jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

masive rewriting and setup of server files

Browse Source
This commit is contained in:
Danilo Reyes 2024-09-28 23:10:03 -06:00
parent f9399c51fa
commit 9151ca5971
39 changed files with 756 additions and 556 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cosmic.nix
View File

@ -10,14 +10,11 @@
enable = true; enable = true;
style = "adwaita"; style = "adwaita";
}; };
users.users.jawz.packages = ( users.users.jawz.packages = with pkgs; [
with pkgs; # ffmpegthumbnailer # generate thumbnails
[ adw-gtk3 # theme legacy applications
# ffmpegthumbnailer # generate thumbnails papirus-icon-theme # icon theme
adw-gtk3 # theme legacy applications # libgda # for pano shell extension
papirus-icon-theme # icon theme # gradience # theme customizer, allows you to modify adw-gtk3 themes
# libgda # for pano shell extension ];
# gradience # theme customizer, allows you to modify adw-gtk3 themes
]
);
} }

2
flake.nix
View File

@ -53,7 +53,7 @@
./hosts/${name}/configuration.nix ./hosts/${name}/configuration.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
( (
{ ... }: _:
{ {
nixpkgs.overlays = overlays; nixpkgs.overlays = overlays;
} }

98
hosts/miniserver/configuration.nix
View File

@ -3,7 +3,6 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../base.nix ../../base.nix
./temp-nginx.nix
]; ];
my = { my = {
emacs.enable = true; emacs.enable = true;
@ -41,36 +40,95 @@
jellyfin = { jellyfin = {
enable = false; enable = false;
enableCron = false; enableCron = false;
enableProxy = true;
}; };
nextcloud = { nextcloud = {
enable = true; enable = true;
enableCron = true; enableCron = true;
enableProxy = true;
}; };
adguardhome.enable = false; adguardhome.enable = false;
audiobookshelf.enable = true; audiobookshelf = {
bazarr.enable = false; enable = true;
collabora.enable = true; enableProxy = true;
flame.enable = true; };
flameSecret.enable = true; bazarr = {
enable = false;
enableProxy = true;
};
collabora = {
enable = true;
enableProxy = true;
};
flame = {
enable = true;
enableProxy = true;
};
flameSecret = {
enable = true;
enableProxy = true;
};
go-vod.enable = false; go-vod.enable = false;
homepage.enable = true; homepage = {
kavita.enable = false; enable = true;
lidarr.enable = false; enableProxy = true;
maloja.enable = true; };
mealie.enable = true; kavita = {
metube.enable = false; enable = false;
microbin.enable = true; enableProxy = true;
multi-scrobbler.enable = true; };
lidarr = {
enable = false;
enableProxy = true;
};
maloja = {
enable = true;
enableProxy = true;
};
mealie = {
enable = true;
enableProxy = true;
};
metube = {
enable = false;
enableProxy = false;
};
microbin = {
enable = true;
enableProxy = true;
};
multi-scrobbler = {
enable = true;
enableProxy = true;
};
paperless.enable = true; paperless.enable = true;
postgres.enable = true; postgres.enable = true;
prowlarr.enable = false; prowlarr = {
enable = false;
enableProxy = true;
};
qbittorrent.enable = true; qbittorrent.enable = true;
unpackerr.enable = false; unpackerr.enable = false;
radarr.enable = false; radarr = {
ryot.enable = true; enable = false;
shiori.enable = true; enableProxy = true;
sonarr.enable = false; };
vaultwarden.enable = true; ryot = {
enable = true;
enableProxy = true;
};
shiori = {
enable = true;
enableProxy = true;
};
sonarr = {
enable = false;
enableProxy = true;
};
vaultwarden = {
enable = true;
enableProxy = true;
};
firefly-iii.enable = false; firefly-iii.enable = false;
}; };
}; };

139
hosts/miniserver/temp-nginx.nix
View File

@ -1,139 +0,0 @@
{ config, ... }:
let
proxy = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxyReverse =
port:
proxy {
"/" = {
proxyPass = "http://192.168.1.69:${toString port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http://192.168.1.69:${toString port}/ https://your_domain.com/;
'';
};
};
proxyReverseArr =
port:
proxyReverse port
// {
extraConfig = ''
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
in
{
services = {
nginx = {
appendHttpConfig = ''
# JELLYFIN
proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=1d max_size=35000m;
proxy_cache_path /var/cache/nginx/jellyfin levels=1:2 keys_zone=jellyfin:100m max_size=15g inactive=1d use_temp_path=off;
map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }
'';
virtualHosts = {
"series.${config.my.domain}" = proxyReverse 8989 // { };
"movies.${config.my.domain}" = proxyReverseArr 7878 // { };
"indexer.${config.my.domain}" = proxyReverseArr 9696 // { };
"music.${config.my.domain}" = proxyReverseArr 8686 // { };
"subs.${config.my.domain}" = proxyReverse config.services.bazarr.listenPort // { };
"library.${config.my.domain}" = proxyReverse config.services.kavita.port // { };
# "vnfx2cojmt7dwzcfmi73.${config.my.domain}" = proxyReverse 9091 // { };
# "HSoeJdGRd2Orj0n31UGI.${config.my.domain}" = proxyReverse 3399 // { };
# "hjL9GS7edDQVranqV5V4.${config.my.domain}" = proxyReverse 9999 // { };
"flix.${config.my.domain}" = {
forceSSL = true;
enableACME = true;
http2 = true;
serverAliases = [ "flix.rotehaare.art" ];
extraConfig = ''
# use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address
resolver 192.168.1.69 valid=30;
location = / {
return 302 http://$host/web/;
#return 302 https://$host/web/;
}
location = /web/ {
# Proxy main Jellyfin traffic
proxy_pass http://192.168.1.69:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
'';
locations = {
"/" = {
proxyPass = "http://192.168.1.69:8096";
proxyWebsockets = true;
};
"/socket" = {
proxyPass = "http://192.168.1.69:8096";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
"~ /Items/(.*)/Images" = {
proxyPass = "http://192.168.1.69:8096";
extraConfig = ''
proxy_cache jellyfin;
proxy_cache_revalidate on;
proxy_cache_lock on;
'';
};
"~* ^/Videos/(.*)/(?!live)" = {
proxyPass = "http://192.168.1.69:8096";
extraConfig = ''
# Set size of a slice (this amount will be always requested from the backend by nginx)
# Higher value means more latency, lower more overhead
# This size is independent of the size clients/browsers can request
# slice 2m;
proxy_cache jellyfin-videos;
proxy_cache_valid 200 206 301 302 30d;
proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_connect_timeout 15s;
proxy_http_version 1.1;
proxy_set_header Connection "";
# Transmit slice range to the backend
proxy_set_header Range 2m;
# This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time
# The first client will trigger the download, the other clients will have to wait until the slice is cached
# Esp. practical during SyncPlay
proxy_cache_lock on;
proxy_cache_lock_age 60s;
proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=2m";
# add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache
'';
};
};
};
};
};
};
}

8
hosts/server/configuration.nix
View File

@ -43,14 +43,6 @@
let let
ports = [ ports = [
2049 # idk 2049 # idk
8989 # sonarr
7878 # radarr
8686 # lidarr
9696 # prowlarr
8096 # jellyfin
6767 # bazarr
5000 # kavita
3399 # sabnzbd
9999 # stash 9999 # stash
]; ];
in in

4
modules/dev/nix.nix
View File

@ -8,10 +8,10 @@
options.my.dev.nix.enable = lib.mkEnableOption "enable"; options.my.dev.nix.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.dev.nix.enable { config = lib.mkIf config.my.dev.nix.enable {
users.users.jawz.packages = with pkgs; [ users.users.jawz.packages = with pkgs; [
nixfmt-rfc-style # linting nixfmt-rfc-style # formating
cachix # why spend time compiling? cachix # why spend time compiling?
nixd # language server nixd # language server
nil # another lsp statix # linter
]; ];
}; };
} }

2
modules/scripts/update-dns.nix
View File

@ -17,7 +17,7 @@
}; };
}; };
services.cloudflare-dyndns = { services.cloudflare-dyndns = {
enable = config.my.scripts.update-dns.enable; inherit (config.my.scripts.update-dns) enable;
ipv4 = true; ipv4 = true;
ipv6 = false; ipv6 = false;
proxied = false; proxied = false;

