diff --git a/hosts/miniserver/configuration.nix b/hosts/miniserver/configuration.nix index f3028ab..fa30f23 100644 --- a/hosts/miniserver/configuration.nix +++ b/hosts/miniserver/configuration.nix @@ -26,6 +26,19 @@ find-dup-episodes.enable = true; update-dns.enable = true; }; + servers = { + jellyfin = { + enable = false; + enableCron = false; + }; + nextcloud = { + enable = false; + enableCron = false; + }; + collabora.enable = false; + go-vod.enable = false; + microbin.enable = true; + }; }; fonts.fontconfig.enable = true; networking = { diff --git a/hosts/miniserver/nginx.nix b/hosts/miniserver/nginx.nix index cce3cdf..451b0a7 100644 --- a/hosts/miniserver/nginx.nix +++ b/hosts/miniserver/nginx.nix @@ -25,7 +25,6 @@ let # kavitaPort = config.services.kavita.port; vaultPort = config.services.vaultwarden.config.ROCKET_PORT; audiobookPort = config.services.audiobookshelf.port; - microbinPort = config.services.microbin.settings.MICROBIN_PORT; in { services.nginx = { enable = true; @@ -66,7 +65,6 @@ in { # "subs.${domain}" = proxy bazarrPort // { }; # "series.${domain}" = proxy sonarrPort // { }; "vault.${domain}" = proxy vaultPort // { }; - "copy.${domain}" = proxy microbinPort // { }; "mealie.${domain}" = proxy mealiePort // { }; "tracker.${domain}" = proxy ryotPort // { }; "scrobble.${domain}" = proxy scrobblePort // { }; diff --git a/hosts/miniserver/servers.nix b/hosts/miniserver/servers.nix index c7a16c1..723ed5c 100644 --- a/hosts/miniserver/servers.nix +++ b/hosts/miniserver/servers.nix @@ -63,18 +63,6 @@ in { # mutableSettings = true; # openFirewall = true; # }; - microbin = { - enable = true; - settings = { - MICROBIN_HIDE_LOGO = false; - MICROBIN_PORT = 8080; - MICROBIN_HIGHLIGHTSYNTAX = true; - MICROBIN_PRIVATE = true; - MICROBIN_QR = true; - MICROBIN_ENCRYPTION_CLIENT_SIDE = true; - MICROBIN_ENCRYPTION_SERVER_SIDE = true; - }; - }; shiori = { enable = true; port = 4368; diff --git a/modules/servers.nix b/modules/servers.nix index 356df48..4473cc6 100644 --- a/modules/servers.nix +++ b/modules/servers.nix @@ -4,6 +4,31 @@ let enable = true; group = "piracy"; }; + proxy = locations: { + inherit locations; + forceSSL = true; + enableACME = true; + http2 = true; + }; + proxyReverse = port: + proxy { + "/".proxyPass = + "http://${config.my.servers.settings.localhost}:${toString port}/"; + }; + proxyReverseArr = port: + proxy port // { + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + + proxy_redirect off; + proxy_http_version 1.1; + ''; + }; enableDocker = lib.any (opt: opt) [ config.my.servers.collabora.enable config.my.servers.go-vod.enable @@ -12,11 +37,24 @@ in { imports = [ (import ./servers/jellyfin.nix { inherit lib config pkgs serviceBase; }) (import ./servers/nextcloud.nix { inherit lib config pkgs serviceBase; }) + (import ./servers/microbin.nix { inherit lib config proxyReverse; }) ]; options.my.servers.settings = { - localhost = "127.0.0.1"; - domain = "servidos.lat"; - postgresSocket = "/run/postgresql"; + localhost = lib.mkOption { + type = lib.types.str; + default = "127.0.0.1"; + description = "The localhost address."; + }; + domain = lib.mkOption { + type = lib.types.str; + default = "servidos.lat"; + description = "The domain name."; + }; + postgresSocket = lib.mkOption { + type = lib.types.str; + default = "/run/postgresql"; + description = "The PostgreSQL socket path."; + }; }; config = { my.servers = { @@ -30,17 +68,15 @@ in { }; collabora.enable = lib.mkDefault false; go-vod.enable = lib.mkDefault false; + microbin.enable = lib.mkDefault false; }; - virtualisation = lib.mkIf enableDocker { - oci-containers.backend = "docker"; - docker = { + virtualisation.docker = lib.mkIf enableDocker { + enable = true; + enableNvidia = true; + autoPrune = { enable = true; - enableNvidia = true; - autoPrune = { - enable = true; - flags = [ "--all" ]; - dates = "weekly"; - }; + flags = [ "--all" ]; + dates = "weekly"; }; }; }; diff --git a/modules/servers/docker.nix b/modules/servers/docker.nix deleted file mode 100644 index 43bad3e..0000000 --- a/modules/servers/docker.