jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

masive rewriting and setup of server files

Browse Source
This commit is contained in:
Danilo Reyes
2024-09-28 23:10:03 -06:00
parent f9399c51fa
commit 9151ca5971
39 changed files with 756 additions and 556 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
modules/servers/audiobookshelf.nix
View File

@@ -10,14 +10,15 @@ let
in
{
options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;
config = lib.mkIf config.my.servers.audiobookshelf.enable {
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = {
audiobookshelf = {
audiobookshelf = lib.mkIf cfg.enable {
inherit (cfg) port;
enable = true;
group = "piracy";
port = cfg.port;
};
nginx.virtualHosts."${cfg.host}" = proxy {
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (proxy {
"/" = {
proxyPass = cfg.local;
extraConfig = ''
@@ -26,11 +27,11 @@ in
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_redirect http:// https://;
'';
};
};
});
};
};
}

16
modules/servers/bazarr.nix
View File

@@ -2,18 +2,24 @@
lib,
config,
proxyReverse,
setup,
...
}:
let
cfg = config.my.servers.bazarr;
in
{
options.my.servers.bazarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.bazarr.enable {
options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort;
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = {
bazarr = {
bazarr = lib.mkIf cfg.enable {
enable = true;
group = "piracy";
};
nginx.virtualHosts."subs.${config.my.domain}" =
proxyReverse config.services.bazarr.listenPort // { };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
};
}

21
modules/servers/firefly-iii.nix
View File

@@ -6,20 +6,13 @@
owner = config.users.users.firefly-iii.name;
inherit (config.users.users.firefly-iii) group;
};
services = {
nginx.virtualHosts."${config.services.firefly-iii.virtualHost}" = {
forceSSL = true;
enableACME = true;
};
firefly-iii = {
enable = true;
virtualHost = "money.servidos.lat";
enableNginx = true;
settings = {
APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path;
DB_HOST = config.my.postgresSocket;
DB_CONNECTION = "pgsql";
};
services.firefly-iii = {
enable = true;
enableNginx = true;
settings = {
APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path;
DB_HOST = config.my.postgresSocket;
DB_CONNECTION = "pgsql";
};
};
};

38
modules/servers/flame.nix
View File

@@ -2,51 +2,59 @@
lib,
config,
proxyReverse,
setup,
...
}:
let
port = 5005;
portSecret = 5007;
cfg = config.my.servers.flame;
cfgS = config.my.servers.flameSecret;
enable = (cfg.enable || cfgS.enable);
in
{
options.my.servers = {
flame.enable = lib.mkEnableOption "enable";
flameSecret.enable = lib.mkEnableOption "enable";
flame = setup.mkOptions "flame" "start" 5005;
flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007;
};
config = lib.mkIf config.my.servers.flame.enable {
sops.secrets.flame.sopsFile = ../../secrets/env.yaml;
virtualisation.oci-containers.containers = {
flame = {
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal || !cfgS.isLocal) [
cfg.port
cfgS.port
];
sops.secrets = lib.mkIf enable { flame.sopsFile = ../../secrets/env.yaml; };
virtualisation.oci-containers.containers = lib.mkIf enable {
flame = lib.mkIf cfg.enable {
autoStart = true;
image = "pawelmalak/flame";
ports = [ "${toString port}:${toString port}" ];
ports = [ "${toString cfg.port}:${toString cfg.port}" ];
volumes = [
"${config.my.containerData}/flame:/app/data"
"${config.my.containerSocket}:${config.my.containerSocket}"
];
environmentFiles = [ config.sops.secrets.flame.path ];
environment = {
TZ = "America/Mexico_City";
TZ = config.my.timeZone;
PUID = "1000";
PGID = "100";
};
};
flame-nsfw = {
flame-nsfw = lib.mkIf cfgS.enable {
autoStart = true;
image = "pawelmalak/flame";
ports = [ "${toString portSecret}:${toString port}" ];
ports = [ "${toString cfgS.port}:${toString cfg.port}" ];
volumes = [ "${config.my.containerData}/flame-nsfw:/app/data" ];
environmentFiles = [ config.sops.secrets.flame.path ];
environment = {
TZ = "America/Mexico_City";
TZ = config.my.timeZone;
PUID = "1000";
PGID = "100";
};
};
};
services.nginx = {
virtualHosts."start.${config.my.domain}" = proxyReverse port // { };
virtualHosts."qampqwn4wprhqny8h8zj.${config.my.domain}" = proxyReverse portSecret // { };
virtualHosts = lib.mkIf (cfg.enableProxy || cfgS.enableProxy) {
"${cfg.host}" = proxyReverse cfg.hostName cfg.port // { };
"${cfgS.host}" = proxyReverse cfgS.hostName cfgS.port // { };
};
};
};
}