264
modules/servers.nix
View File

@ -5,28 +5,43 @@
... ...
}: }:
let let
setup = import ./servers/base.nix { inherit lib config; }; setup = import ./servers/setup.nix { inherit lib config; };
proxy = locations: { proxy = locations: {
inherit locations; inherit locations;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
http2 = true; http2 = true;
}; };
proxyReverse = port: proxy { "/".proxyPass = "http://${config.my.localhost}:${toString port}/"; }; proxyReverse =
host: port:
let
useLocalhost = host == config.networking.hostName;
proxyTarget = if useLocalhost then config.my.localhost else config.my.ips."${host}";
in
proxy { "/".proxyPass = "http://${proxyTarget}:${toString port}/"; };
proxyReverseArr = proxyReverseArr =
port: host: port:
proxyReverse port let
// { useLocalhost = host == config.networking.hostName;
extraConfig = '' headers = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection; proxy_set_header Connection $http_connection;
proxy_redirect off; proxy_redirect off;
proxy_http_version 1.1; proxy_http_version 1.1;
''; '';
localHeaders = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
in
proxyReverse host port
// {
extraConfig = ''
${if useLocalhost then localHeaders else ""}
${headers}
'';
}; };
enableContainers = lib.any (opt: opt) [ enableContainers = lib.any (opt: opt) [
config.my.servers.collabora.enable config.my.servers.collabora.enable
@ -36,6 +51,7 @@ let
config.my.servers.maloja.enable config.my.servers.maloja.enable
config.my.servers.multi-scrobbler.enable config.my.servers.multi-scrobbler.enable
config.my.servers.flame.enable config.my.servers.flame.enable
config.my.servers.flameSecret.enable
config.my.servers.metube.enable config.my.servers.metube.enable
config.my.servers.go-vod.enable config.my.servers.go-vod.enable
]; ];
@ -43,7 +59,7 @@ in
{ {
imports = [ imports = [
./servers/adguardhome.nix ./servers/adguardhome.nix
./servers/paperless.nix (import ./servers/paperless.nix { inherit lib config; })
./servers/postgres.nix ./servers/postgres.nix
(import ./servers/audiobookshelf.nix { (import ./servers/audiobookshelf.nix {
inherit inherit
@ -53,14 +69,28 @@ in
setup setup
; ;
}) })
(import ./servers/bazarr.nix { inherit lib config proxyReverse; }) (import ./servers/bazarr.nix {
(import ./servers/flame.nix { inherit lib config proxyReverse; }) inherit
lib
config
proxyReverse
setup
;
})
(import ./servers/flame.nix {
inherit
lib
config
proxyReverse
setup
;
})
(import ./servers/homepage.nix { (import ./servers/homepage.nix {
inherit inherit
lib lib
config config
pkgs
proxyReverse proxyReverse
setup
; ;
}) })
(import ./servers/jellyfin.nix { (import ./servers/jellyfin.nix {
@ -75,11 +105,18 @@ in
inherit inherit
lib lib
config config
pkgs
proxyReverse proxyReverse
setup
;
})
(import ./servers/lidarr.nix {
inherit
lib
config
proxyReverseArr
setup
; ;
}) })
(import ./servers/lidarr.nix { inherit lib config proxyReverseArr; })
(import ./servers/maloja.nix { (import ./servers/maloja.nix {
inherit inherit
lib lib
@ -88,9 +125,30 @@ in
setup setup
; ;
}) })
(import ./servers/mealie.nix { inherit lib config proxyReverse; }) (import ./servers/mealie.nix {
(import ./servers/metube.nix { inherit lib config proxyReverse; }) inherit
(import ./servers/microbin.nix { inherit lib config proxyReverse; }) lib
config
proxyReverse
setup
;
})
(import ./servers/metube.nix {
inherit
lib
config
proxyReverse
setup
;
})
(import ./servers/microbin.nix {
inherit
lib
config
proxyReverse
setup
;
})
(import ./servers/multi-scrobbler.nix { (import ./servers/multi-scrobbler.nix {
inherit inherit
lib lib
@ -99,27 +157,63 @@ in
setup setup
; ;
}) })
(import ./servers/nextcloud.nix { inherit lib config pkgs; }) (import ./servers/nextcloud.nix {
(import ./servers/prowlarr.nix { inherit lib config proxyReverseArr; })
(import ./servers/qbittorrent.nix { inherit lib config pkgs; })
(import ./servers/sabnzbd.nix { inherit lib config pkgs; })
(import ./servers/radarr.nix { inherit lib config proxyReverseArr; })
(import ./servers/ryot.nix { inherit lib config proxyReverse; })
(import ./servers/shiori.nix {
inherit inherit
lib lib
config config
pkgs pkgs
proxyReverse setup
;
})
(import ./servers/prowlarr.nix {
inherit
lib
config
proxyReverseArr
setup
;
})
(import ./servers/qbittorrent.nix { inherit lib config pkgs; })
(import ./servers/sabnzbd.nix { inherit lib config; })
(import ./servers/radarr.nix {
inherit
lib
config
proxyReverseArr
setup
;
})
(import ./servers/ryot.nix {
inherit
lib
config
proxyReverse
setup
;
})
(import ./servers/shiori.nix {
inherit
lib
config
proxyReverse
setup
;
})
(import ./servers/sonarr.nix {
inherit
lib
config
proxyReverse
setup
; ;
}) })
(import ./servers/sonarr.nix { inherit lib config proxyReverse; })
(import ./servers/vaultwarden.nix { (import ./servers/vaultwarden.nix {
inherit inherit
lib lib
config config
pkgs pkgs
proxyReverse proxyReverse
setup
; ;
}) })
(import ./servers/firefly-iii.nix { inherit lib config; }) (import ./servers/firefly-iii.nix { inherit lib config; })
@ -135,10 +229,19 @@ in
default = "servidos.lat"; default = "servidos.lat";
description = "The domain name."; description = "The domain name.";
}; };
miniserver-ip = lib.mkOption { ips = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = {
server = "192.168.1.69";
miniserver = "192.168.1.100";
workstation = "192.168.1.64";
};
description = "Set of IP's for all my computers.";
};
mainServer = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "192.168.1.100"; default = "miniserver";
description = "The miniserver ip."; description = "The hostname of the main server.";
}; };
postgresSocket = lib.mkOption { postgresSocket = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -165,6 +268,11 @@ in
default = "CaptainJawZ@protonmail.com"; default = "CaptainJawZ@protonmail.com";
description = "localhost smtp email"; description = "localhost smtp email";
}; };
timeZone = lib.mkOption {
type = lib.types.str;
default = "America/Mexico_City";
description = "Timezone";
};
enableContainers = lib.mkEnableOption "enable"; enableContainers = lib.mkEnableOption "enable";
enableProxy = lib.mkEnableOption "enable"; enableProxy = lib.mkEnableOption "enable";
}; };
@ -182,31 +290,88 @@ in
enableCron = lib.mkDefault false; enableCron = lib.mkDefault false;
}; };
adguardhome.enable = lib.mkDefault false; adguardhome.enable = lib.mkDefault false;
audiobookshelf.enable = lib.mkDefault false; audiobookshelf = {
bazarr.enable = lib.mkDefault false; enable = lib.mkDefault false;
collabora.enable = lib.mkDefault false; enableProxy = lib.mkDefault false;
flame.enable = lib.mkDefault false; };
flameSecret.enable = lib.mkDefault false; bazarr = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
collabora = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
flame = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
flameSecret = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
go-vod.enable = lib.mkDefault false; go-vod.enable = lib.mkDefault false;
homepage.enable = lib.mkDefault false; homepage = {
kavita.enable = lib.mkDefault false; enable = lib.mkDefault false;
lidarr.enable = lib.mkDefault false; enableProxy = lib.mkDefault false;
maloja.enable = lib.mkDefault false; };
mealie.enable = lib.mkDefault false; kavita = {
metube.enable = lib.mkDefault false; enable = lib.mkDefault false;
microbin.enable = lib.mkDefault false; enableProxy = lib.mkDefault false;
multi-scrobbler.enable = lib.mkDefault false; };
lidarr = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
maloja = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
mealie = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
metube = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
microbin = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
multi-scrobbler = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
paperless.enable = lib.mkDefault false; paperless.enable = lib.mkDefault false;
postgres.enable = lib.mkDefault false; postgres.enable = lib.mkDefault false;
prowlarr.enable = lib.mkDefault false; prowlarr = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
sabnzbd.enable = lib.mkDefault false; sabnzbd.enable = lib.mkDefault false;
qbittorrent.enable = lib.mkDefault false; qbittorrent.enable = lib.mkDefault false;
unpackerr.enable = lib.mkDefault false; unpackerr.enable = lib.mkDefault false;
radarr.enable = lib.mkDefault false; radarr = {
ryot.enable = lib.mkDefault false; enable = lib.mkDefault false;
shiori.enable = lib.mkDefault false; enableProxy = lib.mkDefault false;
sonarr.enable = lib.mkDefault false; };
vaultwarden.enable = lib.mkDefault false; ryot = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
shiori = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
sonarr = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
vaultwarden = {
enable = lib.mkDefault false;
enableProxy = lib.mkDefault false;
};
firefly-iii.enable = lib.mkDefault false; firefly-iii.enable = lib.mkDefault false;
}; };
}; };
@ -242,7 +407,6 @@ in
]; ];
in in
{ {
enable = true;
allowedTCPPorts = ports; allowedTCPPorts = ports;
allowedUDPPorts = ports; allowedUDPPorts = ports;
}; };

