jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NixOS/modules/servers.nix

181 lines
6.5 KiB
Nix
Raw Blame History

{ lib, config, pkgs, ... }:
let
setup = import ./servers/base.nix { inherit lib config; };
proxy = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxyReverse = port:
proxy {
"/".proxyPass = "http://${config.my.localhost}:${toString port}/";
};
proxyReverseArr = port:
proxyReverse port // {
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
enableContainers = lib.any (opt: opt) [
config.my.servers.collabora.enable
config.my.servers.ryot.enable
config.my.servers.lidarr.enable
config.my.servers.prowlarr.enable
config.my.servers.maloja.enable
config.my.servers.multi-scrobbler.enable
config.my.servers.flame.enable
config.my.servers.metube.enable
config.my.servers.go-vod.enable
];
in {
imports = [
./servers/adguardhome.nix
./servers/paperless.nix
./servers/postgres.nix
(import ./servers/audiobookshelf.nix { inherit lib config proxy setup; })
(import ./servers/bazarr.nix { inherit lib config proxyReverse; })
(import ./servers/flame.nix { inherit lib config proxyReverse; })
(import ./servers/homepage.nix { inherit lib config pkgs proxyReverse; })
(import ./servers/jellyfin.nix { inherit lib config pkgs setup; })
(import ./servers/kavita.nix { inherit lib config pkgs proxyReverse; })
(import ./servers/lidarr.nix { inherit lib config proxyReverseArr; })
(import ./servers/maloja.nix { inherit lib config proxyReverse; })
(import ./servers/mealie.nix { inherit lib config proxyReverse; })
(import ./servers/metube.nix { inherit lib config proxyReverse; })
(import ./servers/microbin.nix { inherit lib config proxyReverse; })
(import ./servers/multi-scrobbler.nix { inherit lib config proxyReverse; })
(import ./servers/nextcloud.nix { inherit lib config pkgs; })
(import ./servers/prowlarr.nix { inherit lib config proxyReverseArr; })
(import ./servers/qbittorrent.nix { inherit lib config pkgs proxyReverse; })
(import ./servers/radarr.nix { inherit lib config proxyReverseArr; })
(import ./servers/ryot.nix { inherit lib config proxyReverse; })
(import ./servers/shiori.nix { inherit lib config pkgs proxyReverse; })
(import ./servers/sonarr.nix { inherit lib config proxyReverse; })
(import ./servers/vaultwarden.nix { inherit lib config pkgs proxyReverse; })
(import ./servers/firefly-iii.nix { inherit lib config pkgs proxyReverse; })
];
options.my = {
localhost = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1";
description = "The localhost address.";
};
domain = lib.mkOption {
type = lib.types.str;
default = "servidos.lat";
description = "The domain name.";
};
miniserver-ip = lib.mkOption {
type = lib.types.str;
default = "192.168.1.100";
description = "The miniserver ip.";
};
postgresSocket = lib.mkOption {
type = lib.types.str;
default = "/run/postgresql";
description = "The PostgreSQL socket path.";
};
containerSocket = lib.mkOption {
type = lib.types.str;
default = "/var/run/docker.sock";
description = "The docker/podman socket path.";
};
containerData = lib.mkOption {
type = lib.types.str;
default = "/var/lib/docker-configs";
description = "The docker/podman socket path.";
};
smtpemail = lib.mkOption {
type = lib.types.str;
default = "stunner6399@gmail.com";
description = "localhost smtp email";
};
email = lib.mkOption {
type = lib.types.str;
default = "CaptainJawZ@protonmail.com";
description = "localhost smtp email";
};
enableContainers = lib.mkEnableOption "enable";
enableProxy = lib.mkEnableOption "enable";
};
config = {
my = {
enableContainers = lib.mkDefault false;
enableProxy = lib.mkDefault false;
servers = {
jellyfin = {
enable = lib.mkDefault false;
enableCron = lib.mkDefault false;
};
nextcloud = {
enable = lib.mkDefault false;
enableCron = lib.mkDefault false;
};
adguardhome.enable = lib.mkDefault false;
audiobookshelf.enable = lib.mkDefault false;
bazarr.enable = lib.mkDefault false;
collabora.enable = lib.mkDefault false;
flame.enable = lib.mkDefault false;
flameSecret.enable = lib.mkDefault false;
go-vod.enable = lib.mkDefault false;
homepage.enable = lib.mkDefault false;
kavita.enable = lib.mkDefault false;
lidarr.enable = lib.mkDefault false;
maloja.enable = lib.mkDefault false;
mealie.enable = lib.mkDefault false;
metube.enable = lib.mkDefault false;
microbin.enable = lib.mkDefault false;
multi-scrobbler.enable = lib.mkDefault false;
paperless.enable = lib.mkDefault false;
postgres.enable = lib.mkDefault false;
prowlarr.enable = lib.mkDefault false;
qbittorrent.enable = lib.mkDefault false;
radarr.enable = lib.mkDefault false;
ryot.enable = lib.mkDefault false;
shiori.enable = lib.mkDefault false;
sonarr.enable = lib.mkDefault false;
vaultwarden.enable = lib.mkDefault false;
firefly-iii.enable = lib.mkDefault false;
};
};
virtualisation = {
containers.enable = true;
oci-containers.backend = "podman";
podman = lib.mkIf (enableContainers || config.my.enableContainers) {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
autoPrune = {
enable = true;
flags = [ "--all" ];
dates = "weekly";
};
};
};
security.acme = lib.mkIf config.services.nginx.enable {
acceptTerms = true;
defaults.email = config.my.email;
};
services.nginx = {
enable = config.my.enableProxy;
clientMaxBodySize = "4096m";
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
};
networking.firewall = let ports = [ 80 443 ];
in {
enable = true;
allowedTCPPorts = ports;
allowedUDPPorts = ports;
};
};
}
Reference in New Issue View Git Blame Copy Permalink