.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8007"; };
"shiori.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8007"; }; "whoogle.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8008"; };
"sync.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8008"; };
"whoogle.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8009"; };
}; };
}; };
vaultwarden = { vaultwarden = {
enable = true; enable = true;
config = { config = {
@ -33,6 +33,58 @@
ROCKET_PORT = 8000; ROCKET_PORT = 8000;
}; };
}; };
nginx.virtualHosts."bitwarden.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
changedetection-io = {
enable = true;
group = "hosted";
behindProxy = true;
datastorePath = "/data/changedetection";
port = 8001;
baseURL = "https://detect.baduhai.me";
};
nginx.virtualHosts."detect.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.changedetection-io.port}";
};
jellyfin = {
enable = true;
group = "hosted";
openFirewall = true;
};
nginx.virtualHosts."jellyfin.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:8096";
};
paperless = {
enable = true;
dataDir = "/data/paperless/data";
mediaDir = "/data/paperless/media";
passwordFile = config.age.secrets.paperless-pass.path;
port = 8004;
consumptionDirIsPublic = true;
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "eng+por+deu";
};
};
nginx.virtualHosts."paperless.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}";
};
minecraft-server = { minecraft-server = {
enable = true; enable = true;
eula = true; eula = true;
@ -53,24 +105,6 @@
oci-containers = { oci-containers = {
backend = "docker"; backend = "docker";
containers = { containers = {
"changedetection" = {
image = "lscr.io/linuxserver/changedetection.io:latest";
environment = {
PUID = "1000";
PGID = "100";
TZ = "Europe/Berlin";
BASE_URL = "detect.baduhai.me";
};
volumes = [
"/data/changedetection:/config"
];
ports = [
"8001:5000"
];
extraOptions = [
"--pull=always"
];
};
"cinny" = { "cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest"; image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ ports = [
@ -80,27 +114,6 @@
"--pull=always" "--pull=always"
]; ];
}; };
"jellyfin" = {
image = "lscr.io/linuxserver/jellyfin:10.8.4";
environment = {
PUID = "1000";
PGID = "100";
TZ = "Europe/Berlin";
DOCKER_MODS = "linuxserver/mods:jellyfin-opencl-intel";
};
volumes = [
"/data/jellyfin/library:/config"
"/data/jellyfin/tvseries:/data/tvshows"
"/data/jellyfin/movies:/data/movies"
];
ports = [
"8003:8096"
];
extraOptions = [
"--pull=always"
"--device=/dev/dri:/dev/dri"
];
};
"librespeed" = { "librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest"; image = "lscr.io/linuxserver/librespeed:latest";
environment = { environment = {
@ -113,87 +126,87 @@
"--pull=always" "--pull=always"
]; ];
}; };
"paperless" = { # "paperless" = {
image = "lscr.io/linuxserver/paperless-ngx:latest"; # image = "lscr.io/linuxserver/paperless-ngx:latest";
environment = { # environment = {
PUID = "1000"; # PUID = "1000";
PGID = "100"; # PGID = "100";
TZ = "Europe/Berlin"; # TZ = "Europe/Berlin";