15
modules/servers/audiobookshelf.nix
View File

@ -10,14 +10,15 @@ let
in in
{ {
options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687; options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;
config = lib.mkIf config.my.servers.audiobookshelf.enable { config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = { services = {
audiobookshelf = { audiobookshelf = lib.mkIf cfg.enable {
inherit (cfg) port;
enable = true; enable = true;
group = "piracy"; group = "piracy";
port = cfg.port;
}; };
nginx.virtualHosts."${cfg.host}" = proxy { nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (proxy {
"/" = { "/" = {
proxyPass = cfg.local; proxyPass = cfg.local;
extraConfig = '' extraConfig = ''
@ -26,11 +27,11 @@ in
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_redirect http:// https://; proxy_redirect http:// https://;
''; '';
}; };
}; });
}; };
}; };
} }

16
modules/servers/bazarr.nix
View File

@ -2,18 +2,24 @@
lib, lib,
config, config,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let
cfg = config.my.servers.bazarr;
in
{ {
options.my.servers.bazarr.enable = lib.mkEnableOption "enable"; options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort;
config = lib.mkIf config.my.servers.bazarr.enable { config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = { services = {
bazarr = { bazarr = lib.mkIf cfg.enable {
enable = true; enable = true;
group = "piracy"; group = "piracy";
}; };
nginx.virtualHosts."subs.${config.my.domain}" = nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse config.services.bazarr.listenPort // { }; proxyReverse cfg.hostName cfg.port // { }
);
}; };
}; };
} }

21
modules/servers/firefly-iii.nix
View File

@ -6,20 +6,13 @@
owner = config.users.users.firefly-iii.name; owner = config.users.users.firefly-iii.name;
inherit (config.users.users.firefly-iii) group; inherit (config.users.users.firefly-iii) group;
}; };
services = { services.firefly-iii = {
nginx.virtualHosts."${config.services.firefly-iii.virtualHost}" = { enable = true;
forceSSL = true; enableNginx = true;
enableACME = true; settings = {
}; APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path;
firefly-iii = { DB_HOST = config.my.postgresSocket;
enable = true; DB_CONNECTION = "pgsql";
virtualHost = "money.servidos.lat";
enableNginx = true;
settings = {
APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path;
DB_HOST = config.my.postgresSocket;
DB_CONNECTION = "pgsql";
};
}; };
}; };
}; };

38
modules/servers/flame.nix
View File

@ -2,51 +2,59 @@
lib, lib,
config, config,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let let
port = 5005; cfg = config.my.servers.flame;
portSecret = 5007; cfgS = config.my.servers.flameSecret;
enable = (cfg.enable || cfgS.enable);
in in
{ {
options.my.servers = { options.my.servers = {
flame.enable = lib.mkEnableOption "enable"; flame = setup.mkOptions "flame" "start" 5005;
flameSecret.enable = lib.mkEnableOption "enable"; flameSecret = setup.mkOptions "flameSecret" "qampqwn4wprhqny8h8zj" 5007;
}; };
config = lib.mkIf config.my.servers.flame.enable { config = {
sops.secrets.flame.sopsFile = ../../secrets/env.yaml; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal || !cfgS.isLocal) [
virtualisation.oci-containers.containers = { cfg.port
flame = { cfgS.port
];
sops.secrets = lib.mkIf enable { flame.sopsFile = ../../secrets/env.yaml; };
virtualisation.oci-containers.containers = lib.mkIf enable {
flame = lib.mkIf cfg.enable {
autoStart = true; autoStart = true;
image = "pawelmalak/flame"; image = "pawelmalak/flame";
ports = [ "${toString port}:${toString port}" ]; ports = [ "${toString cfg.port}:${toString cfg.port}" ];
volumes = [ volumes = [
"${config.my.containerData}/flame:/app/data" "${config.my.containerData}/flame:/app/data"
"${config.my.containerSocket}:${config.my.containerSocket}" "${config.my.containerSocket}:${config.my.containerSocket}"
]; ];
environmentFiles = [ config.sops.secrets.flame.path ]; environmentFiles = [ config.sops.secrets.flame.path ];
environment = { environment = {
TZ = "America/Mexico_City"; TZ = config.my.timeZone;
PUID = "1000"; PUID = "1000";
PGID = "100"; PGID = "100";
}; };
}; };
flame-nsfw = { flame-nsfw = lib.mkIf cfgS.enable {
autoStart = true; autoStart = true;
image = "pawelmalak/flame"; image = "pawelmalak/flame";
ports = [ "${toString portSecret}:${toString port}" ]; ports = [ "${toString cfgS.port}:${toString cfg.port}" ];
volumes = [ "${config.my.containerData}/flame-nsfw:/app/data" ]; volumes = [ "${config.my.containerData}/flame-nsfw:/app/data" ];
environmentFiles = [ config.sops.secrets.flame.path ]; environmentFiles = [ config.sops.secrets.flame.path ];
environment = { environment = {
TZ = "America/Mexico_City"; TZ = config.my.timeZone;
PUID = "1000"; PUID = "1000";
PGID = "100"; PGID = "100";
}; };
}; };
}; };
services.nginx = { services.nginx = {
virtualHosts."start.${config.my.domain}" = proxyReverse port // { }; virtualHosts = lib.mkIf (cfg.enableProxy || cfgS.enableProxy) {
virtualHosts."qampqwn4wprhqny8h8zj.${config.my.domain}" = proxyReverse portSecret // { }; "${cfg.host}" = proxyReverse cfg.hostName cfg.port // { };
"${cfgS.host}" = proxyReverse cfgS.hostName cfgS.port // { };
};
}; };
}; };
} }

18
modules/servers/homepage.nix
View File

@ -2,20 +2,22 @@
lib, lib,
config, config,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let let
port = 8082;
services = import ./homepage/services.nix { inherit config lib; }; services = import ./homepage/services.nix { inherit config lib; };
cfg = config.my.servers.homepage;
in in
{ {
options.my.servers.homepage.enable = lib.mkEnableOption "enable"; options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;
config = lib.mkIf config.my.servers.homepage.enable { config = {
sops.secrets.homepage.sopsFile = ../../secrets/env.yaml; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets = lib.mkIf cfg.enable { homepage.sopsFile = ../../secrets/env.yaml; };
services = { services = {
homepage-dashboard = { homepage-dashboard = lib.mkIf cfg.enable {
enable = true; enable = true;
listenPort = port; listenPort = cfg.port;
environmentFile = config.sops.secrets.homepage.path; environmentFile = config.sops.secrets.homepage.path;
settings = { settings = {
layout = { layout = {
@ -75,7 +77,9 @@ in
} }
]; ];
}; };
nginx.virtualHosts."home.${config.my.domain}" = proxyReverse port // { }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
}; };
}; };
} }

