william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Added multiple services and a module

Browse source
This commit is contained in:
baduhai 2023-01-04 12:53:06 -03:00
parent 5f558d597d
commit 67faa4a5a8
12 changed files with 236 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -33,6 +33,7 @@
kmonad.nixosModules.default kmonad.nixosModules.default
agenix.nixosModule agenix.nixosModule
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
self.nixosModules.flood
{ nixpkgs.overlays = [ nur.overlay agenix.overlay ]; } { nixpkgs.overlays = [ nur.overlay agenix.overlay ]; }
]; ];
}; };
@ -64,6 +65,8 @@
}; };
}; };
nixosModules.flood = import ./modules/flood.nix;
packages.x86_64-linux = { packages.x86_64-linux = {
install-iso = nixos-generators.nixosGenerate { install-iso = nixos-generators.nixosGenerate {
system = "x86_64-linux"; system = "x86_64-linux";

1
hosts/servers/alexandria/default.nix
View file

@ -3,7 +3,6 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./hosted-services.nix
./security.nix ./security.nix
./users.nix ./users.nix
./services ./services

8
hosts/servers/alexandria/security.nix
View file

@ -1,10 +1,10 @@
{ config, pkgs, libs, ... }: { specialArgs, inputs, config, pkgs, lib, ... }:
{ {
age.secrets.cloudflare-creds = { age.secrets.cloudflare-creds = {
file = ../../../secrets/cloudflare-creds.age; file = ../../../secrets/cloudflare-creds.age;
owner = "nginx"; owner = "nginx";
group = "hosted"; group = "hosted";
}; };
security.acme = { security.acme = {

60
hosts/servers/alexandria/services/arr.nix Normal file
View file

@ -0,0 +1,60 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
services = {
transmission = {
enable = true;
group = "hosted";
settings = {
download-dir = "/data/torrent_storage/completed";
incomplete-dir = "/data/torrent_storage/incomplete";
incomplete-dir-enabled = true;
rpc-authentication-required = false;
rpc-host-whitelist-enabled = true;
rpc-whitelist-enabled = true;
peer-port = 57298;
speed-limit-down = 5000;
speed-limit-down-enabled = true;
speed-limit-up = 500;
speed-limit-up-enabled = true;
alt-speed-down = 5000;
alt-speed-enabled = false;
alt-speed-time-begin = 240;
alt-speed-time-day = 127;
alt-speed-time-enabled = true;
alt-speed-time-end = 480;
alt-speed-up = 1500;
utp-enabled = false;
};
};
flood = {
enable = true;
user = "transmission";
group = "hosted";
port = "${config.ports.flood}";
};
jellyfin = {
enable = true;
group = "hosted";
};
radarr = {
enable = true;
group = "hosted";
};
sonarr = {
enable = true;
group = "hosted";
};
bazarr = {
enable = true;
group = "hosted";
};
prowlarr.enable = true;
};
}

10
hosts/servers/alexandria/services/containerised.nix
View file

@ -1,4 +1,4 @@
{ inputs, config, pkgs, libs, ... }: { specialArgs, inputs, config, pkgs, lib, ... }:
{ {
virtualisation = { virtualisation = {
@ -9,7 +9,7 @@
"cinny" = { "cinny" = {
image = "ghcr.io/cinnyapp/cinny:latest"; image = "ghcr.io/cinnyapp/cinny:latest";
ports = [ ports = [
"8002:80" "${config.ports.cinny}:80"
]; ];
extraOptions = [ extraOptions = [
"--pull=always" "--pull=always"
@ -21,7 +21,7 @@
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
ports = [ ports = [
"8003:80" "${config.ports.librespeed}:80"
]; ];
extraOptions = [ extraOptions = [
"--pull=always" "--pull=always"
@ -41,7 +41,7 @@
"/data/syncthing/notes:/sync/notes" "/data/syncthing/notes:/sync/notes"
]; ];
ports = [ ports = [
"8006:8384" "${config.ports.syncthing}:8384"
"22000:22000" "22000:22000"
"21027:21027/udp" "21027:21027/udp"
]; ];
@ -60,7 +60,7 @@
WHOOGLE_CONFIG_GET_ONLY = "1"; WHOOGLE_CONFIG_GET_ONLY = "1";
}; };
ports = [ ports = [
"8007:5000" "${config.ports.whoogle}:5000"
]; ];
extraOptions = [ extraOptions = [
"--pull=always" "--pull=always"

