jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

servers now have an unique toggle for nginx

Browse Source
This commit is contained in:
Danilo Reyes 2024-08-24 20:55:42 -06:00
parent ad97dcf385
commit fb1a44d2ca
22 changed files with 142 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
hosts/server/configuration.nix
View File

@ -16,12 +16,30 @@
ffmpreg.enable = true;
ffmpeg4discord.enable = true;
};
servers = {
sonarr.enable = true;
radarr.enable = true;
lidarr.enable = true;
jellyfin.enable = true;
bazarr.enable = true;
kavita.enable = true;
};
};
networking = {
networking = let
ports = [
2049 # idk
8989 # sonarr
7878 # radarr
8686 # lidarr
8096 # jellyfin
6767 # bazarr
5000 # kavita
];
in {
hostName = "server";
firewall = {
allowedTCPPorts = [ 2049 ];
allowedUDPPorts = [ 2049 ];
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
};
nixpkgs.hostPlatform = "x86_64-linux";

73
modules/servers.nix
View File

@ -104,43 +104,47 @@ in {
description = "localhost smtp email";
};
enableContainers = lib.mkEnableOption "enable";
enableProxy = lib.mkEnableOption "enable";
};
config = {
my.enableContainers = lib.mkDefault false;
my.servers = {
jellyfin = {
enable = lib.mkDefault false;
enableCron = lib.mkDefault false;
my = {
enableContainers = lib.mkDefault false;
enableProxy = lib.mkDefault false;
servers = {
jellyfin = {
enable = lib.mkDefault false;
enableCron = lib.mkDefault false;
};
nextcloud = {
enable = lib.mkDefault false;
enableCron = lib.mkDefault false;
};
adguardhome.enable = lib.mkDefault false;
audiobookshelf.enable = lib.mkDefault false;
bazarr.enable = lib.mkDefault false;
collabora.enable = lib.mkDefault false;
flame.enable = lib.mkDefault false;
flameSecret.enable = lib.mkDefault false;
go-vod.enable = lib.mkDefault false;
homepage.enable = lib.mkDefault false;
kavita.enable = lib.mkDefault false;
lidarr.enable = lib.mkDefault false;
maloja.enable = lib.mkDefault false;
mealie.enable = lib.mkDefault false;
metube.enable = lib.mkDefault false;
microbin.enable = lib.mkDefault false;
multi-scrobbler.enable = lib.mkDefault false;
paperless.enable = lib.mkDefault false;
postgres.enable = lib.mkDefault false;
prowlarr.enable = lib.mkDefault false;
qbittorrent.enable = lib.mkDefault false;
radarr.enable = lib.mkDefault false;
ryot.enable = lib.mkDefault false;
shiori.enable = lib.mkDefault false;
sonarr.enable = lib.mkDefault false;
vaultwarden.enable = lib.mkDefault false;
firefly-iii.enable = lib.mkDefault false;
};
nextcloud = {
enable = lib.mkDefault false;
enableCron = lib.mkDefault false;
};
adguardhome.enable = lib.mkDefault false;
audiobookshelf.enable = lib.mkDefault false;
bazarr.enable = lib.mkDefault false;
collabora.enable = lib.mkDefault false;
flame.enable = lib.mkDefault false;
flameSecret.enable = lib.mkDefault false;
go-vod.enable = lib.mkDefault false;
homepage.enable = lib.mkDefault false;
kavita.enable = lib.mkDefault false;
lidarr.enable = lib.mkDefault false;
maloja.enable = lib.mkDefault false;
mealie.enable = lib.mkDefault false;
metube.enable = lib.mkDefault false;
microbin.enable = lib.mkDefault false;
multi-scrobbler.enable = lib.mkDefault false;
paperless.enable = lib.mkDefault false;
postgres.enable = lib.mkDefault false;
prowlarr.enable = lib.mkDefault false;
qbittorrent.enable = lib.mkDefault false;
radarr.enable = lib.mkDefault false;
ryot.enable = lib.mkDefault false;
shiori.enable = lib.mkDefault false;
sonarr.enable = lib.mkDefault false;
vaultwarden.enable = lib.mkDefault false;
firefly-iii.enable = lib.mkDefault false;
};
virtualisation = {
containers.enable = true;
@ -162,6 +166,7 @@ in {
defaults.email = config.my.email;
};
services.nginx = {
enable = config.my.enableProxy;
clientMaxBodySize = "4096m";
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
};

29
modules/servers/audiobookshelf.nix
View File

@ -4,27 +4,24 @@ in {
options.my.servers.audiobookshelf =
setup.mkOptions "audiobookshelf" "audiobooks" 5687;
config = lib.mkIf config.my.servers.audiobookshelf.enable {
services ={
services = {
audiobookshelf = {
enable = true;
group = "piracy";
port = cfg.port;
};
nginx = {
enable = true;
virtualHosts."${cfg.host}" = proxy {
"/" = {
proxyPass = cfg.local;
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect http:// https://;
'';
};
nginx.virtualHosts."${cfg.host}" = proxy {
"/" = {
proxyPass = cfg.local;
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect http:// https://;
'';
};
};
};

