diff --git a/hosts/common/boot.nix b/hosts/common/boot.nix index 8d13f1b..9d4c57f 100644 --- a/hosts/common/boot.nix +++ b/hosts/common/boot.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { boot = { diff --git a/hosts/common/console.nix b/hosts/common/console.nix index 9e76ca4..33b6bf3 100644 --- a/hosts/common/console.nix +++ b/hosts/common/console.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { console = { @@ -23,25 +23,4 @@ "B48EAD" ]; }; - - i18n = { - consoleColors = [ - "2E3440" - "3B4252" - "434C5E" - "4C566A" - "D8DEE9" - "E5E9F0" - "ECEFF4" - "8FBCBB" - "88C0D0" - "81A1C1" - "5E81AC" - "BF616A" - "D08770" - "EBCB8B" - "A3BE8C" - "B48EAD" - ]; - }; } diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 997382e..3d8a780 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -3,11 +3,13 @@ { imports = [ ./boot.nix + ./console.nix ./locale.nix ./networking.nix ./nix.nix ./packages.nix ./services.nix ./users.nix + ./virtualisation.nix ]; } diff --git a/hosts/common/locale.nix b/hosts/common/locale.nix index 2b32328..7ab6c67 100644 --- a/hosts/common/locale.nix +++ b/hosts/common/locale.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { time.timeZone = "America/Bahia"; diff --git a/hosts/common/networking.nix b/hosts/common/networking.nix index 7183bba..17cd2cb 100644 --- a/hosts/common/networking.nix +++ b/hosts/common/networking.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { networking = { diff --git a/hosts/common/nix.nix b/hosts/common/nix.nix index a57297e..1d870ef 100644 --- a/hosts/common/nix.nix +++ b/hosts/common/nix.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { nix = { diff --git a/hosts/common/packages.nix b/hosts/common/packages.nix index 0e0a33d..ed9f902 100644 --- a/hosts/common/packages.nix +++ b/hosts/common/packages.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { nixpkgs.config.allowUnfree = true; diff --git a/hosts/common/services.nix b/hosts/common/services.nix index bfdb0db..ad52fa9 100644 --- a/hosts/common/services.nix +++ b/hosts/common/services.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { services = { diff --git a/hosts/common/users.nix b/hosts/common/users.nix index 435f81b..debb7a0 100644 --- a/hosts/common/users.nix +++ b/hosts/common/users.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { users.users = { diff --git a/hosts/common/virtualisation.nix b/hosts/common/virtualisation.nix new file mode 100644 index 0000000..558fcc1 --- /dev/null +++ b/hosts/common/virtualisation.nix @@ -0,0 +1,5 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + virtualisation.podman.enable = true; +} diff --git a/hosts/desktops/common/boot.nix b/hosts/desktops/common/boot.nix index be343cf..75c340d 100644 --- a/hosts/desktops/common/boot.nix +++ b/hosts/desktops/common/boot.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { boot = { diff --git a/hosts/desktops/common/hardware.nix b/hosts/desktops/common/hardware.nix index 271c0c2..1ab52bd 100644 --- a/hosts/desktops/common/hardware.nix +++ b/hosts/desktops/common/hardware.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { hardware = { diff --git a/hosts/desktops/common/nix.nix b/hosts/desktops/common/nix.nix index b145faf..4f60d5d 100644 --- a/hosts/desktops/common/nix.nix +++ b/hosts/desktops/common/nix.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; diff --git a/hosts/desktops/common/packages.nix b/hosts/desktops/common/packages.nix index ac33fd2..7bf7cc3 100644 --- a/hosts/desktops/common/packages.nix +++ b/hosts/desktops/common/packages.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { environment.systemPackages = with pkgs; [ @@ -33,7 +33,6 @@ mpv nixfmt nix-init - nix-your-shell obs-studio p7zip prismlauncher-qt5 diff --git a/hosts/desktops/common/services.nix b/hosts/desktops/common/services.nix index 76ced00..1be581b 100644 --- a/hosts/desktops/common/services.nix +++ b/hosts/desktops/common/services.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: let plasma = pkgs.writeScriptBin "plasma" '' diff --git a/hosts/desktops/common/users.nix b/hosts/desktops/common/users.nix index 627985f..f1b476a 100644 --- a/hosts/desktops/common/users.nix +++ b/hosts/desktops/common/users.