william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refacotring hosted services

Browse source
This commit is contained in:
baduhai 2023-01-02 12:21:04 -03:00
parent 94311e0784
commit 5f558d597d
7 changed files with 120 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -21,8 +21,6 @@
homepage = { url = "github:baduhai/homepage"; flake = false; }; homepage = { url = "github:baduhai/homepage"; flake = false; };
dotfiles = { url = "github:baduhai/dotfiles"; flake = false; }; dotfiles = { url = "github:baduhai/dotfiles"; flake = false; };
webui-aria2 = { url = "github:ziahamza/webui-aria2"; flake = false; };
}; };
outputs = inputs @ { self, nixpkgs, home-manager, nur, kmonad, nixpkgs-stable, home-manager-stable, deploy-rs, agenix, nixos-generators, homepage, dotfiles, ... }: { outputs = inputs @ { self, nixpkgs, home-manager, nur, kmonad, nixpkgs-stable, home-manager-stable, deploy-rs, agenix, nixos-generators, homepage, dotfiles, ... }: {

1
hosts/desktops/common/boot.nix
View file

@ -4,6 +4,7 @@
boot = { boot = {
plymouth.enable = true; plymouth.enable = true;
initrd.systemd.enable = true; initrd.systemd.enable = true;
supportedFilesystems = [ "ntfs" ];
loader.efi.efiSysMountPoint = "/boot/efi"; loader.efi.efiSysMountPoint = "/boot/efi";
kernelPackages = pkgs.linuxPackages_xanmod_latest; kernelPackages = pkgs.linuxPackages_xanmod_latest;
extraModprobeConfig = ''options bluetooth disable_ertm=1''; extraModprobeConfig = ''options bluetooth disable_ertm=1'';

1
hosts/servers/alexandria/default.nix
View file

@ -6,5 +6,6 @@
./hosted-services.nix ./hosted-services.nix
./security.nix ./security.nix
./users.nix ./users.nix
./services
]; ];
} }

156
hosts/servers/alexandria/hosted-services.nix
View file

@ -10,22 +10,6 @@
}; };
services = { services = {
nginx = {
enable = true;
group = "hosted";
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; root = inputs.homepage; };
"cinny.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8002"; };
"librespeed.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8003"; };
"sync.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8006"; };
"whoogle.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8007"; };
};
};
vaultwarden = { vaultwarden = {
enable = true; enable = true;
config = { config = {
@ -35,12 +19,6 @@
ROCKET_PORT = 8000; ROCKET_PORT = 8000;
}; };
}; };
nginx.virtualHosts."bitwarden.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
changedetection-io = { changedetection-io = {
enable = true; enable = true;
@ -50,23 +28,11 @@
port = 8001; port = 8001;
baseURL = "https://detect.baduhai.me"; baseURL = "https://detect.baduhai.me";
}; };
nginx.virtualHosts."detect.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.changedetection-io.port}";
};
jellyfin = { jellyfin = {
enable = true; enable = true;
group = "hosted"; group = "hosted";
}; };
nginx.virtualHosts."jellyfin.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:8096";
};
paperless = { paperless = {
enable = true; enable = true;
@ -79,82 +45,30 @@
PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; PAPERLESS_OCR_LANGUAGE = "eng+por+deu";
}; };
}; };
nginx.virtualHosts."paperless.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}";
};
shiori = { shiori = {
enable = true; enable = true;
port = 8005; port = 8005;
}; };
nginx.virtualHosts."shiori.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.shiori.port}";
};
radarr = { radarr = {
enable = true; enable = true;
group = "hosted"; group = "hosted";
}; };
nginx.virtualHosts."radarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:7878";
};
sonarr = { sonarr = {
enable = true; enable = true;
group = "hosted"; group = "hosted";
}; };
nginx.virtualHosts."sonarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:8989";
};
bazarr = { bazarr = {
enable = true; enable = true;
group = "hosted"; group = "hosted";
}; };
nginx.virtualHosts."bazarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:6767";
};
prowlarr.enable = true; prowlarr.enable = true;
nginx.virtualHosts."prowlarr.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:9696";
};
aria2 = {
enable = true;
downloadDir = "/data/aria";
};
nginx.virtualHosts."aria2.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
root = "${inputs.webui-aria2}/docs"; };
n8n.enable = true; n8n.enable = true;
nginx.virtualHosts."n8n.baduhai.me" = {
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://127.0.0.1:5678";
};
minecraft-server = { minecraft-server = {
enable = true; enable = true;
@ -170,74 +84,4 @@
dataDir = "/data/minecraft"; dataDir = "/data/minecraft";
}; };
}; };
virtualisation = {
docker.enable = true;
oci-containers = {
backend = "docker";
containers = {
"cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [
"8002:80"
];
extraOptions = [
"--pull=always"
];
};
"librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = {
TZ = "Europe/Berlin";
};
ports = [
"8003:80"
];
extraOptions = [
"--pull=always"
];
};
"syncthing" = {
image = "lscr.io/linuxserver/syncthing:1.20.4";
environment = {
PUID = "1000";
PGID = "100";
TZ = "Europe/Berlin";
};
volumes = [
"/data/syncthing/config:/config"
"/data/syncthing/data1:/data1"
"/data/syncthing/data2:/data2"
"/data/syncthing/notes:/sync/notes"
];
ports = [
"8006:8384"
"22000:22000"
"21027:21027/udp"
];
extraOptions = [
"--pull=always"
];
};
"whoogle" = {
image = "benbusby/whoogle-search:latest";
environment = {
HTTPS_ONLY = "1";
WHOOGLE_CONFIG_DISABLE = "1";
WHOOGLE_CONFIG_LANGUAGE = "lang_en";
WHOOGLE_CONFIG_SEARCH_LANGUAGE = "lang_en";
WHOOGLE_CONFIG_THEME = "system";
WHOOGLE_CONFIG_VIEW_IMAGE = "1";
WHOOGLE_CONFIG_GET_ONLY = "1";
};
ports = [
"8007:5000"
];
extraOptions = [
"--pull=always"
];
};
};
};
};
} }