7
modules/servers/bazarr.nix
View File

@ -6,11 +6,8 @@
enable = true;
group = "piracy";
};
nginx = {
enable = true;
virtualHosts."subs.${config.my.domain}" =
proxyReverse config.services.bazarr.listenPort // { };
};
nginx.virtualHosts."subs.${config.my.domain}" =
proxyReverse config.services.bazarr.listenPort // { };
};
};
}

1
modules/servers/flame.nix
View File

@ -39,7 +39,6 @@ in {
};
};
services.nginx = {
enable = true;
virtualHosts."start.${config.my.domain}" = proxyReverse port // { };
virtualHosts."qampqwn4wprhqny8h8zj.${config.my.domain}" =
proxyReverse portSecret // { };

5
modules/servers/homepage.nix
View File

@ -40,10 +40,7 @@ in {
];
}];
};
nginx = {
enable = true;
virtualHosts."home.${config.my.domain}" = proxyReverse port // { };
};
nginx.virtualHosts."home.${config.my.domain}" = proxyReverse port // { };
};
};
}

1
modules/servers/jellyfin.nix
View File

@ -10,7 +10,6 @@ in {
group = "piracy";
};
nginx = {
enable = true;
appendHttpConfig = ''
# JELLYFIN
proxy_cache_path /var/cache/nginx/jellyfin-videos levels=1:2 keys_zone=jellyfin-videos:100m inactive=1d max_size=35000m;

7
modules/servers/kavita.nix
View File

@ -15,11 +15,8 @@
enable = true;
tokenKeyFile = config.sops.secrets.kavita-token.path;
};
nginx = {
enable = true;
virtualHosts."library.${config.my.domain}" =
proxyReverse config.services.kavita.port // { };
};
nginx.virtualHosts."library.${config.my.domain}" =
proxyReverse config.services.kavita.port // { };
};
};
}

11
modules/servers/lidarr.nix
View File

@ -15,9 +15,9 @@ in {
PGID = "100";
};
volumes = [
"/mnt/pool/multimedia:/data"
"/mnt/pool/multimedia/media/Music:/music"
"/mnt/pool/multimedia/media/MusicVideos:/music-videos"
"/mnt/btrfs/multimedia:/data"
"/mnt/btrfs/multimedia/media/Music:/music"
"/mnt/btrfs/multimedia/media/MusicVideos:/music-videos"
"${config.my.containerData}/lidarr/files:/config"
"${config.my.containerData}/lidarr/custom-services.d:/custom-services.d"
"${config.my.containerData}/lidarr/custom-cont-init.d:/custom-cont-init.d"
@ -31,10 +31,7 @@ in {
};
services = {
lidarr.enable = true;
nginx = {
enable = true;
virtualHosts."${url}" = proxyReverseArr port // { };
};
nginx.virtualHosts."${url}" = proxyReverseArr port // { };
};
};
}

5
modules/servers/maloja.nix
View File

@ -26,9 +26,6 @@ in {
"flame.icon" = "bookmark-music";
};
};
services.nginx = {
enable = true;
virtualHosts."${url}" = proxyReverse port // { };
};
services.nginx.virtualHosts."${url}" = proxyReverse port // { };
};
}

5
modules/servers/mealie.nix
View File

@ -34,9 +34,6 @@ in {
"flame.icon" = "fridge";
};
};
services.nginx = {
enable = true;
virtualHosts."${domain}" = proxyReverse port // { };
};
services.nginx.virtualHosts."${domain}" = proxyReverse port // { };
};
}

6
modules/servers/metube.nix
View File

@ -15,9 +15,7 @@ in {
YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}'';
};
};
services.nginx = {
enable = true;
virtualHosts."bajameesta.${config.my.domain}" = proxyReverse port // { };
};
services.nginx.virtualHosts."bajameesta.${config.my.domain}" =
proxyReverse port // { };
};
}

7
modules/servers/microbin.nix
View File

@ -17,11 +17,8 @@
MICROBIN_ENCRYPTION_SERVER_SIDE = true;
};
};
nginx = {
enable = true;
virtualHosts."copy.${config.my.domain}" =
proxyReverse config.services.microbin.settings.MICROBIN_PORT // { };
};
nginx.virtualHosts."copy.${config.my.domain}" =
proxyReverse config.services.microbin.settings.MICROBIN_PORT // { };
};
};
}

5
modules/servers/multi-scrobbler.nix
View File

@ -29,9 +29,6 @@ in {
"flame.icon" = "broadcast";
};
};
services.nginx = {
enable = true;
virtualHosts."${domain}" = proxyReverse port // { };
};
services.nginx.virtualHosts."${domain}" = proxyReverse port // { };
};
}