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { environment.sessionVariables = rec { diff --git a/hosts/desktops/common/virtualisation.nix b/hosts/desktops/common/virtualisation.nix index b6e31a7..c00ecb0 100644 --- a/hosts/desktops/common/virtualisation.nix +++ b/hosts/desktops/common/virtualisation.nix @@ -1,10 +1,9 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { virtualisation = { libvirtd.enable = true; waydroid.enable = true; lxd.enable = true; - docker.enable = true; }; } diff --git a/hosts/desktops/io.nix b/hosts/desktops/io.nix index e3527c8..e4b5ab2 100644 --- a/hosts/desktops/io.nix +++ b/hosts/desktops/io.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { imports = [ diff --git a/hosts/desktops/io/hardware-configuration.nix b/hosts/desktops/io/hardware-configuration.nix index 236c77d..c2497a1 100644 --- a/hosts/desktops/io/hardware-configuration.nix +++ b/hosts/desktops/io/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, pkgs, lib, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; diff --git a/hosts/desktops/rotterdam.nix b/hosts/desktops/rotterdam.nix index 2f0bd23..7201996 100644 --- a/hosts/desktops/rotterdam.nix +++ b/hosts/desktops/rotterdam.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { imports = [ diff --git a/hosts/desktops/rotterdam/hardware-configuration.nix b/hosts/desktops/rotterdam/hardware-configuration.nix index 9c61010..f24b973 100644 --- a/hosts/desktops/rotterdam/hardware-configuration.nix +++ b/hosts/desktops/rotterdam/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, pkgs, lib, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; diff --git a/hosts/servers/alexandria.nix b/hosts/servers/alexandria.nix index 70ba998..8db7a3c 100644 --- a/hosts/servers/alexandria.nix +++ b/hosts/servers/alexandria.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { imports = [ diff --git a/hosts/servers/alexandria/actual.nix b/hosts/servers/alexandria/actual.nix new file mode 100644 index 0000000..b4464fa --- /dev/null +++ b/hosts/servers/alexandria/actual.nix @@ -0,0 +1,17 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + virtualisation.oci-containers.containers."actual" = { + image = "jlongster/actual-server:latest"; + ports = [ "${config.ports.actual}:5006" ]; + volumes = [ "/data/actual:/data" ]; + extraOptions = [ "--pull=always" ]; + }; + + services.nginx.virtualHosts."actual.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.actual}"; + }; +} diff --git a/hosts/servers/alexandria/arr.nix b/hosts/servers/alexandria/arr.nix new file mode 100644 index 0000000..823a194 --- /dev/null +++ b/hosts/servers/alexandria/arr.nix @@ -0,0 +1,66 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + services = { + bazarr = { + enable = true; + user = "user"; + group = "hosted"; + }; + + jackett.enable = true; + + qbittorrent = { + enable = true; + user = "user"; + group = "hosted"; + port = lib.toInt "${config.ports.qbittorrent}"; + }; + + radarr = { + enable = true; + user = "user"; + group = "hosted"; + }; + + sonarr = { + enable = true; + user = "user"; + group = "hosted"; + }; + + nginx.virtualHosts = { + "bazarr.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.bazaar}"; + }; + "jackett.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.jackett}"; + }; + "qbittorrent.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = + "http://127.0.0.1:${config.ports.qbittorrent}"; + }; + "radarr.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.radarr}"; + }; + "sonarr.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.sonarr}"; + }; + }; + }; +} diff --git a/hosts/servers/alexandria/changedetection.nix b/hosts/servers/alexandria/changedetection.nix new file mode 100644 index 0000000..ee231c3 --- /dev/null +++ b/hosts/servers/alexandria/changedetection.nix @@ -0,0 +1,22 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + services = { + changedetection-io = { + enable = true; + group = "hosted"; + behindProxy = true; + datastorePath = "/data/changedetection"; + port = lib.toInt "${config.ports.changedetection-io}"; + baseURL = "https://detect.baduhai.me"; + }; + + nginx.virtualHosts."detect.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = + "http://127.0.0.1:${config.ports.changedetection-io}"; + }; + }; +} diff --git a/hosts/servers/alexandria/cinny.nix b/hosts/servers/alexandria/cinny.nix new file mode 100644 index 0000000..93d41d6 --- /dev/null +++ b/hosts/servers/alexandria/cinny.nix @@ -0,0 +1,17 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + virtualisation.oci-containers.containers."cinny" = { + image = "ghcr.io/cinnyapp/cinny:latest"; + ports = [ "${config.ports.cinny}:80" ]; + volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ]; + extraOptions = [ "--pull=always" ]; + }; + + services.nginx.virtualHosts."cinny.