jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

disabled all /mnt/pool dependent servers

Browse Source
This commit is contained in:
Danilo Reyes 2024-01-10 11:39:01 -06:00
parent dcc2d9a6c1
commit 0dbf16ac98
5 changed files with 443 additions and 439 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
server/configuration.org
View File

@ -824,7 +824,7 @@ services = {
settings = {
inotify = "yes";
media_dir = [
"/mnt/pool"
"/home/jawz/Backups/glue"
];
};
};
@ -905,11 +905,11 @@ systemd = {
myPkg = pkgs.qbittorrent-nox;
in [ myPkg ];
services = {
"qbittorrent-nox@jawz" = {
enable = true;
overrideStrategy = "asDropin";
wantedBy = [ "multi-user.target" ];
};
# "qbittorrent-nox@jawz" = {
# enable = true;
# overrideStrategy = "asDropin";
# wantedBy = [ "multi-user.target" ];
# };
# sub-sync = {
# restartIfChanged = true;
# description = "syncronizes subtitles downloaded & modified today";
@ -945,100 +945,100 @@ in [ myPkg ];
};
user = {
services = {
HentaiAtHome = {
enable = true;
restartIfChanged = true;
description = "Run hentai@home server";
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
WorkingDirectory="/mnt/disks/hnbox";
ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome";
};
};
unpackerr = {
enable = true;
restartIfChanged = true;
description = "Run unpackerr";
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
};
};
manage-library = {
enable = true;
restartIfChanged = true;
description = "Run the manage library bash script";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.nix
jawzManageLibrary
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzManageLibrary}/bin/manage-library";
};
};
tasks = {
restartIfChanged = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "default.target" ];
path = [
pkgs.bash
pkgs.nix
jawzTasks
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${jawzTasks}/bin/tasks";
};
};
qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
path = [
pkgs.python3
pkgs.pipenv
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${qbit_dir}/.venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml";
};
};
# HentaiAtHome = {
# enable = true;
# restartIfChanged = true;
# description = "Run hentai@home server";
# wantedBy = [ "default.target" ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 30;
# WorkingDirectory="/mnt/disks/hnbox";
# ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome";
# };
# };
# unpackerr = {
# enable = true;
# restartIfChanged = true;
# description = "Run unpackerr";
# wantedBy = [ "default.target" ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 30;
# ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
# };
# };
# manage-library = {
# enable = true;
# restartIfChanged = true;
# description = "Run the manage library bash script";
# wantedBy = [ "default.target" ];
# path = [
# pkgs.bash
# pkgs.nix
# jawzManageLibrary
# ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 30;
# ExecStart = "${jawzManageLibrary}/bin/manage-library";
# };
# };
# tasks = {
# restartIfChanged = true;
# description = "Run a tasks script which keeps a lot of things organized";
# wantedBy = [ "default.target" ];
# path = [
# pkgs.bash
# pkgs.nix
# jawzTasks
# ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 30;
# ExecStart = "${jawzTasks}/bin/tasks";
# };
# };
# qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in {
# restartIfChanged = true;
# description = "Tidy up my torrents";
# wantedBy = [ "default.target" ];
# path = [
# pkgs.python3
# pkgs.pipenv
# ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 30;
# ExecStart = "${qbit_dir}/.venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml";
# };
# };
};
timers = {
tasks = {
enable = true;
description = "Run a tasks script which keeps a lot of things organized";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
manage-library = {
enable = true;
description = "Run the manage library bash script";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "00:30";
};
};
qbit_manage = {
enable = true;
description = "Tidy up my torrents";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
# tasks = {
# enable = true;
# description = "Run a tasks script which keeps a lot of things organized";
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "*:0/10";
# };
# };
# manage-library = {
# enable = true;
# description = "Run the manage library bash script";
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "00:30";
# };
# };
# qbit_manage = {
# enable = true;
# description = "Tidy up my torrents";
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "*:0/10";
# };
# };
};
};
};