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: { - virtualization = { - oci-containers.backend = "docker"; - docker = { - enable = true; - enableNvidia = true; - autoPrune = { - enable = true; - flags = [ "--all" ]; - dates = "weekly"; - }; - }; - }; -} diff --git a/modules/servers/jellyfin.nix b/modules/servers/jellyfin.nix index 1bc69b5..50c9783 100644 --- a/modules/servers/jellyfin.nix +++ b/modules/servers/jellyfin.nix @@ -20,83 +20,81 @@ in { map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; } map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; } ''; - virtualHosts = { - "flix.${config.my.servers.settings.domain}" = { - forceSSL = true; - enableACME = true; - http2 = true; - extraConfig = '' - # use a variable to store the upstream proxy - # in this example we are using a hostname which is resolved via DNS - # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address - resolver ${localhost} valid=30; + virtualHosts."flix.${config.my.servers.settings.domain}" = { + forceSSL = true; + enableACME = true; + http2 = true; + extraConfig = '' + # use a variable to store the upstream proxy + # in this example we are using a hostname which is resolved via DNS + # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address + resolver ${localhost} valid=30; - location = / { - return 302 http://$host/web/; - #return 302 https://$host/web/; - } + location = / { + return 302 http://$host/web/; + #return 302 https://$host/web/; + } - location = /web/ { - # Proxy main Jellyfin traffic - proxy_pass http://${localhost}:${toString port}/web/index.html; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header X-Forwarded-Host $http_host; - } - ''; - locations = { - "/" = { - proxyPass = "http://${localhost}:${toString port}"; - proxyWebsockets = true; - }; - "/socket" = { - proxyPass = "http://${localhost}:${toString port}"; - extraConfig = '' - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - "~ /Items/(.*)/Images" = { - proxyPass = "http://${localhost}:${toString port}"; - extraConfig = '' - proxy_cache jellyfin; - proxy_cache_revalidate on; - proxy_cache_lock on; - ''; - }; - "~* ^/Videos/(.*)/(?!live)" = { - proxyPass = "http://${localhost}:${toString port}"; - extraConfig = '' - # Set size of a slice (this amount will be always requested from the backend by nginx) - # Higher value means more latency, lower more overhead - # This size is independent of the size clients/browsers can request - # slice 2m; + location = /web/ { + # Proxy main Jellyfin traffic + proxy_pass http://${localhost}:${toString port}/web/index.html; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + } + ''; + locations = { + "/" = { + proxyPass = "http://${localhost}:${toString port}"; + proxyWebsockets = true; + }; + "/socket" = { + proxyPass = "http://${localhost}:${toString port}"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; + "~ /Items/(.*)/Images" = { + proxyPass = "http://${localhost}:${toString port}"; + extraConfig = '' + proxy_cache jellyfin; + proxy_cache_revalidate on; + proxy_cache_lock on; + ''; + }; + "~* ^/Videos/(.*)/(?!live)" = { + proxyPass = "http://${localhost}:${toString port}"; + extraConfig = '' + # Set size of a slice (this amount will be always requested from the backend by nginx) + # Higher value means more latency, lower more overhead + # This size is independent of the size clients/browsers can request + # slice 2m; - proxy_cache jellyfin-videos; - proxy_cache_valid 200 206 301 302 30d; - proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires; - proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; - proxy_connect_timeout 15s; - proxy_http_version 1.1; - proxy_set_header Connection ""; - # Transmit slice range to the backend - proxy_set_header Range 2m; + proxy_cache jellyfin-videos; + proxy_cache_valid 200 206 301 302 30d; + proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires; + proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; + proxy_connect_timeout 15s; + proxy_http_version 1.1; + proxy_set_header Connection ""; + # Transmit slice range to the backend + proxy_set_header Range 2m; - # This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time - # The first client will trigger the