18
modules/servers/homepage.nix
View File

@@ -2,20 +2,22 @@
lib,
config,
proxyReverse,
setup,
...
}:
let
port = 8082;
services = import ./homepage/services.nix { inherit config lib; };
cfg = config.my.servers.homepage;
in
{
options.my.servers.homepage.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.homepage.enable {
sops.secrets.homepage.sopsFile = ../../secrets/env.yaml;
options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets = lib.mkIf cfg.enable { homepage.sopsFile = ../../secrets/env.yaml; };
services = {
homepage-dashboard = {
homepage-dashboard = lib.mkIf cfg.enable {
enable = true;
listenPort = port;
listenPort = cfg.port;
environmentFile = config.sops.secrets.homepage.path;
settings = {
layout = {
@@ -75,7 +77,9 @@ in
}
];
};
nginx.virtualHosts."home.${config.my.domain}" = proxyReverse port // { };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
};
}

140
modules/servers/homepage/services.nix
View File

@@ -1,25 +1,28 @@
{ config, lib, ... }:
{
audiobookshelf = lib.mkIf config.my.servers.audiobookshelf.enable {
icon = "${config.my.servers.audiobookshelf.name}.png";
href = config.my.servers.audiobookshelf.url;
widget = {
type = config.my.servers.audiobookshelf.name;
url = config.my.servers.audiobookshelf.url;
key = "{{HOMEPAGE_VAR_AUDIOBOOKSHELF}}";
audiobookshelf =
let
cfg = config.my.servers.audiobookshelf;
in
lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${cfg.name}.png";
href = cfg.url;
widget = {
inherit (cfg) url;
type = cfg.name;
key = "{{HOMEPAGE_VAR_AUDIOBOOKSHELF}}";
};
};
};
jellyfin =
let
name = "jellyfin";
url = "https://flix.servidos.lat";
cfg = config.my.servers.jellyfin;
in
{
icon = "${name}.png";
href = url;
lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${cfg.name}.png";
href = cfg.url;
widget = {
type = name;
url = url;
inherit (cfg) url;
type = cfg.name;
key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableUser = true;
enableBlocks = true;
@@ -28,15 +31,14 @@
};
"now playing" =
let
name = "jellyfin";
url = "https://flix.servidos.lat";
cfg = config.my.servers.jellyfin;
in
{
icon = "${name}.png";
href = url;
lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${cfg.name}.png";
href = cfg.url;
widget = {
type = name;
url = url;
inherit (cfg) url;
type = cfg.name;
key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableUser = true;
enableBlocks = false;
@@ -47,117 +49,111 @@
};
sonarr =
let
name = "sonarr";
url = "https://series.servidos.lat";
cfg = config.my.servers.sonarr;
in
{
icon = "${name}.png";
href = url;
lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${cfg.name}.png";
href = cfg.url;
widget = {
type = name;
url = url;
inherit (cfg) url;
type = cfg.name;
key = "{{HOMEPAGE_VAR_SONARR}}";
enableQueue = true;
};
};
radarr =
let
name = "radarr";
url = "https://movies.servidos.lat";
cfg = config.my.servers.radarr;
in
{
icon = "${name}.png";
href = url;
lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${cfg.name}.png";
href = cfg.url;
widget = {
type = name;
url = url;
inherit (cfg) url;
type = cfg.name;
key = "{{HOMEPAGE_VAR_RADARR}}";
enableQueue = true;
};
};
lidarr =
let
name = "lidarr";
url = "https://music.servidos.lat";
cfg = config.my.servers.lidarr;
in
{
icon = "${name}.png";
href = url;
lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${cfg.name}.png";
href = cfg.url;
widget = {
type = name;
url = url;
inherit (cfg) url;
type = cfg.name;
key = "{{HOMEPAGE_VAR_LIDARR}}";
};
};
prowlarr =
let
name = "prowlarr";
url = "https://indexer.servidos.lat";
cfg = config.my.servers.prowlarr;
in
{
icon = "${name}.png";
href = url;
lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${cfg.name}.png";
href = cfg.url;
widget = {
type = name;
url = url;
type = cfg.name;
inherit (cfg) url;
key = "{{HOMEPAGE_VAR_PROWLARR}}";
};
};
bazarr =
let
name = "bazarr";
url = "https://subs.servidos.lat";
cfg = config.my.servers.bazarr;
in
{
icon = "${name}.png";
href = url;
lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${cfg.name}.png";
href = cfg.url;
widget = {
type = name;
url = url;
type = cfg.name;
inherit (cfg) url;
key = "{{HOMEPAGE_VAR_BAZARR}}";
};
};
kavita =
let
name = "kavita";
url = "https://library.servidos.lat";
cfg = config.my.servers.kavita;
in
{
icon = "${name}.png";
href = url;
lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${cfg.name}.png";
href = cfg.url;
widget = {
type = name;
url = url;
type = cfg.name;
inherit (cfg) url;
username = "{{HOMEPAGE_VAR_KAVITA_USERNAME}}";
password = "{{HOMEPAGE_VAR_KAVITA_PASSWORD}}";
};
};
"qbittorrent server" =
let
url = "http://${config.my.ips.server}:${toString config.my.servers.qbittorrent.port}";
name = "qbittorrent";
url = "http://192.168.1.69:9091";
in
{
lib.mkIf config.my.servers.qbittorrent.enable {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
inherit url;
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
};
};
"qbittorrent miniserver" =
let
url = "http://${config.my.ips.miniserver}:${toString config.my.servers.qbittorrent.port}";
name = "qbittorrent";
url = "http://192.168.1.100:9091";
in
{
lib.mkIf config.my.servers.qbittorrent.enable {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
inherit url;
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
};
@@ -165,14 +161,14 @@
sabnzbd =
let
name = "sabnzbd";
url = "http://192.168.1.69:3399";
url = "http://${config.my.ips.server}:${toString config.my.servers.sabnzbd.port}";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
inherit url;
key = "{{HOMEPAGE_VAR_SABNZBD}}";
};
};