10
hosts/servers/alexandria/services/default.nix
View file

@ -1,13 +1,11 @@
{ ... }: { ... }:
let
N8N_PORT = "5678";
BAZAAR_PORT = "6767";
in
{ {
imports = [ imports = [
./nginx.nix
./containerised.nix ./containerised.nix
./variables.nix
./utility.nix
./nginx.nix
./arr.nix
]; ];
} }

17
hosts/servers/alexandria/services/gaming.nix Normal file
View file

@ -0,0 +1,17 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
{
services.minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
package = pkgs.papermc;
serverProperties = {
motd = "Bem-vindo a Alexandria";
difficulty = "hard";
gamemode = "survival";
};
dataDir = "/data/minecraft";
};
}

39
hosts/servers/alexandria/services/nginx.nix
View file

@ -1,4 +1,4 @@
{ inputs, config, pkgs, libs, ... }: { specialArgs, inputs, config, pkgs, lib, ... }:
{ {
services.nginx = { services.nginx = {
@ -8,26 +8,23 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = let virtualHosts = {
useACMEHost = "baduhai.me"; "baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; root = inputs.homepage; };
forceSSL = true; "bazarr.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.bazaar}"; };
kTLS = true; "bitwarden.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}"; };
in { "cinny.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}"; };
"baduhai.me".root = inputs.homepage; "detect.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.changedetection-io}"; };
"bazarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:6767"; "flood.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.flood}"; };
"bitwarden.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; "jellyfin.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}"; };
"cinny.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8002"; "librespeed.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}"; };
"detect.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.changedetection-io.port}"; "n8n.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.n8n}"; };
"jellyfin.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8096"; "paperless.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.paperless}"; };
"librespeed.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8003"; "prowlarr.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.prowlarr}"; };
"n8n.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${N8N_PORT}"; "radarr.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.radarr}"; };
"paperless.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}"; "shiori.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.shiori}"; };
"prowlarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:9696"; "sonarr.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.sonarr}"; };
"radarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:7878"; "sync.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.syncthing}"; };
"shiori.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:${toString config.services.shiori.port}"; "whoogle.baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:${config.ports.whoogle}"; };
"sonarr.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8989";
"sync.baduhai.me"locations."/".proxyPass = "http://127.0.0.1:8006";
"whoogle.baduhai.me".locations."/".proxyPass = "http://127.0.0.1:8007";
}; };
}; };
} }

46
hosts/servers/alexandria/hosted-services.nix → hosts/servers/alexandria/services/utility.nix
View file

