william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactor part 2

Browse source
This commit is contained in:
rotterdam 2023-04-06 09:45:01 -03:00
parent 7b819c69d1
commit 56f3c7e2b0
49 changed files with 385 additions and 358 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/common/boot.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
boot = { boot = {

23
hosts/common/console.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
console = { console = {
@ -23,25 +23,4 @@
"B48EAD" "B48EAD"
]; ];
}; };
i18n = {
consoleColors = [
"2E3440"
"3B4252"
"434C5E"
"4C566A"
"D8DEE9"
"E5E9F0"
"ECEFF4"
"8FBCBB"
"88C0D0"
"81A1C1"
"5E81AC"
"BF616A"
"D08770"
"EBCB8B"
"A3BE8C"
"B48EAD"
];
};
} }

2
hosts/common/default.nix
View file

@ -3,11 +3,13 @@
{ {
imports = [ imports = [
./boot.nix ./boot.nix
./console.nix
./locale.nix ./locale.nix
./networking.nix ./networking.nix
./nix.nix ./nix.nix
./packages.nix ./packages.nix
./services.nix ./services.nix
./users.nix ./users.nix
./virtualisation.nix
]; ];
} }

2
hosts/common/locale.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
time.timeZone = "America/Bahia"; time.timeZone = "America/Bahia";

2
hosts/common/networking.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
networking = { networking = {

2
hosts/common/nix.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
nix = { nix = {

2
hosts/common/packages.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;

2
hosts/common/services.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
services = { services = {

2
hosts/common/users.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
users.users = { users.users = {

5
hosts/common/virtualisation.nix Normal file
View file

@ -0,0 +1,5 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.podman.enable = true;
}

2
hosts/desktops/common/boot.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
boot = { boot = {

2
hosts/desktops/common/hardware.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
hardware = { hardware = {

2
hosts/desktops/common/nix.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath;

3
hosts/desktops/common/packages.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -33,7 +33,6 @@
mpv mpv
nixfmt nixfmt
nix-init nix-init
nix-your-shell
obs-studio obs-studio
p7zip p7zip
prismlauncher-qt5 prismlauncher-qt5

2
hosts/desktops/common/services.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
let let
plasma = pkgs.writeScriptBin "plasma" '' plasma = pkgs.writeScriptBin "plasma" ''

2
hosts/desktops/common/users.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
environment.sessionVariables = rec { environment.sessionVariables = rec {

3
hosts/desktops/common/virtualisation.nix
View file

@ -1,10 +1,9 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
virtualisation = { virtualisation = {
libvirtd.enable = true; libvirtd.enable = true;
waydroid.enable = true; waydroid.enable = true;
lxd.enable = true; lxd.enable = true;
docker.enable = true;
}; };
} }

2
hosts/desktops/io.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
imports = [ imports = [

2
hosts/desktops/io/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, pkgs, lib, modulesPath, ... }:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

2
hosts/desktops/rotterdam.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
imports = [ imports = [

2
hosts/desktops/rotterdam/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, pkgs, lib, modulesPath, ... }:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

2
hosts/servers/alexandria.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
imports = [ imports = [

17
hosts/servers/alexandria/actual.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.oci-containers.containers."actual" = {
image = "jlongster/actual-server:latest";
ports = [ "${config.ports.actual}:5006" ];
volumes = [ "/data/actual:/data" ];
extraOptions = [ "--pull=always" ];
};
services.nginx.virtualHosts."actual.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.actual}";
};
}

66
hosts/servers/alexandria/arr.nix Normal file
View file

@ -0,0 +1,66 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
bazarr = {
enable = true;
user = "user";
group = "hosted";
};
jackett.enable = true;
qbittorrent = {
enable = true;
user = "user";
group = "hosted";
port = lib.toInt "${config.ports.qbittorrent}";
};
radarr = {
enable = true;
user = "user";
group = "hosted";
};
sonarr = {
enable = true;
user = "user";
group = "hosted";
};
nginx.virtualHosts = {
"bazarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.bazaar}";
};
"jackett.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.jackett}";
};
"qbittorrent.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.qbittorrent}";
};
"radarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.radarr}";
};
"sonarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.sonarr}";
};
};
};
}

22
hosts/servers/alexandria/changedetection.nix Normal file
View file

@ -0,0 +1,22 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
changedetection-io = {
enable = true;
group = "hosted";
behindProxy = true;
datastorePath = "/data/changedetection";
port = lib.toInt "${config.ports.changedetection-io}";
baseURL = "https://detect.baduhai.me";
};
nginx.virtualHosts."detect.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.changedetection-io}";
};
};
}