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}"; + }; +} diff --git a/hosts/servers/alexandria/containerised.nix b/hosts/servers/alexandria/containerised.nix deleted file mode 100644 index 8653b4a..0000000 --- a/hosts/servers/alexandria/containerised.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: - -{ - virtualisation = { - podman.enable = true; - oci-containers = { - backend = "podman"; - containers = { - "actual" = { - image = "jlongster/actual-server:latest"; - ports = [ "${config.ports.actual}:5006" ]; - volumes = [ "/data/actual:/data" ]; - extraOptions = [ "--pull=always" ]; - }; - "cinny" = { - image = "ghcr.io/cinnyapp/cinny:latest"; - ports = [ "${config.ports.cinny}:80" ]; - volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ]; - extraOptions = [ "--pull=always" ]; - }; - "cinny2" = { - image = "ghcr.io/cinnyapp/cinny:latest"; - ports = [ "${config.ports.cinny2}:80" ]; - volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ]; - extraOptions = [ "--pull=always" ]; - }; - "librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { TZ = "America/Bahia"; }; - ports = [ "${config.ports.librespeed}:80" ]; - extraOptions = [ "--pull=always" ]; - }; - "whoogle" = { - image = "benbusby/whoogle-search:latest"; - environment = { - HTTPS_ONLY = "1"; - WHOOGLE_CONFIG_LANGUAGE = "lang_en"; - WHOOGLE_CONFIG_THEME = "system"; - WHOOGLE_CONFIG_VIEW_IMAGE = "1"; - WHOOGLE_CONFIG_GET_ONLY = "1"; - }; - ports = [ "${config.ports.whoogle}:5000" ]; - extraOptions = [ "--pull=always" ]; - }; - }; - }; - }; -} diff --git a/hosts/servers/alexandria/default.nix b/hosts/servers/alexandria/default.nix index d57b230..5c7feb2 100644 --- a/hosts/servers/alexandria/default.nix +++ b/hosts/servers/alexandria/default.nix @@ -2,12 +2,21 @@ { imports = [ - ./containerised.nix + ./actual.nix + ./arr.nix + ./changedetection.nix ./hardware-configuration.nix + ./jellyfin.nix + ./librespeed.nix ./matrix.nix + ./minecraft.nix + ./nginx.nix + ./paperless.nix ./security.nix ./services.nix ./users.nix ./variables.nix + ./vaultwarden.nix + ./whoogle.nix ]; } diff --git a/hosts/servers/alexandria/hardware-configuration.nix b/hosts/servers/alexandria/hardware-configuration.nix index 7bb1e53..eb2c372 100644 --- a/hosts/servers/alexandria/hardware-configuration.nix +++ b/hosts/servers/alexandria/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, pkgs, lib, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; diff --git a/hosts/servers/alexandria/jellyfin.nix b/hosts/servers/alexandria/jellyfin.nix new file mode 100644 index 0000000..7202227 --- /dev/null +++ b/hosts/servers/alexandria/jellyfin.nix @@ -0,0 +1,19 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + services = { + jellyfin = { + enable = true; + user = "user"; + group = "hosted"; + openFirewall = true; + }; + + nginx.virtualHosts."jellyfin.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}"; + }; + }; +} diff --git a/hosts/servers/alexandria/librespeed.nix b/hosts/servers/alexandria/librespeed.nix new file mode 100644 index 0000000..4aa90f5 --- /dev/null +++ b/hosts/servers/alexandria/librespeed.nix @@ -0,0 +1,17 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + virtualisation.oci-containers.containers."librespeed" = { + image = "lscr.io/linuxserver/librespeed:latest"; + environment = { TZ = "America/Bahia"; }; + ports = [ "${config.ports.librespeed}:80" ]; + extraOptions = [ "--pull=always" ]; + }; + + services.nginx.virtualHosts."librespeed.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}"; + }; +} diff --git a/hosts/servers/alexandria/matrix.nix b/hosts/servers/alexandria/matrix.nix index 969e0e5..b4f7bca 100644 --- a/hosts/servers/alexandria/matrix.nix +++ b/hosts/servers/alexandria/matrix.nix @@ -1,38 +1,47 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { - services.matrix-conduit = { - enable = true; - extraEnvironment = { RUST_MIN_STACK = "16777216"; }; - package = pkgs.unstable.matrix-conduit; - settings.global = { - server_name = "baduhai.me"; - address = "127.0.0.1"; - port = 6167; - max_request_size = 20000000; - allow_registration = true; - allow_encryption = false; - allow_federation = false; + services = { + matrix-conduit = { + enable = true; + extraEnvironment = { RUST_MIN_STACK = "16777216"; }; + package = pkgs.unstable.matrix-conduit; + settings.global = { + server_name = "baduhai.me"; + address = "127.0.0.1"; + port = 6167; + max_request_size = 20000000; + allow_registration = true; + allow_encryption = false; + allow_federation = false; + }; + }; + + nginx.virtualHosts."matrix.