From cfecfb8c1f8a0fff10b4306196059a117d899437 Mon Sep 17 00:00:00 2001 From: William Date: Sun, 8 Jun 2025 12:15:58 -0300 Subject: [PATCH] rearranging alexadira services --- hosts/modules/alexandria/cinny.nix | 23 ------ hosts/modules/alexandria/default.nix | 34 +------- hosts/modules/alexandria/forgejo.nix | 33 -------- hosts/modules/alexandria/jellyfin.nix | 19 ----- hosts/modules/alexandria/librespeed.nix | 22 ----- hosts/modules/alexandria/memos.nix | 23 ------ hosts/modules/alexandria/networking.nix | 5 ++ hosts/modules/alexandria/nginx.nix | 37 --------- hosts/modules/alexandria/searx.nix | 28 ------- hosts/modules/alexandria/services.nix | 100 ++++++++++++++++++++++- hosts/modules/alexandria/vaultwarden.nix | 22 ----- 11 files changed, 104 insertions(+), 242 deletions(-) delete mode 100644 hosts/modules/alexandria/cinny.nix delete mode 100644 hosts/modules/alexandria/forgejo.nix delete mode 100644 hosts/modules/alexandria/jellyfin.nix delete mode 100644 hosts/modules/alexandria/librespeed.nix delete mode 100644 hosts/modules/alexandria/memos.nix delete mode 100644 hosts/modules/alexandria/nginx.nix delete mode 100644 hosts/modules/alexandria/searx.nix delete mode 100644 hosts/modules/alexandria/vaultwarden.nix diff --git a/hosts/modules/alexandria/cinny.nix b/hosts/modules/alexandria/cinny.nix deleted file mode 100644 index fc4770f..0000000 --- a/hosts/modules/alexandria/cinny.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: - -{ - virtualisation.oci-containers.containers."cinny" = { - image = "ghcr.io/cinnyapp/cinny:latest"; - ports = [ "${config.ports.cinny}:80" ]; - environment = { - TZ = "America/Bahia"; - }; - volumes = [ "/data/matrix/cinny-config.json:/app/config.json" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts."matrix.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.cinny}"; - }; -} diff --git a/hosts/modules/alexandria/default.nix b/hosts/modules/alexandria/default.nix index 64407bb..7016d1c 100644 --- a/hosts/modules/alexandria/default.nix +++ b/hosts/modules/alexandria/default.nix @@ -1,46 +1,14 @@ -{ lib, ... }: - -let - mkStringOption = - default: - lib.mkOption { - inherit default; - type = lib.types.str; - }; - -in +{ ... }: { imports = [ - ./cinny.nix ./forgejo.nix ./hardware-configuration.nix ./jellyfin.nix ./librespeed.nix - ./memos.nix ./nginx.nix - ./searx.nix ./services.nix ./users.nix ./vaultwarden.nix ]; - - options.ports = { - bazaar = mkStringOption "6767"; - radarr = mkStringOption "7878"; - vaultwarden = mkStringOption "8000"; - cinny = mkStringOption "8002"; - librespeed = mkStringOption "8003"; - paperless = mkStringOption "8004"; - yousable = mkStringOption "8005"; - cinny2 = mkStringOption "8006"; - searx = mkStringOption "8007"; - qbittorrent = mkStringOption "8008"; - actual = mkStringOption "8009"; - memos = mkStringOption "8010"; - collabora = mkStringOption "8011"; - jellyfin = mkStringOption "8096"; - sonarr = mkStringOption "8989"; - jackett = mkStringOption "9117"; - }; } diff --git a/hosts/modules/alexandria/forgejo.nix b/hosts/modules/alexandria/forgejo.nix deleted file mode 100644 index a51c050..0000000 --- a/hosts/modules/alexandria/forgejo.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: - -let - domain = "git.baduhai.dev"; -in - -{ - services = { - forgejo = { - enable = true; - repositoryRoot = "/data/forgejo"; - settings = { - session.COOKIE_SECURE = true; - server = { - PROTOCOL = "http+unix"; - DOMAIN = domain; - ROOT_URL = "https://${domain}"; - OFFLINE_MODE = true; # disable use of CDNs - SSH_DOMAIN = "baduhai.dev"; - }; - log.LEVEL = "Warn"; - mailer.ENABLED = false; - actions.ENABLED = false; - }; - }; - nginx.virtualHosts.${domain} = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; - }; - }; -} diff --git a/hosts/modules/alexandria/jellyfin.nix b/hosts/modules/alexandria/jellyfin.nix deleted file mode 100644 index 015f4aa..0000000 --- a/hosts/modules/alexandria/jellyfin.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, ... }: - -{ - services = { - jellyfin = { - enable = true; - user = "user"; - group = "hosted"; - openFirewall = true; - }; - - nginx.virtualHosts."jellyfin.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.jellyfin}"; - }; - }; -} diff --git a/hosts/modules/alexandria/librespeed.nix b/hosts/modules/alexandria/librespeed.nix deleted file mode 100644 index 6b830b7..0000000 --- a/hosts/modules/alexandria/librespeed.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, ... }: - -{ - virtualisation.oci-containers.containers."librespeed" = { - image = "lscr.io/linuxserver/librespeed:latest"; - environment = { - TZ = "America/Bahia"; - }; - ports = [ "${config.ports.librespeed}:80" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts."speed.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.librespeed}"; - }; -} diff --git a/hosts/modules/alexandria/memos.nix b/hosts/modules/alexandria/memos.nix deleted file mode 100644 index 2d41cc0..0000000 --- a/hosts/modules/alexandria/memos.