134
server/docker.nix
View File

@ -17,29 +17,29 @@
oci-containers = {
backend = "docker";
containers = {
collabora = {
autoStart = true;
image = "collabora/code";
imageFile = pkgs.dockerTools.pullImage {
imageName = "collabora/code";
imageDigest =
"sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
};
ports = [ "9980:9980" ];
environment = {
TZ = "America/Mexico_City";
domain = "cloud.servidos.lat";
aliasgroup1 = "cloud.servidos.lat:443";
aliasgroup2 = "cloud.rotehaare.art:443";
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = ''
--o:ssl.enable=false
--o:ssl.termination=true
'';
};
extraOptions = [ "--cap-add" "MKNOD" ];
};
# collabora = {
# autoStart = true;
# image = "collabora/code";
# imageFile = pkgs.dockerTools.pullImage {
# imageName = "collabora/code";
# imageDigest =
# "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
# sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
# };
# ports = [ "9980:9980" ];
# environment = {
# TZ = "America/Mexico_City";
# domain = "cloud.servidos.lat";
# aliasgroup1 = "cloud.servidos.lat:443";
# aliasgroup2 = "cloud.rotehaare.art:443";
# dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
# extra_params = ''
# --o:ssl.enable=false
# --o:ssl.termination=true
# '';
# };
# extraOptions = [ "--cap-add" "MKNOD" ];
# };
ryot = {
image = "ghcr.io/ignisda/ryot:latest";
ports = [ "8765:8000" ];
@ -66,8 +66,8 @@
PUID = "1000";
PGID = "100";
BASE_URL = "https://scrobble.servidos.lat";
JELLYFIN_USER = "jawz";
JELLYFIN_SERVER = "DaniloFlix";
# JELLYFIN_USER = "jawz";
# JELLYFIN_SERVER = "DaniloFlix";
DEEZER_CLIENT_ID = "657431";
DEEZER_CLIENT_SECRET = "cb2ad03682dd5a55dfef857388ef181e";
DEEZER_REDIRECT_URI = "http://192.168.1.69:9078/deezer/callback";
@ -104,11 +104,11 @@
"flame.icon" = "bookmark-music";
};
};
flaresolverr = {
autoStart = true;
image = "ghcr.io/flaresolverr/flaresolverr:latest";
ports = [ "8191:8191" ];
};
# flaresolverr = {
# autoStart = true;
# image = "ghcr.io/flaresolverr/flaresolverr:latest";
# ports = [ "8191:8191" ];
# };
flame = {
autoStart = true;
image = "pawelmalak/flame";
@ -136,30 +136,30 @@
PASSWORD = "RkawpqMc8lR56QyU7JSfiLhG";
};
};
lidarr = {
autoStart = true;
image = "lscr.io/linuxserver/lidarr:latest";
ports = [ "8686:8686" ];
environment = {
TZ = "America/Mexico_City";
PUID = "1000";
PGID = "100";
};
volumes = [
"/mnt/pool/multimedia:/data"
"/mnt/pool/multimedia/media/Music:/music"
"/mnt/pool/multimedia/media/MusicVideos:/music-videos"
"/var/lib/docker-configs/lidarr/files:/config"
"/var/lib/docker-configs/lidarr/custom-services.d:/custom-services.d"
"/var/lib/docker-configs/lidarr/custom-cont-init.d:/custom-cont-init.d"
];
labels = {
"flame.type" = "application";
"flame.name" = "Lidarr";
"flame.url" = "music.servidos.lat";
"flame.icon" = "music";
};
};
# lidarr = {
# autoStart = true;
# image = "lscr.io/linuxserver/lidarr:latest";
# ports = [ "8686:8686" ];
# environment = {
# TZ = "America/Mexico_City";
# PUID = "1000";
# PGID = "100";
# };
# volumes = [
# "/mnt/pool/multimedia:/data"
# "/mnt/pool/multimedia/media/Music:/music"
# "/mnt/pool/multimedia/media/MusicVideos:/music-videos"
# "/var/lib/docker-configs/lidarr/files:/config"
# "/var/lib/docker-configs/lidarr/custom-services.d:/custom-services.d"
# "/var/lib/docker-configs/lidarr/custom-cont-init.d:/custom-cont-init.d"
# ];
# labels = {
# "flame.type" = "application";
# "flame.name" = "Lidarr";
# "flame.url" = "music.servidos.lat";
# "flame.icon" = "music";
# };
# };
mealie = {
autoStart = true;
image = "ghcr.io/mealie-recipes/mealie:v1.0.0-RC2";
@ -189,19 +189,19 @@
"flame.icon" = "fridge";
};
};
go-vod = {
autoStart = true;
image = "radialapps/go-vod";
environment = {
TZ = "America/Mexico_City";
NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}";
NVIDIA_VISIBLE_DEVICES = "all";
};
volumes = [ "ncdata:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri" # VA-API (omit for NVENC)
];
};
# go-vod = {
# autoStart = true;
# image = "radialapps/go-vod";
# environment = {
# TZ = "America/Mexico_City";
# NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}";
# NVIDIA_VISIBLE_DEVICES = "all";
# };
# volumes = [ "ncdata:/var/www/html:ro" ];
# extraOptions = [
# "--device=/dev/dri" # VA-API (omit for NVENC)
# ];
# };
};
};
};