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny2}"; + locations."/_matrix/".proxyPass = "http://127.0.0.1:6167$request_uri"; + locations."= /.well-known/matrix/client" = { + alias = pkgs.writeText "matrix-wk-client" '' + { "m.homeserver": { "base_url": "https://matrix.baduhai.me" } } + ''; + extraConfig = "add_header Access-Control-Allow-Origin *;"; + }; + locations."= /.well-known/matrix/server" = { + alias = pkgs.writeText "matrix-wk-server" '' + { "m.server": "matrix.baduhai.me:443" } + ''; + extraConfig = "add_header Access-Control-Allow-Origin *;"; + }; }; }; - services.nginx.virtualHosts."matrix.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny2}"; - locations."/_matrix/".proxyPass = "http://127.0.0.1:6167$request_uri"; - locations."= /.well-known/matrix/client" = { - alias = pkgs.writeText "matrix-wk-client" '' - { "m.homeserver": { "base_url": "https://matrix.baduhai.me" } } - ''; - extraConfig = "add_header Access-Control-Allow-Origin *;"; - }; - locations."= /.well-known/matrix/server" = { - alias = pkgs.writeText "matrix-wk-server" '' - { "m.server": "matrix.baduhai.me:443" } - ''; - extraConfig = "add_header Access-Control-Allow-Origin *;"; - }; + virtualisation.oci-containers.containers."cinny2" = { + image = "ghcr.io/cinnyapp/cinny:latest"; + ports = [ "${config.ports.cinny2}:80" ]; + volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ]; + extraOptions = [ "--pull=always" ]; }; } diff --git a/hosts/servers/alexandria/minecraft.nix b/hosts/servers/alexandria/minecraft.nix new file mode 100644 index 0000000..a5f681c --- /dev/null +++ b/hosts/servers/alexandria/minecraft.nix @@ -0,0 +1,19 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + services.minecraft-server = { + enable = true; + eula = true; + declarative = true; + openFirewall = true; + package = pkgs.papermc; + serverProperties = { + motd = "Bem-vindo a Alexandria"; + difficulty = "hard"; + gamemode = "survival"; + online-mode = "false"; + spawn-protection = "0"; + }; + dataDir = "/data/minecraft"; + }; +} diff --git a/hosts/servers/alexandria/nginx.nix b/hosts/servers/alexandria/nginx.nix new file mode 100644 index 0000000..b501c4d --- /dev/null +++ b/hosts/servers/alexandria/nginx.nix @@ -0,0 +1,18 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + services.nginx = { + enable = true; + group = "hosted"; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + root = inputs.homepage; + }; + }; +} diff --git a/hosts/servers/alexandria/paperless.nix b/hosts/servers/alexandria/paperless.nix new file mode 100644 index 0000000..7569e59 --- /dev/null +++ b/hosts/servers/alexandria/paperless.nix @@ -0,0 +1,28 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + services = { + paperless = { + enable = true; + dataDir = "/data/paperless/data"; + mediaDir = "/data/paperless/media"; + passwordFile = config.age.secrets.paperless-pass.path; + port = lib.toInt "${config.ports.paperless}"; + consumptionDirIsPublic = true; + extraConfig = { PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; }; + }; + + nginx.virtualHosts."paperless.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.paperless}"; + }; + }; + + age.secrets.paperless-pass = { + file = ../../../secrets/paperless-pass.age; + owner = "paperless"; + group = "hosted"; + }; +} diff --git a/hosts/servers/alexandria/security.nix b/hosts/servers/alexandria/security.nix index aa2c1ae..d6d1ab2 100644 --- a/hosts/servers/alexandria/security.nix +++ b/hosts/servers/alexandria/security.