jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

applied nixfmt (new version)

Browse Source
This commit is contained in:
Danilo Reyes
2024-09-22 14:45:24 -06:00
parent dd00fb4854
commit b514828594
89 changed files with 2091 additions and 1339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
modules/servers/adguardhome.nix
View File

@@ -1,4 +1,5 @@
{ lib, config, ... }: {
{ lib, config, ... }:
{
options.my.servers.adguardhome.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.adguardhome.enable {
services.adguardhome = {

17
modules/servers/audiobookshelf.nix
View File

@@ -1,8 +1,15 @@
{ lib, config, proxy, setup, ... }:
let cfg = config.my.servers.audiobookshelf;
in {
options.my.servers.audiobookshelf =
setup.mkOptions "audiobookshelf" "audiobooks" 5687;
{
lib,
config,
proxy,
setup,
...
}:
let
cfg = config.my.servers.audiobookshelf;
in
{
options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;
config = lib.mkIf config.my.servers.audiobookshelf.enable {
services = {
audiobookshelf = {

5
modules/servers/base.nix
View File

@@ -24,4 +24,7 @@ let
default = "http://${config.my.localhost}:${toString port}";
};
};
in { inherit mkOptions; }
in
{
inherit mkOptions;
}

8
modules/servers/bazarr.nix
View File

@@ -1,4 +1,10 @@
{ lib, config, proxyReverse, ... }: {
{
lib,
config,
proxyReverse,
...
}:
{
options.my.servers.bazarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.bazarr.enable {
services = {

40
modules/servers/firefly-iii.nix
View File

@@ -1,26 +1,26 @@
{ lib, config, ... }: {
{ lib, config, ... }:
{
options.my.servers.firefly-iii.enable = lib.mkEnableOption "enable";
config = lib.mkIf (config.my.servers.firefly-iii.enable
&& config.my.servers.postgres.enable) {
sops.secrets.firefly-iii-keyfile = {
owner = config.users.users.firefly-iii.name;
inherit (config.users.users.firefly-iii) group;
config = lib.mkIf (config.my.servers.firefly-iii.enable && config.my.servers.postgres.enable) {
sops.secrets.firefly-iii-keyfile = {
owner = config.users.users.firefly-iii.name;
inherit (config.users.users.firefly-iii) group;
};
services = {
nginx.virtualHosts."${config.services.firefly-iii.virtualHost}" = {
forceSSL = true;
enableACME = true;
};
services = {
nginx.virtualHosts."${config.services.firefly-iii.virtualHost}" = {
forceSSL = true;
enableACME = true;
};
firefly-iii = {
enable = true;
virtualHost = "money.servidos.lat";
enableNginx = true;
settings = {
APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path;
DB_HOST = config.my.postgresSocket;
DB_CONNECTION = "pgsql";
};
firefly-iii = {
enable = true;
virtualHost = "money.servidos.lat";
enableNginx = true;
settings = {
APP_KEY_FILE = config.sops.secrets.firefly-iii-keyfile.path;
DB_HOST = config.my.postgresSocket;
DB_CONNECTION = "pgsql";
};
};
};
};
}

13
modules/servers/flame.nix
View File

@@ -1,8 +1,14 @@
{ lib, config, proxyReverse, ... }:
{
lib,
config,
proxyReverse,
...
}:
let
port = 5005;
portSecret = 5007;
in {
in
{
options.my.servers = {
flame.enable = lib.mkEnableOption "enable";
flameSecret.enable = lib.mkEnableOption "enable";
@@ -40,8 +46,7 @@ in {
};
services.nginx = {
virtualHosts."start.${config.my.domain}" = proxyReverse port // { };
virtualHosts."qampqwn4wprhqny8h8zj.${config.my.domain}" =
proxyReverse portSecret // { };
virtualHosts."qampqwn4wprhqny8h8zj.${config.my.domain}" = proxyReverse portSecret // { };
};
};
}

19
modules/servers/homepage.nix
View File

@@ -1,8 +1,14 @@
{ lib, config, proxyReverse, ... }:
{
lib,
config,
proxyReverse,
...
}:
let
port = 8082;
services = import ./homepage/services.nix { inherit config lib; };
in {
in
{
options.my.servers.homepage.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.homepage.enable {
sops.secrets.homepage.sopsFile = ../../secrets/env.yaml;
@@ -22,8 +28,7 @@ in {
columns = 4;
};
};
background =
"https://images.unsplash.com/photo-1502790671504-542ad42d5189?auto=format&fit=crop&w=2560&q=80";
background = "https://images.unsplash.com/photo-1502790671504-542ad42d5189?auto=format&fit=crop&w=2560&q=80";
};
widgets = [
{
@@ -37,7 +42,11 @@ in {
}
{
search = {
provider = [ "brave" "bing" "google" ];
provider = [
"brave"
"bing"
"google"
];
target = "_blank";
showSearchSuggestions = true;
};

