From 0dbf16ac98d71448f18c237011ce449f76c8356d Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Wed, 10 Jan 2024 11:39:01 -0600 Subject: [PATCH] disabled all /mnt/pool dependent servers --- server/configuration.org | 196 +++++++++++++++---------------- server/docker.nix | 134 +++++++++++----------- server/fstab.nix | 92 +++++++-------- server/nginx.nix | 242 +++++++++++++++++++-------------------- server/servers.nix | 218 ++++++++++++++++++----------------- 5 files changed, 443 insertions(+), 439 deletions(-) diff --git a/server/configuration.org b/server/configuration.org index 5ae6e32..eba76f5 100644 --- a/server/configuration.org +++ b/server/configuration.org @@ -824,7 +824,7 @@ services = { settings = { inotify = "yes"; media_dir = [ - "/mnt/pool" + "/home/jawz/Backups/glue" ]; }; }; @@ -905,11 +905,11 @@ systemd = { myPkg = pkgs.qbittorrent-nox; in [ myPkg ]; services = { - "qbittorrent-nox@jawz" = { - enable = true; - overrideStrategy = "asDropin"; - wantedBy = [ "multi-user.target" ]; - }; + # "qbittorrent-nox@jawz" = { + # enable = true; + # overrideStrategy = "asDropin"; + # wantedBy = [ "multi-user.target" ]; + # }; # sub-sync = { # restartIfChanged = true; # description = "syncronizes subtitles downloaded & modified today"; @@ -945,100 +945,100 @@ in [ myPkg ]; }; user = { services = { - HentaiAtHome = { - enable = true; - restartIfChanged = true; - description = "Run hentai@home server"; - wantedBy = [ "default.target" ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - WorkingDirectory="/mnt/disks/hnbox"; - ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome"; - }; - }; - unpackerr = { - enable = true; - restartIfChanged = true; - description = "Run unpackerr"; - wantedBy = [ "default.target" ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf"; - }; - }; - manage-library = { - enable = true; - restartIfChanged = true; - description = "Run the manage library bash script"; - wantedBy = [ "default.target" ]; - path = [ - pkgs.bash - pkgs.nix - jawzManageLibrary - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${jawzManageLibrary}/bin/manage-library"; - }; - }; - tasks = { - restartIfChanged = true; - description = "Run a tasks script which keeps a lot of things organized"; - wantedBy = [ "default.target" ]; - path = [ - pkgs.bash - pkgs.nix - jawzTasks - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${jawzTasks}/bin/tasks"; - }; - }; - qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in { - restartIfChanged = true; - description = "Tidy up my torrents"; - wantedBy = [ "default.target" ]; - path = [ - pkgs.python3 - pkgs.pipenv - ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 30; - ExecStart = "${qbit_dir}/.venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml"; - }; - }; + # HentaiAtHome = { + # enable = true; + # restartIfChanged = true; + # description = "Run hentai@home server"; + # wantedBy = [ "default.target" ]; + # serviceConfig = { + # Restart = "on-failure"; + # RestartSec = 30; + # WorkingDirectory="/mnt/disks/hnbox"; + # ExecStart = "${pkgs.HentaiAtHome}/bin/HentaiAtHome"; + # }; + # }; + # unpackerr = { + # enable = true; + # restartIfChanged = true; + # description = "Run unpackerr"; + # wantedBy = [ "default.target" ]; + # serviceConfig = { + # Restart = "on-failure"; + # RestartSec = 30; + # ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf"; + # }; + # }; + # manage-library = { + # enable = true; + # restartIfChanged = true; + # description = "Run the manage library bash script"; + # wantedBy = [ "default.target" ]; + # path = [ + # pkgs.bash + # pkgs.nix + # jawzManageLibrary + # ]; + # serviceConfig = { + # Restart = "on-failure"; + # RestartSec = 30; + # ExecStart = "${jawzManageLibrary}/bin/manage-library"; + # }; + # }; + # tasks = { + # restartIfChanged = true; + # description = "Run a tasks script which keeps a lot of things organized"; + # wantedBy = [ "default.target" ]; + # path = [ + # pkgs.bash + # pkgs.nix + # jawzTasks + # ]; + # serviceConfig = { + # Restart = "on-failure"; + # RestartSec = 30; + # ExecStart = "${jawzTasks}/bin/tasks"; + # }; + # }; + # qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage"; in { + # restartIfChanged = true; + # description = "Tidy up my torrents"; + # wantedBy = [ "default.target" ]; + # path = [ + # pkgs.python3 + # pkgs.pipenv + # ]; + # serviceConfig = { + # Restart = "on-failure"; + # RestartSec = 30; + # ExecStart = "${qbit_dir}/.venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml"; + # }; + # }; }; timers = { - tasks = { - enable = true; - description = "Run a tasks script which keeps a lot of things organized"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*:0/10"; - }; - }; - manage-library = { - enable = true; - description = "Run the manage library bash script"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "00:30"; - }; - }; - qbit_manage = { - enable = true; - description = "Tidy up my torrents"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "*:0/10"; - }; - }; + # tasks = { + # enable = true; + # description = "Run a tasks script which keeps a lot of things organized"; + # wantedBy = [ "timers.target" ]; + # timerConfig = { + # OnCalendar = "*:0/10"; + # }; + # }; + # manage-library = { + # enable = true; + # description = "Run the manage library bash script"; + # wantedBy = [ "timers.target" ]; + # timerConfig = { + # OnCalendar = "00:30"; + # }; + # }; + # qbit_manage = { + # enable = true; + # description = "Tidy up my torrents"; + # wantedBy = [ "timers.target" ]; + # timerConfig = { + # OnCalendar = "*:0/10"; + # }; + # }; }; }; }; diff --git a/server/docker.nix b/server/docker.nix index 5988eb3..d47ad98 100644 --- a/server/docker.nix +++ b/server/docker.nix @@ -17,29 +17,29 @@ oci-containers = { backend = "docker"; containers = { - collabora = { - autoStart = true; - image = "collabora/code"; - imageFile = pkgs.dockerTools.pullImage { - imageName = "collabora/code"; - imageDigest = - "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f"; - sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs="; - }; - ports = [ "9980:9980" ]; - environment = { - TZ = "America/Mexico_City"; - domain = "cloud.servidos.lat"; - aliasgroup1 = "cloud.servidos.lat:443"; - aliasgroup2 = "cloud.rotehaare.art:443"; - dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru"; - extra_params = '' - --o:ssl.enable=false - --o:ssl.termination=true - ''; - }; - extraOptions = [ "--cap-add" "MKNOD" ]; - }; + # collabora = { + # autoStart = true; + # image = "collabora/code"; + # imageFile = pkgs.dockerTools.pullImage { + # imageName = "collabora/code"; + # imageDigest = + # "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f"; + # sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs="; + # }; + # ports = [ "9980:9980" ]; + # environment = { + # TZ = "America/Mexico_City"; + # domain = "cloud.servidos.lat"; + # aliasgroup1 = "cloud.servidos.lat:443"; + # aliasgroup2 = "cloud.rotehaare.art:443"; + # dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru"; + # extra_params = '' + # --o:ssl.enable=false + # --o:ssl.termination=true + # ''; + # }; + # extraOptions = [ "--cap-add" "MKNOD" ]; + # }; ryot = { image = "ghcr.io/ignisda/ryot:latest"; ports = [ "8765:8000" ]; @@ -66,8 +66,8 @@ PUID = "1000"; PGID = "100"; BASE_URL = "https://scrobble.servidos.lat"; - JELLYFIN_USER = "jawz"; - JELLYFIN_SERVER = "DaniloFlix"; + # JELLYFIN_USER = "jawz"; + # JELLYFIN_SERVER = "DaniloFlix"; DEEZER_CLIENT_ID = "657431"; DEEZER_CLIENT_SECRET = "cb2ad03682dd5a55dfef857388ef181e"; DEEZER_REDIRECT_URI = "http://192.168.1.69:9078/deezer/callback"; @@ -104,11 +104,11 @@ "flame.icon" = "bookmark-music"; }; }; - flaresolverr = { - autoStart = true; - image = "ghcr.io/flaresolverr/flaresolverr:latest"; - ports = [ "8191:8191" ]; - }; + # flaresolverr = { + # autoStart = true; + # image = "ghcr.io/flaresolverr/flaresolverr:latest"; + # ports = [ "8191:8191" ]; + # }; flame = { autoStart = true; image = "pawelmalak/flame"; @@ -136,30 +136,30 @@ PASSWORD = "RkawpqMc8lR56QyU7JSfiLhG"; }; }; - lidarr = { - autoStart = true; - image = "lscr.io/linuxserver/lidarr:latest"; - ports = [ "8686:8686" ]; - environment = { - TZ = "America/Mexico_City"; - PUID = "1000"; - PGID = "100"; - }; - volumes = [ - "/mnt/pool/multimedia:/data" - "/mnt/pool/multimedia/media/Music:/music" - "/mnt/pool/multimedia/media/MusicVideos:/music-videos" - "/var/lib/docker-configs/lidarr/files:/config" - "/var/lib/docker-configs/lidarr/custom-services.d:/custom-services.d" - "/var/lib/docker-configs/lidarr/custom-cont-init.d:/custom-cont-init.d" - ]; - labels = { - "flame.type" = "application"; - "flame.name" = "Lidarr"; - "flame.url" = "music.servidos.lat"; - "flame.icon" = "music"; - }; - }; + # lidarr = { + # autoStart = true; + # image = "lscr.io/linuxserver/lidarr:latest"; + # ports = [ "8686:8686" ]; + # environment = { + # TZ = "America/Mexico_City"; + # PUID = "1000"; + # PGID = "100"; + # }; + # volumes = [ + # "/mnt/pool/multimedia:/data" + # "/mnt/pool/multimedia/media/Music:/music" + # "/mnt/pool/multimedia/media/MusicVideos:/music-videos" + # "/var/lib/docker-configs/lidarr/files:/config" + # "/var/lib/docker-configs/lidarr/custom-services.d:/custom-services.d" + # "/var/lib/docker-configs/lidarr/custom-cont-init.d:/custom-cont-init.d" + # ]; + # labels = { + # "flame.type" = "application"; + # "flame.name" = "Lidarr"; + # "flame.url" = "music.servidos.lat"; + # "flame.icon" = "music"; + # }; + # }; mealie = { autoStart = true; image = "ghcr.io/mealie-recipes/mealie:v1.0.0-RC2"; @@ -189,19 +189,19 @@ "flame.icon" = "fridge"; }; }; - go-vod = { - autoStart = true; - image = "radialapps/go-vod"; - environment = { - TZ = "America/Mexico_City"; - NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}"; - NVIDIA_VISIBLE_DEVICES = "all"; - }; - volumes = [ "ncdata:/var/www/html:ro" ]; - extraOptions = [ - "--device=/dev/dri" # VA-API (omit for NVENC) - ]; - }; + # go-vod = { + # autoStart = true; + # image = "radialapps/go-vod"; + # environment = { + # TZ = "America/Mexico_City"; + # NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}"; + # NVIDIA_VISIBLE_DEVICES = "all"; + # }; + # volumes = [ "ncdata:/var/www/html:ro" ]; + # extraOptions = [ + # "--device=/dev/dri" # VA-API (omit for NVENC) + # ]; + # }; }; }; }; diff --git a/server/fstab.nix b/server/fstab.nix index 5a44ec7..8838bd0 100644 --- a/server/fstab.nix +++ b/server/fstab.nix @@ -18,26 +18,26 @@ device = "/dev/disk/by-uuid/af72f45c-cf7c-4e7d-8eab-2a95ab754921"; preLVM = true; }; - disk1 = { - device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842"; - preLVM = true; - }; - disk2 = { - device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771"; - preLVM = true; - }; - disk3 = { - device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1"; - preLVM = true; - }; - disk4 = { - device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d"; - preLVM = true; - }; - hnbox = { - device = "/dev/disk/by-uuid/c7dd2d5a-b0b3-46a0-aca9-3d4975c1f0bc"; - preLVM = true; - }; + # disk1 = { + # device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842"; + # preLVM = true; + # }; + # disk2 = { + # device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771"; + # preLVM = true; + # }; + # disk3 = { + # device = "/dev/disk/by-uuid/8cd728f6-0d5b-4cea-8f7d-01aad11192c1"; + # preLVM = true; + # }; + # disk4 = { + # device = "/dev/disk/by-uuid/7fcac808-491f-4846-a4a9-a34cc77cb43d"; + # preLVM = true; + # }; + # hnbox = { + # device = "/dev/disk/by-uuid/c7dd2d5a-b0b3-46a0-aca9-3d4975c1f0bc"; + # preLVM = true; + # }; }; kernelModules = [ "kvm-intel" ]; kernel.sysctl = { @@ -82,22 +82,22 @@ "datacow" ]; }; - "/mnt/pool" = { - device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34"; - fsType = "btrfs"; - options = [ - "subvol=@data" - "compress=zstd:3" - "space_cache=v2" - "commit=120" - "datacow" - ]; - }; - "/mnt/disks/hnbox" = { - device = "/dev/mapper/hnbox"; - fsType = "btrfs"; - options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; - }; + # "/mnt/pool" = { + # device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34"; + # fsType = "btrfs"; + # options = [ + # "subvol=@data" + # "compress=zstd:3" + # "space_cache=v2" + # "commit=120" + # "datacow" + # ]; + # }; + # "/mnt/disks/hnbox" = { + # device = "/dev/mapper/hnbox"; + # fsType = "btrfs"; + # options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; + # }; "/boot" = { device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156"; fsType = "ext4"; @@ -107,16 +107,16 @@ fsType = "vfat"; }; # NEXTCCLOUD - "/var/lib/nextcloud/data" = { - device = "/mnt/pool/nextcloud"; - options = [ "bind" ]; - depends = [ "/mnt/pool" ]; - }; - "/mnt/jellyfin/media" = { - device = "/mnt/pool/multimedia/media"; - options = [ "bind" "ro" ]; - depends = [ "/mnt/pool" ]; - }; + # "/var/lib/nextcloud/data" = { + # device = "/mnt/pool/nextcloud"; + # options = [ "bind" ]; + # depends = [ "/mnt/pool" ]; + # }; + # "/mnt/jellyfin/media" = { + # device = "/mnt/pool/multimedia/media"; + # options = [ "bind" "ro" ]; + # depends = [ "/mnt/pool" ]; + # }; # NFS "/export/pool" = { device = "/mnt/pool"; diff --git a/server/nginx.nix b/server/nginx.nix index 6a9409a..830dc98 100644 --- a/server/nginx.nix +++ b/server/nginx.nix @@ -65,13 +65,13 @@ in { ''; }; in { - "movies.${domain}" = proxyArr radarrPort // { }; - "indexer.${domain}" = proxyArr prowlarrPort // { }; - "music.${domain}" = proxyArr lidarrPort // { }; - "library.${domain}" = proxy kavitaPort // { }; + # "movies.${domain}" = proxyArr radarrPort // { }; + # "indexer.${domain}" = proxyArr prowlarrPort // { }; + # "music.${domain}" = proxyArr lidarrPort // { }; + # "library.${domain}" = proxy kavitaPort // { }; "start.${domain}" = proxy flamePort // { }; - "subs.${domain}" = proxy bazarrPort // { }; - "series.${domain}" = proxy sonarrPort // { }; + # "subs.${domain}" = proxy bazarrPort // { }; + # "series.${domain}" = proxy sonarrPort // { }; "vault.${domain}" = proxy vaultPort // { }; "copy.${domain}" = proxy microbinPort // { }; "mealie.${domain}" = proxy mealiePort // { }; @@ -96,128 +96,128 @@ in { ''; }; }; - "flix.${domain}" = { - forceSSL = true; - enableACME = true; - http2 = true; - extraConfig = '' - # use a variable to store the upstream proxy - # in this example we are using a hostname which is resolved via DNS - # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address - resolver ${localhost} valid=30; + # "flix.${domain}" = { + # forceSSL = true; + # enableACME = true; + # http2 = true; + # extraConfig = '' + # # use a variable to store the upstream proxy + # # in this example we are using a hostname which is resolved via DNS + # # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address + # resolver ${localhost} valid=30; - location = / { - return 302 http://$host/web/; - #return 302 https://$host/web/; - } + # location = / { + # return 302 http://$host/web/; + # #return 302 https://$host/web/; + # } - location = /web/ { - # Proxy main Jellyfin traffic - proxy_pass http://${localhost}:${ - toString (jellyfinPort) - }/web/index.html; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - } - ''; - locations = { - "/" = { - proxyPass = "http://${localhost}:${toString (jellyfinPort)}"; - proxyWebsockets = true; - }; - "/socket" = { - proxyPass = "http://${localhost}:${toString (jellyfinPort)}"; - extraConfig = '' - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - "~ /Items/(.*)/Images" = { - proxyPass = "http://${localhost}:${toString (jellyfinPort)}"; - extraConfig = '' - proxy_cache jellyfin; - proxy_cache_revalidate on; - proxy_cache_lock on; - ''; - }; - "~* ^/Videos/(.