140
modules/servers/homepage/services.nix
View File

@ -1,25 +1,28 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
audiobookshelf = lib.mkIf config.my.servers.audiobookshelf.enable { audiobookshelf =
icon = "${config.my.servers.audiobookshelf.name}.png"; let
href = config.my.servers.audiobookshelf.url; cfg = config.my.servers.audiobookshelf;
widget = { in
type = config.my.servers.audiobookshelf.name; lib.mkIf (cfg.enable || cfg.enableProxy) {
url = config.my.servers.audiobookshelf.url; icon = "${cfg.name}.png";
key = "{{HOMEPAGE_VAR_AUDIOBOOKSHELF}}"; href = cfg.url;
widget = {
inherit (cfg) url;
type = cfg.name;
key = "{{HOMEPAGE_VAR_AUDIOBOOKSHELF}}";
};
}; };
};
jellyfin = jellyfin =
let let
name = "jellyfin"; cfg = config.my.servers.jellyfin;
url = "https://flix.servidos.lat";
in in
{ lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${name}.png"; icon = "${cfg.name}.png";
href = url; href = cfg.url;
widget = { widget = {
type = name; inherit (cfg) url;
url = url; type = cfg.name;
key = "{{HOMEPAGE_VAR_JELLYFIN}}"; key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableUser = true; enableUser = true;
enableBlocks = true; enableBlocks = true;
@ -28,15 +31,14 @@
}; };
"now playing" = "now playing" =
let let
name = "jellyfin"; cfg = config.my.servers.jellyfin;
url = "https://flix.servidos.lat";
in in
{ lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${name}.png"; icon = "${cfg.name}.png";
href = url; href = cfg.url;
widget = { widget = {
type = name; inherit (cfg) url;
url = url; type = cfg.name;
key = "{{HOMEPAGE_VAR_JELLYFIN}}"; key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableUser = true; enableUser = true;
enableBlocks = false; enableBlocks = false;
@ -47,117 +49,111 @@
}; };
sonarr = sonarr =
let let
name = "sonarr"; cfg = config.my.servers.sonarr;
url = "https://series.servidos.lat";
in in
{ lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${name}.png"; icon = "${cfg.name}.png";
href = url; href = cfg.url;
widget = { widget = {
type = name; inherit (cfg) url;
url = url; type = cfg.name;
key = "{{HOMEPAGE_VAR_SONARR}}"; key = "{{HOMEPAGE_VAR_SONARR}}";
enableQueue = true; enableQueue = true;
}; };
}; };
radarr = radarr =
let let
name = "radarr"; cfg = config.my.servers.radarr;
url = "https://movies.servidos.lat";
in in
{ lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${name}.png"; icon = "${cfg.name}.png";
href = url; href = cfg.url;
widget = { widget = {
type = name; inherit (cfg) url;
url = url; type = cfg.name;
key = "{{HOMEPAGE_VAR_RADARR}}"; key = "{{HOMEPAGE_VAR_RADARR}}";
enableQueue = true; enableQueue = true;
}; };
}; };
lidarr = lidarr =
let let
name = "lidarr"; cfg = config.my.servers.lidarr;
url = "https://music.servidos.lat";
in in
{ lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${name}.png"; icon = "${cfg.name}.png";
href = url; href = cfg.url;
widget = { widget = {
type = name; inherit (cfg) url;
url = url; type = cfg.name;
key = "{{HOMEPAGE_VAR_LIDARR}}"; key = "{{HOMEPAGE_VAR_LIDARR}}";
}; };
}; };
prowlarr = prowlarr =
let let
name = "prowlarr"; cfg = config.my.servers.prowlarr;
url = "https://indexer.servidos.lat";
in in
{ lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${name}.png"; icon = "${cfg.name}.png";
href = url; href = cfg.url;
widget = { widget = {
type = name; type = cfg.name;
url = url; inherit (cfg) url;
key = "{{HOMEPAGE_VAR_PROWLARR}}"; key = "{{HOMEPAGE_VAR_PROWLARR}}";
}; };
}; };
bazarr = bazarr =
let let
name = "bazarr"; cfg = config.my.servers.bazarr;
url = "https://subs.servidos.lat";
in in
{ lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${name}.png"; icon = "${cfg.name}.png";
href = url; href = cfg.url;
widget = { widget = {
type = name; type = cfg.name;
url = url; inherit (cfg) url;
key = "{{HOMEPAGE_VAR_BAZARR}}"; key = "{{HOMEPAGE_VAR_BAZARR}}";
}; };
}; };
kavita = kavita =
let let
name = "kavita"; cfg = config.my.servers.kavita;
url = "https://library.servidos.lat";
in in
{ lib.mkIf (cfg.enable || cfg.enableProxy) {
icon = "${name}.png"; icon = "${cfg.name}.png";
href = url; href = cfg.url;
widget = { widget = {
type = name; type = cfg.name;
url = url; inherit (cfg) url;
username = "{{HOMEPAGE_VAR_KAVITA_USERNAME}}"; username = "{{HOMEPAGE_VAR_KAVITA_USERNAME}}";
password = "{{HOMEPAGE_VAR_KAVITA_PASSWORD}}"; password = "{{HOMEPAGE_VAR_KAVITA_PASSWORD}}";
}; };
}; };
"qbittorrent server" = "qbittorrent server" =
let let
url = "http://${config.my.ips.server}:${toString config.my.servers.qbittorrent.port}";
name = "qbittorrent"; name = "qbittorrent";
url = "http://192.168.1.69:9091";
in in
{ lib.mkIf config.my.servers.qbittorrent.enable {
icon = "${name}.png"; icon = "${name}.png";
href = url; href = url;
widget = { widget = {
type = name; type = name;
url = url; inherit url;
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}"; username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}"; password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
}; };
}; };
"qbittorrent miniserver" = "qbittorrent miniserver" =
let let
url = "http://${config.my.ips.miniserver}:${toString config.my.servers.qbittorrent.port}";
name = "qbittorrent"; name = "qbittorrent";
url = "http://192.168.1.100:9091";
in in
{ lib.mkIf config.my.servers.qbittorrent.enable {
icon = "${name}.png"; icon = "${name}.png";
href = url; href = url;
widget = { widget = {
type = name; type = name;
url = url; inherit url;
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}"; username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}"; password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
}; };
@ -165,14 +161,14 @@
sabnzbd = sabnzbd =
let let
name = "sabnzbd"; name = "sabnzbd";
url = "http://192.168.1.69:3399"; url = "http://${config.my.ips.server}:${toString config.my.servers.sabnzbd.port}";
in in
{ {
icon = "${name}.png"; icon = "${name}.png";
href = url; href = url;
widget = { widget = {
type = name; type = name;
url = url; inherit url;
key = "{{HOMEPAGE_VAR_SABNZBD}}"; key = "{{HOMEPAGE_VAR_SABNZBD}}";
}; };
}; };

17
modules/servers/jellyfin.nix
View File

@ -22,16 +22,19 @@ let
in in
{ {
options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096; options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096;
config = lib.mkIf cfg.enable { config = {
environment.systemPackages = [ networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
pkgs.jellyfin-ffmpeg environment = {
] ++ (if cfg.enableCron then sub-sync-path else [ ]); systemPackages = lib.mkIf cfg.enable (
[ pkgs.jellyfin-ffmpeg ] ++ (if cfg.enableCron then sub-sync-path else [ ])
);
};
services = { services = {
jellyfin = { jellyfin = lib.mkIf cfg.enable {
enable = true; enable = true;
group = "piracy"; group = "piracy";
}; };
nginx = { nginx = lib.mkIf cfg.enableProxy {
appendHttpConfig = '' appendHttpConfig = ''
# JELLYFIN # JELLYFIN
proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=1d max_size=35000m; proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=1d max_size=35000m;
@ -48,7 +51,7 @@ in
# use a variable to store the upstream proxy # use a variable to store the upstream proxy
# in this example we are using a hostname which is resolved via DNS # in this example we are using a hostname which is resolved via DNS
# (if you aren't using DNS remove the resolver line and change the variable to point to an IP address # (if you aren't using DNS remove the resolver line and change the variable to point to an IP address
resolver ${config.my.localhost} valid=30; resolver ${cfg.ip} valid=30;
location = / { location = / {
return 302 http://$host/web/; return 302 http://$host/web/;