293
modules/servers/homepage/services.nix
View File

@@ -1,4 +1,5 @@
{ config, lib, ... }: {
{ config, lib, ... }:
{
audiobookshelf = lib.mkIf config.my.servers.audiobookshelf.enable {
icon = "${config.my.servers.audiobookshelf.name}.png";
href = config.my.servers.audiobookshelf.url;
@@ -8,149 +9,171 @@
key = "{{HOMEPAGE_VAR_AUDIOBOOKSHELF}}";
};
};
jellyfin = let
name = "jellyfin";
url = "https://flix.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableUser = true;
enableBlocks = true;
enableNowPlaying = false;
jellyfin =
let
name = "jellyfin";
url = "https://flix.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableUser = true;
enableBlocks = true;
enableNowPlaying = false;
};
};
};
"now playing" = let
name = "jellyfin";
url = "https://flix.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableUser = true;
enableBlocks = false;
enableNowPlaying = true;
showEpisodeNumber = true;
expandOneStreamToTwoRows = true;
"now playing" =
let
name = "jellyfin";
url = "https://flix.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_JELLYFIN}}";
enableUser = true;
enableBlocks = false;
enableNowPlaying = true;
showEpisodeNumber = true;
expandOneStreamToTwoRows = true;
};
};
};
sonarr = let
name = "sonarr";
url = "https://series.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_SONARR}}";
enableQueue = true;
sonarr =
let
name = "sonarr";
url = "https://series.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_SONARR}}";
enableQueue = true;
};
};
};
radarr = let
name = "radarr";
url = "https://movies.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_RADARR}}";
enableQueue = true;
radarr =
let
name = "radarr";
url = "https://movies.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_RADARR}}";
enableQueue = true;
};
};
};
lidarr = let
name = "lidarr";
url = "https://music.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_LIDARR}}";
lidarr =
let
name = "lidarr";
url = "https://music.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_LIDARR}}";
};
};
};
prowlarr = let
name = "prowlarr";
url = "https://indexer.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_PROWLARR}}";
prowlarr =
let
name = "prowlarr";
url = "https://indexer.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_PROWLARR}}";
};
};
};
bazarr = let
name = "bazarr";
url = "https://subs.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_BAZARR}}";
bazarr =
let
name = "bazarr";
url = "https://subs.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_BAZARR}}";
};
};
};
kavita = let
name = "kavita";
url = "https://library.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
username = "{{HOMEPAGE_VAR_KAVITA_USERNAME}}";
password = "{{HOMEPAGE_VAR_KAVITA_PASSWORD}}";
kavita =
let
name = "kavita";
url = "https://library.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
username = "{{HOMEPAGE_VAR_KAVITA_USERNAME}}";
password = "{{HOMEPAGE_VAR_KAVITA_PASSWORD}}";
};
};
};
"qbittorrent server" = let
name = "qbittorrent";
url = "https://vnfx2cojmt7dwzcfmi73.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = "http://192.168.1.69:9091";
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
"qbittorrent server" =
let
name = "qbittorrent";
url = "https://vnfx2cojmt7dwzcfmi73.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = "http://192.168.1.69:9091";
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
};
};
};
"qbittorrent miniserver" = let
name = "qbittorrent";
url = "https://xfwmrle6h6skqujbeizw.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = "http://192.168.1.100:9091";
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
"qbittorrent miniserver" =
let
name = "qbittorrent";
url = "https://xfwmrle6h6skqujbeizw.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = "http://192.168.1.100:9091";
username = "{{HOMEPAGE_VAR_QBIT_USERNAME}}";
password = "{{HOMEPAGE_VAR_QBIT_PASSWORD}}";
};
};
};
sabnzbd = let
name = "sabnzbd";
url = "https://HSoeJdGRd2Orj0n31UGI.servidos.lat";
in {
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_SABNZBD}}";
sabnzbd =
let
name = "sabnzbd";
url = "https://HSoeJdGRd2Orj0n31UGI.servidos.lat";
in
{
icon = "${name}.png";
href = url;
widget = {
type = name;
url = url;
key = "{{HOMEPAGE_VAR_SABNZBD}}";
};
};
};
}

23
modules/servers/jellyfin.nix
View File

@@ -1,8 +1,13 @@
{ lib, config, pkgs, setup, ... }:
{
lib,
config,
pkgs,
setup,
...
}:
let
cfg = config.my.servers.jellyfin;
sub-sync = pkgs.writeScriptBin "sub-sync"
(builtins.readFile ../../scripts/sub-sync.sh);
sub-sync = pkgs.writeScriptBin "sub-sync" (builtins.readFile ../../scripts/sub-sync.sh);
sub-sync-path = [
pkgs.nix
pkgs.bash
@@ -14,11 +19,13 @@ let
pkgs.gum
sub-sync
];
in {
in
{
options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096;
config = lib.mkIf cfg.enable {
environment.systemPackages = [ pkgs.jellyfin-ffmpeg ]
++ (if cfg.enableCron then sub-sync-path else [ ]);
environment.systemPackages = [
pkgs.jellyfin-ffmpeg
] ++ (if cfg.enableCron then sub-sync-path else [ ]);
services = {
jellyfin = {
enable = true;
@@ -131,7 +138,9 @@ in {
enable = true;
description = "syncronizes subtitles downloaded & modified today";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "20:00"; };
timerConfig = {
OnCalendar = "20:00";
};
};
};
};