17
modules/servers/jellyfin.nix
View File

@@ -22,16 +22,19 @@ let
in
{
options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096;
config = lib.mkIf cfg.enable {
environment.systemPackages = [
pkgs.jellyfin-ffmpeg
] ++ (if cfg.enableCron then sub-sync-path else [ ]);
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
environment = {
systemPackages = lib.mkIf cfg.enable (
[ pkgs.jellyfin-ffmpeg ] ++ (if cfg.enableCron then sub-sync-path else [ ])
);
};
services = {
jellyfin = {
jellyfin = lib.mkIf cfg.enable {
enable = true;
group = "piracy";
};
nginx = {
nginx = lib.mkIf cfg.enableProxy {
appendHttpConfig = ''
# JELLYFIN
proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=1d max_size=35000m;
@@ -48,7 +51,7 @@ in
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address
resolver ${config.my.localhost} valid=30;
resolver ${cfg.ip} valid=30;
location = / {
return 302 http://$host/web/;

19
modules/servers/kavita.nix
View File

@@ -2,26 +2,33 @@
lib,
config,
proxyReverse,
setup,
...
}:
let
cfg = config.my.servers.kavita;
in
{
options.my.servers.kavita.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.kavita.enable {
sops.secrets.kavita-token = {
options.my.servers.kavita = setup.mkOptions "kavita" "library" config.services.kavita.settings.Port;
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets.kavita-token = lib.mkIf cfg.enable {
owner = config.users.users.kavita.name;
inherit (config.users.users.kavita) group;
};
users.users.kavita = {
users.users.kavita = lib.mkIf cfg.enable {
isSystemUser = true;
group = "kavita";
extraGroups = [ "piracy" ];
};
services = {
kavita = {
kavita = lib.mkIf cfg.enable {
enable = true;
tokenKeyFile = config.sops.secrets.kavita-token.path;
};
nginx.virtualHosts."library.${config.my.domain}" = proxyReverse config.services.kavita.port // { };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
};
}

