william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactor part 2

Browse source
This commit is contained in:
rotterdam 2023-04-06 09:45:01 -03:00
parent 7b819c69d1
commit 56f3c7e2b0
49 changed files with 385 additions and 358 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/common/boot.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
boot = {

23
hosts/common/console.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
console = {
@ -23,25 +23,4 @@
"B48EAD"
];
};
i18n = {
consoleColors = [
"2E3440"
"3B4252"
"434C5E"
"4C566A"
"D8DEE9"
"E5E9F0"
"ECEFF4"
"8FBCBB"
"88C0D0"
"81A1C1"
"5E81AC"
"BF616A"
"D08770"
"EBCB8B"
"A3BE8C"
"B48EAD"
];
};
}

2
hosts/common/default.nix
View file

@ -3,11 +3,13 @@
{
imports = [
./boot.nix
./console.nix
./locale.nix
./networking.nix
./nix.nix
./packages.nix
./services.nix
./users.nix
./virtualisation.nix
];
}

2
hosts/common/locale.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
time.timeZone = "America/Bahia";

2
hosts/common/networking.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
networking = {

2
hosts/common/nix.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
nix = {

2
hosts/common/packages.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
nixpkgs.config.allowUnfree = true;

2
hosts/common/services.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
services = {

2
hosts/common/users.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
users.users = {

5
hosts/common/virtualisation.nix Normal file
View file

@ -0,0 +1,5 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.podman.enable = true;
}

2
hosts/desktops/common/boot.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
boot = {

2
hosts/desktops/common/hardware.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
hardware = {

2
hosts/desktops/common/nix.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;

3
hosts/desktops/common/packages.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
@ -33,7 +33,6 @@
mpv
nixfmt
nix-init
nix-your-shell
obs-studio
p7zip
prismlauncher-qt5

2
hosts/desktops/common/services.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
let
plasma = pkgs.writeScriptBin "plasma" ''

2
hosts/desktops/common/users.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
environment.sessionVariables = rec {

3
hosts/desktops/common/virtualisation.nix
View file

@ -1,10 +1,9 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
virtualisation = {
libvirtd.enable = true;
waydroid.enable = true;
lxd.enable = true;
docker.enable = true;
};
}

2
hosts/desktops/io.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
imports = [

2
hosts/desktops/io/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, pkgs, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

2
hosts/desktops/rotterdam.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
imports = [

2
hosts/desktops/rotterdam/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, pkgs, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

2
hosts/servers/alexandria.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
imports = [

17
hosts/servers/alexandria/actual.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.oci-containers.containers."actual" = {
image = "jlongster/actual-server:latest";
ports = [ "${config.ports.actual}:5006" ];
volumes = [ "/data/actual:/data" ];
extraOptions = [ "--pull=always" ];
};
services.nginx.virtualHosts."actual.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.actual}";
};
}

66
hosts/servers/alexandria/arr.nix Normal file
View file

@ -0,0 +1,66 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
bazarr = {
enable = true;
user = "user";
group = "hosted";
};
jackett.enable = true;
qbittorrent = {
enable = true;
user = "user";
group = "hosted";
port = lib.toInt "${config.ports.qbittorrent}";
};
radarr = {
enable = true;
user = "user";
group = "hosted";
};
sonarr = {
enable = true;
user = "user";
group = "hosted";
};
nginx.virtualHosts = {
"bazarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.bazaar}";
};
"jackett.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.jackett}";
};
"qbittorrent.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.qbittorrent}";
};
"radarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.radarr}";
};
"sonarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.sonarr}";
};
};
};
}

22
hosts/servers/alexandria/changedetection.nix Normal file
View file

@ -0,0 +1,22 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
changedetection-io = {
enable = true;
group = "hosted";
behindProxy = true;
datastorePath = "/data/changedetection";
port = lib.toInt "${config.ports.changedetection-io}";
baseURL = "https://detect.baduhai.me";
};
nginx.virtualHosts."detect.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.changedetection-io}";
};
};
}

17
hosts/servers/alexandria/cinny.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.oci-containers.containers."cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ "${config.ports.cinny}:80" ];
volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
extraOptions = [ "--pull=always" ];
};
services.nginx.virtualHosts."cinny.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}";
};
}

48
hosts/servers/alexandria/containerised.nix
View file

@ -1,48 +0,0 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
virtualisation = {
podman.enable = true;
oci-containers = {
backend = "podman";
containers = {
"actual" = {
image = "jlongster/actual-server:latest";
ports = [ "${config.ports.actual}:5006" ];
volumes = [ "/data/actual:/data" ];
extraOptions = [ "--pull=always" ];
};
"cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ "${config.ports.cinny}:80" ];
volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
extraOptions = [ "--pull=always" ];
};
"cinny2" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ "${config.ports.cinny2}:80" ];
volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
extraOptions = [ "--pull=always" ];
};
"librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = { TZ = "America/Bahia"; };
ports = [ "${config.ports.librespeed}:80" ];
extraOptions = [ "--pull=always" ];
};
"whoogle" = {
image = "benbusby/whoogle-search:latest";
environment = {
HTTPS_ONLY = "1";
WHOOGLE_CONFIG_LANGUAGE = "lang_en";
WHOOGLE_CONFIG_THEME = "system";
WHOOGLE_CONFIG_VIEW_IMAGE = "1";
WHOOGLE_CONFIG_GET_ONLY = "1";
};
ports = [ "${config.ports.whoogle}:5000" ];
extraOptions = [ "--pull=always" ];
};
};
};
};
}