download, the other clients will have to wait until the slice is cached - # Esp. practical during SyncPlay - proxy_cache_lock on; - proxy_cache_lock_age 60s; + # This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time + # The first client will trigger the download, the other clients will have to wait until the slice is cached + # Esp. practical during SyncPlay + proxy_cache_lock on; + proxy_cache_lock_age 60s; - proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=2m"; + proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=2m"; - # add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache - ''; - }; + # add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache + ''; }; }; }; diff --git a/modules/servers/microbin.nix b/modules/servers/microbin.nix new file mode 100644 index 0000000..fdf57c5 --- /dev/null +++ b/modules/servers/microbin.nix @@ -0,0 +1,29 @@ +{ lib, config, proxyReverse, ... }: +let port = config.services.microbin.settings.MICROBIN_PORT; +in { + options.my.servers.microbin = { + enable = lib.mkEnableOption "enable"; + enableCron = lib.mkEnableOption "enable"; + }; + config = lib.mkIf config.my.servers.microbin.enable { + services = { + microbin = { + enable = true; + settings = { + MICROBIN_HIDE_LOGO = false; + MICROBIN_PORT = 8080; + MICROBIN_HIGHLIGHTSYNTAX = true; + MICROBIN_PRIVATE = true; + MICROBIN_QR = true; + MICROBIN_ENCRYPTION_CLIENT_SIDE = true; + MICROBIN_ENCRYPTION_SERVER_SIDE = true; + }; + }; + nginx = { + enable = true; + virtualHosts."copy.${config.my.servers.settings.domain}" = + proxyReverse port // { }; + }; + }; + }; +} diff --git a/modules/servers/nextcloud.nix b/modules/servers/nextcloud.nix index caf66d4..c6a8eab 100644 --- a/modules/servers/nextcloud.nix +++ b/modules/servers/nextcloud.nix @@ -156,42 +156,45 @@ in { }; }; }; - virtualisation.oci-containers.containers = { - go-vod = lib.mkIf config.my.servers.go-vod.enable { - autoStart = true; - image = "radialapps/go-vod"; - environment = { - TZ = "America/Mexico_City"; - NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}"; - NVIDIA_VISIBLE_DEVICES = "all"; + virtualisation.oci-containers = { + backend = "docker"; + containers = { + go-vod = lib.mkIf config.my.servers.go-vod.enable { + autoStart = true; + image = "radialapps/go-vod"; + environment = { + TZ = "America/Mexico_City"; + NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}"; + NVIDIA_VISIBLE_DEVICES = "all"; + }; + volumes = [ "ncdata:/var/www/html:ro" ]; + extraOptions = [ + "--device=/dev/dri" # VA-API (omit for NVENC) + ]; }; - volumes = [ "ncdata:/var/www/html:ro" ]; - extraOptions = [ - "--device=/dev/dri" # VA-API (omit for NVENC) - ]; - }; - collabora = lib.mkIf config.my.servers.collabora.enable { - autoStart = true; - image = "collabora/code"; - imageFile = pkgs.dockerTools.pullImage { - imageName = "collabora/code"; - imageDigest = - "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f"; - sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs="; + collabora = lib.mkIf config.my.servers.collabora.enable { + autoStart = true; + image = "collabora/code"; + imageFile = pkgs.dockerTools.pullImage { + imageName = "collabora/code"; + imageDigest = + "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f"; + sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs="; + }; + ports = [ "9980:9980" ]; + environment = { + TZ = "America/Mexico_City"; + domain = "cloud.servidos.lat"; + aliasgroup1 = "cloud.servidos.lat:443"; + aliasgroup2 = "cloud.rotehaare.art:443"; + dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru"; + extra_params = '' + --o:ssl.enable=false + --o:ssl.termination=true + ''; + }; + extraOptions = [ "--cap-add" "MKNOD" ]; }; - ports = [ "9980:9980" ]; - environment = { - TZ = "America/Mexico_City"; - domain = "cloud.servidos.lat"; - aliasgroup1 = "cloud.servidos.lat:443"; - aliasgroup2 = "cloud.rotehaare.art:443"; - dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru"; - extra_params = '' - --o:ssl.enable=false - --o:ssl.termination=true - ''; - }; - extraOptions = [ "--cap-add" "MKNOD" ]; }; }; systemd = lib.mkIf config.my.servers.nextcloud.enableCron {