21
modules/servers/lidarr.nix
View File

@@ -2,21 +2,22 @@
lib,
config,
proxyReverseArr,
setup,
...
}:
let
port = 8686;
url = "music.${config.my.domain}";
cfg = config.my.servers.lidarr;
in
{
options.my.servers.lidarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.lidarr.enable {
virtualisation.oci-containers.containers.lidarr = {
options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686;
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
virtualisation.oci-containers.containers.lidarr = lib.mkIf cfg.enable {
autoStart = true;
image = "lscr.io/linuxserver/lidarr:latest";
ports = [ "${toString port}:${toString port}" ];
ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environment = {
TZ = "America/Mexico_City";
TZ = config.my.timeZone;
PUID = "1000";
PGID = "100";
};
@@ -32,10 +33,12 @@ in
labels = {
"flame.type" = "application";
"flame.name" = "Lidarr";
"flame.url" = url;
"flame.url" = cfg.url;
"flame.icon" = "music";
};
};
services.nginx.virtualHosts."${url}" = proxyReverseArr port // { };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverseArr cfg.hostName cfg.port // { }
);
};
}

15
modules/servers/maloja.nix
View File

@@ -10,14 +10,15 @@ let
in
{
options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010;
config = lib.mkIf cfg.enable {
sops.secrets.maloja.sopsFile = ../../secrets/env.yaml;
virtualisation.oci-containers.containers.maloja = {
image = "krateng/maloja";
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets = lib.mkIf cfg.enable { maloja.sopsFile = ../../secrets/env.yaml; };
virtualisation.oci-containers.containers.maloja = lib.mkIf cfg.enable {
image = "krateng/maloja:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environmentFiles = [ config.sops.secrets.maloja.path ];
environment = {
TZ = "America/Mexico_City";
TZ = config.my.timeZone;
MALOJA_TIMEZONE = "-6";
PUID = "1000";
PGID = "100";
@@ -32,6 +33,8 @@ in
"flame.icon" = "bookmark-music";
};
};
services.nginx.virtualHosts."${cfg.host}" = proxyReverse cfg.port // { };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
}

61
modules/servers/mealie.nix
View File

@@ -2,44 +2,41 @@
lib,
config,
proxyReverse,
setup,
...
}:
let
port = 9925;
domain = "mealie.${config.my.domain}";
url = "https://${domain}";
cfg = config.my.servers.mealie;
in
{
options.my.servers.mealie.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.mealie.enable {
sops.secrets.mealie.sopsFile = ../../secrets/env.yaml;
virtualisation.oci-containers.containers.mealie = {
autoStart = true;
image = "ghcr.io/mealie-recipes/mealie:v1.4.0";
ports = [ "${toString port}:9000" ];
volumes = [ "${config.my.containerData}/mealie:/app/data/" ];
environmentFiles = [ config.sops.secrets.mealie.path ];
environment = {
TZ = "America/Mexico_City";
ALLOW_SIGNUP = "true";
PUID = "1000";
PGID = "100";
MAX_WORKERS = "1";
WEB_CONCURRENCY = "1";
BASE_URL = url;
SMTP_HOST = "smtp.gmail.com";
SMTP_PORT = "587";
};
extraOptions = [
"--memory=1g" # VA-API (omit for NVENC)
];
labels = {
"flame.type" = "application";
"flame.name" = "Mealie";
"flame.url" = url;
"flame.icon" = "fridge";
disabledModules = [ "services/web-apps/mealie.nix" ];
imports = [ ../../pkgs/mealie-service.nix ];
options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925;
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets = lib.mkIf cfg.enable { mealie.sopsFile = ../../secrets/env.yaml; };
services = {
mealie = lib.mkIf cfg.enable {
enable = true;
inherit (cfg) port;
settings = {
TZ = config.my.timeZone;
DEFAULT_GROUP = "Home";
BASE_URL = cfg.url;
API_DOCS = "false";
ALLOW_SIGNUP = "false";
DB_ENGINE = "postgres";
POSTGRES_URL_OVERRIDE = "postgresql://${cfg.name}:@/${cfg.name}?host=${config.my.postgresSocket}";
MAX_WORKERS = "1";
WEB_CONCURRENCY = "1";
SMTP_HOST = "smtp.gmail.com";
SMTP_PORT = "587";
};
credentialsFile = config.sops.secrets.mealie.path;
};
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
services.nginx.virtualHosts."${domain}" = proxyReverse port // { };
};
}