19
modules/servers/kavita.nix
View File

@ -2,26 +2,33 @@
lib, lib,
config, config,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let
cfg = config.my.servers.kavita;
in
{ {
options.my.servers.kavita.enable = lib.mkEnableOption "enable"; options.my.servers.kavita = setup.mkOptions "kavita" "library" config.services.kavita.settings.Port;
config = lib.mkIf config.my.servers.kavita.enable { config = {
sops.secrets.kavita-token = { networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets.kavita-token = lib.mkIf cfg.enable {
owner = config.users.users.kavita.name; owner = config.users.users.kavita.name;
inherit (config.users.users.kavita) group; inherit (config.users.users.kavita) group;
}; };
users.users.kavita = { users.users.kavita = lib.mkIf cfg.enable {
isSystemUser = true; isSystemUser = true;
group = "kavita"; group = "kavita";
extraGroups = [ "piracy" ]; extraGroups = [ "piracy" ];
}; };
services = { services = {
kavita = { kavita = lib.mkIf cfg.enable {
enable = true; enable = true;
tokenKeyFile = config.sops.secrets.kavita-token.path; tokenKeyFile = config.sops.secrets.kavita-token.path;
}; };
nginx.virtualHosts."library.${config.my.domain}" = proxyReverse config.services.kavita.port // { }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
}; };
}; };
} }

21
modules/servers/lidarr.nix
View File

@ -2,21 +2,22 @@
lib, lib,
config, config,
proxyReverseArr, proxyReverseArr,
setup,
... ...
}: }:
let let
port = 8686; cfg = config.my.servers.lidarr;
url = "music.${config.my.domain}";
in in
{ {
options.my.servers.lidarr.enable = lib.mkEnableOption "enable"; options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686;
config = lib.mkIf config.my.servers.lidarr.enable { config = {
virtualisation.oci-containers.containers.lidarr = { networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
virtualisation.oci-containers.containers.lidarr = lib.mkIf cfg.enable {
autoStart = true; autoStart = true;
image = "lscr.io/linuxserver/lidarr:latest"; image = "lscr.io/linuxserver/lidarr:latest";
ports = [ "${toString port}:${toString port}" ]; ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environment = { environment = {
TZ = "America/Mexico_City"; TZ = config.my.timeZone;
PUID = "1000"; PUID = "1000";
PGID = "100"; PGID = "100";
}; };
@ -32,10 +33,12 @@ in
labels = { labels = {
"flame.type" = "application"; "flame.type" = "application";
"flame.name" = "Lidarr"; "flame.name" = "Lidarr";
"flame.url" = url; "flame.url" = cfg.url;
"flame.icon" = "music"; "flame.icon" = "music";
}; };
}; };
services.nginx.virtualHosts."${url}" = proxyReverseArr port // { }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverseArr cfg.hostName cfg.port // { }
);
}; };
} }

15
modules/servers/maloja.nix
View File

@ -10,14 +10,15 @@ let
in in
{ {
options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010; options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010;
config = lib.mkIf cfg.enable { config = {
sops.secrets.maloja.sopsFile = ../../secrets/env.yaml; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
virtualisation.oci-containers.containers.maloja = { sops.secrets = lib.mkIf cfg.enable { maloja.sopsFile = ../../secrets/env.yaml; };
image = "krateng/maloja"; virtualisation.oci-containers.containers.maloja = lib.mkIf cfg.enable {
image = "krateng/maloja:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ]; ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environmentFiles = [ config.sops.secrets.maloja.path ]; environmentFiles = [ config.sops.secrets.maloja.path ];
environment = { environment = {
TZ = "America/Mexico_City"; TZ = config.my.timeZone;
MALOJA_TIMEZONE = "-6"; MALOJA_TIMEZONE = "-6";
PUID = "1000"; PUID = "1000";
PGID = "100"; PGID = "100";
@ -32,6 +33,8 @@ in
"flame.icon" = "bookmark-music"; "flame.icon" = "bookmark-music";
}; };
}; };
services.nginx.virtualHosts."${cfg.host}" = proxyReverse cfg.port // { }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
}; };
} }

61
modules/servers/mealie.nix
View File

@ -2,44 +2,41 @@
lib, lib,
config, config,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let let
port = 9925; cfg = config.my.servers.mealie;
domain = "mealie.${config.my.domain}";
url = "https://${domain}";
in in
{ {
options.my.servers.mealie.enable = lib.mkEnableOption "enable"; disabledModules = [ "services/web-apps/mealie.nix" ];
config = lib.mkIf config.my.servers.mealie.enable { imports = [ ../../pkgs/mealie-service.nix ];
sops.secrets.mealie.sopsFile = ../../secrets/env.yaml; options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925;
virtualisation.oci-containers.containers.mealie = { config = {
autoStart = true; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
image = "ghcr.io/mealie-recipes/mealie:v1.4.0"; sops.secrets = lib.mkIf cfg.enable { mealie.sopsFile = ../../secrets/env.yaml; };
ports = [ "${toString port}:9000" ]; services = {
volumes = [ "${config.my.containerData}/mealie:/app/data/" ]; mealie = lib.mkIf cfg.enable {
environmentFiles = [ config.sops.secrets.mealie.path ]; enable = true;
environment = { inherit (cfg) port;
TZ = "America/Mexico_City"; settings = {
ALLOW_SIGNUP = "true"; TZ = config.my.timeZone;
PUID = "1000"; DEFAULT_GROUP = "Home";
PGID = "100"; BASE_URL = cfg.url;
MAX_WORKERS = "1"; API_DOCS = "false";
WEB_CONCURRENCY = "1"; ALLOW_SIGNUP = "false";
BASE_URL = url; DB_ENGINE = "postgres";
SMTP_HOST = "smtp.gmail.com"; POSTGRES_URL_OVERRIDE = "postgresql://${cfg.name}:@/${cfg.name}?host=${config.my.postgresSocket}";
SMTP_PORT = "587"; MAX_WORKERS = "1";
}; WEB_CONCURRENCY = "1";
extraOptions = [ SMTP_HOST = "smtp.gmail.com";
"--memory=1g" # VA-API (omit for NVENC) SMTP_PORT = "587";
]; };
labels = { credentialsFile = config.sops.secrets.mealie.path;
"flame.type" = "application";
"flame.name" = "Mealie";
"flame.url" = url;
"flame.icon" = "fridge";
}; };
nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
}; };
services.nginx.virtualHosts."${domain}" = proxyReverse port // { };
}; };
} }

20
modules/servers/metube.nix
View File

@ -2,26 +2,30 @@
lib, lib,
config, config,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let let
port = 8881; cfg = config.my.servers.metube;
in in
{ {
options.my.servers.metube.enable = lib.mkEnableOption "enable"; options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881;
config = lib.mkIf config.my.servers.metube.enable { config = {
virtualisation.oci-containers.containers.metube = { networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
image = "ghcr.io/alexta69/metube"; virtualisation.oci-containers.containers.metube = lib.mkIf cfg.enable {
ports = [ "${toString port}:8081" ]; image = "ghcr.io/alexta69/metube:latest";
ports = [ "${toString cfg.port}:8081" ];
volumes = [ volumes = [
"${config.my.containerData}/metube:/downloads" "${config.my.containerData}/metube:/downloads"
"/home/jawz/.local/share/cookies.txt:/cookies.txt" "/home/jawz/.local/share/cookies.txt:/cookies.txt"
]; ];
environment = { environment = {
TZ = "America/Mexico_City"; TZ = config.my.timeZone;
YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}''; YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}'';
}; };
}; };
services.nginx.virtualHosts."bajameesta.${config.my.domain}" = proxyReverse port // { }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
}; };
} }

19
modules/servers/microbin.nix
View File

@ -2,20 +2,22 @@
lib, lib,
config, config,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let
cfg = config.my.servers.microbin;
in
{ {
options.my.servers.microbin = { options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8080;
enable = lib.mkEnableOption "enable";
enableCron = lib.mkEnableOption "enable";
};
config = lib.mkIf config.my.servers.microbin.enable { config = lib.mkIf config.my.servers.microbin.enable {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = { services = {
microbin = { microbin = lib.mkIf cfg.enable {
enable = true; enable = true;
settings = { settings = {
MICROBIN_PORT = cfg.port;
MICROBIN_HIDE_LOGO = false; MICROBIN_HIDE_LOGO = false;
MICROBIN_PORT = 8080;
MICROBIN_HIGHLIGHTSYNTAX = true; MICROBIN_HIGHLIGHTSYNTAX = true;
MICROBIN_PRIVATE = true; MICROBIN_PRIVATE = true;
MICROBIN_QR = true; MICROBIN_QR = true;
@ -23,8 +25,9 @@
MICROBIN_ENCRYPTION_SERVER_SIDE = true; MICROBIN_ENCRYPTION_SERVER_SIDE = true;
}; };
}; };
nginx.virtualHosts."copy.${config.my.domain}" = nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse config.services.microbin.settings.MICROBIN_PORT // { }; proxyReverse cfg.hostName cfg.port // { }
);
}; };
}; };
} }