17
hosts/servers/alexandria/cinny.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.oci-containers.containers."cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ "${config.ports.cinny}:80" ];
volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
extraOptions = [ "--pull=always" ];
};
services.nginx.virtualHosts."cinny.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}";
};
}

48
hosts/servers/alexandria/containerised.nix
View file

@ -1,48 +0,0 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
virtualisation = {
podman.enable = true;
oci-containers = {
backend = "podman";
containers = {
"actual" = {
image = "jlongster/actual-server:latest";
ports = [ "${config.ports.actual}:5006" ];
volumes = [ "/data/actual:/data" ];
extraOptions = [ "--pull=always" ];
};
"cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ "${config.ports.cinny}:80" ];
volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
extraOptions = [ "--pull=always" ];
};
"cinny2" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ "${config.ports.cinny2}:80" ];
volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
extraOptions = [ "--pull=always" ];
};
"librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = { TZ = "America/Bahia"; };
ports = [ "${config.ports.librespeed}:80" ];
extraOptions = [ "--pull=always" ];
};
"whoogle" = {
image = "benbusby/whoogle-search:latest";
environment = {
HTTPS_ONLY = "1";
WHOOGLE_CONFIG_LANGUAGE = "lang_en";
WHOOGLE_CONFIG_THEME = "system";
WHOOGLE_CONFIG_VIEW_IMAGE = "1";
WHOOGLE_CONFIG_GET_ONLY = "1";
};
ports = [ "${config.ports.whoogle}:5000" ];
extraOptions = [ "--pull=always" ];
};
};
};
};
}

11
hosts/servers/alexandria/default.nix
View file

@ -2,12 +2,21 @@
{ {
imports = [ imports = [
./containerised.nix ./actual.nix
./arr.nix
./changedetection.nix
./hardware-configuration.nix ./hardware-configuration.nix
./jellyfin.nix
./librespeed.nix
./matrix.nix ./matrix.nix
./minecraft.nix
./nginx.nix
./paperless.nix
./security.nix ./security.nix
./services.nix ./services.nix
./users.nix ./users.nix
./variables.nix ./variables.nix
./vaultwarden.nix
./whoogle.nix
]; ];
} }

2
hosts/servers/alexandria/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, pkgs, lib, modulesPath, ... }:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

19
hosts/servers/alexandria/jellyfin.nix Normal file
View file

@ -0,0 +1,19 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
jellyfin = {
enable = true;
user = "user";
group = "hosted";
openFirewall = true;
};
nginx.virtualHosts."jellyfin.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}";
};
};
}

17
hosts/servers/alexandria/librespeed.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.oci-containers.containers."librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = { TZ = "America/Bahia"; };
ports = [ "${config.ports.librespeed}:80" ];
extraOptions = [ "--pull=always" ];
};
services.nginx.virtualHosts."librespeed.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}";
};
}

71
hosts/servers/alexandria/matrix.nix
View file

@ -1,38 +1,47 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
services.matrix-conduit = { services = {
enable = true; matrix-conduit = {
extraEnvironment = { RUST_MIN_STACK = "16777216"; }; enable = true;
package = pkgs.unstable.matrix-conduit; extraEnvironment = { RUST_MIN_STACK = "16777216"; };
settings.global = { package = pkgs.unstable.matrix-conduit;
server_name = "baduhai.me"; settings.global = {
address = "127.0.0.1"; server_name = "baduhai.me";
port = 6167; address = "127.0.0.1";
max_request_size = 20000000; port = 6167;
allow_registration = true; max_request_size = 20000000;
allow_encryption = false; allow_registration = true;
allow_federation = false; allow_encryption = false;
allow_federation = false;
};
};
nginx.virtualHosts."matrix.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny2}";
locations."/_matrix/".proxyPass = "http://127.0.0.1:6167$request_uri";
locations."= /.well-known/matrix/client" = {
alias = pkgs.writeText "matrix-wk-client" ''
{ "m.homeserver": { "base_url": "https://matrix.baduhai.me" } }
'';
extraConfig = "add_header Access-Control-Allow-Origin *;";
};
locations."= /.well-known/matrix/server" = {
alias = pkgs.writeText "matrix-wk-server" ''
{ "m.server": "matrix.baduhai.me:443" }
'';
extraConfig = "add_header Access-Control-Allow-Origin *;";
};
}; };
}; };
services.nginx.virtualHosts."matrix.baduhai.me" = { virtualisation.oci-containers.containers."cinny2" = {
useACMEHost = "baduhai.me"; image = "ghcr.io/cinnyapp/cinny:latest";
forceSSL = true; ports = [ "${config.ports.cinny2}:80" ];
kTLS = true; volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ];
locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny2}"; extraOptions = [ "--pull=always" ];
locations."/_matrix/".proxyPass = "http://127.0.0.1:6167$request_uri";
locations."= /.well-known/matrix/client" = {
alias = pkgs.writeText "matrix-wk-client" ''
{ "m.homeserver": { "base_url": "https://matrix.baduhai.me" } }
'';
extraConfig = "add_header Access-Control-Allow-Origin *;";
};
locations."= /.well-known/matrix/server" = {
alias = pkgs.writeText "matrix-wk-server" ''
{ "m.server": "matrix.baduhai.me:443" }
'';
extraConfig = "add_header Access-Control-Allow-Origin *;";
};
}; };
} }