11
hosts/servers/alexandria/default.nix
View file

@ -2,12 +2,21 @@
{
imports = [
./containerised.nix
./actual.nix
./arr.nix
./changedetection.nix
./hardware-configuration.nix
./jellyfin.nix
./librespeed.nix
./matrix.nix
./minecraft.nix
./nginx.nix
./paperless.nix
./security.nix
./services.nix
./users.nix
./variables.nix
./vaultwarden.nix
./whoogle.nix
];
}

2
hosts/servers/alexandria/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, pkgs, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

19
hosts/servers/alexandria/jellyfin.nix Normal file
View file

@ -0,0 +1,19 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
jellyfin = {
enable = true;
user = "user";
group = "hosted";
openFirewall = true;
};
nginx.virtualHosts."jellyfin.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}";
};
};
}

17
hosts/servers/alexandria/librespeed.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.oci-containers.containers."librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = { TZ = "America/Bahia"; };
ports = [ "${config.ports.librespeed}:80" ];
extraOptions = [ "--pull=always" ];
};
services.nginx.virtualHosts."librespeed.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}";
};
}

71
hosts/servers/alexandria/matrix.nix
View file

@ -1,38 +1,47 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
services.matrix-conduit = {
enable = true;
extraEnvironment = { RUST_MIN_STACK = "16777216"; };
package = pkgs.unstable.matrix-conduit;
settings.global = {
server_name = "baduhai.me";
address = "127.0.0.1";
port = 6167;
max_request_size = 20000000;
allow_registration = true;
allow_encryption = false;
allow_federation = false;
services = {
matrix-conduit = {
enable = true;
extraEnvironment = { RUST_MIN_STACK = "16777216"; };
package = pkgs.unstable.matrix-conduit;
settings.global = {
server_name = "baduhai.me";
address = "127.0.0.1";
port = 6167;
max_request_size = 20000000;
allow_registration = true;
allow_encryption = false;
allow_federation = false;
};
};
nginx.virtualHosts."matrix.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny2}";
locations."/_matrix/".proxyPass = "http://127.0.0.1:6167$request_uri";
locations."= /.well-known/matrix/client" = {
alias = pkgs.writeText "matrix-wk-client" ''
{ "m.homeserver": { "base_url": "https://matrix.baduhai.me" } }
'';
extraConfig = "add_header Access-Control-Allow-Origin *;";
};
locations."= /.well-known/matrix/server" = {
alias = pkgs.writeText "matrix-wk-server" ''
{ "m.server": "matrix.baduhai.me:443" }
'';
extraConfig = "add_header Access-Control-Allow-Origin *;";
};
};
};
services.nginx.virtualHosts."matrix.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny2}";
locations."/_matrix/".proxyPass = "http://127.0.0.1:6167$request_uri";
locations."= /.well-known/matrix/client" = {
alias = pkgs.writeText "matrix-wk-client" ''
{ "m.homeserver": { "base_url": "https://matrix.baduhai.me" } }
'';
extraConfig = "add_header Access-Control-Allow-Origin *;";
};
locations."= /.well-known/matrix/server" = {
alias = pkgs.writeText "matrix-wk-server" ''
{ "m.server": "matrix.baduhai.me:443" }
'';
extraConfig = "add_header Access-Control-Allow-Origin *;";
};
virtualisation.oci-containers.containers."cinny2" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ "${config.ports.cinny2}:80" ];
volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
extraOptions = [ "--pull=always" ];
};
}

19
hosts/servers/alexandria/minecraft.nix Normal file
View file

@ -0,0 +1,19 @@
{ inputs, config, pkgs, lib, ... }:
{
services.minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
package = pkgs.papermc;
serverProperties = {
motd = "Bem-vindo a Alexandria";
difficulty = "hard";
gamemode = "survival";
online-mode = "false";
spawn-protection = "0";
};
dataDir = "/data/minecraft";
};
}

18
hosts/servers/alexandria/nginx.nix Normal file
View file

@ -0,0 +1,18 @@
{ inputs, config, pkgs, lib, ... }:
{
services.nginx = {
enable = true;
group = "hosted";
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
root = inputs.homepage;
};
};
}

28
hosts/servers/alexandria/paperless.nix Normal file
View file

@ -0,0 +1,28 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
paperless = {
enable = true;
dataDir = "/data/paperless/data";
mediaDir = "/data/paperless/media";
passwordFile = config.age.secrets.paperless-pass.path;
port = lib.toInt "${config.ports.paperless}";
consumptionDirIsPublic = true;
extraConfig = { PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; };
};
nginx.virtualHosts."paperless.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.paperless}";
};
};
age.secrets.paperless-pass = {
file = ../../../secrets/paperless-pass.age;
owner = "paperless";
group = "hosted";
};
}