20
modules/servers/metube.nix
View File

@@ -2,26 +2,30 @@
lib,
config,
proxyReverse,
setup,
...
}:
let
port = 8881;
cfg = config.my.servers.metube;
in
{
options.my.servers.metube.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.metube.enable {
virtualisation.oci-containers.containers.metube = {
image = "ghcr.io/alexta69/metube";
ports = [ "${toString port}:8081" ];
options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881;
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
virtualisation.oci-containers.containers.metube = lib.mkIf cfg.enable {
image = "ghcr.io/alexta69/metube:latest";
ports = [ "${toString cfg.port}:8081" ];
volumes = [
"${config.my.containerData}/metube:/downloads"
"/home/jawz/.local/share/cookies.txt:/cookies.txt"
];
environment = {
TZ = "America/Mexico_City";
TZ = config.my.timeZone;
YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}'';
};
};
services.nginx.virtualHosts."bajameesta.${config.my.domain}" = proxyReverse port // { };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
}

19
modules/servers/microbin.nix
View File

@@ -2,20 +2,22 @@
lib,
config,
proxyReverse,
setup,
...
}:
let
cfg = config.my.servers.microbin;
in
{
options.my.servers.microbin = {
enable = lib.mkEnableOption "enable";
enableCron = lib.mkEnableOption "enable";
};
options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8080;
config = lib.mkIf config.my.servers.microbin.enable {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = {
microbin = {
microbin = lib.mkIf cfg.enable {
enable = true;
settings = {
MICROBIN_PORT = cfg.port;
MICROBIN_HIDE_LOGO = false;
MICROBIN_PORT = 8080;
MICROBIN_HIGHLIGHTSYNTAX = true;
MICROBIN_PRIVATE = true;
MICROBIN_QR = true;
@@ -23,8 +25,9 @@
MICROBIN_ENCRYPTION_SERVER_SIDE = true;
};
};
nginx.virtualHosts."copy.${config.my.domain}" =
proxyReverse config.services.microbin.settings.MICROBIN_PORT // { };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
};
}

15
modules/servers/multi-scrobbler.nix
View File

@@ -10,18 +10,19 @@ let
in
{
options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078;
config = lib.mkIf cfg.enable {
sops.secrets.multi-scrobbler.sopsFile = ../../secrets/env.yaml;
virtualisation.oci-containers.containers.multi-scrobbler = {
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets = lib.mkIf cfg.enable { multi-scrobbler.sopsFile = ../../secrets/env.yaml; };
virtualisation.oci-containers.containers.multi-scrobbler = lib.mkIf cfg.enable {
image = "foxxmd/multi-scrobbler:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environmentFiles = [ config.sops.secrets.multi-scrobbler.path ];
environment = {
TZ = "America/Mexico_City";
TZ = config.my.timeZone;
PUID = "1000";
PGID = "100";
BASE_URL = cfg.url;
DEEZER_REDIRECT_URI = "http://${config.my.miniserver-ip}:${toString cfg.port}/deezer/callback";
DEEZER_REDIRECT_URI = "http://${config.my.ips.${cfg.hostName}}:${toString cfg.port}/deezer/callback";
MALOJA_URL = config.my.servers.maloja.url;
WS_ENABLE = "true";
};
@@ -33,6 +34,8 @@ in
"flame.icon" = "broadcast";
};
};
services.nginx.virtualHosts."${cfg.host}" = proxyReverse cfg.port // { };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
}