19
hosts/servers/alexandria/minecraft.nix Normal file
View file

@ -0,0 +1,19 @@
{ inputs, config, pkgs, lib, ... }:
{
services.minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
package = pkgs.papermc;
serverProperties = {
motd = "Bem-vindo a Alexandria";
difficulty = "hard";
gamemode = "survival";
online-mode = "false";
spawn-protection = "0";
};
dataDir = "/data/minecraft";
};
}

18
hosts/servers/alexandria/nginx.nix Normal file
View file

@ -0,0 +1,18 @@
{ inputs, config, pkgs, lib, ... }:
{
services.nginx = {
enable = true;
group = "hosted";
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
root = inputs.homepage;
};
};
}

28
hosts/servers/alexandria/paperless.nix Normal file
View file

@ -0,0 +1,28 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
paperless = {
enable = true;
dataDir = "/data/paperless/data";
mediaDir = "/data/paperless/media";
passwordFile = config.age.secrets.paperless-pass.path;
port = lib.toInt "${config.ports.paperless}";
consumptionDirIsPublic = true;
extraConfig = { PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; };
};
nginx.virtualHosts."paperless.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.paperless}";
};
};
age.secrets.paperless-pass = {
file = ../../../secrets/paperless-pass.age;
owner = "paperless";
group = "hosted";
};
}

2
hosts/servers/alexandria/security.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
age.secrets.cloudflare-creds = { age.secrets.cloudflare-creds = {

221
hosts/servers/alexandria/services.nix
View file

@ -1,221 +1,8 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
age.secrets = { services.postgresql.enable = true;
paperless-pass = {
file = ../../../secrets/paperless-pass.age;
owner = "paperless";
group = "hosted";
};
};
services = { # Workaround for upstream bug in NetworkManager-wait-online.service
bazarr = { systemd.services.NetworkManager-wait-online.enable = false;
enable = true;
user = "user";
group = "hosted";
};
changedetection-io = {
enable = true;
group = "hosted";
behindProxy = true;
datastorePath = "/data/changedetection";
port = lib.toInt "${config.ports.changedetection-io}";
baseURL = "https://detect.baduhai.me";
};
jackett.enable = true;
jellyfin = {
enable = true;
user = "user";
group = "hosted";
openFirewall = true;
};
minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
package = pkgs.papermc;
serverProperties = {
motd = "Bem-vindo a Alexandria";
difficulty = "hard";
gamemode = "survival";
online-mode = "false";
spawn-protection = "0";
};
dataDir = "/data/minecraft";
};
nginx = {
enable = true;
group = "hosted";
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
root = inputs.homepage;
};
"bazarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.bazaar}";
};
"bitwarden.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.vaultwarden}";
};
"cinny.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}";
};
"detect.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.changedetection-io}";
};
"jackett.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.jackett}";
};
"jellyfin.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}";
};
"actual.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.actual}";
};
"librespeed.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.librespeed}";
};
"n8n.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.n8n}";
};
"paperless.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.paperless}";
};
"qbittorrent.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.qbittorrent}";
};
"radarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.radarr}";
};
"shiori.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.shiori}";
};
"sonarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.sonarr}";
};
"sync.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass =
"http://127.0.0.1:${config.ports.syncthing}";
};
"whoogle.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.whoogle}";
};
};
};
paperless = {
enable = true;
dataDir = "/data/paperless/data";
mediaDir = "/data/paperless/media";
passwordFile = config.age.secrets.paperless-pass.path;
port = lib.toInt "${config.ports.paperless}";
consumptionDirIsPublic = true;
extraConfig = { PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; };
};
postgresql.enable = true;
qbittorrent = {
enable = true;
user = "user";
group = "hosted";
port = lib.toInt "${config.ports.qbittorrent}";
};
radarr = {
enable = true;
user = "user";
group = "hosted";
};
shiori = {
enable = true;
port = lib.toInt "${config.ports.shiori}";
};
sonarr = {
enable = true;
user = "user";
group = "hosted";
};
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bitwarden.baduhai.me";
SIGNUPS_ALLOWED = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = "${config.ports.vaultwarden}";
};
};
};
systemd.services.NetworkManager-wait-online.enable =
false; # Workaround for upstream bug in NetworkManager-wait-online.service
} }