11
modules/servers/kavita.nix
View File

@@ -1,4 +1,10 @@
{ lib, config, proxyReverse, ... }: {
{
lib,
config,
proxyReverse,
...
}:
{
options.my.servers.kavita.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.kavita.enable {
sops.secrets.kavita-token = {
@@ -15,8 +21,7 @@
enable = true;
tokenKeyFile = config.sops.secrets.kavita-token.path;
};
nginx.virtualHosts."library.${config.my.domain}" =
proxyReverse config.services.kavita.port // { };
nginx.virtualHosts."library.${config.my.domain}" = proxyReverse config.services.kavita.port // { };
};
};
}

10
modules/servers/lidarr.nix
View File

@@ -1,8 +1,14 @@
{ lib, config, proxyReverseArr, ... }:
{
lib,
config,
proxyReverseArr,
...
}:
let
port = 8686;
url = "music.${config.my.domain}";
in {
in
{
options.my.servers.lidarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.lidarr.enable {
virtualisation.oci-containers.containers.lidarr = {

10
modules/servers/maloja.nix
View File

@@ -1,8 +1,14 @@
{ lib, config, proxyReverse, ... }:
{
lib,
config,
proxyReverse,
...
}:
let
port = 42010;
url = "maloja.${config.my.domain}";
in {
in
{
options.my.servers.maloja.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.maloja.enable {
sops.secrets.maloja.sopsFile = ../../secrets/env.yaml;

10
modules/servers/mealie.nix
View File

@@ -1,9 +1,15 @@
{ lib, config, proxyReverse, ... }:
{
lib,
config,
proxyReverse,
...
}:
let
port = 9925;
domain = "mealie.${config.my.domain}";
url = "https://${domain}";
in {
in
{
options.my.servers.mealie.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.mealie.enable {
sops.secrets.mealie.sopsFile = ../../secrets/env.yaml;

16
modules/servers/metube.nix
View File

@@ -1,6 +1,13 @@
{ lib, config, proxyReverse, ... }:
let port = 8881;
in {
{
lib,
config,
proxyReverse,
...
}:
let
port = 8881;
in
{
options.my.servers.metube.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.metube.enable {
virtualisation.oci-containers.containers.metube = {
@@ -15,7 +22,6 @@ in {
YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}'';
};
};
services.nginx.virtualHosts."bajameesta.${config.my.domain}" =
proxyReverse port // { };
services.nginx.virtualHosts."bajameesta.${config.my.domain}" = proxyReverse port // { };
};
}

8
modules/servers/microbin.nix
View File

@@ -1,4 +1,10 @@
{ lib, config, proxyReverse, ... }: {
{
lib,
config,
proxyReverse,
...
}:
{
options.my.servers.microbin = {
enable = lib.mkEnableOption "enable";
enableCron = lib.mkEnableOption "enable";

13
modules/servers/multi-scrobbler.nix
View File

@@ -1,9 +1,15 @@
{ lib, config, proxyReverse, ... }:
{
lib,
config,
proxyReverse,
...
}:
let
port = 9078;
domain = "scrobble.${config.my.domain}";
url = "https://${domain}";
in {
in
{
options.my.servers.multi-scrobbler.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.multi-scrobbler.enable {
sops.secrets.multi-scrobbler.sopsFile = ../../secrets/env.yaml;
@@ -16,8 +22,7 @@ in {
PUID = "1000";
PGID = "100";
BASE_URL = url;
DEEZER_REDIRECT_URI =
"http://${config.my.miniserver-ip}:${toString port}/deezer/callback";
DEEZER_REDIRECT_URI = "http://${config.my.miniserver-ip}:${toString port}/deezer/callback";
MALOJA_URL = "http://maloja:42010";
WS_ENABLE = "true";
};