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { age.secrets.cloudflare-creds = { diff --git a/hosts/servers/alexandria/services.nix b/hosts/servers/alexandria/services.nix index 32fd87b..6e182e9 100644 --- a/hosts/servers/alexandria/services.nix +++ b/hosts/servers/alexandria/services.nix @@ -1,221 +1,8 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { - age.secrets = { - paperless-pass = { - file = ../../../secrets/paperless-pass.age; - owner = "paperless"; - group = "hosted"; - }; - }; + services.postgresql.enable = true; - services = { - bazarr = { - enable = true; - user = "user"; - group = "hosted"; - }; - - changedetection-io = { - enable = true; - group = "hosted"; - behindProxy = true; - datastorePath = "/data/changedetection"; - port = lib.toInt "${config.ports.changedetection-io}"; - baseURL = "https://detect.baduhai.me"; - }; - - jackett.enable = true; - - jellyfin = { - enable = true; - user = "user"; - group = "hosted"; - openFirewall = true; - }; - - minecraft-server = { - enable = true; - eula = true; - declarative = true; - openFirewall = true; - package = pkgs.papermc; - serverProperties = { - motd = "Bem-vindo a Alexandria"; - difficulty = "hard"; - gamemode = "survival"; - online-mode = "false"; - spawn-protection = "0"; - }; - dataDir = "/data/minecraft"; - }; - - nginx = { - enable = true; - group = "hosted"; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - root = inputs.homepage; - }; - "bazarr.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.bazaar}"; - }; - "bitwarden.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = - "http://127.0.0.1:${config.ports.vaultwarden}"; - }; - "cinny.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}"; - }; - "detect.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = - "http://127.0.0.1:${config.ports.changedetection-io}"; - }; - "jackett.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.jackett}"; - }; - "jellyfin.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}"; - }; - "actual.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.actual}"; - }; - "librespeed.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = - "http://127.0.0.1:${config.ports.librespeed}"; - }; - "n8n.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.n8n}"; - }; - "paperless.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = - "http://127.0.0.1:${config.ports.paperless}"; - }; - "qbittorrent.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = - "http://127.0.0.1:${config.ports.qbittorrent}"; - }; - "radarr.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.radarr}"; - }; - "shiori.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.shiori}"; - }; - "sonarr.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.sonarr}"; - }; - "sync.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = - "http://127.0.0.1:${config.ports.syncthing}"; - }; - "whoogle.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.whoogle}"; - }; - }; - }; - - paperless = { - enable = true; - dataDir = "/data/paperless/data"; - mediaDir = "/data/paperless/media"; - passwordFile = config.age.secrets.paperless-pass.path; - port = lib.toInt "${config.ports.paperless}"; - consumptionDirIsPublic = true; - extraConfig = { PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; }; - }; - - postgresql.enable = true; - - qbittorrent = { - enable = true; - user = "user"; - group = "hosted"; - port = lib.toInt "${config.ports.qbittorrent}"; - }; - - radarr = { - enable = true; - user = "user"; - group = "hosted"; - }; - - shiori = { - enable = true; - port = lib.toInt "${config.ports.shiori}"; - }; - - sonarr = { - enable = true; - user = "user"; - group = "hosted"; - }; - - vaultwarden = { - enable = true; - config = { - DOMAIN = "https://bitwarden.baduhai.me"; - SIGNUPS_ALLOWED = true; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "${config.ports.vaultwarden}"; - }; - }; - }; - - systemd.services.NetworkManager-wait-online.enable = - false; # Workaround for upstream bug in NetworkManager-wait-online.service + # Workaround for upstream bug in NetworkManager-wait-online.service + systemd.services.NetworkManager-wait-online.enable = false; } diff --git a/hosts/servers/alexandria/shiori.nix b/hosts/servers/alexandria/shiori.nix new file mode 100644 index 0000000..76555d1 --- /dev/null +++ b/hosts/servers/alexandria/shiori.nix @@ -0,0 +1,17 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + services = { + shiori = { + enable = true; + port = lib.toInt "${config.ports.shiori}"; + }; + + nginx.virtualHosts."shiori.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.shiori}"; + }; + }; +} diff --git a/hosts/servers/alexandria/users.nix b/hosts/servers/alexandria/users.nix index 2b6e112..c00b8b0 100644 --- a/hosts/servers/alexandria/users.nix +++ b/hosts/servers/alexandria/users.