15
modules/servers/multi-scrobbler.nix
View File

@ -10,18 +10,19 @@ let
in in
{ {
options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078; options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078;
config = lib.mkIf cfg.enable { config = {
sops.secrets.multi-scrobbler.sopsFile = ../../secrets/env.yaml; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
virtualisation.oci-containers.containers.multi-scrobbler = { sops.secrets = lib.mkIf cfg.enable { multi-scrobbler.sopsFile = ../../secrets/env.yaml; };
virtualisation.oci-containers.containers.multi-scrobbler = lib.mkIf cfg.enable {
image = "foxxmd/multi-scrobbler:latest"; image = "foxxmd/multi-scrobbler:latest";
ports = [ "${toString cfg.port}:${toString cfg.port}" ]; ports = [ "${toString cfg.port}:${toString cfg.port}" ];
environmentFiles = [ config.sops.secrets.multi-scrobbler.path ]; environmentFiles = [ config.sops.secrets.multi-scrobbler.path ];
environment = { environment = {
TZ = "America/Mexico_City"; TZ = config.my.timeZone;
PUID = "1000"; PUID = "1000";
PGID = "100"; PGID = "100";
BASE_URL = cfg.url; BASE_URL = cfg.url;
DEEZER_REDIRECT_URI = "http://${config.my.miniserver-ip}:${toString cfg.port}/deezer/callback"; DEEZER_REDIRECT_URI = "http://${config.my.ips.${cfg.hostName}}:${toString cfg.port}/deezer/callback";
MALOJA_URL = config.my.servers.maloja.url; MALOJA_URL = config.my.servers.maloja.url;
WS_ENABLE = "true"; WS_ENABLE = "true";
}; };
@ -33,6 +34,8 @@ in
"flame.icon" = "broadcast"; "flame.icon" = "broadcast";
}; };
}; };
services.nginx.virtualHosts."${cfg.host}" = proxyReverse cfg.port // { }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
}; };
} }

37
modules/servers/nextcloud.nix
View File

@ -2,13 +2,10 @@
lib, lib,
config, config,
pkgs, pkgs,
setup,
... ...
}: }:
let let
inherit (config.my) localhost;
collaboraPort = 9980;
url = "cloud.${config.my.domain}";
collaboraProxy = "http://${localhost}:${toString collaboraPort}";
commonProxyConfig = '' commonProxyConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
''; '';
@ -18,17 +15,16 @@ let
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_read_timeout 36000s; proxy_read_timeout 36000s;
''; '';
cfg = config.my.servers.nextcloud;
cfgC = config.my.servers.collabora;
in in
{ {
options.my.servers = { options.my.servers = {
nextcloud = { nextcloud = setup.mkOptions "nextcloud" "cloud" 80;
enable = lib.mkEnableOption "enable"; collabora = setup.mkOptions "collabora" "collabora" 9980;
enableCron = lib.mkEnableOption "enable";
};
collabora.enable = lib.mkEnableOption "enable";
go-vod.enable = lib.mkEnableOption "enable"; go-vod.enable = lib.mkEnableOption "enable";
}; };
config = lib.mkIf (config.my.servers.nextcloud.enable && config.my.servers.postgres.enable) { config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
sops.secrets = { sops.secrets = {
smtp-password = { }; smtp-password = { };
nextcloud-adminpass = { nextcloud-adminpass = {
@ -80,7 +76,7 @@ in
extraAppsEnable = true; extraAppsEnable = true;
enableImagemagick = true; enableImagemagick = true;
maxUploadSize = "16G"; maxUploadSize = "16G";
hostName = url; hostName = cfg.host;
extraApps = { extraApps = {
inherit (config.services.nextcloud.package.packages.apps) calendar; inherit (config.services.nextcloud.package.packages.apps) calendar;
}; };
@ -139,10 +135,9 @@ in
]; ];
}; };
# phpExtraExtensions = all: [ all.pdlib all.bz2 ]; # phpExtraExtensions = all: [ all.pdlib all.bz2 ];
phpExtraExtensions = _all: [ ];
}; };
nginx.virtualHosts = { nginx.virtualHosts = {
${config.services.nextcloud.hostName} = { "${config.services.nextcloud.hostName}" = lib.mkIf cfg.enableProxy {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
http2 = true; http2 = true;
@ -153,34 +148,34 @@ in
{ }; { };
}; };
}; };
"collabora.${config.my.domain}" = lib.mkIf config.my.servers.collabora.enable { "${cfgC.host}" = lib.mkIf cfgC.enableProxy {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
http2 = true; http2 = true;
locations = { locations = {
# static files # static files
"^~ /loleaflet" = { "^~ /loleaflet" = {
proxyPass = collaboraProxy; proxyPass = cfgC.local;
extraConfig = commonProxyConfig; extraConfig = commonProxyConfig;
}; };
# WOPI discovery URL # WOPI discovery URL
"^~ /hosting/discovery" = { "^~ /hosting/discovery" = {
proxyPass = collaboraProxy; proxyPass = cfgC.local;
extraConfig = commonProxyConfig; extraConfig = commonProxyConfig;
}; };
# Capabilities # Capabilities
"^~ /hosting/capabilities" = { "^~ /hosting/capabilities" = {
proxyPass = collaboraProxy; proxyPass = cfgC.local;
extraConfig = commonProxyConfig; extraConfig = commonProxyConfig;
}; };
# download, presentation, image upload and websocket # download, presentation, image upload and websocket
"~ ^/lool" = { "~ ^/lool" = {
proxyPass = collaboraProxy; proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig; extraConfig = commonWebsocketConfig;
}; };
# Admin Console websocket # Admin Console websocket
"^~ /lool/adminws" = { "^~ /lool/adminws" = {
proxyPass = collaboraProxy; proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig; extraConfig = commonWebsocketConfig;
}; };
}; };
@ -211,8 +206,8 @@ in
}; };
ports = [ "9980:9980" ]; ports = [ "9980:9980" ];
environment = { environment = {
TZ = "America/Mexico_City"; TZ = config.my.timeZone;
domain = "cloud.servidos.lat"; domain = cfg.host;
aliasgroup1 = "cloud.servidos.lat:443"; aliasgroup1 = "cloud.servidos.lat:443";
aliasgroup2 = "cloud.rotehaare.art:443"; aliasgroup2 = "cloud.rotehaare.art:443";
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru"; dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";

8
modules/servers/paperless.nix
View File

@ -2,6 +2,7 @@
{ {
options.my.servers.paperless.enable = lib.mkEnableOption "enable"; options.my.servers.paperless.enable = lib.mkEnableOption "enable";
config = lib.mkIf (config.my.servers.paperless.enable && config.my.servers.postgres.enable) { config = lib.mkIf (config.my.servers.paperless.enable && config.my.servers.postgres.enable) {
networking.firewall.allowedTCPPorts = [ config.services.paperless.port ];
services.paperless = { services.paperless = {
enable = true; enable = true;
address = "0.0.0.0"; address = "0.0.0.0";
@ -11,21 +12,16 @@
PAPERLESS_DBENGINE = "postgress"; PAPERLESS_DBENGINE = "postgress";
PAPERLESS_DBNAME = "paperless"; PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBHOST = config.my.postgresSocket; PAPERLESS_DBHOST = config.my.postgresSocket;
PAPERLESS_TIME_ZONE = config.my.timeZone;
PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [ PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [
".DS_STORE/*" ".DS_STORE/*"
"desktop.ini" "desktop.ini"
]; ];
PAPERLESS_TIME_ZONE = "America/Mexico_City";
PAPERLESS_OCR_USER_ARGS = builtins.toJSON { PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
optimize = 1; optimize = 1;
pdfa_image_compression = "lossless"; pdfa_image_compression = "lossless";
}; };
}; };
}; };
networking.firewall = {
enable = true;
allowedTCPPorts = [ config.services.paperless.port ];
allowedUDPPorts = [ config.services.paperless.port ];
};
}; };
} }