416
modules/servers/nextcloud.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
inherit (config.my) localhost;
collaboraPort = 9980;
@@ -13,7 +18,8 @@ let
proxy_set_header Host $host;
proxy_read_timeout 36000s;
'';
in {
in
{
options.my.servers = {
nextcloud = {
enable = lib.mkEnableOption "enable";
@@ -22,224 +28,236 @@ in {
collabora.enable = lib.mkEnableOption "enable";
go-vod.enable = lib.mkEnableOption "enable";
};
config = lib.mkIf
(config.my.servers.nextcloud.enable && config.my.servers.postgres.enable) {
sops.secrets = {
smtp-password = { };
nextcloud-adminpass = {
owner = config.users.users.nextcloud.name;
inherit (config.users.users.nextcloud) group;
};
config = lib.mkIf (config.my.servers.nextcloud.enable && config.my.servers.postgres.enable) {
sops.secrets = {
smtp-password = { };
nextcloud-adminpass = {
owner = config.users.users.nextcloud.name;
inherit (config.users.users.nextcloud) group;
};
nixpkgs.config.permittedInsecurePackages =
[ "nodejs-14.21.3" "openssl-1.1.1v" ];
users.users.nextcloud = {
isSystemUser = true;
extraGroups = [ "render" ];
packages = with pkgs; [
mediainfo
nodejs
perl
(python3.withPackages (ps: with ps; [ tensorflow ]))
(perlPackages.buildPerlPackage rec {
pname = "Image-ExifTool";
version = "12.70";
src = fetchurl {
url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4=";
};
})
];
};
nixpkgs.config.permittedInsecurePackages = [
"nodejs-14.21.3"
"openssl-1.1.1v"
];
users.users.nextcloud = {
isSystemUser = true;
extraGroups = [ "render" ];
packages = with pkgs; [
mediainfo
nodejs
perl
(python3.withPackages (ps: with ps; [ tensorflow ]))
(perlPackages.buildPerlPackage rec {
pname = "Image-ExifTool";
version = "12.70";
src = fetchurl {
url = "https://exiftool.org/Image-ExifTool-${version}.tar.gz";
hash = "sha256-TLJSJEXMPj870TkExq6uraX8Wl4kmNerrSlX3LQsr/4=";
};
})
];
};
programs.msmtp = {
enable = true;
accounts.default = {
auth = true;
host = "smtp.gmail.com";
port = 587;
tls = true;
from = config.my.smtpemail;
user = config.my.smtpemail;
passwordeval = "cat ${config.sops.secrets.smtp-password.path}";
};
programs.msmtp = {
};
services = {
nextcloud = {
enable = true;
accounts.default = {
auth = true;
host = "smtp.gmail.com";
port = 587;
tls = true;
from = config.my.smtpemail;
user = config.my.smtpemail;
passwordeval = "cat ${config.sops.secrets.smtp-password.path}";
https = true;
package = pkgs.nextcloud29;
appstoreEnable = true;
configureRedis = true;
extraAppsEnable = true;
enableImagemagick = true;
maxUploadSize = "16G";
hostName = url;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) calendar;
};
};
services = {
nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud29;
appstoreEnable = true;
configureRedis = true;
extraAppsEnable = true;
enableImagemagick = true;
maxUploadSize = "16G";
hostName = url;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) calendar;
};
config = {
adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
dbtype = "pgsql";
dbhost = config.my.postgresSocket;
dbtableprefix = "oc_";
dbname = "nextcloud";
};
phpOptions = {
catch_workers_output = "yes";
display_errors = "stderr";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
expose_php = "Off";
"opcache.enable_cli" = "1";
"opcache.fast_shutdown" = "1";
"opcache.interned_strings_buffer" = "16";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "256M";
"opcache.max_accelerated_files" = "10000";
"opcache.huge_code_pages" = "1";
"opcache.enable_file_override" = "1";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "60";
"opcache.save_comments" = "1";
"opcache.validate_timestamps" = "0";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
preview_max_x = 512;
preview_max_y = 512;
short_open_tag = "Off";
};
settings = {
log_type = "file";
log_level = 3;
trusted_proxies = [ "192.168.1.100" ];
trusted_domains = [ "cloud.rotehaare.art" "danilo-reyes.com" ];
forwarded_for_headers = [ "HTTP_X_FORWARDED_FOR" ];
overwrite_protocol = "https";
default_phone_region = "MX";
allow_local_remote_servers = true;
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
"memories.exiftool" =
"/etc/profiles/per-user/nextcloud/bin/exiftool";
enabledPreviewProviders = [
"OC\\Preview\\Image"
"OC\\Preview\\HEIC"
"OC\\Preview\\TIFF"
"OC\\Preview\\MKV"
"OC\\Preview\\MP4"
"OC\\Preview\\AVI"
"OC\\Preview\\Movie"
];
};
# phpExtraExtensions = all: [ all.pdlib all.bz2 ];
phpExtraExtensions = all: [ ];
config = {
adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
dbtype = "pgsql";
dbhost = config.my.postgresSocket;
dbtableprefix = "oc_";
dbname = "nextcloud";
};
nginx.virtualHosts = {
${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
http2 = true;
serverAliases = [ "cloud.rotehaare.art" ];
locations = {
"/".proxyWebsockets = true;
"~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
{ };
};
};
"collabora.${config.my.domain}" =
lib.mkIf config.my.servers.collabora.enable {
forceSSL = true;
enableACME = true;
http2 = true;
locations = {
# static files
"^~ /loleaflet" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# WOPI discovery URL
"^~ /hosting/discovery" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# Capabilities
"^~ /hosting/capabilities" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# download, presentation, image upload and websocket
"~ ^/lool" = {
proxyPass = collaboraProxy;
extraConfig = commonWebsocketConfig;
};
# Admin Console websocket
"^~ /lool/adminws" = {