92
server/fstab.nix
View File

@ -18,26 +18,26 @@
device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921";
preLVM = true;
};
disk1 = {
device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
preLVM = true;
};
disk2 = {
device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
preLVM = true;
};
disk3 = {
device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
preLVM = true;
};
disk4 = {
device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d";
preLVM = true;
};
hnbox = {
device = "/dev/disk/by-uuid/c7dd2d5a-b0b3-46a0-aca9-3d4975c1f0bc";
preLVM = true;
};
# disk1 = {
# device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
# preLVM = true;
# };
# disk2 = {
# device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
# preLVM = true;
# };
# disk3 = {
# device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1";
# preLVM = true;
# };
# disk4 = {
# device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d";
# preLVM = true;
# };
# hnbox = {
# device = "/dev/disk/by-uuid/c7dd2d5a-b0b3-46a0-aca9-3d4975c1f0bc";
# preLVM = true;
# };
};
kernelModules = [ "kvm-intel" ];
kernel.sysctl = {
@ -82,22 +82,22 @@
"datacow"
];
};
"/mnt/pool" = {
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
fsType = "btrfs";
options = [
"subvol=@data"
"compress=zstd:3"
"space_cache=v2"
"commit=120"
"datacow"
];
};
"/mnt/disks/hnbox" = {
device = "/dev/mapper/hnbox";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
# "/mnt/pool" = {
# device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
# fsType = "btrfs";
# options = [
# "subvol=@data"
# "compress=zstd:3"
# "space_cache=v2"
# "commit=120"
# "datacow"
# ];
# };
# "/mnt/disks/hnbox" = {
# device = "/dev/mapper/hnbox";
# fsType = "btrfs";
# options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
# };
"/boot" = {
device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
fsType = "ext4";
@ -107,16 +107,16 @@
fsType = "vfat";
};
# NEXTCCLOUD
"/var/lib/nextcloud/data" = {
device = "/mnt/pool/nextcloud";
options = [ "bind" ];
depends = [ "/mnt/pool" ];
};
"/mnt/jellyfin/media" = {
device = "/mnt/pool/multimedia/media";
options = [ "bind" "ro" ];
depends = [ "/mnt/pool" ];
};
# "/var/lib/nextcloud/data" = {
# device = "/mnt/pool/nextcloud";
# options = [ "bind" ];
# depends = [ "/mnt/pool" ];
# };
# "/mnt/jellyfin/media" = {
# device = "/mnt/pool/multimedia/media";
# options = [ "bind" "ro" ];
# depends = [ "/mnt/pool" ];
# };
# NFS
"/export/pool" = {
device = "/mnt/pool";