@ -1,4 +1,4 @@
{ inputs, config, pkgs, libs, ... }: { specialArgs, inputs, config, pkgs, lib, ... }:
{ {
age.secrets = { age.secrets = {
@ -16,7 +16,7 @@
DOMAIN = "https://bitwarden.baduhai.me"; DOMAIN = "https://bitwarden.baduhai.me";
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1"; ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8000; ROCKET_PORT = "${config.ports.vaultwarden}";
}; };
}; };
@ -25,21 +25,16 @@
group = "hosted"; group = "hosted";
behindProxy = true; behindProxy = true;
datastorePath = "/data/changedetection"; datastorePath = "/data/changedetection";
port = 8001; port = "${config.ports.changedetection-io}";
baseURL = "https://detect.baduhai.me"; baseURL = "https://detect.baduhai.me";
}; };
jellyfin = {
enable = true;
group = "hosted";
};
paperless = { paperless = {
enable = true; enable = true;
dataDir = "/data/paperless/data"; dataDir = "/data/paperless/data";
mediaDir = "/data/paperless/media"; mediaDir = "/data/paperless/media";
passwordFile = config.age.secrets.paperless-pass.path; passwordFile = config.age.secrets.paperless-pass.path;
port = 8004; port = "${config.ports.paperless}";
consumptionDirIsPublic = true; consumptionDirIsPublic = true;
extraConfig = { extraConfig = {
PAPERLESS_OCR_LANGUAGE = "eng+por+deu"; PAPERLESS_OCR_LANGUAGE = "eng+por+deu";
@ -48,40 +43,9 @@
shiori = { shiori = {
enable = true; enable = true;
port = 8005; port = "${config.ports.shiori}";
}; };
radarr = {
enable = true;
group = "hosted";
};
sonarr = {
enable = true;
group = "hosted";
};
bazarr = {
enable = true;
group = "hosted";
};
prowlarr.enable = true;
n8n.enable = true; n8n.enable = true;
minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
package = pkgs.papermc;
serverProperties = {
motd = "Bem-vindo a Alexandria";
difficulty = "hard";
gamemode = "survival";
};
dataDir = "/data/minecraft";
};
}; };
} }

28
hosts/servers/alexandria/services/variables.nix Normal file
View file

@ -0,0 +1,28 @@
{ specialArgs, inputs, config, pkgs, lib, ... }:
let
mkStringOption = default: lib.mkOption {
inherit default;
type = lib.types.str;
};
in
{
options.ports = {
n8n = mkStringOption "5678";
bazaar = mkStringOption "6767";
radarr = mkStringOption "7878";
vaultwarden = mkStringOption "8000";
changedetection-io = mkStringOption "8001";
cinny = mkStringOption "8002";
librespeed = mkStringOption "8003";
paperless = mkStringOption "8004";
shiori = mkStringOption "8005";
syncthing = mkStringOption "8006";
jellyfin = mkStringOption "8096";
whoogle = mkStringOption "8007";
flood = mkStringOption "8008";
sonarr = mkStringOption "8989";
prowlarr = mkStringOption "9696";
};
}

2
hosts/servers/alexandria/users.nix
View file

@ -1,4 +1,4 @@
{ inputs, config, pkgs, libs, ... }: { specialArgs, inputs, config, pkgs, lib, ... }:
{ {
users = { users = {

91
modules/flood.nix Normal file
View file

@ -0,0 +1,91 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.services.flood;
in {
options = {
services.flood = {
enable = mkEnableOption (lib.mdDoc "Flood");
runDir = mkOption {
type = types.str;
default = "/var/lib/flood";
};
port = mkOption {
type = types.port;
default = 3030;
description = ''
The port for the Flood web interface
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Open ports in the firewall for the Flood web interface
'';
};
user = mkOption {
type = types.str;
default = "flood";
description = lib.mdDoc "User account under which Flood runs.";
};
group = mkOption {
type = types.str;
default = "flood";
description = lib.mdDoc "Group under which Flood runs.";
};
package = mkOption {
type = types.package;
default = pkgs.flood;
defaultText = literalExpression "pkgs.flood";
description = lib.mdDoc ''
Flood package to use.
'';
};
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules =
[ "d '${cfg.runDir}' 0700 ${cfg.user} ${cfg.group} - -" ];
systemd.services.flood = {
enable = true;
description = "Flood torrent UI";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = lib.concatStringsSep " " [
"${pkgs.flood}/bin/flood"
"--port ${toString cfg.port}"
"--host 0.0.0.0"
"--rundir ${cfg.runDir}"
];
User = cfg.user;
Group = cfg.group;
Restart = "on-failure";
};
};
networking.firewall =
mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.port ]; };
users.users = mkIf (cfg.user == "flood") {
flood = {
group = cfg.group;
home = cfg.runDir;
uid = config.ids.uids.flood;
};
};
users.groups =
mkIf (cfg.group == "flood") { flood.gid = config.ids.gids.flood; };
};
}