jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modularization of all servers donion rings

Browse Source
This commit is contained in:
Danilo Reyes
2024-06-15 00:27:14 -06:00
parent add0490415
commit fbf81f60ce
22 changed files with 618 additions and 521 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
hosts/miniserver/configuration.nix
View File

@@ -1,6 +1,5 @@
{ pkgs, ... }: {
imports =
[ ./servers.nix ./docker.nix ./hardware-configuration.nix ../../base.nix ];
imports = [ ./hardware-configuration.nix ../../base.nix ];
my = {
emacs.enable = true;
apps.dictionaries.enable = true;
@@ -29,15 +28,35 @@
servers = {
jellyfin = {
enable = true;
enableCron = false;
enableCron = true;
};
nextcloud = {
enable = false;
enableCron = false;
enable = true;
enableCron = true;
};
collabora.enable = false;
go-vod.enable = false;
adguardhome.enable = true;
audiobookshelf.enable = true;
bazarr.enable = true;
collabora.enable = true;
flame.enable = true;
flameSecret.enable = true;
go-vod.enable = true;
kavita.enable = true;
lidarr.enable = true;
maloja.enable = true;
mealie.enable = true;
metube.enable = true;
microbin.enable = true;
multi-scrobbler.enable = true;
paperless.enable = true;
postgres.enable = true;
prowlarr.enable = true;
qbittorrent.enable = true;
radarr.enable = true;
ryot.enable = true;
shiori.enable = true;
sonarr.enable = true;
vaultwarden.enable = true;
};
};
fonts.fontconfig.enable = true;
@@ -119,48 +138,4 @@
# };
# };
};
systemd = {
packages = [ pkgs.qbittorrent-nox ];
services = {
"qbittorrent-nox@jawz" = {
enable = true;
overrideStrategy = "asDropin";
wantedBy = [ "multi-user.target" ];
};
};
user = {
services = {
# unpackerr = {
# enable = true;
# restartIfChanged = true;
# description = "Run unpackerr";
# wantedBy = [ "default.target" ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 30;
# ExecStart = "${pkgs.unpackerr}/bin/unpackerr -c /home/jawz/.config/unpackerr.conf";
# };
# };
qbit_manage = let qbit_dir = "/home/jawz/Development/Git/qbit_manage";
in {
restartIfChanged = true;
description = "Tidy up my torrents";
wantedBy = [ "default.target" ];
path = [ pkgs.python3 pkgs.pipenv ];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart =
"${qbit_dir}/venv/bin/python3 ${qbit_dir}/qbit_manage.py -r -c ${qbit_dir}/config.yml";
};
};
};
timers.qbit_manage = {
enable = true;
description = "Tidy up my torrents";
wantedBy = [ "timers.target" ];
timerConfig = { OnCalendar = "*:0/10"; };
};
};
};
}