37
modules/servers/nextcloud.nix
View File

@@ -2,13 +2,10 @@
lib,
config,
pkgs,
setup,
...
}:
let
inherit (config.my) localhost;
collaboraPort = 9980;
url = "cloud.${config.my.domain}";
collaboraProxy = "http://${localhost}:${toString collaboraPort}";
commonProxyConfig = ''
proxy_set_header Host $host;
'';
@@ -18,17 +15,16 @@ let
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
cfg = config.my.servers.nextcloud;
cfgC = config.my.servers.collabora;
in
{
options.my.servers = {
nextcloud = {
enable = lib.mkEnableOption "enable";
enableCron = lib.mkEnableOption "enable";
};
collabora.enable = lib.mkEnableOption "enable";
nextcloud = setup.mkOptions "nextcloud" "cloud" 80;
collabora = setup.mkOptions "collabora" "collabora" 9980;
go-vod.enable = lib.mkEnableOption "enable";
};
config = lib.mkIf (config.my.servers.nextcloud.enable && config.my.servers.postgres.enable) {
config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
sops.secrets = {
smtp-password = { };
nextcloud-adminpass = {
@@ -80,7 +76,7 @@ in
extraAppsEnable = true;
enableImagemagick = true;
maxUploadSize = "16G";
hostName = url;
hostName = cfg.host;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) calendar;
};
@@ -139,10 +135,9 @@ in
];
};
# phpExtraExtensions = all: [ all.pdlib all.bz2 ];
phpExtraExtensions = _all: [ ];
};
nginx.virtualHosts = {
${config.services.nextcloud.hostName} = {
"${config.services.nextcloud.hostName}" = lib.mkIf cfg.enableProxy {
forceSSL = true;
enableACME = true;
http2 = true;
@@ -153,34 +148,34 @@ in
{ };
};
};
"collabora.${config.my.domain}" = lib.mkIf config.my.servers.collabora.enable {
"${cfgC.host}" = lib.mkIf cfgC.enableProxy {
forceSSL = true;
enableACME = true;
http2 = true;
locations = {
# static files
"^~ /loleaflet" = {
proxyPass = collaboraProxy;
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# WOPI discovery URL
"^~ /hosting/discovery" = {
proxyPass = collaboraProxy;
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# Capabilities
"^~ /hosting/capabilities" = {
proxyPass = collaboraProxy;
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# download, presentation, image upload and websocket
"~ ^/lool" = {
proxyPass = collaboraProxy;
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Admin Console websocket
"^~ /lool/adminws" = {
proxyPass = collaboraProxy;
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
};
@@ -211,8 +206,8 @@ in
};
ports = [ "9980:9980" ];
environment = {
TZ = "America/Mexico_City";
domain = "cloud.servidos.lat";
TZ = config.my.timeZone;
domain = cfg.host;
aliasgroup1 = "cloud.servidos.lat:443";
aliasgroup2 = "cloud.rotehaare.art:443";
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";

8
modules/servers/paperless.nix
View File

@@ -2,6 +2,7 @@
{
options.my.servers.paperless.enable = lib.mkEnableOption "enable";
config = lib.mkIf (config.my.servers.paperless.enable && config.my.servers.postgres.enable) {
networking.firewall.allowedTCPPorts = [ config.services.paperless.port ];
services.paperless = {
enable = true;
address = "0.0.0.0";
@@ -11,21 +12,16 @@
PAPERLESS_DBENGINE = "postgress";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBHOST = config.my.postgresSocket;
PAPERLESS_TIME_ZONE = config.my.timeZone;
PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [
".DS_STORE/*"
"desktop.ini"
];
PAPERLESS_TIME_ZONE = "America/Mexico_City";
PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ config.services.paperless.port ];
allowedUDPPorts = [ config.services.paperless.port ];
};
};
}

1
modules/servers/postgres.nix
View File

@@ -31,6 +31,7 @@ let
"ryot"
"vaultwarden"
"shiori"
"mealie"
"firefly-iii"
];
in

19
modules/servers/prowlarr.nix
View File

@@ -2,20 +2,27 @@
lib,
config,
proxyReverseArr,
setup,
...
}:
let
cfg = config.my.servers.prowlarr;
in
{
options.my.servers.prowlarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.prowlarr.enable {
users.users.prowlarr = {
options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
users.users.prowlarr = lib.mkIf cfg.enable {
group = "piracy";
isSystemUser = true;
};
services = {
prowlarr.enable = true;
nginx.virtualHosts."indexer.${config.my.domain}" = proxyReverseArr 9696 // { };
prowlarr.enable = cfg.enable;
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverseArr cfg.hostName cfg.port // { }
);
};
virtualisation.oci-containers.containers.flaresolverr = {
virtualisation.oci-containers.containers.flaresolverr = lib.mkIf cfg.enable {
autoStart = true;
image = "ghcr.io/flaresolverr/flaresolverr:latest";
ports = [ "8191:8191" ];