PAPERLESS_URL = "https://paperless.baduhai.me"; # PAPERLESS_URL = "https://paperless.baduhai.me";
PAPERLESS_OCR_LANGUAGE = "eng+deu+por"; # PAPERLESS_OCR_LANGUAGE = "eng+deu+por";
DOCKER_MODS = "linuxserver/mods:papermerge-multilangocr"; # DOCKER_MODS = "linuxserver/mods:papermerge-multilangocr";
OCRLANG = "eng,por,deu"; # OCRLANG = "eng,por,deu";
}; # };
volumes = [ # volumes = [
"/data/paperless-ngx/config:/config" # "/data/paperless-ngx/config:/config"
"/data/paperless-ngx/data:/data" # "/data/paperless-ngx/data:/data"
]; # ];
ports = [ # ports = [
"8005:8000" # "8005:8000"
]; # ];
extraOptions = [ # extraOptions = [
"--pull=always" # "--pull=always"
]; # ];
}; # };
"pyload" = { # Download manager # "pyload" = { # Download manager
image = "lscr.io/linuxserver/pyload-ng:latest"; # image = "lscr.io/linuxserver/pyload-ng:latest";
environment = { # environment = {
PUID = "1000"; # PUID = "1000";
PGID = "100"; # PGID = "100";
TZ = "Europe/Berlin"; # TZ = "Europe/Berlin";
}; # };
volumes = [ # volumes = [
"/data/pyload/config:/config" # "/data/pyload/config:/config"
"/data/pyload/downloads:/downloads" # "/data/pyload/downloads:/downloads"
]; # ];
ports = [ # ports = [
"8006:8000" # "8005:8000"
"9666:9666" # "9666:9666"
]; # ];
extraOptions = [ # extraOptions = [
"--pull=always" # "--pull=always"
]; # ];
}; # };
"shiori" = { # "shiori" = {
image = "docker.io/nicholaswilde/shiori:latest"; # image = "docker.io/nicholaswilde/shiori:latest";
environment = { # environment = {
TZ = "Europe/Berlin"; # TZ = "Europe/Berlin";
PUID = "1000"; # PUID = "1000";
PGID = "100"; # PGID = "100";
SHIORI_DIR = "/data"; # SHIORI_DIR = "/data";
}; # };
volumes = [ # volumes = [
"/data/shiori:/data" # "/data/shiori:/data"
]; # ];
ports = [ # ports = [
"8007:8080" # "8006:8080"
]; # ];
extraOptions = [ # extraOptions = [
"--pull=always" # "--pull=always"
]; # ];
}; # };
"syncthing" = { # "syncthing" = {
image = "lscr.io/linuxserver/syncthing:1.20.4"; # image = "lscr.io/linuxserver/syncthing:1.20.4";
environment = { # environment = {
PUID = "1000"; # PUID = "1000";
PGID = "100"; # PGID = "100";
TZ = "Europe/Berlin"; # TZ = "Europe/Berlin";
}; # };
volumes = [ # volumes = [
"/data/syncthing/config:/config" # "/data/syncthing/config:/config"
"/data/syncthing/data1:/data1" # "/data/syncthing/data1:/data1"
"/data/syncthing/data2:/data2" # "/data/syncthing/data2:/data2"
"/data/syncthing/notes:/sync/notes" # "/data/syncthing/notes:/sync/notes"
]; # ];
ports = [ # ports = [
"8008:8384" # "8007:8384"
"22000:22000" # "22000:22000"
"21027:21027/udp" # "21027:21027/udp"
]; # ];
extraOptions = [ # extraOptions = [
"--pull=always" # "--pull=always"
]; # ];
}; # };
"whoogle" = { "whoogle" = {
image = "benbusby/whoogle-search:latest"; image = "benbusby/whoogle-search:latest";
environment = { environment = {
@ -206,7 +219,7 @@
WHOOGLE_CONFIG_GET_ONLY = "1"; WHOOGLE_CONFIG_GET_ONLY = "1";
}; };
ports = [ ports = [
"8009:5000" "8008:5000"
]; ];
extraOptions = [ extraOptions = [
"--pull=always" "--pull=always"