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { users = { diff --git a/hosts/servers/alexandria/variables.nix b/hosts/servers/alexandria/variables.nix index aefa847..635ff33 100644 --- a/hosts/servers/alexandria/variables.nix +++ b/hosts/servers/alexandria/variables.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: let mkStringOption = default: @@ -18,12 +18,11 @@ in { librespeed = mkStringOption "8003"; paperless = mkStringOption "8004"; shiori = mkStringOption "8005"; - syncthing = mkStringOption "8006"; - jellyfin = mkStringOption "8096"; + cinny2 = mkStringOption "8006"; whoogle = mkStringOption "8007"; qbittorrent = mkStringOption "8008"; actual = mkStringOption "8009"; - cinny2 = mkStringOption "8010"; + jellyfin = mkStringOption "8096"; sonarr = mkStringOption "8989"; jackett = mkStringOption "9117"; }; diff --git a/hosts/servers/alexandria/vaultwarden.nix b/hosts/servers/alexandria/vaultwarden.nix new file mode 100644 index 0000000..4e2461e --- /dev/null +++ b/hosts/servers/alexandria/vaultwarden.nix @@ -0,0 +1,22 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + services = { + vaultwarden = { + enable = true; + config = { + DOMAIN = "https://bitwarden.baduhai.me"; + SIGNUPS_ALLOWED = true; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = "${config.ports.vaultwarden}"; + }; + }; + + nginx.virtualHosts."bitwarden.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}"; + }; + }; +} diff --git a/hosts/servers/alexandria/whoogle.nix b/hosts/servers/alexandria/whoogle.nix new file mode 100644 index 0000000..f519b95 --- /dev/null +++ b/hosts/servers/alexandria/whoogle.nix @@ -0,0 +1,23 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + virtualisation.oci-containers.containers."whoogle" = { + image = "benbusby/whoogle-search:latest"; + environment = { + HTTPS_ONLY = "1"; + WHOOGLE_CONFIG_LANGUAGE = "lang_en"; + WHOOGLE_CONFIG_THEME = "system"; + WHOOGLE_CONFIG_VIEW_IMAGE = "1"; + WHOOGLE_CONFIG_GET_ONLY = "1"; + }; + ports = [ "${config.ports.whoogle}:5000" ]; + extraOptions = [ "--pull=always" ]; + }; + + services.nginx.virtualHosts."whoogle.baduhai.me" = { + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://127.0.0.1:${config.ports.whoogle}"; + }; +} diff --git a/hosts/servers/common/boot.nix b/hosts/servers/common/boot.nix index 5a4e53a..aee545d 100644 --- a/hosts/servers/common/boot.nix +++ b/hosts/servers/common/boot.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { boot.kernelPackages = pkgs.linuxPackages_hardened; diff --git a/hosts/servers/common/nix.nix b/hosts/servers/common/nix.nix index 96943b4..1c4acdd 100644 --- a/hosts/servers/common/nix.nix +++ b/hosts/servers/common/nix.nix @@ -1,4 +1,4 @@ -{ specialArgs, inputs, config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 83403af..d9a98e2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,14 +1,16 @@ let - io = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA"; - rotterdam = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7zAxgU8LNi5/O5XgoOcLKjbNMmO2S7jAuCI9Nr/V4v" + io = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA"; + rotterdam = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7zAxgU8LNi5/O5XgoOcLKjbNMmO2S7jAuCI9Nr/V4v"; desktops = [ io rotterdam ]; - alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; + alexandria = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; servers = [ alexandria ]; all-hosts = desktops ++ servers; -in -{ +in { "cloudflare-creds.age".publicKeys = all-hosts; "paperless-pass.age".publicKeys = all-hosts; } diff --git a/users/common/programs.nix b/users/common/programs.nix index 136ce76..61c2bf0 100644 --- a/users/common/programs.nix +++ b/users/common/programs.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { programs = { diff --git a/users/desktops/common/programs.nix b/users/desktops/common/programs.nix index 17a5569..f1a2707 100644 --- a/users/desktops/common/programs.nix +++ b/users/desktops/common/programs.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ inputs, config, pkgs, lib, ... }: { fonts.fontconfig.enable = true; diff --git a/users/desktops/user.nix b/users/desktops/user.nix index e79e317..80e1f3a 100644 --- a/users/desktops/user.nix +++ b/users/desktops/user.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ ... }: { imports = [ diff --git a/users/servers/user.nix b/users/servers/user.nix index 0b27563..990167f 100644 --- a/users/servers/user.nix +++ b/users/servers/user.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ ... }: { imports = [