proxyPass = collaboraProxy;
extraConfig = commonWebsocketConfig;
};
};
};
phpOptions = {
catch_workers_output = "yes";
display_errors = "stderr";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
expose_php = "Off";
"opcache.enable_cli" = "1";
"opcache.fast_shutdown" = "1";
"opcache.interned_strings_buffer" = "16";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "256M";
"opcache.max_accelerated_files" = "10000";
"opcache.huge_code_pages" = "1";
"opcache.enable_file_override" = "1";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "60";
"opcache.save_comments" = "1";
"opcache.validate_timestamps" = "0";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
preview_max_x = 512;
preview_max_y = 512;
short_open_tag = "Off";
};
};
virtualisation.oci-containers.containers = {
go-vod = lib.mkIf config.my.servers.go-vod.enable {
autoStart = true;
image = "radialapps/go-vod";
environment = {
TZ = "America/Mexico_City";
NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}";
NVIDIA_VISIBLE_DEVICES = "all";
};
volumes = [ "ncdata:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri" # VA-API (omit for NVENC)
settings = {
log_type = "file";
log_level = 3;
trusted_proxies = [ "192.168.1.100" ];
trusted_domains = [
"cloud.rotehaare.art"
"danilo-reyes.com"
];
forwarded_for_headers = [ "HTTP_X_FORWARDED_FOR" ];
overwrite_protocol = "https";
default_phone_region = "MX";
allow_local_remote_servers = true;
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
"memories.exiftool" = "/etc/profiles/per-user/nextcloud/bin/exiftool";
enabledPreviewProviders = [
"OC\\Preview\\Image"
"OC\\Preview\\HEIC"
"OC\\Preview\\TIFF"
"OC\\Preview\\MKV"
"OC\\Preview\\MP4"
"OC\\Preview\\AVI"
"OC\\Preview\\Movie"
];
};
collabora = lib.mkIf config.my.servers.collabora.enable {
autoStart = true;
image = "collabora/code";
imageFile = pkgs.dockerTools.pullImage {
imageName = "collabora/code";
imageDigest =
"sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
# phpExtraExtensions = all: [ all.pdlib all.bz2 ];
phpExtraExtensions = all: [ ];
};
nginx.virtualHosts = {
${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
http2 = true;
serverAliases = [ "cloud.rotehaare.art" ];
locations = {
"/".proxyWebsockets = true;
"~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
{ };
};
ports = [ "9980:9980" ];
environment = {
TZ = "America/Mexico_City";
domain = "cloud.servidos.lat";
aliasgroup1 = "cloud.servidos.lat:443";
aliasgroup2 = "cloud.rotehaare.art:443";
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = ''
--o:ssl.enable=false
--o:ssl.termination=true
'';
};
"collabora.${config.my.domain}" = lib.mkIf config.my.servers.collabora.enable {
forceSSL = true;
enableACME = true;
http2 = true;
locations = {
# static files
"^~ /loleaflet" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# WOPI discovery URL
"^~ /hosting/discovery" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# Capabilities
"^~ /hosting/capabilities" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# download, presentation, image upload and websocket
"~ ^/lool" = {
proxyPass = collaboraProxy;
extraConfig = commonWebsocketConfig;
};
# Admin Console websocket
"^~ /lool/adminws" = {
proxyPass = collaboraProxy;
extraConfig = commonWebsocketConfig;
};
};
extraOptions = [ "--cap-add" "MKNOD" ];
};
};
systemd = lib.mkIf config.my.servers.nextcloud.enableCron {
services = {
nextcloud-cron.path = [ pkgs.perl ];
nextcloud-cronjob = let
nextcloud-cronjob = pkgs.writeScriptBin "nextcloud-cronjob"
(builtins.readFile ../../scripts/nextcloud-cronjob.sh);
in {
};
virtualisation.oci-containers.containers = {
go-vod = lib.mkIf config.my.servers.go-vod.enable {
autoStart = true;
image = "radialapps/go-vod";
environment = {
TZ = "America/Mexico_City";
NEXTCLOUD_HOST = "https://${config.services.nextcloud.hostName}";
NVIDIA_VISIBLE_DEVICES = "all";
};
volumes = [ "ncdata:/var/www/html:ro" ];
extraOptions = [
"--device=/dev/dri" # VA-API (omit for NVENC)
];
};
collabora = lib.mkIf config.my.servers.collabora.enable {
autoStart = true;
image = "collabora/code";
imageFile = pkgs.dockerTools.pullImage {
imageName = "collabora/code";
imageDigest = "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
};
ports = [ "9980:9980" ];
environment = {
TZ = "America/Mexico_City";
domain = "cloud.servidos.lat";
aliasgroup1 = "cloud.servidos.lat:443";
aliasgroup2 = "cloud.rotehaare.art:443";
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = ''
--o:ssl.enable=false
--o:ssl.termination=true
'';
};
extraOptions = [
"--cap-add"
"MKNOD"
];
};
};
systemd = lib.mkIf config.my.servers.nextcloud.enableCron {
services = {
nextcloud-cron.path = [ pkgs.perl ];
nextcloud-cronjob =
let
nextcloud-cronjob = pkgs.writeScriptBin "nextcloud-cronjob" (
builtins.readFile ../../scripts/nextcloud-cronjob.sh
);
in
{
description = "Runs various nextcloud-related cronjobs";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash nextcloud-cronjob ];
path = [
pkgs.bash
nextcloud-cronjob
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${nextcloud-cronjob}/bin/nextcloud-cronjob";
};
};
};
timers.nextcloud-cronjob = {
enable = true;
description = "Runs various nextcloud-related cronjobs";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*:0/10"; };
};
timers.nextcloud-cronjob = {
enable = true;
description = "Runs various nextcloud-related cronjobs";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*:0/10";
};
};
};
};
}