17
hosts/servers/alexandria/shiori.nix Normal file
View file

@ -0,0 +1,17 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
shiori = {
enable = true;
port = lib.toInt "${config.ports.shiori}";
};
nginx.virtualHosts."shiori.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.shiori}";
};
};
}

2
hosts/servers/alexandria/users.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
users = { users = {

7
hosts/servers/alexandria/variables.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
let let
mkStringOption = default: mkStringOption = default:
@ -18,12 +18,11 @@ in {
librespeed = mkStringOption "8003"; librespeed = mkStringOption "8003";
paperless = mkStringOption "8004"; paperless = mkStringOption "8004";
shiori = mkStringOption "8005"; shiori = mkStringOption "8005";
syncthing = mkStringOption "8006"; cinny2 = mkStringOption "8006";
jellyfin = mkStringOption "8096";
whoogle = mkStringOption "8007"; whoogle = mkStringOption "8007";
qbittorrent = mkStringOption "8008"; qbittorrent = mkStringOption "8008";
actual = mkStringOption "8009"; actual = mkStringOption "8009";
cinny2 = mkStringOption "8010"; jellyfin = mkStringOption "8096";
sonarr = mkStringOption "8989"; sonarr = mkStringOption "8989";
jackett = mkStringOption "9117"; jackett = mkStringOption "9117";
}; };

22
hosts/servers/alexandria/vaultwarden.nix Normal file
View file

@ -0,0 +1,22 @@
{ inputs, config, pkgs, lib, ... }:
{
services = {
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bitwarden.baduhai.me";
SIGNUPS_ALLOWED = true;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = "${config.ports.vaultwarden}";
};
};
nginx.virtualHosts."bitwarden.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}";
};
};
}

23
hosts/servers/alexandria/whoogle.nix Normal file
View file

@ -0,0 +1,23 @@
{ inputs, config, pkgs, lib, ... }:
{
virtualisation.oci-containers.containers."whoogle" = {
image = "benbusby/whoogle-search:latest";
environment = {
HTTPS_ONLY = "1";
WHOOGLE_CONFIG_LANGUAGE = "lang_en";
WHOOGLE_CONFIG_THEME = "system";
WHOOGLE_CONFIG_VIEW_IMAGE = "1";
WHOOGLE_CONFIG_GET_ONLY = "1";
};
ports = [ "${config.ports.whoogle}:5000" ];
extraOptions = [ "--pull=always" ];
};
services.nginx.virtualHosts."whoogle.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${config.ports.whoogle}";
};
}

2
hosts/servers/common/boot.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
boot.kernelPackages = pkgs.linuxPackages_hardened; boot.kernelPackages = pkgs.linuxPackages_hardened;

2
hosts/servers/common/nix.nix
View file

@ -1,4 +1,4 @@
{ specialArgs, inputs, config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath;

12
secrets/secrets.nix
View file

@ -1,14 +1,16 @@
let let
io = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA"; io =
rotterdam = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7zAxgU8LNi5/O5XgoOcLKjbNMmO2S7jAuCI9Nr/V4v" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIrKJk5zWzWEHvLMPMK8T3PyeBjsCsqzxPN+OrXfhA";
rotterdam =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7zAxgU8LNi5/O5XgoOcLKjbNMmO2S7jAuCI9Nr/V4v";
desktops = [ io rotterdam ]; desktops = [ io rotterdam ];
alexandria = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA"; alexandria =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK95QueW+jp1ZmF299Xr3XkgHJ6dL7aZVsfWxqbOKVKA";
servers = [ alexandria ]; servers = [ alexandria ];
all-hosts = desktops ++ servers; all-hosts = desktops ++ servers;
in in {
{
"cloudflare-creds.age".publicKeys = all-hosts; "cloudflare-creds.age".publicKeys = all-hosts;
"paperless-pass.age".publicKeys = all-hosts; "paperless-pass.age".publicKeys = all-hosts;
} }

2
users/common/programs.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
programs = { programs = {

2
users/desktops/common/programs.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { inputs, config, pkgs, lib, ... }:
{ {
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

2
users/desktops/user.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { ... }:
{ {
imports = [ imports = [

2
users/servers/user.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { ... }:
{ {
imports = [ imports = [