165
hosts/miniserver/docker.nix
View File

@@ -1,165 +0,0 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [ docker-compose ];
virtualisation = let postgresSocket = "/run/postgresql";
in {
docker = {
enable = true;
enableNvidia = true;
autoPrune = {
enable = true;
flags = [ "--all" ];
dates = "weekly";
};
};
oci-containers = {
containers = {
# metube = {
# image = "ghcr.io/alexta69/metube";
# ports = [ "8881:8081" ];
# volumes = [
# "/var/lib/docker-configs/metube:/downloads"
# "/home/jawz/.local/share/cookies.txt:/cookies.txt"
# ];
# environment = {
# TZ = "America/Mexico_City";
# YTDL_OPTIONS = ''{"cookiefile":"/cookies.txt"}'';
# };
# };
vocechat = {
image = "privoce/vocechat-server:latest";
ports = [ "3001:3000" ];
volumes =
[ "/var/lib/docker-configs/vocechat:/home/vocechat-server/data" ];
environment = { TZ = "America/Mexico_City"; };
};
# ryot = {
# image = "ghcr.io/ignisda/ryot:v5.5.0";
# ports = [ "8765:8000" ];
# environment = {
# TZ = "America/Mexico_City";
# DATABASE_URL = "postgres:///ryot?host=${postgresSocket}";
# # FRONTEND_INSECURE_COOKIES = "true";
# VIDEO_GAMES_TWITCH_CLIENT_ID = "tfu0hw0zbdbu4lco4h72nqkb8krxp9";
# VIDEO_GAMES_TWITCH_CLIENT_SECRET = "582ecfb01ihv6wnt8zbc9pf3hs9p54";
# };
# volumes = [ "${postgresSocket}:${postgresSocket}" ];
# labels = {
# "flame.type" = "application";
# "flame.name" = "Ryot";
# "flame.url" = "tracker.servidos.lat";
# "flame.icon" = "radar";
# };
# };
multi-scrobbler = {
image = "foxxmd/multi-scrobbler";
ports = [ "9078:9078" ];
environment = {
TZ = "America/Mexico_City";
PUID = "1000";
PGID = "100";
BASE_URL = "https://scrobble.servidos.lat";
# JELLYFIN_USER = "jawz";
# JELLYFIN_SERVER = "DaniloFlix";
DEEZER_CLIENT_ID = "657431";
DEEZER_CLIENT_SECRET = "cb2ad03682dd5a55dfef857388ef181e";
DEEZER_REDIRECT_URI = "http://192.168.1.69:9078/deezer/callback";
MALOJA_URL = "https://maloja.servidos.lat";
MALOJA_API_KEY =
"LsnY2Ed484JlzUmF6EwhpGJ0gUCjJ2G5s1oJTwALJN8w1N3K6eXpfjBQp3raNPLA";
WS_ENABLE = "true";
};
volumes = [ "/var/lib/docker-configs/multi-scrobbler:/config" ];
labels = {
"flame.type" = "application";
"flame.name" = "Multi-scrobbler";
"flame.url" = "scrobble.servidos.lat";
"flame.icon" = "broadcast";
};
};
maloja = {
image = "krateng/maloja";
ports = [ "42010:42010" ];
environment = {
TZ = "America/Mexico_City";
MALOJA_TIMEZONE = "-6";
PUID = "1000";
PGID = "100";
MALOJA_DATA_DIRECTORY = "/mljdata";
MALOJA_SKIP_SETUP = "true";
MALOJA_FORCE_PASSWORD = "chichis";
};
volumes = [ "/var/lib/docker-configs/maloja:/mljdata" ];
labels = {
"flame.type" = "application";
"flame.name" = "Maloja";
"flame.url" = "maloja.servidos.lat";
"flame.icon" = "bookmark-music";
};
};
# flaresolverr = {
# autoStart = true;
# image = "ghcr.io/flaresolverr/flaresolverr:latest";
# ports = [ "8191:8191" ];
# };
flame = {
autoStart = true;
image = "pawelmalak/flame";
ports = [ "5005:5005" ];
volumes = [
"/var/lib/docker-configs/flame:/app/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
TZ = "America/Mexico_City";
PUID = "1000";
PGID = "100";
PASSWORD = "RkawpqMc8lR56QyU7JSfiLhG";
};
};
mealie = {
autoStart = true;
image = "ghcr.io/mealie-recipes/mealie:v1.4.0";
ports = [ "9925:9000" ];
volumes = [ "/var/lib/docker-configs/mealie:/app/data/" ];
environment = {
TZ = "America/Mexico_City";
ALLOW_SIGNUP = "true";
PUID = "1000";
PGID = "100";
MAX_WORKERS = "1";
WEB_CONCURRENCY = "1";
BASE_URL = "https://mealie.servidos.lat";
SMTP_HOST = "smtp.gmail.com";
SMTP_PORT = "587";
SMTP_FROM_EMAIL = "stunner6399@gmail.com";
SMTP_USER = "stunner6399@gmail.com";
SMTP_PASSWORD = "ywofhisexfawslob";
};
extraOptions = [
"--memory=1g" # VA-API (omit for NVENC)
];
labels = {
"flame.type" = "application";
"flame.name" = "Mealie";
"flame.url" = "mealie.servidos.lat";
"flame.icon" = "fridge";
};
};
flame-nsfw = {
autoStart = true;
image = "pawelmalak/flame";
ports = [ "5007:5005" ];
volumes = [ "/var/lib/docker-configs/flame-nsfw:/app/data" ];
environment = {
TZ = "America/Mexico_City";
PUID = "1000";
PGID = "100";
PASSWORD = "RkawpqMc8lR56QyU7JSfiLhG";
};
};
};
};
};
}