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: - -{ - virtualisation.oci-containers.containers."memos" = { - image = "docker.io/neosmemo/memos:stable"; - ports = [ "${config.ports.memos}:5230" ]; - environment = { - TZ = "America/Bahia"; - }; - volumes = [ "/data/memos/:/var/opt/memos" ]; - extraOptions = [ - "--pull=newer" - "--label=io.containers.autoupdate=registry" - ]; - }; - - services.nginx.virtualHosts."notes.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.memos}"; - }; -} diff --git a/hosts/modules/alexandria/networking.nix b/hosts/modules/alexandria/networking.nix index 0d40f21..5bc8c2d 100644 --- a/hosts/modules/alexandria/networking.nix +++ b/hosts/modules/alexandria/networking.nix @@ -10,4 +10,9 @@ allowedUDPPorts = [ ]; }; }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; } diff --git a/hosts/modules/alexandria/nginx.nix b/hosts/modules/alexandria/nginx.nix deleted file mode 100644 index 5075bcf..0000000 --- a/hosts/modules/alexandria/nginx.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, ... }: - -{ - services.nginx = { - enable = true; - group = "hosted"; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - }; - - security.acme = { - acceptTerms = true; - defaults = { - email = "baduhai@proton.me"; - dnsResolver = "1.1.1.1:53"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflare.path; - }; - certs."baduhai.dev" = { - extraDomainNames = [ "*.baduhai.dev" ]; - }; - }; - - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; - - age.secrets.cloudflare = { - file = ../../../secrets/cloudflare.age; - owner = "nginx"; - group = "hosted"; - }; - -} diff --git a/hosts/modules/alexandria/searx.nix b/hosts/modules/alexandria/searx.nix deleted file mode 100644 index 94f3017..0000000 --- a/hosts/modules/alexandria/searx.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -{ - services = { - searx = { - enable = true; - package = pkgs.searxng; - settings.server = { - port = lib.toInt "${config.ports.searx}"; - bind_address = "0.0.0.0"; - secret_key = "&yEf!xLA@y3FdJ5BjKnUnNAkqer$iW!9"; - method = "GET"; - }; - }; - - nginx.virtualHosts."search.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.searx}"; - }; - }; -} diff --git a/hosts/modules/alexandria/services.nix b/hosts/modules/alexandria/services.nix index a9350f6..24495ac 100644 --- a/hosts/modules/alexandria/services.nix +++ b/hosts/modules/alexandria/services.nix @@ -1,7 +1,103 @@ -{ ... }: +{ config, lib, ... }: + +let + ports = { + vaultwarden = "8000"; + librespeed = "8001"; + jellyfin = "8096"; + }; +in { - services.postgresql.enable = true; + services = { + nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts = + let + commonVHostConfig = { + useACMEHost = "baduhai.dev"; + forceSSL = true; + kTLS = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonVHostConfig) { + "_".locations."/".return = "444"; + "git.baduhai.dev".locations."/".proxyPass = + "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; + "jellyfin.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.jellyfin}"; + "pass.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.vaultwarden}"; + "speedtest.baduhai.dev".locations."/".proxyPass = "http://127.0.0.1:${ports.librespeed}"; + }; + }; + + forgejo = { + enable = true; + repositoryRoot = "/data/forgejo"; + settings = { + session.COOKIE_SECURE = true; + server = { + PROTOCOL = "http+unix"; + DOMAIN = "git.baduhai.dev"; + ROOT_URL = "https://git.baduhai.dev"; + OFFLINE_MODE = true; # disable use of CDNs + SSH_DOMAIN = "baduhai.dev"; + }; + log.LEVEL = "Warn"; + mailer.ENABLED = false; + actions.ENABLED = false; + }; + }; + + jellyfin = { + enable = true; + openFirewall = true; + }; + + vaultwarden = { + enable = true; + config = { + DOMAIN = "https://pass.baduhai.dev"; + SIGNUPS_ALLOWED = false; + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = "${config.ports.vaultwarden}"; + }; + }; + }; + + virtualisation.oci-containers.containers."librespeed" = { + image = "lscr.io/linuxserver/librespeed:latest"; + environment = { + TZ = "America/Bahia"; + }; + ports = [ "${config.ports.librespeed}:80" ]; + extraOptions = [ + "--pull=newer" + "--label=io.containers.autoupdate=registry" + ]; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "baduhai@proton.me"; + dnsResolver = "1.1.1.1:53"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflare.path; + }; + certs."baduhai.dev" = { + extraDomainNames = [ "*.baduhai.dev" ]; + }; + }; + + age.secrets.cloudflare = { + file = ../../../secrets/cloudflare.age; + owner = "nginx"; + group = "hosted"; + }; # TODO: remove when bug fix # serokell/deploy-rs/issues/57 diff --git a/hosts/modules/alexandria/vaultwarden.nix b/hosts/modules/alexandria/vaultwarden.nix deleted file mode 100644 index 2207c08..0000000 --- a/hosts/modules/alexandria/vaultwarden.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, ... }: - -{ - services = { - vaultwarden = { - enable = true; - config = { - DOMAIN = "https://pass.baduhai.dev"; - SIGNUPS_ALLOWED = true; - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = "${config.ports.vaultwarden}"; - }; - }; - - nginx.virtualHosts."pass.baduhai.dev" = { - useACMEHost = "baduhai.dev"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://127.0.0.1:${config.ports.vaultwarden}"; - }; - }; -}