diff --git a/flake.nix b/flake.nix index 6424e83..353369c 100644 --- a/flake.nix +++ b/flake.nix @@ -21,8 +21,6 @@ homepage = { url = "github:baduhai/homepage"; flake = false; }; dotfiles = { url = "github:baduhai/dotfiles"; flake = false; }; - - webui-aria2 = { url = "github:ziahamza/webui-aria2"; flake = false; }; }; outputs = inputs @ { self, nixpkgs, home-manager, nur, kmonad, nixpkgs-stable, home-manager-stable, deploy-rs, agenix, nixos-generators, homepage, dotfiles, ... }: { diff --git a/hosts/desktops/common/boot.nix b/hosts/desktops/common/boot.nix index 5604c56..c09f714 100644 --- a/hosts/desktops/common/boot.nix +++ b/hosts/desktops/common/boot.nix @@ -4,6 +4,7 @@ boot = { plymouth.enable = true; initrd.systemd.enable = true; + supportedFilesystems = [ "ntfs" ]; loader.efi.efiSysMountPoint = "/boot/efi"; kernelPackages = pkgs.linuxPackages_xanmod_latest; extraModprobeConfig = ''options bluetooth disable_ertm=1''; diff --git a/hosts/servers/alexandria/default.nix b/hosts/servers/alexandria/default.nix index 7930ab3..ac9cfa5 100644 --- a/hosts/servers/alexandria/default.nix +++ b/hosts/servers/alexandria/default.nix @@ -6,5 +6,6 @@ ./hosted-services.nix ./security.nix ./users.nix + ./services ]; } diff --git a/hosts/servers/alexandria/hosted-services.nix b/hosts/servers/alexandria/hosted-services.nix index 9e6549a..0bdfc18 100644 --- a/hosts/servers/alexandria/hosted-services.nix +++ b/hosts/servers/alexandria/hosted-services.nix @@ -10,22 +10,6 @@ }; services = { - nginx = { - enable = true; - group = "hosted"; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; root = inputs.homepage; }; - "cinny.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8002"; }; - "librespeed.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8003"; }; - "sync.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8006"; }; - "whoogle.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8007"; }; - }; - }; - vaultwarden = { enable = true; config = { @@ -35,12 +19,6 @@ ROCKET_PORT = 8000; }; }; - nginx.virtualHosts."bitwarden.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; - }; changedetection-io = { enable = true; @@ -50,23 +28,11 @@ port = 8001; baseURL = "https://detect.baduhai.me"; }; - nginx.virtualHosts."detect.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${toString config.services.changedetection-io.port}"; - }; jellyfin = { enable = true; group = "hosted"; }; - nginx.virtualHosts."jellyfin.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:8096"; - }; paperless = { enable = true; @@ -79,82 +45,30 @@ PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; }; }; - nginx.virtualHosts."paperless.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}"; - }; shiori = { enable = true; port = 8005; }; - nginx.virtualHosts."shiori.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${toString config.services.shiori.port}"; - }; radarr = { enable = true; group = "hosted"; }; - nginx.virtualHosts."radarr.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:7878"; - }; sonarr = { enable = true; group = "hosted"; }; - nginx.virtualHosts."sonarr.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:8989"; - }; bazarr = { enable = true; group = "hosted"; }; - nginx.virtualHosts."bazarr.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:6767"; - }; prowlarr.enable = true; - nginx.virtualHosts."prowlarr.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:9696"; - }; - - aria2 = { - enable = true; - downloadDir = "/data/aria"; - }; - nginx.virtualHosts."aria2.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - root = "${inputs.webui-aria2}/docs"; }; n8n.enable = true; - nginx.virtualHosts."n8n.baduhai.me" = { - useACMEHost = "baduhai.me"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:5678"; - }; minecraft-server = { enable = true; @@ -170,74 +84,4 @@ dataDir = "/data/minecraft"; }; }; - - virtualisation = { - docker.enable = true; - oci-containers = { - backend = "docker"; - containers = { - "cinny" = { - image = "ghcr.io/cinnyapp/cinny:latest"; - ports = [ - "8002:80" - ]; - extraOptions = [ - "--pull=always" - ]; - }; - "librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "Europe/Berlin"; - }; - ports = [ - "8003:80" - ]; - extraOptions = [ - "--pull=always" - ]; - }; - "syncthing" = { - image = "lscr.io/linuxserver/syncthing:1.20.4"; - environment = { - PUID = "1000"; - PGID = "100"; - TZ = "Europe/Berlin"; - }; - volumes = [ - "/data/syncthing/config:/config" - "/data/syncthing/data1:/data1" - "/data/syncthing/data2:/data2" - "/data/syncthing/notes:/sync/notes" - ]; - ports = [ - "8006:8384" - "22000:22000" - "21027:21027/udp" - ]; - extraOptions = [ - "--pull=always" - ]; - }; - "whoogle" = { - image = "benbusby/whoogle-search:latest"; - environment = { - HTTPS_ONLY = "1"; - WHOOGLE_CONFIG_DISABLE = "1"; - WHOOGLE_CONFIG_LANGUAGE = "lang_en"; - WHOOGLE_CONFIG_SEARCH_LANGUAGE = "lang_en"; - WHOOGLE_CONFIG_THEME = "system"; - WHOOGLE_CONFIG_VIEW_IMAGE = "1"; - WHOOGLE_CONFIG_GET_ONLY = "1"; - }; - ports = [ - "8007:5000" - ]; - extraOptions = [ - "--pull=always" - ]; - }; - }; - }; - }; } diff --git a/hosts/servers/alexandria/services/containerised.nix b/hosts/servers/alexandria/services/containerised.nix new file mode 100644 index 0000000..4e7e4c5 --- /dev/null +++ b/hosts/servers/alexandria/services/containerised.nix @@ -0,0 +1,72 @@ +{ inputs, config, pkgs, libs, ... }: + +{ + virtualisation = { + docker.enable = true; + oci-containers = { + backend = "docker"; + containers = { + "cinny" = { + image = "ghcr.io/cinnyapp/cinny:latest"; + ports = [ + "8002:80" + ]; + extraOptions = [ + "--pull=always" + ]; + }; + "librespeed" = { + image = "lscr.io/linuxserver/librespeed:latest"; + environment = { + TZ = "Europe/Berlin"; + }; + ports = [ + "8003:80" + ]; + extraOptions = [ + "--pull=always" + ]; + }; + "syncthing" = { + image = "lscr.io/linuxserver/syncthing:1.20.4"; + environment = { + PUID = "1000"; + PGID = "100"; + TZ = "Europe/Berlin"; + }; + volumes = [ + "/data/syncthing/config:/config" + "/data/syncthing/data1:/data1" + "/data/syncthing/data2:/data2" + "/data/syncthing/notes:/sync/notes" + ]; + ports = [ + "8006:8384" + "22000:22000" + "21027:21027/udp" + ]; + extraOptions = [ + "--pull=always" + ]; + }; + "whoogle" = { + image = "benbusby/whoogle-search:latest"; + environment = { + HTTPS_ONLY = "1"; + WHOOGLE_CONFIG_DISABLE = "1"; + WHOOGLE_CONFIG_LANGUAGE = "lang_en"; + WHOOGLE_CONFIG_THEME = "system"; + WHOOGLE_CONFIG_VIEW_IMAGE = "1"; + WHOOGLE_CONFIG_GET_ONLY = "1"; + }; + ports = [ + "8007:5000" + ]; + extraOptions = [ + "--pull=always" + ]; + }; + }; + }; + }; +} diff --git a/hosts/servers/alexandria/services/default.nix b/hosts/servers/alexandria/services/default.nix new file mode 100644 index 0000000..aa9b96c --- /dev/null +++ b/hosts/servers/alexandria/services/default.nix @@ -0,0 +1,13 @@ +{ ... }: + +let + N8N_PORT = "5678"; + BAZAAR_PORT = "6767"; +in + +{ + imports = [ + ./nginx.nix + ./containerised.nix + ]; +} diff --git a/hosts/servers/alexandria/services/nginx.nix b/hosts/servers/alexandria/services/nginx.nix new file mode 100644 index 0000000..b8b308a --- /dev/null +++ b/hosts/servers/alexandria/services/nginx.nix @@ -0,0 +1,33 @@ +{ inputs, config, pkgs, libs, ... }: + +{ + services.nginx = { + enable = true; + group = "hosted"; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = let + useACMEHost = "baduhai.me"; + forceSSL = true; + kTLS = true; + in { + "baduhai.me".root = inputs.homepage; + "bazarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:6767"; + "bitwarden.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; + "cinny.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8002"; + "detect.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.changedetection-io.port}"; + "jellyfin.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8096"; + "librespeed.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8003"; + "n8n.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${N8N_PORT}"; + "paperless.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}"; + "prowlarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:9696"; + "radarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:7878"; + "shiori.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.shiori.port}"; + "sonarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8989"; + "sync.baduhai.me"locations."/".proxyPass = "http://127.0.0.1:8006"; + "whoogle.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8007"; + }; + }; +}