242
server/nginx.nix
View File

@ -65,13 +65,13 @@ in {
'';
};
in {
"movies.${domain}" = proxyArr radarrPort // { };
"indexer.${domain}" = proxyArr prowlarrPort // { };
"music.${domain}" = proxyArr lidarrPort // { };
"library.${domain}" = proxy kavitaPort // { };
# "movies.${domain}" = proxyArr radarrPort // { };
# "indexer.${domain}" = proxyArr prowlarrPort // { };
# "music.${domain}" = proxyArr lidarrPort // { };
# "library.${domain}" = proxy kavitaPort // { };
"start.${domain}" = proxy flamePort // { };
"subs.${domain}" = proxy bazarrPort // { };
"series.${domain}" = proxy sonarrPort // { };
# "subs.${domain}" = proxy bazarrPort // { };
# "series.${domain}" = proxy sonarrPort // { };
"vault.${domain}" = proxy vaultPort // { };
"copy.${domain}" = proxy microbinPort // { };
"mealie.${domain}" = proxy mealiePort // { };
@ -96,128 +96,128 @@ in {
'';
};
};
"flix.${domain}" = {
forceSSL = true;
enableACME = true;
http2 = true;
extraConfig = ''
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address
resolver ${localhost} valid=30;
# "flix.${domain}" = {
# forceSSL = true;
# enableACME = true;
# http2 = true;
# extraConfig = ''
# # use a variable to store the upstream proxy
# # in this example we are using a hostname which is resolved via DNS
# # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address
# resolver ${localhost} valid=30;
location = / {
return 302 http://$host/web/;
#return 302 https://$host/web/;
}
# location = / {
# return 302 http://$host/web/;
# #return 302 https://$host/web/;
# }
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://${localhost}:${
toString (jellyfinPort)
}/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
'';
locations = {
"/" = {
proxyPass = "http://${localhost}:${toString (jellyfinPort)}";
proxyWebsockets = true;
};
"/socket" = {
proxyPass = "http://${localhost}:${toString (jellyfinPort)}";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
"~ /Items/(.*)/Images" = {
proxyPass = "http://${localhost}:${toString (jellyfinPort)}";
extraConfig = ''
proxy_cache jellyfin;
proxy_cache_revalidate on;
proxy_cache_lock on;
'';
};
"~* ^/Videos/(.*)/(?!live)" = {
proxyPass = "http://${localhost}:${toString (jellyfinPort)}";
extraConfig = ''
# Set size of a slice (this amount will be always requested from the backend by nginx)
# Higher value means more latency, lower more overhead
# This size is independent of the size clients/browsers can request
# slice 2m;
# location = /web/ {
# # Proxy main Jellyfin traffic
# proxy_pass http://${localhost}:${
# toString (jellyfinPort)
# }/web/index.html;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-Protocol $scheme;
# proxy_set_header X-Forwarded-Host $http_host;
# }
# '';
# locations = {
# "/" = {
# proxyPass = "http://${localhost}:${toString (jellyfinPort)}";
# proxyWebsockets = true;
# };
# "/socket" = {
# proxyPass = "http://${localhost}:${toString (jellyfinPort)}";
# extraConfig = ''
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# '';
# };
# "~ /Items/(.*)/Images" = {
# proxyPass = "http://${localhost}:${toString (jellyfinPort)}";
# extraConfig = ''
# proxy_cache jellyfin;
# proxy_cache_revalidate on;
# proxy_cache_lock on;
# '';
# };
# "~* ^/Videos/(.*)/(?!live)" = {
# proxyPass = "http://${localhost}:${toString (jellyfinPort)}";
# extraConfig = ''
# # Set size of a slice (this amount will be always requested from the backend by nginx)
# # Higher value means more latency, lower more overhead
# # This size is independent of the size clients/browsers can request
# # slice 2m;
proxy_cache jellyfin-videos;
proxy_cache_valid 200 206 301 302 30d;
proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_connect_timeout 15s;
proxy_http_version 1.1;
proxy_set_header Connection "";
# Transmit slice range to the backend
proxy_set_header Range 2m;
# proxy_cache jellyfin-videos;
# proxy_cache_valid 200 206 301 302 30d;
# proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires;
# proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
# proxy_connect_timeout 15s;
# proxy_http_version 1.1;
# proxy_set_header Connection "";
# # Transmit slice range to the backend
# proxy_set_header Range 2m;
# This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time
# The first client will trigger the download, the other clients will have to wait until the slice is cached
# Esp. practical during SyncPlay
proxy_cache_lock on;
proxy_cache_lock_age 60s;
# # This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time
# # The first client will trigger the download, the other clients will have to wait until the slice is cached
# # Esp. practical during SyncPlay
# proxy_cache_lock on;
# proxy_cache_lock_age 60s;
proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=2m";
# proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=2m";
# add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache
'';
};
};
};
${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
http2 = true;
serverAliases = [ "cloud.rotehaare.art" ];
locations = {
"/".proxyWebsockets = true;
# uh, equals what?
"~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
{ };
};
};
# # add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache
# '';
# };
# };
# };
# ${config.services.nextcloud.hostName} = {
# forceSSL = true;
# enableACME = true;
# http2 = true;
# serverAliases = [ "cloud.rotehaare.art" ];
# locations = {
# "/".proxyWebsockets = true;
# # uh, equals what?
# "~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
# { };
# };
# };
"collabora.${domain}" = let
collaboraString = "http://${localhost}:${toString (collaboraPort)}";
collaboraProxy = {
proxyPass = collaboraString;
extraConfig = ''
proxy_set_header Host $host;
'';
};
collaboraSocket = {
proxyPass = collaboraString;
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
};
in base {
# static files
"^~ /loleaflet" = collaboraProxy;
# WOPI discovery URL
"^~ /hosting/discovery" = collaboraProxy;
# Capabilities
"^~ /hosting/capabilities" = collaboraProxy;
# download, presentation, image upload and websocket
"~ ^/lool" = collaboraSocket;
# Admin Console websocket
"^~ /lool/adminws" = collaboraSocket;
};
# "collabora.${domain}" = let
# collaboraString = "http://${localhost}:${toString (collaboraPort)}";
# collaboraProxy = {
# proxyPass = collaboraString;
# extraConfig = ''
# proxy_set_header Host $host;
# '';
# };
# collaboraSocket = {
# proxyPass = collaboraString;
# extraConfig = ''
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_set_header Host $host;
# proxy_read_timeout 36000s;
# '';
# };
# in base {
# # static files
# "^~ /loleaflet" = collaboraProxy;
# # WOPI discovery URL
# "^~ /hosting/discovery" = collaboraProxy;
# # Capabilities
# "^~ /hosting/capabilities" = collaboraProxy;
# # download, presentation, image upload and websocket
# "~ ^/lool" = collaboraSocket;
# # Admin Console websocket
# "^~ /lool/adminws" = collaboraSocket;
# };
};
};
networking = {