50
modules/servers/paperless.nix
View File

@@ -1,29 +1,31 @@
{ lib, config, ... }: {
{ lib, config, ... }:
{
options.my.servers.paperless.enable = lib.mkEnableOption "enable";
config = lib.mkIf
(config.my.servers.paperless.enable && config.my.servers.postgres.enable) {
services.paperless = {
enable = true;
address = "0.0.0.0";
consumptionDirIsPublic = true;
consumptionDir = "/mnt/pool/scans/";
settings = {
PAPERLESS_DBENGINE = "postgress";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBHOST = config.my.postgresSocket;
PAPERLESS_CONSUMER_IGNORE_PATTERN =
builtins.toJSON [ ".DS_STORE/*" "desktop.ini" ];
PAPERLESS_TIME_ZONE = "America/Mexico_City";
PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
optimize = 1;
pdfa_image_compression = "lossless";
};
config = lib.mkIf (config.my.servers.paperless.enable && config.my.servers.postgres.enable) {
services.paperless = {
enable = true;
address = "0.0.0.0";
consumptionDirIsPublic = true;
consumptionDir = "/mnt/pool/scans/";
settings = {
PAPERLESS_DBENGINE = "postgress";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBHOST = config.my.postgresSocket;
PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [
".DS_STORE/*"
"desktop.ini"
];
PAPERLESS_TIME_ZONE = "America/Mexico_City";
PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ config.services.paperless.port ];
allowedUDPPorts = [ config.services.paperless.port ];
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ config.services.paperless.port ];
allowedUDPPorts = [ config.services.paperless.port ];
};
};
}

16
modules/servers/postgres.nix
View File

@@ -1,8 +1,15 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
upgrade-pg-cluster =
let newPostgres = pkgs.postgresql_16.withPackages (_pp: [ ]);
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
let
newPostgres = pkgs.postgresql_16.withPackages (_pp: [ ]);
in
pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
@@ -26,7 +33,8 @@ let
"shiori"
"firefly-iii"
];
in {
in
{
options.my.servers.postgres.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.postgres.enable {
environment.systemPackages = [ upgrade-pg-cluster ];

11
modules/servers/prowlarr.nix
View File

@@ -1,4 +1,10 @@
{ lib, config, proxyReverseArr, ... }: {
{
lib,
config,
proxyReverseArr,
...
}:
{
options.my.servers.prowlarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.prowlarr.enable {
users.users.prowlarr = {
@@ -7,8 +13,7 @@
};
services = {
prowlarr.enable = true;
nginx.virtualHosts."indexer.${config.my.domain}" = proxyReverseArr 9696
// { };
nginx.virtualHosts."indexer.${config.my.domain}" = proxyReverseArr 9696 // { };
};
virtualisation.oci-containers.containers.flaresolverr = {
autoStart = true;