117
hosts/miniserver/nginx.nix
View File

@@ -1,117 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, ... }:
let
localhost = "127.0.0.1";
# workstation = "192.168.1.64";
domain = "servidos.lat";
shioriPort = 4368;
flamePort = 5005;
secretFlamePort = 5007;
qbitPort = 9091;
mealiePort = 9925;
ryotPort = 8765;
scrobblePort = 9078;
malojaPort = 42010;
darkwirePort = 3001;
metatubePort = 8881;
# kavitaPort = config.services.kavita.port;
vaultPort = config.services.vaultwarden.config.ROCKET_PORT;
audiobookPort = config.services.audiobookshelf.port;
in {
services.nginx = {
enable = true;
clientMaxBodySize = "4096m";
# recommendedTlsSettings = true;
# recommendedGzipSettings = true;
# recommendedOptimisation = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = let
base = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxy = port:
base { "/".proxyPass = "http://${localhost}:${toString port}/"; };
# proxyArr = port:
# proxy port // {
# extraConfig = ''
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection $http_connection;
# proxy_redirect off;
# proxy_http_version 1.1;
# '';
# };
in {
# "library.${domain}" = proxy kavitaPort // { };
"start.${domain}" = proxy flamePort // { };
"vault.${domain}" = proxy vaultPort // { };
"mealie.${domain}" = proxy mealiePort // { };
"tracker.${domain}" = proxy ryotPort // { };
"scrobble.${domain}" = proxy scrobblePort // { };
"maloja.${domain}" = proxy malojaPort // { };
"bookmarks.${domain}" = proxy shioriPort // { };
"bajameesta.${domain}" = proxy metatubePort // { };
"qampqwn4wprhqny8h8zj.${domain}" = proxy secretFlamePort // { };
"xfwmrle6h6skqujbeizw.${domain}" = proxy qbitPort // { };
"audiobooks.${domain}" = base {
"/" = {
proxyPass = "http://${localhost}:${toString audiobookPort}";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_redirect http:// https://;
'';
};
};
"dontcancelmeplz.${domain}" = base {
"/" = {
proxyPass = "http://${localhost}:${toString darkwirePort}";
proxyWebsockets = true;
extraConfig = ''
# Ensuring it can use websockets
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_redirect http:// $scheme://;
# The proxy must preserve the host because gotify verifies the host with the origin
# for WebSocket connections
proxy_set_header Host $host;
# These sets the timeout so that the websocket can stay alive
proxy_connect_timeout 1m;
proxy_send_timeout 1m;
proxy_read_timeout 1m;
'';
};
};
};
};
networking = {
firewall = let open_firewall_ports = [ 80 443 ];
in {
enable = true;
allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports;
};
};
}

130
hosts/miniserver/servers.nix
View File

@@ -1,130 +0,0 @@
{ config, pkgs, ... }:
let
localhost = "127.0.0.1";
postgresSocket = "/run/postgresql";
in {
imports = [ ./nginx.nix ];
environment.systemPackages = [
# Upgrades postgres
(let
# XXX specify the postgresql package you'd like to upgrade to.
# Do not forget to list the extensions you need.
newPostgres = pkgs.postgresql_16.withPackages (pp:
[
# pp.plv8
]);
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${config.services.postgresql.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
users.users = let base = { isSystemUser = true; };
in {
# kavita = base // {
# group = "kavita";
# extraGroups = [ "piracy" ];
# };
};
services = let
base = {
enable = true;
group = "piracy";
};
in {
# jira.enable = true;
# adguardhome = {
# enable = true;
# mutableSettings = true;
# openFirewall = true;
# };
# audiobookshelf = {
# enable = true;
# group = "piracy";
# port = 5687;
# };
paperless = {
enable = true;
address = "0.0.0.0";
consumptionDirIsPublic = true;
consumptionDir = "/mnt/pool/scans/";
settings = {
PAPERLESS_DBENGINE = "postgress";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBHOST = postgresSocket;
PAPERLESS_CONSUMER_IGNORE_PATTERN =
builtins.toJSON [ ".DS_STORE/*" "desktop.ini" ];
PAPERLESS_TIME_ZONE = "America/Mexico_City";
PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
vaultwarden = {
enable = true;
dbBackend = "postgresql";
package = pkgs.vaultwarden;
environmentFile = "/var/lib/vaultwarden.env";
config = {
ROCKET_ADDRESS = "${localhost}";
ROCKET_PORT = 8222;
WEBSOCKET_PORT = 8333;
DATABASE_URL = "postgresql:///vaultwarden?host=${postgresSocket}";
ENABLE_DB_WAL = false;
WEBSOCKET_ENABLED = true;
SHOW_PASSWORD_HINT = false;
SIGNUPS_ALLOWED = false;
EXTENDED_LOGGING = true;
LOG_LEVEL = "warn";
};
};
# kavita = {
# enable = true;
# tokenKeyFile = "${pkgs.writeText "kavitaToken"
# "Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}";
# };
postgresql = let
dbNames =
[ "jawz" "paperless" "nextcloud" "ryot" "vaultwarden" "shiori" ];
in {
enable = true;
ensureDatabases = dbNames;
package = pkgs.postgresql_16;
ensureUsers = map (name: {
name = name;
ensureDBOwnership = true;
}) dbNames;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all ${localhost}/32 trust
host all all ::1/128 trust
'';
};
};
networking = {
firewall = let open_firewall_ports = [ config.services.paperless.port ];
in {
enable = true;
allowedTCPPorts = open_firewall_ports;
allowedUDPPorts = open_firewall_ports;
};
};
}