{ lib, config, pkgs, ... }: let setup = import ./servers/base.nix { inherit lib config; }; proxy = locations: { inherit locations; forceSSL = true; enableACME = true; http2 = true; }; proxyReverse = port: proxy { "/".proxyPass = "http://${config.my.localhost}:${toString port}/"; }; proxyReverseArr = port: proxyReverse port // { extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_redirect off; proxy_http_version 1.1; ''; }; enableContainers = lib.any (opt: opt) [ config.my.servers.collabora.enable config.my.servers.ryot.enable config.my.servers.lidarr.enable config.my.servers.prowlarr.enable config.my.servers.maloja.enable config.my.servers.multi-scrobbler.enable config.my.servers.flame.enable config.my.servers.metube.enable config.my.servers.go-vod.enable ]; in { imports = [ ./servers/adguardhome.nix ./servers/paperless.nix ./servers/postgres.nix (import ./servers/audiobookshelf.nix { inherit lib config proxy setup ; }) (import ./servers/bazarr.nix { inherit lib config proxyReverse; }) (import ./servers/flame.nix { inherit lib config proxyReverse; }) (import ./servers/homepage.nix { inherit lib config pkgs proxyReverse ; }) (import ./servers/jellyfin.nix { inherit lib config pkgs setup ; }) (import ./servers/kavita.nix { inherit lib config pkgs proxyReverse ; }) (import ./servers/lidarr.nix { inherit lib config proxyReverseArr; }) (import ./servers/maloja.nix { inherit lib config proxyReverse; }) (import ./servers/mealie.nix { inherit lib config proxyReverse; }) (import ./servers/metube.nix { inherit lib config proxyReverse; }) (import ./servers/microbin.nix { inherit lib config proxyReverse; }) (import ./servers/multi-scrobbler.nix { inherit lib config proxyReverse; }) (import ./servers/nextcloud.nix { inherit lib config pkgs; }) (import ./servers/prowlarr.nix { inherit lib config proxyReverseArr; }) (import ./servers/qbittorrent.nix { inherit lib config pkgs proxyReverse ; }) (import ./servers/sabnzbd.nix { inherit lib config pkgs proxyReverse ; }) (import ./servers/radarr.nix { inherit lib config proxyReverseArr; }) (import ./servers/ryot.nix { inherit lib config proxyReverse; }) (import ./servers/shiori.nix { inherit lib config pkgs proxyReverse ; }) (import ./servers/sonarr.nix { inherit lib config proxyReverse; }) (import ./servers/vaultwarden.nix { inherit lib config pkgs proxyReverse ; }) (import ./servers/firefly-iii.nix { inherit lib config pkgs proxyReverse ; }) ]; options.my = { localhost = lib.mkOption { type = lib.types.str; default = "127.0.0.1"; description = "The localhost address."; }; domain = lib.mkOption { type = lib.types.str; default = "servidos.lat"; description = "The domain name."; }; miniserver-ip = lib.mkOption { type = lib.types.str; default = "192.168.1.100"; description = "The miniserver ip."; }; postgresSocket = lib.mkOption { type = lib.types.str; default = "/run/postgresql"; description = "The PostgreSQL socket path."; }; containerSocket = lib.mkOption { type = lib.types.str; default = "/var/run/docker.sock"; description = "The docker/podman socket path."; }; containerData = lib.mkOption { type = lib.types.str; default = "/var/lib/docker-configs"; description = "The docker/podman socket path."; }; smtpemail = lib.mkOption { type = lib.types.str; default = "stunner6399@gmail.com"; description = "localhost smtp email"; }; email = lib.mkOption { type = lib.types.str; default = "CaptainJawZ@protonmail.com"; description = "localhost smtp email"; }; enableContainers = lib.mkEnableOption "enable"; enableProxy = lib.mkEnableOption "enable"; }; config = { my = { enableContainers = lib.mkDefault false; enableProxy = lib.mkDefault false; servers = { jellyfin = { enable = lib.mkDefault false; enableCron = lib.mkDefault false; }; nextcloud = { enable = lib.mkDefault false; enableCron = lib.mkDefault false; }; adguardhome.enable = lib.mkDefault false; audiobookshelf.enable = lib.mkDefault false; bazarr.enable = lib.mkDefault false; collabora.enable = lib.mkDefault false; flame.enable = lib.mkDefault false; flameSecret.enable = lib.mkDefault false; go-vod.enable = lib.mkDefault false; homepage.enable = lib.mkDefault false; kavita.enable = lib.mkDefault false; lidarr.enable = lib.mkDefault false; maloja.enable = lib.mkDefault false; mealie.enable = lib.mkDefault false; metube.enable = lib.mkDefault false; microbin.enable = lib.mkDefault false; multi-scrobbler.enable = lib.mkDefault false; paperless.enable = lib.mkDefault false; postgres.enable = lib.mkDefault false; prowlarr.enable = lib.mkDefault false; sabnzbd.enable = lib.mkDefault false; qbittorrent.enable = lib.mkDefault false; unpackerr.enable = lib.mkDefault false; radarr.enable = lib.mkDefault false; ryot.enable = lib.mkDefault false; shiori.enable = lib.mkDefault false; sonarr.enable = lib.mkDefault false; vaultwarden.enable = lib.mkDefault false; firefly-iii.enable = lib.mkDefault false; }; }; virtualisation = { containers.enable = true; oci-containers.backend = "podman"; podman = lib.mkIf (enableContainers || config.my.enableContainers) { enable = true; dockerCompat = true; dockerSocket.enable = true; defaultNetwork.settings.dns_enabled = true; autoPrune = { enable = true; flags = [ "--all" ]; dates = "weekly"; }; }; }; security.acme = lib.mkIf config.services.nginx.enable { acceptTerms = true; defaults.email = config.my.email; }; services.nginx = { enable = config.my.enableProxy; clientMaxBodySize = "4096m"; sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; }; networking.firewall = let ports = [ 80 443 ]; in { enable = true; allowedTCPPorts = ports; allowedUDPPorts = ports; }; }; }