56
modules/servers/qbittorrent.nix
View File

@@ -1,7 +1,18 @@
{ lib, config, pkgs, proxyReverse, ... }:
{
lib,
config,
pkgs,
proxyReverse,
...
}:
let
port = 9091;
ports = [ port 51411 51412 51413 ];
ports = [
port
51411
51412
51413
];
bencodepy = pkgs.python3Packages.buildPythonPackage {
pname = "bencodepy";
version = "0.9.5";
@@ -15,7 +26,8 @@ let
};
build-system = with pkgs.python3Packages; [ setuptools ];
};
qbit_manage_env = pkgs.python3.withPackages (ps:
qbit_manage_env = pkgs.python3.withPackages (
ps:
[
ps.croniter
ps.gitpython
@@ -26,17 +38,19 @@ let
ps.retrying
ps.ruamel-yaml
ps.schedule
] ++ [ bencodepy ]);
in {
]
++ [ bencodepy ]
);
in
{
options.my.servers = {
qbittorrent.enable = lib.mkEnableOption "enable";
unpackerr.enable = lib.mkEnableOption "enable";
};
config = lib.mkIf config.my.servers.qbittorrent.enable {
home-manager.users.jawz.xdg.configFile."unpackerr.conf" =
lib.mkIf config.my.servers.unpackerr.enable {
source = ../../dotfiles/unpackerr.conf;
};
lib.mkIf config.my.servers.unpackerr.enable
{ source = ../../dotfiles/unpackerr.conf; };
systemd = {
packages = [ pkgs.qbittorrent-nox ];
services = {
@@ -52,13 +66,15 @@ in {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
serviceConfig = let env = "/home/jawz/Development/Git/qbit_manage";
in {
Restart = "on-failure";
RestartSec = 30;
ExecStart =
"${qbit_manage_env}/bin/python ${env}/qbit_manage.py -r -c ${env}/config.yml";
};
serviceConfig =
let
env = "/home/jawz/Development/Git/qbit_manage";
in
{
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${qbit_manage_env}/bin/python ${env}/qbit_manage.py -r -c ${env}/config.yml";
};
};
unpackerr = lib.mkIf config.my.servers.unpackerr.enable {
enable = true;
@@ -68,8 +84,7 @@ in {
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart =
"${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
};
};
};
@@ -77,12 +92,13 @@ in {
enable = true;
description = "Tidy up my torrents";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*:0/10"; };
timerConfig = {
OnCalendar = "*:0/10";
};
};
};
};
services.nginx.virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domain}" =
proxyReverse port // { };
services.nginx.virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domain}" = proxyReverse port // { };
networking.firewall = {
allowedTCPPorts = ports;
allowedUDPPorts = ports;

11
modules/servers/radarr.nix
View File

@@ -1,4 +1,10 @@
{ lib, config, proxyReverseArr, ... }: {
{
lib,
config,
proxyReverseArr,
...
}:
{
options.my.servers.radarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.radarr.enable {
services = {
@@ -6,8 +12,7 @@
enable = true;
group = "piracy";
};
nginx.virtualHosts."movies.${config.my.domain}" = proxyReverseArr 7878
// { };
nginx.virtualHosts."movies.${config.my.domain}" = proxyReverseArr 7878 // { };
};
};
}

52
modules/servers/ryot.nix
View File

@@ -1,31 +1,35 @@
{ lib, config, proxyReverse, ... }:
{
lib,
config,
proxyReverse,
...
}:
let
port = 8765;
url = "tracker.${config.my.domain}";
in {
in
{
options.my.servers.ryot.enable = lib.mkEnableOption "enable";
config = lib.mkIf
(config.my.servers.ryot.enable && config.my.servers.postgres.enable) {
sops.secrets.ryot.sopsFile = ../../secrets/env.yaml;
virtualisation.oci-containers.containers.ryot = {
image = "ghcr.io/ignisda/ryot:v7.0.0";
ports = [ "${toString port}:8000" ];
environmentFiles = [ config.sops.secrets.ryot.path ];
environment = {
RUST_LOG = "ryot=debug,sea_orm=debug";
TZ = "America/Mexico_City";
DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
FRONTEND_INSECURE_COOKIES = "true";
};
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
labels = {
"flame.type" = "application";
"flame.name" = "Ryot";
"flame.url" = url;
"flame.icon" = "radar";
};
config = lib.mkIf (config.my.servers.ryot.enable && config.my.servers.postgres.enable) {
sops.secrets.ryot.sopsFile = ../../secrets/env.yaml;
virtualisation.oci-containers.containers.ryot = {
image = "ghcr.io/ignisda/ryot:v7.0.0";
ports = [ "${toString port}:8000" ];
environmentFiles = [ config.sops.secrets.ryot.path ];
environment = {
RUST_LOG = "ryot=debug,sea_orm=debug";
TZ = "America/Mexico_City";
DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}";
FRONTEND_INSECURE_COOKIES = "true";
};
volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ];
labels = {
"flame.type" = "application";
"flame.name" = "Ryot";
"flame.url" = url;
"flame.icon" = "radar";
};
services.nginx.virtualHosts."tracker.${config.my.domain}" =
proxyReverse port // { };
};
services.nginx.virtualHosts."tracker.${config.my.domain}" = proxyReverse port // { };
};
}