81
modules/servers/nextcloud.nix
View File

@ -131,54 +131,51 @@ in {
# phpExtraExtensions = all: [ all.pdlib all.bz2 ];
phpExtraExtensions = all: [ ];
};
nginx = {
enable = true;
virtualHosts = {
${config.services.nextcloud.hostName} = {
nginx.virtualHosts = {
${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
http2 = true;
serverAliases = [ "cloud.rotehaare.art" ];
locations = {
"/".proxyWebsockets = true;
"~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
{ };
};
};
"collabora.${config.my.domain}" =
lib.mkIf config.my.servers.collabora.enable {
forceSSL = true;
enableACME = true;
http2 = true;
serverAliases = [ "cloud.rotehaare.art" ];
locations = {
"/".proxyWebsockets = true;
"~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
{ };
};
};
"collabora.${config.my.domain}" =
lib.mkIf config.my.servers.collabora.enable {
forceSSL = true;
enableACME = true;
http2 = true;
locations = {
# static files
"^~ /loleaflet" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# WOPI discovery URL
"^~ /hosting/discovery" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# Capabilities
"^~ /hosting/capabilities" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# download, presentation, image upload and websocket
"~ ^/lool" = {
proxyPass = collaboraProxy;
extraConfig = commonWebsocketConfig;
};
# Admin Console websocket
"^~ /lool/adminws" = {
proxyPass = collaboraProxy;
extraConfig = commonWebsocketConfig;
};
# static files
"^~ /loleaflet" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# WOPI discovery URL
"^~ /hosting/discovery" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# Capabilities
"^~ /hosting/capabilities" = {
proxyPass = collaboraProxy;
extraConfig = commonProxyConfig;
};
# download, presentation, image upload and websocket
"~ ^/lool" = {
proxyPass = collaboraProxy;
extraConfig = commonWebsocketConfig;
};
# Admin Console websocket
"^~ /lool/adminws" = {
proxyPass = collaboraProxy;
extraConfig = commonWebsocketConfig;
};
};
};
};
};
};
virtualisation.oci-containers.containers = {

7
modules/servers/prowlarr.nix
View File

@ -7,11 +7,8 @@
};
services = {
prowlarr.enable = true;
nginx = {
enable = true;
virtualHosts."indexer.${config.my.domain}" = proxyReverseArr 9696
// { };
};
nginx.virtualHosts."indexer.${config.my.domain}" = proxyReverseArr 9696
// { };
};
virtualisation.oci-containers.containers.flaresolverr = {
autoStart = true;

7
modules/servers/qbittorrent.nix
View File

@ -74,11 +74,8 @@ in {
};
};
};
services.nginx = {
enable = true;
virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domain}" =
proxyReverse port // { };
};
services.nginx.virtualHosts."xfwmrle6h6skqujbeizw.${config.my.domain}" =
proxyReverse port // { };
networking.firewall = {
allowedTCPPorts = ports;
allowedUDPPorts = ports;

6
modules/servers/radarr.nix
View File

@ -6,10 +6,8 @@
enable = true;
group = "piracy";
};
nginx = {
enable = true;
virtualHosts."movies.${config.my.domain}" = proxyReverseArr 7878 // { };
};
nginx.virtualHosts."movies.${config.my.domain}" = proxyReverseArr 7878
// { };
};
};
}

6
modules/servers/ryot.nix
View File

@ -25,9 +25,7 @@ in {
"flame.icon" = "radar";
};
};
services.nginx = {
enable = true;
virtualHosts."tracker.${config.my.domain}" = proxyReverse port // { };
};
services.nginx.virtualHosts."tracker.${config.my.domain}" =
proxyReverse port // { };
};
}

7
modules/servers/shiori.nix
View File

@ -13,11 +13,8 @@
environmentFile = config.sops.secrets.shiori.path;
databaseUrl = "postgres:///shiori?host=${config.my.postgresSocket}";
};
nginx = {
enable = true;
virtualHosts."bookmarks.${config.my.domain}" =
proxyReverse config.services.shiori.port // { };
};
nginx.virtualHosts."bookmarks.${config.my.domain}" =
proxyReverse config.services.shiori.port // { };
};
};
}

6
modules/servers/sonarr.nix
View File

@ -6,10 +6,8 @@
enable = true;
group = "piracy";
};
nginx = {
enable = true;
virtualHosts."series.${config.my.domain}" = proxyReverse 8989 // { };
};
nginx.virtualHosts."series.${config.my.domain}" = proxyReverse 8989
// { };
};
};
}

7
modules/servers/vaultwarden.nix
View File

@ -22,11 +22,8 @@
LOG_LEVEL = "warn";
};
};
nginx = {
enable = true;
virtualHosts."vault.${config.my.domain}" =
proxyReverse config.services.vaultwarden.config.ROCKET_PORT // { };
};
nginx.virtualHosts."vault.${config.my.domain}" =
proxyReverse config.services.vaultwarden.config.ROCKET_PORT // { };
};
};
}