1
modules/servers/postgres.nix
View File

@ -31,6 +31,7 @@ let
"ryot" "ryot"
"vaultwarden" "vaultwarden"
"shiori" "shiori"
"mealie"
"firefly-iii" "firefly-iii"
]; ];
in in

19
modules/servers/prowlarr.nix
View File

@ -2,20 +2,27 @@
lib, lib,
config, config,
proxyReverseArr, proxyReverseArr,
setup,
... ...
}: }:
let
cfg = config.my.servers.prowlarr;
in
{ {
options.my.servers.prowlarr.enable = lib.mkEnableOption "enable"; options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;
config = lib.mkIf config.my.servers.prowlarr.enable { config = {
users.users.prowlarr = { networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
users.users.prowlarr = lib.mkIf cfg.enable {
group = "piracy"; group = "piracy";
isSystemUser = true; isSystemUser = true;
}; };
services = { services = {
prowlarr.enable = true; prowlarr.enable = cfg.enable;
nginx.virtualHosts."indexer.${config.my.domain}" = proxyReverseArr 9696 // { }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverseArr cfg.hostName cfg.port // { }
);
}; };
virtualisation.oci-containers.containers.flaresolverr = { virtualisation.oci-containers.containers.flaresolverr = lib.mkIf cfg.enable {
autoStart = true; autoStart = true;
image = "ghcr.io/flaresolverr/flaresolverr:latest"; image = "ghcr.io/flaresolverr/flaresolverr:latest";
ports = [ "8191:8191" ]; ports = [ "8191:8191" ];

32
modules/servers/qbittorrent.nix
View File

@ -5,13 +5,6 @@
... ...
}: }:
let let
port = 9091;
ports = [
port
51411
51412
51413
];
bencodepy = pkgs.python3Packages.buildPythonPackage { bencodepy = pkgs.python3Packages.buildPythonPackage {
pname = "bencodepy"; pname = "bencodepy";
version = "0.9.5"; version = "0.9.5";
@ -43,7 +36,14 @@ let
in in
{ {
options.my.servers = { options.my.servers = {
qbittorrent.enable = lib.mkEnableOption "enable"; qbittorrent = {
enable = lib.mkEnableOption "enable";
port = lib.mkOption {
type = lib.types.int;
default = 9091;
description = "The port to access qbittorrent web-ui";
};
};
unpackerr.enable = lib.mkEnableOption "enable"; unpackerr.enable = lib.mkEnableOption "enable";
}; };
config = lib.mkIf config.my.servers.qbittorrent.enable { config = lib.mkIf config.my.servers.qbittorrent.enable {
@ -97,9 +97,17 @@ in
}; };
}; };
}; };
networking.firewall = { networking.firewall =
allowedTCPPorts = ports; let
allowedUDPPorts = ports; ports = [
}; 51411
51412
51413
];
in
{
allowedTCPPorts = ports ++ [ config.my.servers.qbittorrent.port ];
allowedUDPPorts = ports;
};
}; };
} }

15
modules/servers/radarr.nix
View File

@ -2,17 +2,24 @@
lib, lib,
config, config,
proxyReverseArr, proxyReverseArr,
setup,
... ...
}: }:
let
cfg = config.my.servers.radarr;
in
{ {
options.my.servers.radarr.enable = lib.mkEnableOption "enable"; options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878;
config = lib.mkIf config.my.servers.radarr.enable { config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = { services = {
radarr = { radarr = lib.mkIf cfg.enable {
enable = true; enable = true;
group = "piracy"; group = "piracy";
}; };
nginx.virtualHosts."movies.${config.my.domain}" = proxyReverseArr 7878 // { }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverseArr cfg.hostName cfg.port // { }
);
}; };
}; };
} }

14
modules/servers/ryot.nix
View File

@ -2,19 +2,19 @@
lib, lib,
config, config,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let let
port = 8765; cfg = config.my.servers.ryot;
url = "tracker.${config.my.domain}";
in in
{ {
options.my.servers.ryot.enable = lib.mkEnableOption "enable"; options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765;
config = lib.mkIf (config.my.servers.ryot.enable && config.my.servers.postgres.enable) { config = lib.mkIf (config.my.servers.ryot.enable && config.my.servers.postgres.enable) {
sops.secrets.ryot.sopsFile = ../../secrets/env.yaml; sops.secrets.ryot.sopsFile = ../../secrets/env.yaml;
virtualisation.oci-containers.containers.ryot = { virtualisation.oci-containers.containers.ryot = {
image = "ghcr.io/ignisda/ryot:v7.0.0"; image = "ghcr.io/ignisda/ryot:v7.0.0";
ports = [ "${toString port}:8000" ]; ports = [ "${toString cfg.port}:8000" ];
environmentFiles = [ config.sops.secrets.ryot.path ]; environmentFiles = [ config.sops.secrets.ryot.path ];
environment = { environment = {
RUST_LOG = "ryot=debug,sea_orm=debug"; RUST_LOG = "ryot=debug,sea_orm=debug";
@ -26,10 +26,12 @@ in
labels = { labels = {
"flame.type" = "application"; "flame.type" = "application";
"flame.name" = "Ryot"; "flame.name" = "Ryot";
"flame.url" = url; "flame.url" = cfg.url;
"flame.icon" = "radar"; "flame.icon" = "radar";
}; };
}; };
services.nginx.virtualHosts."tracker.${config.my.domain}" = proxyReverse port // { }; services.nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
}; };
} }

9
modules/servers/sabnzbd.nix
View File

@ -1,6 +1,13 @@
{ lib, config, ... }: { lib, config, ... }:
{ {
options.my.servers.sabnzbd.enable = lib.mkEnableOption "enable"; options.my.servers.sabnzbd = {
enable = lib.mkEnableOption "enable";
port = lib.mkOption {
type = lib.types.int;
default = 3399;
description = "The port to access sabnzbd web-ui";
};
};
config = lib.mkIf config.my.servers.sabnzbd.enable { config = lib.mkIf config.my.servers.sabnzbd.enable {
services.sabnzbd = { services.sabnzbd = {
enable = true; enable = true;

19
modules/servers/base.nix → modules/servers/setup.nix
View File

@ -3,6 +3,7 @@ let
mkOptions = name: subdomain: port: { mkOptions = name: subdomain: port: {
enable = lib.mkEnableOption "enable"; enable = lib.mkEnableOption "enable";
enableCron = lib.mkEnableOption "enable cronjob"; enableCron = lib.mkEnableOption "enable cronjob";
enableProxy = lib.mkEnableOption "enable reverse proxy";
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = port; default = port;
@ -15,13 +16,29 @@ let
type = lib.types.str; type = lib.types.str;
default = "${subdomain}.${config.my.domain}"; default = "${subdomain}.${config.my.domain}";
}; };
hostName = lib.mkOption {
type = lib.types.str;
default = config.networking.hostName;
};
url = lib.mkOption { url = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "https://${config.my.servers.${name}.host}"; default = "https://${config.my.servers.${name}.host}";
}; };
ip = lib.mkOption {
type = lib.types.str;
default =
if config.my.servers."${name}".isLocal then
config.my.localhost
else
config.my.ips."${config.my.servers.${name}.hostName}";
};
local = lib.mkOption { local = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "http://${config.my.localhost}:${toString port}"; default = "http://${config.my.servers.${name}.ip}:${toString port}";
};
isLocal = lib.mkOption {
type = lib.types.bool;
default = "${config.my.servers.${name}.hostName}" == config.my.mainServer;
}; };
}; };
in in

22
modules/servers/shiori.nix
View File

@ -1,26 +1,30 @@
{ {
lib, lib,
config, config,
pkgs,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let
cfg = config.my.servers.shiori;
in
{ {
disabledModules = [ "services/web-apps/shiori.nix" ]; disabledModules = [ "services/web-apps/shiori.nix" ];
imports = [ ../../pkgs/shiori/shiori-service.nix ]; imports = [ ../../pkgs/shiori-service.nix ];
options.my.servers.shiori.enable = lib.mkEnableOption "enable"; options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368;
config = lib.mkIf (config.my.servers.shiori.enable && config.my.servers.postgres.enable) { config = lib.mkIf (config.my.servers.shiori.enable && config.my.servers.postgres.enable) {
sops.secrets.shiori.sopsFile = ../../secrets/env.yaml; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets = lib.mkIf cfg.enable { shiori.sopsFile = ../../secrets/env.yaml; };
services = { services = {
shiori = { shiori = lib.mkIf cfg.enable {
enable = true; enable = true;
port = 4368; inherit (cfg) port;
package = pkgs.callPackage ../../pkgs/shiori/shiori.nix { };
environmentFile = config.sops.secrets.shiori.path; environmentFile = config.sops.secrets.shiori.path;
databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}"; databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
}; };
nginx.virtualHosts."bookmarks.${config.my.domain}" = nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse config.services.shiori.port // { }; proxyReverse cfg.hostName cfg.port // { }
);
}; };
}; };
} }