11
modules/servers/sabnzbd.nix
View File

@@ -1,4 +1,10 @@
{ lib, config, proxyReverse, ... }: {
{
lib,
config,
proxyReverse,
...
}:
{
options.my.servers.sabnzbd.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.sabnzbd.enable {
services = {
@@ -7,8 +13,7 @@
group = "piracy";
openFirewall = true;
};
nginx.virtualHosts."HSoeJdGRd2Orj0n31UGI.${config.my.domain}" =
proxyReverse 3399 // { };
nginx.virtualHosts."HSoeJdGRd2Orj0n31UGI.${config.my.domain}" = proxyReverse 3399 // { };
};
};
}

34
modules/servers/shiori.nix
View File

@@ -1,20 +1,26 @@
{ lib, config, pkgs, proxyReverse, ... }: {
{
lib,
config,
pkgs,
proxyReverse,
...
}:
{
disabledModules = [ "services/web-apps/shiori.nix" ];
imports = [ ../../pkgs/shiori/shiori-service.nix ];
options.my.servers.shiori.enable = lib.mkEnableOption "enable";
config = lib.mkIf
(config.my.servers.shiori.enable && config.my.servers.postgres.enable) {
sops.secrets.shiori.sopsFile = ../../secrets/env.yaml;
services = {
shiori = {
enable = true;
port = 4368;
package = pkgs.callPackage ../../pkgs/shiori/shiori.nix { };
environmentFile = config.sops.secrets.shiori.path;
databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
};
nginx.virtualHosts."bookmarks.${config.my.domain}" =
proxyReverse config.services.shiori.port // { };
config = lib.mkIf (config.my.servers.shiori.enable && config.my.servers.postgres.enable) {
sops.secrets.shiori.sopsFile = ../../secrets/env.yaml;
services = {
shiori = {
enable = true;
port = 4368;
package = pkgs.callPackage ../../pkgs/shiori/shiori.nix { };
environmentFile = config.sops.secrets.shiori.path;
databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
};
nginx.virtualHosts."bookmarks.${config.my.domain}" =
proxyReverse config.services.shiori.port // { };
};
};
}

11
modules/servers/sonarr.nix
View File

@@ -1,4 +1,10 @@
{ lib, config, proxyReverse, ... }: {
{
lib,
config,
proxyReverse,
...
}:
{
options.my.servers.sonarr.enable = lib.mkEnableOption "enable";
config = lib.mkIf config.my.servers.sonarr.enable {
services = {
@@ -6,8 +12,7 @@
enable = true;
group = "piracy";
};
nginx.virtualHosts."series.${config.my.domain}" = proxyReverse 8989
// { };
nginx.virtualHosts."series.${config.my.domain}" = proxyReverse 8989 // { };
};
};
}

53
modules/servers/vaultwarden.nix
View File

@@ -1,29 +1,34 @@
{ lib, config, pkgs, proxyReverse, ... }: {
{
lib,
config,
pkgs,
proxyReverse,
...
}:
{
options.my.servers.vaultwarden.enable = lib.mkEnableOption "enable";
config = lib.mkIf (config.my.servers.vaultwarden.enable
&& config.my.servers.postgres.enable) {
sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
services = {
vaultwarden = {
enable = true;
dbBackend = "postgresql";
package = pkgs.vaultwarden;
environmentFile = config.sops.secrets.vaultwarden.path;
config = {
ROCKET_ADDRESS = "${config.my.localhost}";
ROCKET_PORT = 8222;
WEBSOCKET_PORT = 8333;
DATABASE_URL =
"postgresql:///vaultwarden?host=${config.my.postgresSocket}";
ENABLE_DB_WAL = false;
WEBSOCKET_ENABLED = true;
SHOW_PASSWORD_HINT = false;
EXTENDED_LOGGING = true;
LOG_LEVEL = "warn";
};
config = lib.mkIf (config.my.servers.vaultwarden.enable && config.my.servers.postgres.enable) {
sops.secrets.vaultwarden.sopsFile = ../../secrets/env.yaml;
services = {
vaultwarden = {
enable = true;
dbBackend = "postgresql";
package = pkgs.vaultwarden;
environmentFile = config.sops.secrets.vaultwarden.path;
config = {
ROCKET_ADDRESS = "${config.my.localhost}";
ROCKET_PORT = 8222;
WEBSOCKET_PORT = 8333;
DATABASE_URL = "postgresql:///vaultwarden?host=${config.my.postgresSocket}";
ENABLE_DB_WAL = false;
WEBSOCKET_ENABLED = true;
SHOW_PASSWORD_HINT = false;
EXTENDED_LOGGING = true;
LOG_LEVEL = "warn";
};
nginx.virtualHosts."vault.${config.my.domain}" =
proxyReverse config.services.vaultwarden.config.ROCKET_PORT // { };
};
nginx.virtualHosts."vault.${config.my.domain}" =
proxyReverse config.services.vaultwarden.config.ROCKET_PORT // { };
};
};
}