218
server/servers.nix
View File

@ -45,41 +45,41 @@ in {
'')
];
users.groups = { piracy.gid = 985; };
users.users = let base = { isSystemUser = true; };
in {
prowlarr = base // { group = "piracy"; };
kavita = base // {
group = "kavita";
extraGroups = [ "piracy" ];
};
nextcloud = base // {
extraGroups = [ "render" ];
packages = (with pkgs; [
nodejs
(python3.withPackages (ps: with ps; [ tensorflow ]))
perl
(perlPackages.buildPerlPackage rec {
pname = "Image-ExifTool";
version = "12.70";
src = fetchurl {
url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4=";
};
})
]);
};
};
# users.users = let base = { isSystemUser = true; };
# in {
# # prowlarr = base // { group = "piracy"; };
# # kavita = base // {
# # group = "kavita";
# # extraGroups = [ "piracy" ];
# # };
# # nextcloud = base // {
# # extraGroups = [ "render" ];
# # packages = (with pkgs; [
# # nodejs
# # (python3.withPackages (ps: with ps; [ tensorflow ]))
# # perl
# # (perlPackages.buildPerlPackage rec {
# # pname = "Image-ExifTool";
# # version = "12.70";
# # src = fetchurl {
# # url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
# # hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4=";
# # };
# # })
# # ]);
# # };
# };
services = let
base = {
enable = true;
group = "piracy";
};
in {
sonarr = base // { package = pkgs.sonarr; };
radarr = base // { package = pkgs.radarr; };
bazarr = base // { };
jellyfin = base // { };
prowlarr.enable = true;
# sonarr = base // { package = pkgs.sonarr; };
# radarr = base // { package = pkgs.radarr; };
# bazarr = base // { };
# jellyfin = base // { };
# prowlarr.enable = true;
microbin = {
enable = true;
settings = {
@ -92,16 +92,16 @@ in {
MICROBIN_ENCRYPTION_SERVER_SIDE = true;
};
};
audiobookshelf = {
enable = true;
group = "piracy";
port = 5687;
};
# audiobookshelf = {
# enable = true;
# group = "piracy";
# port = 5687;
# };
paperless = {
enable = true;
address = "0.0.0.0";
consumptionDirIsPublic = true;
consumptionDir = "/mnt/pool/home/Scans";
consumptionDir = "/home/jawz/Backups/Scans";
extraConfig = {
PAPERLESS_DBENGINE = "postgress";
PAPERLESS_DBNAME = "paperless";
@ -134,76 +134,80 @@ in {
LOG_LEVEL = "warn";
};
};
kavita = {
enable = true;
tokenKeyFile = "${pkgs.writeText "kavitaToken"
"Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}";
};
nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud27;
appstoreEnable = true;
configureRedis = true;
extraAppsEnable = true;
enableImagemagick = true;
maxUploadSize = "16G";
hostName = "cloud.servidos.lat";
config = {
adminpassFile = "${pkgs.writeText "adminpass"
"Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
overwriteProtocol = "https";
defaultPhoneRegion = "MX";
dbtype = "pgsql";
dbhost = postgresSocket;
dbtableprefix = "oc_";
dbname = "nextcloud";
trustedProxies = [ "nginx" ];
extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ];
};
phpOptions = {
catch_workers_output = "yes";
display_errors = "stderr";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
expose_php = "Off";
"opcache.enable_cli" = "1";
"opcache.fast_shutdown" = "1";
"opcache.interned_strings_buffer" = "16";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "256M";
"opcache.max_accelerated_files" = "10000";
"opcache.huge_code_pages" = "1";