15
modules/servers/sonarr.nix
View File

@ -2,17 +2,24 @@
lib, lib,
config, config,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let
cfg = config.my.servers.sonarr;
in
{ {
options.my.servers.sonarr.enable = lib.mkEnableOption "enable"; options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989;
config = lib.mkIf config.my.servers.sonarr.enable { config = {
networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
services = { services = {
sonarr = { sonarr = lib.mkIf cfg.enable {
enable = true; enable = true;
group = "piracy"; group = "piracy";
}; };
nginx.virtualHosts."series.${config.my.domain}" = proxyReverse 8989 // { }; nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse cfg.hostName cfg.port // { }
);
}; };
}; };
} }

22
modules/servers/vaultwarden.nix
View File

@ -3,23 +3,28 @@
config, config,
pkgs, pkgs,
proxyReverse, proxyReverse,
setup,
... ...
}: }:
let
cfg = config.my.servers.vaultwarden;
in
{ {
options.my.servers.vaultwarden.enable = lib.mkEnableOption "enable"; options.my.servers.vaultwarden = setup.mkOptions "vaultwarden" "vault" 8222;
config = lib.mkIf (config.my.servers.vaultwarden.enable && config.my.servers.postgres.enable) { config = lib.mkIf (cfg.enable && config.my.servers.postgres.enable) {
sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml; networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
sops.secrets = lib.mkIf cfg.enable { vaultwarden.sopsFile = ../../secrets/env.yaml; };
services = { services = {
vaultwarden = { vaultwarden = lib.mkIf cfg.enable {
enable = true; enable = true;
dbBackend = "postgresql"; dbBackend = "postgresql";
package = pkgs.vaultwarden; package = pkgs.vaultwarden;
environmentFile = config.sops.secrets.vaultwarden.path; environmentFile = config.sops.secrets.vaultwarden.path;
config = { config = {
ROCKET_ADDRESS = "${config.my.localhost}"; ROCKET_ADDRESS = "${config.my.localhost}";
ROCKET_PORT = 8222; ROCKET_PORT = cfg.port;
WEBSOCKET_PORT = 8333; WEBSOCKET_PORT = 8333;
DATABASE_URL = "postgresql:///vaultwarden?host=${config.my.postgresSocket}"; DATABASE_URL = "postgresql:///${cfg.name}?host=${config.my.postgresSocket}";
ENABLE_DB_WAL = false; ENABLE_DB_WAL = false;
WEBSOCKET_ENABLED = true; WEBSOCKET_ENABLED = true;
SHOW_PASSWORD_HINT = false; SHOW_PASSWORD_HINT = false;
@ -27,8 +32,9 @@
LOG_LEVEL = "warn"; LOG_LEVEL = "warn";
}; };
}; };
nginx.virtualHosts."vault.${config.my.domain}" = nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (
proxyReverse config.services.vaultwarden.config.ROCKET_PORT // { }; proxyReverse cfg.hostName cfg.port // { }
);
}; };
}; };
} }

2
overlay.nix
View File

@ -41,6 +41,8 @@ _self: super: {
inherit (pkgsU) homepage-dashboard; inherit (pkgsU) homepage-dashboard;
inherit (pkgsU) stash; inherit (pkgsU) stash;
inherit (pkgsU) kavita; inherit (pkgsU) kavita;
inherit (pkgsU) mealie;
inherit (pkgsU) shiori;
inherit (pkgsM) gallery-dl; inherit (pkgsM) gallery-dl;
inherit (pkgsM) yt-dlp; inherit (pkgsM) yt-dlp;
handbrake = super.handbrake.override { useGtk = true; }; handbrake = super.handbrake.override { useGtk = true; };

82
pkgs/mealie-service.nix Normal file
View File

@ -0,0 +1,82 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.mealie;
pkg = cfg.package;
in
{
options.services.mealie = {
enable = lib.mkEnableOption "Mealie, a recipe manager and meal planner";
package = lib.mkPackageOption pkgs "mealie" { };
listenAddress = lib.mkOption {
type = lib.types.str;
default = "0.0.0.0";
description = "Address on which the service should listen.";
};
port = lib.mkOption {
type = lib.types.port;
default = 9000;
description = "Port on which to serve the Mealie service.";
};
settings = lib.mkOption {
type = with lib.types; attrsOf anything;
default = { };
description = ''
Configuration of the Mealie service.
See [the mealie documentation](https://nightly.mealie.io/documentation/getting-started/installation/backend-config/) for available options and default values.
'';
example = {
ALLOW_SIGNUP = "false";
};
};
credentialsFile = lib.mkOption {
type = with lib.types; nullOr path;
default = null;
example = "/run/secrets/mealie-credentials.env";
description = ''
File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD`
or sensitive LDAP options.
Expects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`.
'';
};
};
config = lib.mkIf cfg.enable {
systemd.services.mealie = {
description = "Mealie, a self hosted recipe manager and meal planner";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
PRODUCTION = "true";
API_PORT = toString cfg.port;
BASE_URL = "http://localhost:${toString cfg.port}";
DATA_DIR = "/var/lib/mealie";
CRF_MODEL_PATH = "/var/lib/mealie/model.crfmodel";
} // (builtins.mapAttrs (_: toString) cfg.settings);
serviceConfig = {
DynamicUser = true;
User = "mealie";
ExecStartPre = "${pkg}/libexec/init_db";
ExecStart = "${lib.getExe pkg} -b ${cfg.listenAddress}:${builtins.toString cfg.port}";
EnvironmentFile = lib.mkIf (cfg.credentialsFile != null) cfg.credentialsFile;
StateDirectory = "mealie";
StandardOutput = "journal";
};
};
};
}

2
pkgs/obs-studio.nix
View File

@ -40,7 +40,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.obs-studio.finalPackage = pkgs.wrapOBS.override { obs-studio = cfg.package; } { programs.obs-studio.finalPackage = pkgs.wrapOBS.override { obs-studio = cfg.package; } {
plugins = cfg.plugins; inherit (cfg) plugins;
}; };
environment.systemPackages = [ cfg.finalPackage ]; environment.systemPackages = [ cfg.finalPackage ];

1
pkgs/shiori/shiori-service.nix → pkgs/shiori-service.nix
View File

@ -4,7 +4,6 @@
pkgs, pkgs,
... ...
}: }:
let let
cfg = config.services.shiori; cfg = config.services.shiori;
in in

43
pkgs/shiori/shiori.nix
View File

@ -1,43 +0,0 @@
{
lib,
buildGoModule,
fetchFromGitHub,
installShellFiles,
}:
buildGoModule rec {
pname = "shiori";
version = "1.7.0";
vendorHash = "sha256-fakRqgoEcdzw9WZuubaxfGfvVrMvb8gV/IwPikMnfRQ=";
doCheck = false;
src = fetchFromGitHub {
owner = "go-shiori";
repo = pname;
rev = "v${version}";
sha256 = "sha256-5+hTtvBnj3Nh5HitReVkLift9LTiMYVuuYx5EirN0SA=";
};
nativeBuildInputs = [ installShellFiles ];
postInstall = ''
installShellCompletion --cmd shiori \
--bash <($out/bin/shiori completion bash) \
--fish <($out/bin/shiori completion fish) \
--zsh <($out/bin/shiori completion zsh)
'';
# passthru.tests.smoke-test = nixosTests.shiori; # test broken
meta = with lib; {
description = "Simple bookmark manager built with Go";
mainProgram = "shiori";
homepage = "https://github.com/go-shiori/shiori";
license = licenses.mit;
maintainers = with maintainers; [
minijackson
CaptainJawZ
];
};
}