32
modules/servers/qbittorrent.nix
View File

@@ -5,13 +5,6 @@
...
}:
let
port = 9091;
ports = [
port
51411
51412
51413
];
bencodepy = pkgs.python3Packages.buildPythonPackage {
pname = "bencodepy";
version = "0.9.5";
@@ -43,7 +36,14 @@ let
in
{
options.my.servers = {
qbittorrent.enable = lib.mkEnableOption "enable";
qbittorrent = {
enable = lib.mkEnableOption "enable";
port = lib.mkOption {
type = lib.types.int;
default = 9091;
description = "The port to access qbittorrent web-ui";
};
};
unpackerr.enable = lib.mkEnableOption "enable";
};
config = lib.mkIf config.my.servers.qbittorrent.enable {
@@ -97,9 +97,17 @@ in
};
};
};
networking.firewall = {
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
networking.firewall =
let
ports = [
51411
51412
51413
];
in
{
allowedTCPPorts = ports ++ [ config.my.servers.qbittorrent.port ];
allowedUDPPorts = ports;
};
};
}

15
modules/servers/radarr.nix
View File

@@ -2,17 +2,24 @@
lib,
config,
proxyReverseArr,
setup,
...
}:
let
cfg = config.my.servers.radarr;
in
{
options.my.servers.radarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.radarr.enable {
options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878;
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = {
radarr = {
radarr = lib.mkIf cfg.enable {
enable = true;
group = "piracy";
};
nginx.virtualHosts."movies.${config.my.domain}" = proxyReverseArr 7878 // { };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverseArr cfg.hostName cfg.port // { }
);
};
};
}

14
modules/servers/ryot.nix
View File

@@ -2,19 +2,19 @@
lib,
config,
proxyReverse,
setup,
...
}:
let
port = 8765;
url = "tracker.${config.my.domain}";
cfg = config.my.servers.ryot;
in
{
options.my.servers.ryot.enable = lib.mkEnableOption "enable";
options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765;
config = lib.mkIf (config.my.servers.ryot.enable && config.my.servers.postgres.enable) {
sops.secrets.ryot.sopsFile = ../../secrets/env.yaml;
virtualisation.oci-containers.containers.ryot = {
image = "ghcr.io/ignisda/ryot:v7.0.0";
ports = [ "${toString port}:8000" ];
ports = [ "${toString cfg.port}:8000" ];
environmentFiles = [ config.sops.secrets.ryot.path ];
environment = {
RUST_LOG = "ryot=debug,sea_orm=debug";
@@ -26,10 +26,12 @@ in
labels = {
"flame.type" = "application";
"flame.name" = "Ryot";
"flame.url" = url;
"flame.url" = cfg.url;
"flame.icon" = "radar";
};
};
services.nginx.virtualHosts."tracker.${config.my.domain}" = proxyReverse port // { };
services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
}

9
modules/servers/sabnzbd.nix
View File

@@ -1,6 +1,13 @@
{ lib, config, ... }:
{
options.my.servers.sabnzbd.enable = lib.mkEnableOption "enable";
options.my.servers.sabnzbd = {
enable = lib.mkEnableOption "enable";
port = lib.mkOption {
type = lib.types.int;
default = 3399;
description = "The port to access sabnzbd web-ui";
};
};
config = lib.mkIf config.my.servers.sabnzbd.enable {
services.sabnzbd = {
enable = true;