2
hosts/servers/alexandria/security.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
age.secrets.cloudflare-creds = {

221
hosts/servers/alexandria/services.nix
View file

@ -1,221 +1,8 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
age.secrets = {
paperless-pass = {
file = ../../../secrets/paperless-pass.age;
owner = "paperless";
group = "hosted";
};
};
services.postgresql.enable = true;
services = {
bazarr = {
enable = true;
user = "user";
group = "hosted";
};
changedetection-io = {
enable = true;
group = "hosted";
behindProxy = true;
datastorePath = "/data/changedetection";
port = lib.toInt "${config.ports.changedetection-io}";
baseURL = "https://detect.baduhai.me";
};
jackett.enable = true;
jellyfin = {
enable = true;
user = "user";
group = "hosted";
openFirewall = true;
};
minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
package = pkgs.papermc;
serverProperties = {
motd = "Bem-vindo a Alexandria";
difficulty = "hard";
gamemode = "survival";
online-mode = "false";
spawn-protection = "0";
};
dataDir = "/data/minecraft";
};
nginx = {
enable = true;
group = "hosted";
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
root = inputs.homepage;
};
"bazarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.bazaar}";
};
"bitwarden.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.vaultwarden}";
};
"cinny.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}";
};
"detect.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.changedetection-io}";
};
"jackett.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.jackett}";
};
"jellyfin.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}";
};
"actual.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.actual}";
};
"librespeed.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.librespeed}";
};
"n8n.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.n8n}";
};
"paperless.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.paperless}";
};
"qbittorrent.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.qbittorrent}";
};
"radarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.radarr}";
};
"shiori.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.shiori}";
};
"sonarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.sonarr}";
};
"sync.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.syncthing}";
};
"whoogle.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.whoogle}";
};
};
};
paperless = {
enable = true;
dataDir = "/data/paperless/data";
mediaDir = "/data/paperless/media";
passwordFile = config.age.secrets.paperless-pass.path;
port = lib.toInt "${config.ports.paperless}";
consumptionDirIsPublic = true;
extraConfig = { PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; };
};
postgresql.enable = true;
qbittorrent = {
enable = true;
user = "user";
group = "hosted";
port = lib.toInt "${config.ports.qbittorrent}";
};
radarr = {
enable = true;
user = "user";
group = "hosted";
};
shiori = {
enable = true;
port = lib.toInt "${config.ports.shiori}";
};
sonarr = {
enable = true;
user = "user";
group = "hosted";
};
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bitwarden.baduhai.me";
SIGNUPS_ALLOWED = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = "${config.ports.vaultwarden}";
};
};
};
systemd.services.NetworkManager-wait-online.enable =
false; # Workaround for upstream bug in NetworkManager-wait-online.service
# Workaround for upstream bug in NetworkManager-wait-online.service
systemd.services.NetworkManager-wait-online.enable = false;
}

17
hosts/servers/alexandria/shiori.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
shiori = {
enable = true;
port = lib.toInt "${config.ports.shiori}";
};
nginx.virtualHosts."shiori.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.shiori}";
};
};
}

2
hosts/servers/alexandria/users.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
users = {

7
hosts/servers/alexandria/variables.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
let
mkStringOption = default:
@ -18,12 +18,11 @@ in {
librespeed = mkStringOption "8003";
paperless = mkStringOption "8004";
shiori = mkStringOption "8005";
syncthing = mkStringOption "8006";
jellyfin = mkStringOption "8096";
cinny2 = mkStringOption "8006";
whoogle = mkStringOption "8007";
qbittorrent = mkStringOption "8008";
actual = mkStringOption "8009";
cinny2 = mkStringOption "8010";
jellyfin = mkStringOption "8096";
sonarr = mkStringOption "8989";
jackett = mkStringOption "9117";
};

22
hosts/servers/alexandria/vaultwarden.nix Normal file
View file

@ -0,0 +1,22 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bitwarden.baduhai.me";
SIGNUPS_ALLOWED = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = "${config.ports.vaultwarden}";
};
};
nginx.virtualHosts."bitwarden.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}";
};
};
}

23
hosts/servers/alexandria/whoogle.nix Normal file
View file

@ -0,0 +1,23 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.oci-containers.containers."whoogle" = {
image = "benbusby/whoogle-search:latest";
environment = {
HTTPS_ONLY = "1";
WHOOGLE_CONFIG_LANGUAGE = "lang_en";
WHOOGLE_CONFIG_THEME = "system";
WHOOGLE_CONFIG_VIEW_IMAGE = "1";
WHOOGLE_CONFIG_GET_ONLY = "1";
};
ports = [ "${config.ports.whoogle}:5000" ];
extraOptions = [ "--pull=always" ];
};
services.nginx.virtualHosts."whoogle.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.whoogle}";
};
}

2
hosts/servers/common/boot.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
boot.kernelPackages = pkgs.linuxPackages_hardened;

2
hosts/servers/common/nix.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{ inputs, config, pkgs, lib, ... }:
{
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;