72
hosts/servers/alexandria/services/containerised.nix Normal file
View file

@ -0,0 +1,72 @@
{ inputs, config, pkgs, libs, ... }:
{
virtualisation = {
docker.enable = true;
oci-containers = {
backend = "docker";
containers = {
"cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest";
ports = [
"8002:80"
];
extraOptions = [
"--pull=always"
];
};
"librespeed" = {
image = "lscr.io/linuxserver/librespeed:latest";
environment = {
TZ = "Europe/Berlin";
};
ports = [
"8003:80"
];
extraOptions = [
"--pull=always"
];
};
"syncthing" = {
image = "lscr.io/linuxserver/syncthing:1.20.4";
environment = {
PUID = "1000";
PGID = "100";
TZ = "Europe/Berlin";
};
volumes = [
"/data/syncthing/config:/config"
"/data/syncthing/data1:/data1"
"/data/syncthing/data2:/data2"
"/data/syncthing/notes:/sync/notes"
];
ports = [
"8006:8384"
"22000:22000"
"21027:21027/udp"
];
extraOptions = [
"--pull=always"
];
};
"whoogle" = {
image = "benbusby/whoogle-search:latest";
environment = {
HTTPS_ONLY = "1";
WHOOGLE_CONFIG_DISABLE = "1";
WHOOGLE_CONFIG_LANGUAGE = "lang_en";
WHOOGLE_CONFIG_THEME = "system";
WHOOGLE_CONFIG_VIEW_IMAGE = "1";
WHOOGLE_CONFIG_GET_ONLY = "1";
};
ports = [
"8007:5000"
];
extraOptions = [
"--pull=always"
];
};
};
};
};
}

13
hosts/servers/alexandria/services/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
let
N8N_PORT = "5678";
BAZAAR_PORT = "6767";
in
{
imports = [
./nginx.nix
./containerised.nix
];
}

33
hosts/servers/alexandria/services/nginx.nix Normal file
View file

@ -0,0 +1,33 @@
{ inputs, config, pkgs, libs, ... }:
{
services.nginx = {
enable = true;
group = "hosted";
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = let
useACMEHost = "baduhai.me";
forceSSL = true;
kTLS = true;
in {
"baduhai.me".root = inputs.homepage;
"bazarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:6767";
"bitwarden.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
"cinny.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8002";
"detect.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.changedetection-io.port}";
"jellyfin.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8096";
"librespeed.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8003";
"n8n.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${N8N_PORT}";
"paperless.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}";
"prowlarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:9696";
"radarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:7878";
"shiori.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.shiori.port}";
"sonarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8989";
"sync.baduhai.me"locations."/".proxyPass = "http://127.0.0.1:8006";
"whoogle.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8007";
};
};
}