19
modules/servers/base.nix → modules/servers/setup.nix
View File

@@ -3,6 +3,7 @@ let
mkOptions = name: subdomain: port: {
enable = lib.mkEnableOption "enable";
enableCron = lib.mkEnableOption "enable cronjob";
enableProxy = lib.mkEnableOption "enable reverse proxy";
port = lib.mkOption {
type = lib.types.int;
default = port;
@@ -15,13 +16,29 @@ let
type = lib.types.str;
default = "${subdomain}.${config.my.domain}";
};
hostName = lib.mkOption {
type = lib.types.str;
default = config.networking.hostName;
};
url = lib.mkOption {
type = lib.types.str;
default = "https://${config.my.servers.${name}.host}";
};
ip = lib.mkOption {
type = lib.types.str;
default =
if config.my.servers."${name}".isLocal then
config.my.localhost
else
config.my.ips."${config.my.servers.${name}.hostName}";
};
local = lib.mkOption {
type = lib.types.str;
default = "http://${config.my.localhost}:${toString port}";
default = "http://${config.my.servers.${name}.ip}:${toString port}";
};
isLocal = lib.mkOption {
type = lib.types.bool;
default = "${config.my.servers.${name}.hostName}" == config.my.mainServer;
};
};
in

22
modules/servers/shiori.nix
View File

@@ -1,26 +1,30 @@
{
lib,
config,
pkgs,
proxyReverse,
setup,
...
}:
let
cfg = config.my.servers.shiori;
in
{
disabledModules = [ "services/web-apps/shiori.nix" ];
imports = [ ../../pkgs/shiori/shiori-service.nix ];
options.my.servers.shiori.enable = lib.mkEnableOption "enable";
imports = [ ../../pkgs/shiori-service.nix ];
options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368;
config = lib.mkIf (config.my.servers.shiori.enable && config.my.servers.postgres.enable) {
sops.secrets.shiori.sopsFile = ../../secrets/env.yaml;
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets = lib.mkIf cfg.enable { shiori.sopsFile = ../../secrets/env.yaml; };
services = {
shiori = {
shiori = lib.mkIf cfg.enable {
enable = true;
port = 4368;
package = pkgs.callPackage ../../pkgs/shiori/shiori.nix { };
inherit (cfg) port;
environmentFile = config.sops.secrets.shiori.path;
databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
};
nginx.virtualHosts."bookmarks.${config.my.domain}" =
proxyReverse config.services.shiori.port // { };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
};
}

15
modules/servers/sonarr.nix
View File

@@ -2,17 +2,24 @@
lib,
config,
proxyReverse,
setup,
...
}:
let
cfg = config.my.servers.sonarr;
in
{
options.my.servers.sonarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.sonarr.enable {
options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989;
config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = {
sonarr = {
sonarr = lib.mkIf cfg.enable {
enable = true;
group = "piracy";
};
nginx.virtualHosts."series.${config.my.domain}" = proxyReverse 8989 // { };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
};
}

22
modules/servers/vaultwarden.nix
View File

@@ -3,23 +3,28 @@
config,
pkgs,
proxyReverse,
setup,
...
}:
let
cfg = config.my.servers.vaultwarden;
in
{
options.my.servers.vaultwarden.enable = lib.mkEnableOption "enable";
config = lib.mkIf (config.my.servers.vaultwarden.enable && config.my.servers.postgres.enable) {
sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222;
config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets = lib.mkIf cfg.enable { vaultwarden.sopsFile = ../../secrets/env.yaml; };
services = {
vaultwarden = {
vaultwarden = lib.mkIf cfg.enable {
enable = true;
dbBackend = "postgresql";
package = pkgs.vaultwarden;
environmentFile = config.sops.secrets.vaultwarden.path;
config = {
ROCKET_ADDRESS = "${config.my.localhost}";
ROCKET_PORT = 8222;
ROCKET_PORT = cfg.port;
WEBSOCKET_PORT = 8333;
DATABASE_URL = "postgresql:///vaultwarden?host=${config.my.postgresSocket}";
DATABASE_URL = "postgresql:///${cfg.name}?host=${config.my.postgresSocket}";
ENABLE_DB_WAL = false;
WEBSOCKET_ENABLED = true;
SHOW_PASSWORD_HINT = false;
@@ -27,8 +32,9 @@
LOG_LEVEL = "warn";
};
};
nginx.virtualHosts."vault.${config.my.domain}" =
proxyReverse config.services.vaultwarden.config.ROCKET_PORT // { };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
};
};
}