6
hosts/servers/alexandria/security.nix
View file

@ -1,7 +1,11 @@
{ config, pkgs, libs, ... }: { config, pkgs, libs, ... }:
{ {
age.secrets.cloudflare-creds.file = ../../../secrets/cloudflare-creds.age; age.secrets.cloudflare-creds = {
file = ../../../secrets/cloudflare-creds.age;
owner = "nginx";
group = "hosted";
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;

19
hosts/servers/alexandria/users.nix Normal file
View file

@ -0,0 +1,19 @@
{ inputs, config, pkgs, libs, ... }:
{
users = {
users.nginx.extraGroups = [ "acme" ];
groups = {
hosted = {
gid = 1005;
members = [
"user"
"nginx"
"vaultwarden"
"minecraft"
"paperless"
];
};
};
};
}

18
secrets/cloudflare-creds.age
View file

@ -1,8 +1,12 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 J6tVTA AuDRtyMiVAYNm82o7bMdXfrMzYG7MXfBmcazjdfeYCs -> ssh-ed25519 SP9f6A 1SZWt0ytoYmaPSXzzgkKftLR4x5mFjVRXcQi6oXXdDI
YVzVfFWe5hQiYZDB446lce45XKm6WxtlvhKd8SHTKg0 UAORHHJy71MSdnjzi5PN9ol2mGp8lzWh0w/q638owOg
-> b~-grease o;mGFs I5jK a3#fQ\! -> ssh-ed25519 J6tVTA IKmKiBSWG8IuTm8gYVsXhQHb88iQLWo+A/IJPGJEbXE
CuBo1T3OSiGVDhUcwIKTX3GRue/mGIRCsWcIobCvJR7Euh/fjA+4+4zd6KHunLIX 9fPmLU9OvMl8YbojCu9/vTfpZEwtUlXFyEtC7v9g3zE
1KO1t/MxbnGM+uGCI3sUNdeAehi+HVzJaP3T0AFsvClmAwAgOPI -> F*^\/j-grease dL~(_L
--- RPJdhx/dUjePriOolSYaWdOIu9zFqJRJHGkzIGeiv8w 3Af37Vb6Bw9txd5o6z+Hh7SO17ZG7o2UNGBX72FIY+pvzgpduzlK4nCYCnElkN2c
Bþ¡Mor<p\¹¹þDªk-jF§“ElÖ q3©)ªOŽçiRî ±h±¼ó í<ê95Q†z6Õƒ_ôFbˆ…¹—;z…'UUŽIVÜ"5¢Ðý0-ÝåW%×CõºooŸ<b…8∌£»1™Ò·wgŒÀt`«­çY‰D÷M XU2sg0VqF0uFB1Fr
--- sljT6+4hBVrvVkUyP0DDNu9y7D0TXGOEoXkISnPBbcs
Ä$C3ÂŒ¥ijá…ÜÑëÎc·Àçn_<6E>ÞÇ!P<><J”õõwç­\Ê_¤Ù&ò“ºvŽíŸÖ•À×°¡›]­ìs:Xø45gøìé
<EFBFBD>ÎO¾^Õ®æ 8+Êí°äŒºó «ˆ¾Ä¢úènÍIuzK­$Ièöpf5y•ãbù
 A

BIN
secrets/paperless-pass.age Normal file
View file

Binary file not shown.

5
secrets/secrets.nix
View file

@ -4,7 +4,10 @@ let
alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA";
servers = [ alexandria ]; servers = [ alexandria ];
all-hosts = desktops ++ servers;
in in
{ {
"cloudflare-creds.age".publicKeys = [ alexandria ]; "cloudflare-creds.age".publicKeys = all-hosts;
"paperless-pass.age".publicKeys = all-hosts;
} }

3
users/common/home.nix
View file

@ -8,5 +8,8 @@
sessionVariables = { sessionVariables = {
EDITOR = "micro"; EDITOR = "micro";
}; };
activation.installMicroPlugins = ''
${pkgs.micro}/bin/micro -plugin install filemanager
'';
}; };
} }

3
users/desktops/common/programs.nix
View file

@ -43,6 +43,8 @@
enable = true; enable = true;
extraConfig = '' extraConfig = ''
local wezterm = require 'wezterm' local wezterm = require 'wezterm'
local SOLID_LEFT_ARROW = utf8.char(0xe0b2)
local SOLID_RIGHT_ARROW = utf8.char(0xe0b0)
return { return {
font_size = 10, font_size = 10,
color_scheme = 'Twilight (base16)', color_scheme = 'Twilight (base16)',
@ -53,7 +55,6 @@
}), }),
initial_cols = 120, initial_cols = 120,
initial_rows = 34, initial_rows = 34,
enable_scroll_bar=true,
} }
''; '';
}; };