*)/(?!live)" = { - proxyPass = "http://${localhost}:${toString (jellyfinPort)}"; - extraConfig = '' - # Set size of a slice (this amount will be always requested from the backend by nginx) - # Higher value means more latency, lower more overhead - # This size is independent of the size clients/browsers can request - # slice 2m; + # location = /web/ { + # # Proxy main Jellyfin traffic + # proxy_pass http://${localhost}:${ + # toString (jellyfinPort) + # }/web/index.html; + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # proxy_set_header X-Forwarded-Proto $scheme; + # proxy_set_header X-Forwarded-Protocol $scheme; + # proxy_set_header X-Forwarded-Host $http_host; + # } + # ''; + # locations = { + # "/" = { + # proxyPass = "http://${localhost}:${toString (jellyfinPort)}"; + # proxyWebsockets = true; + # }; + # "/socket" = { + # proxyPass = "http://${localhost}:${toString (jellyfinPort)}"; + # extraConfig = '' + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "upgrade"; + # ''; + # }; + # "~ /Items/(.*)/Images" = { + # proxyPass = "http://${localhost}:${toString (jellyfinPort)}"; + # extraConfig = '' + # proxy_cache jellyfin; + # proxy_cache_revalidate on; + # proxy_cache_lock on; + # ''; + # }; + # "~* ^/Videos/(.*)/(?!live)" = { + # proxyPass = "http://${localhost}:${toString (jellyfinPort)}"; + # extraConfig = '' + # # Set size of a slice (this amount will be always requested from the backend by nginx) + # # Higher value means more latency, lower more overhead + # # This size is independent of the size clients/browsers can request + # # slice 2m; - proxy_cache jellyfin-videos; - proxy_cache_valid 200 206 301 302 30d; - proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires; - proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; - proxy_connect_timeout 15s; - proxy_http_version 1.1; - proxy_set_header Connection ""; - # Transmit slice range to the backend - proxy_set_header Range 2m; + # proxy_cache jellyfin-videos; + # proxy_cache_valid 200 206 301 302 30d; + # proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires; + # proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; + # proxy_connect_timeout 15s; + # proxy_http_version 1.1; + # proxy_set_header Connection ""; + # # Transmit slice range to the backend + # proxy_set_header Range 2m; - # This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time - # The first client will trigger the download, the other clients will have to wait until the slice is cached - # Esp. practical during SyncPlay - proxy_cache_lock on; - proxy_cache_lock_age 60s; + # # This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time + # # The first client will trigger the download, the other clients will have to wait until the slice is cached + # # Esp. practical during SyncPlay + # proxy_cache_lock on; + # proxy_cache_lock_age 60s; - proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=2m"; + # proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=2m"; - # add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache - ''; - }; - }; - }; - ${config.services.nextcloud.hostName} = { - forceSSL = true; - enableACME = true; - http2 = true; - serverAliases = [ "cloud.rotehaare.art" ]; - locations = { - "/".proxyWebsockets = true; - # uh, equals what? - "~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" = - { }; - }; - }; + # # add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache + # ''; + # }; + # }; + # }; + # ${config.services.nextcloud.hostName} = { + # forceSSL = true; + # enableACME = true; + # http2 = true; + # serverAliases = [ "cloud.rotehaare.art" ]; + # locations = { + # "/".proxyWebsockets = true; + # # uh, equals what? + # "~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" = + # { }; + # }; + # }; - "collabora.${domain}" = let - collaboraString = "http://${localhost}:${toString (collaboraPort)}"; - collaboraProxy = { - proxyPass = collaboraString; - extraConfig = '' - proxy_set_header Host $host; - ''; - }; - collaboraSocket = { - proxyPass = collaboraString; - extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - proxy_set_header Host $host; - proxy_read_timeout 36000s; - ''; - }; - in base { - # static files - "^~ /loleaflet" = collaboraProxy; - # WOPI discovery URL - "^~ /hosting/discovery" = collaboraProxy; - # Capabilities - "^~ /hosting/capabilities" = collaboraProxy; - # download, presentation, image upload and websocket - "~ ^/lool" = collaboraSocket; - # Admin Console websocket - "^~ /lool/adminws" = collaboraSocket; - }; + # "collabora.