"opcache.enable_file_override" = "1";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "60";
"opcache.save_comments" = "1";
"opcache.validate_timestamps" = "0";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
short_open_tag = "Off";
};
extraOptions = {
"allow_local_remote_servers" = true;
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
"installed" = true;
"memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool";
enabledPreviewProviders = [
"OC\\Preview\\Image"
"OC\\Preview\\HEIC"
"OC\\Preview\\TIFF"
"OC\\Preview\\MKV"
"OC\\Preview\\MP4"
"OC\\Preview\\AVI"
"OC\\Preview\\Movie"
];
};
phpExtraExtensions = all: [ all.pdlib all.bz2 ];
};
# kavita = {
# enable = true;
# tokenKeyFile = "${pkgs.writeText "kavitaToken"
# "Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}";
# };
# nextcloud = {
# enable = true;
# https = true;
# package = pkgs.nextcloud27;
# appstoreEnable = true;
# configureRedis = true;
# extraAppsEnable = true;
# enableImagemagick = true;
# maxUploadSize = "16G";
# hostName = "cloud.servidos.lat";
# config = {
# adminpassFile = "${pkgs.writeText "adminpass"
# "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
# overwriteProtocol = "https";
# defaultPhoneRegion = "MX";
# dbtype = "pgsql";
# dbhost = postgresSocket;
# dbtableprefix = "oc_";
# dbname = "nextcloud";
# trustedProxies = [ "nginx" ];
# extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ];
# };
# phpOptions = {
# catch_workers_output = "yes";
# display_errors = "stderr";
# error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
# expose_php = "Off";
# "opcache.enable_cli" = "1";
# "opcache.fast_shutdown" = "1";
# "opcache.interned_strings_buffer" = "16";
# "opcache.jit" = "1255";
# "opcache.jit_buffer_size" = "256M";
# "opcache.max_accelerated_files" = "10000";
# "opcache.huge_code_pages" = "1";
# "opcache.enable_file_override" = "1";
# "opcache.memory_consumption" = "128";
# "opcache.revalidate_freq" = "60";
# "opcache.save_comments" = "1";
# "opcache.validate_timestamps" = "0";
# "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
# short_open_tag = "Off";
# };
# extraOptions = {
# "allow_local_remote_servers" = true;
# mail_smtpmode = "sendmail";
# mail_sendmailmode = "pipe";
# "installed" = true;
# "memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool";
# enabledPreviewProviders = [
# "OC\\Preview\\Image"
# "OC\\Preview\\HEIC"
# "OC\\Preview\\TIFF"
# "OC\\Preview\\MKV"
# "OC\\Preview\\MP4"
# "OC\\Preview\\AVI"
# "OC\\Preview\\Movie"
# ];
# };
# phpExtraExtensions = all: [ all.pdlib all.bz2 ];
# };
postgresql = {
enable = true;
ensureDatabases = [ "paperless" "nextcloud" "ryot" "vaultwarden" ];
ensureDatabases = [ "jawz" "paperless" "nextcloud" "ryot" "vaultwarden" ];
package = pkgs.postgresql_16;
ensureUsers = [
{
name = "jawz";
ensureDBOwnership = true;
}
{
name = "nextcloud";
ensureDBOwnership = true;
@ -245,12 +249,12 @@ in {
};
};
timers = {
nextcloud-cronjob = {
enable = true;
description = "Runs various nextcloud-related cronjobs";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*:0/10"; };
};
# nextcloud-cronjob = {
# enable = true;
# description = "Runs various nextcloud-related cronjobs";
# wantedBy = [ "timers.target" ];
# timerConfig = { OnCalendar = "*:0/10"; };
# };
};
user.services = {
update-dns = let