${domain}" = let + # collaboraString = "http://${localhost}:${toString (collaboraPort)}"; + # collaboraProxy = { + # proxyPass = collaboraString; + # extraConfig = '' + # proxy_set_header Host $host; + # ''; + # }; + # collaboraSocket = { + # proxyPass = collaboraString; + # extraConfig = '' + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "Upgrade"; + # proxy_set_header Host $host; + # proxy_read_timeout 36000s; + # ''; + # }; + # in base { + # # static files + # "^~ /loleaflet" = collaboraProxy; + # # WOPI discovery URL + # "^~ /hosting/discovery" = collaboraProxy; + # # Capabilities + # "^~ /hosting/capabilities" = collaboraProxy; + # # download, presentation, image upload and websocket + # "~ ^/lool" = collaboraSocket; + # # Admin Console websocket + # "^~ /lool/adminws" = collaboraSocket; + # }; }; }; networking = { diff --git a/server/servers.nix b/server/servers.nix index dcec6f0..403811f 100644 --- a/server/servers.nix +++ b/server/servers.nix @@ -45,41 +45,41 @@ in { '') ]; users.groups = { piracy.gid = 985; }; - users.users = let base = { isSystemUser = true; }; - in { - prowlarr = base // { group = "piracy"; }; - kavita = base // { - group = "kavita"; - extraGroups = [ "piracy" ]; - }; - nextcloud = base // { - extraGroups = [ "render" ]; - packages = (with pkgs; [ - nodejs - (python3.withPackages (ps: with ps; [ tensorflow ])) - perl - (perlPackages.buildPerlPackage rec { - pname = "Image-ExifTool"; - version = "12.70"; - src = fetchurl { - url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz"; - hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4="; - }; - }) - ]); - }; - }; + # users.users = let base = { isSystemUser = true; }; + # in { + # # prowlarr = base // { group = "piracy"; }; + # # kavita = base // { + # # group = "kavita"; + # # extraGroups = [ "piracy" ]; + # # }; + # # nextcloud = base // { + # # extraGroups = [ "render" ]; + # # packages = (with pkgs; [ + # # nodejs + # # (python3.withPackages (ps: with ps; [ tensorflow ])) + # # perl + # # (perlPackages.buildPerlPackage rec { + # # pname = "Image-ExifTool"; + # # version = "12.70"; + # # src = fetchurl { + # # url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz"; + # # hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4="; + # # }; + # # }) + # # ]); + # # }; + # }; services = let base = { enable = true; group = "piracy"; }; in { - sonarr = base // { package = pkgs.sonarr; }; - radarr = base // { package = pkgs.radarr; }; - bazarr = base // { }; - jellyfin = base // { }; - prowlarr.enable = true; + # sonarr = base // { package = pkgs.sonarr; }; + # radarr = base // { package = pkgs.radarr; }; + # bazarr = base // { }; + # jellyfin = base // { }; + # prowlarr.enable = true; microbin = { enable = true; settings = { @@ -92,16 +92,16 @@ in { MICROBIN_ENCRYPTION_SERVER_SIDE = true; }; }; - audiobookshelf = { - enable = true; - group = "piracy"; - port = 5687; - }; + # audiobookshelf = { + # enable = true; + # group = "piracy"; + # port = 5687; + # }; paperless = { enable = true; address = "0.0.0.0"; consumptionDirIsPublic = true; - consumptionDir = "/mnt/pool/home/Scans"; + consumptionDir = "/home/jawz/Backups/Scans"; extraConfig = { PAPERLESS_DBENGINE = "postgress"; PAPERLESS_DBNAME = "paperless"; @@ -134,76 +134,80 @@ in { LOG_LEVEL = "warn"; }; }; - kavita = { - enable = true; - tokenKeyFile = "${pkgs.writeText "kavitaToken" - "Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}"; - }; - nextcloud = { - enable = true; - https = true; - package = pkgs.nextcloud27; - appstoreEnable = true; - configureRedis = true; - extraAppsEnable = true; - enableImagemagick = true; - maxUploadSize = "16G"; - hostName = "cloud.servidos.lat"; - config = { - adminpassFile = "${pkgs.writeText "adminpass" - "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}"; - overwriteProtocol = "https"; - defaultPhoneRegion = "MX"; - dbtype = "pgsql"; - dbhost = postgresSocket; - dbtableprefix = "oc_"; - dbname = "nextcloud"; - trustedProxies = [ "nginx" ]; - extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ]; - }; - phpOptions = { - catch_workers_output = "yes"; - display_errors = "stderr"; - error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; - expose_php = "Off"; - "opcache.enable_cli" = "1"; - "opcache.fast_shutdown" = "1"; - "opcache.interned_strings_buffer" = "16"; - "opcache.jit" = "1255"; - "opcache.jit_buffer_size" = "256M"; - "opcache.max_accelerated_files" = "10000"; - "opcache.huge_code_pages" = "1"; - "opcache.enable_file_override" = "1"; - "opcache.memory_consumption" = "128"; - "opcache.revalidate_freq" = "60"; - "opcache.save_comments" = "1"; - "opcache.validate_timestamps" = "0"; - "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; - short_open_tag = "Off"; - }; - extraOptions = { - "allow_local_remote_servers" = true; - mail_smtpmode = "sendmail"; - mail_sendmailmode = "pipe"; - "installed" = true; - "memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool"; - enabledPreviewProviders = [ - "OC\\Preview\\Image" - "OC\\Preview\\HEIC" - "OC\\Preview\\TIFF" - "OC\\Preview\\MKV" - "OC\\Preview\\MP4" - "OC\\Preview\\AVI" - "OC\\Preview\\Movie" - ]; - }; - phpExtraExtensions = all: [ all.pdlib all.bz2 ]; - }; + # kavita = { + # enable = true; + # tokenKeyFile = "${pkgs.writeText "kavitaToken" + # "Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}"; + # }; + # nextcloud = { + # enable = true; + # https = true; + # package = pkgs.nextcloud27; + # appstoreEnable = true; + # configureRedis = true; + # extraAppsEnable = true; + # enableImagemagick = true; + # maxUploadSize = "16G"; + # hostName = "cloud.servidos.lat"; + # config = { + # adminpassFile = "${pkgs.writeText "adminpass" + # "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}"; + # overwriteProtocol = "https"; + # defaultPhoneRegion = "MX"; + # dbtype = "pgsql"; + # dbhost = postgresSocket; + # dbtableprefix = "oc_"; + # dbname = "nextcloud"; + # trustedProxies = [ "nginx" ]; + # extraTrustedDomains = [ "cloud.rotehaare.art" "danilo-reyes.com" ]; + # }; + # phpOptions = { + # catch_workers_output = "yes"; + # display_errors = "stderr"; + # error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT"; + # expose_php = "Off"; + # "opcache.enable_cli" = "1"; + # "opcache.fast_shutdown" = "1"; + # "opcache.interned_strings_buffer" = "16"; + # "opcache.jit" = "1255"; + # "opcache.jit_buffer_size" = "256M"; + # "opcache.max_accelerated_files" = "10000"; + # "opcache.huge_code_pages" = "1"; + # "opcache.enable_file_override" = "1"; + # "opcache.memory_consumption" = "128"; + # "opcache.revalidate_freq" = "60"; + # "opcache.save_comments" = "1"; + # "opcache.validate_timestamps" = "0"; + # "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; + # short_open_tag = "Off"; + # }; + # extraOptions = { + # "allow_local_remote_servers" = true; + # mail_smtpmode = "sendmail"; + # mail_sendmailmode = "pipe"; + # "installed" = true; + # "memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool"; + # enabledPreviewProviders = [ + # "OC\\Preview\\Image" + # "OC\\Preview\\HEIC" + # "OC\\Preview\\TIFF" + # "OC\\Preview\\MKV" + # "OC\\Preview\\MP4" + # "OC\\Preview\\AVI" + # "OC\\Preview\\Movie" + # ]; + # }; + # phpExtraExtensions = all: [ all.pdlib all.bz2 ]; + # }; postgresql = { enable = true; - ensureDatabases = [ "paperless" "nextcloud" "ryot" "vaultwarden" ]; + ensureDatabases = [ "jawz" "paperless" "nextcloud" "ryot" "vaultwarden" ]; package = pkgs.postgresql_16; ensureUsers = [ + { + name = "jawz"; + ensureDBOwnership = true; + } { name = "nextcloud"; ensureDBOwnership = true; @@ -245,12 +249,12 @@ in { }; }; timers = { - nextcloud-cronjob = { - enable = true; - description = "Runs various nextcloud-related cronjobs"; - wantedBy = [ "timers.target" ]; - timerConfig = { OnCalendar = "*:0/10"; }; - }; + # nextcloud-cronjob = { + # enable = true; + # description = "Runs various nextcloud-related cronjobs"; + # wantedBy = [ "timers.target" ]; + # timerConfig = { OnCalendar = "*:0/10"; }; + # }; }; user.services = { update-dns = let