diff options
| author | Mike Vink <mike@pionative.com> | 2024-07-14 06:40:52 +0200 |
|---|---|---|
| committer | Mike Vink <mike@pionative.com> | 2024-07-14 06:40:52 +0200 |
| commit | 98c31cac3e931023b5afeb209af6b6eed2a025c7 (patch) | |
| tree | 4f78891affa3ce2cfbb7f0b1b3efc31d68c87ab7 /profiles/homeserver | |
| parent | f56f38fc344a80244266e0b69f909775599ba5b2 (diff) | |
wip
Diffstat (limited to 'profiles/homeserver')
| -rw-r--r-- | profiles/homeserver/acme.nix | 6 | ||||
| -rw-r--r-- | profiles/homeserver/dns.nix | 14 | ||||
| -rw-r--r-- | profiles/homeserver/nginx.nix | 4 | ||||
| -rw-r--r-- | profiles/homeserver/radicale.nix | 2 | ||||
| -rw-r--r-- | profiles/homeserver/transmission.nix | 93 |
5 files changed, 71 insertions, 48 deletions
diff --git a/profiles/homeserver/acme.nix b/profiles/homeserver/acme.nix index 1880db2..e72e8fe 100644 --- a/profiles/homeserver/acme.nix +++ b/profiles/homeserver/acme.nix @@ -4,13 +4,13 @@ defaults = { extraLegoFlags = [ "--dns.disable-cp" ]; extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"]; - email = ivi.email; + email = my.email; dnsProvider = "porkbun"; environmentFile = config.secrets.porkbun.path; }; - certs."${ivi.domain}" = { + certs."${my.domain}" = { # NOTE(ivi): use dns wildcard certs for local services - domain = "*.${ivi.domain}"; + domain = "*.${my.domain}"; }; }; } diff --git a/profiles/homeserver/dns.nix b/profiles/homeserver/dns.nix index 917c8bb..21ccf7e 100644 --- a/profiles/homeserver/dns.nix +++ b/profiles/homeserver/dns.nix @@ -1,4 +1,4 @@ -{ config, machine, inputs, lib, ... }: with lib; let +{ config, machines, machine, inputs, lib, ... }: with lib; let dns = inputs.dns.lib; in { system.extraDependencies = collectFlakeInputs inputs.dns; @@ -20,12 +20,12 @@ ]; }; stub-zone = [ { - name = ivi.domain; + name = my.domain; stub-addr = "127.0.0.1@10053"; } ]; forward-zone = [ { - name = "_acme-challenge.${ivi.domain}"; + name = "_acme-challenge.${my.domain}"; forward-addr = config.services.resolved.fallbackDns; forward-tls-upstream = true; } @@ -45,15 +45,15 @@ zones = with dns.combinators; let here = { - A = map a ivi.machines.serber.ipv4; - AAAA = map a ivi.machines.serber.ipv6; + A = map a machines.serber.ipv4; + AAAA = map a machines.serber.ipv6; }; in { - ${ivi.domain}.data = dns.toString ivi.domain (here // { + ${my.domain}.data = dns.toString my.domain (here // { TTL = 60 * 60; SOA = { nameServer = "@"; - adminEmail = "dns@${ivi.domain}"; + adminEmail = "dns@${my.domain}"; serial = 0; }; NS = [ "@" ]; diff --git a/profiles/homeserver/nginx.nix b/profiles/homeserver/nginx.nix index f869d3b..22fd74e 100644 --- a/profiles/homeserver/nginx.nix +++ b/profiles/homeserver/nginx.nix @@ -4,8 +4,8 @@ type = types.attrsOf (types.submodule ({ name, ... }: { config = mkIf (name != "default") { forceSSL = mkDefault true; - sslCertificateKey = "/var/lib/acme/${ivi.domain}/key.pem"; - sslCertificate = "/var/lib/acme/${ivi.domain}/fullchain.pem"; + sslCertificateKey = "/var/lib/acme/${my.domain}/key.pem"; + sslCertificate = "/var/lib/acme/${my.domain}/fullchain.pem"; }; })); }; diff --git a/profiles/homeserver/radicale.nix b/profiles/homeserver/radicale.nix index f04a4a4..6f07245 100644 --- a/profiles/homeserver/radicale.nix +++ b/profiles/homeserver/radicale.nix @@ -1,6 +1,6 @@ { lib, ... }: with lib; { services.nginx = { - virtualHosts."cal.${ivi.domain}" = { + virtualHosts."cal.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:5232"; }; diff --git a/profiles/homeserver/transmission.nix b/profiles/homeserver/transmission.nix index 8b7b4fa..d871e96 100644 --- a/profiles/homeserver/transmission.nix +++ b/profiles/homeserver/transmission.nix @@ -1,53 +1,83 @@ -{ config, lib, pkgs, ... }: with lib; { +{ config, lib, ... }: with lib; { virtualisation.docker.rootless = { enable = true; setSocketVariable = true; }; users.groups.multimedia = { }; - users.users.${ivi.username}.extraGroups = [ "multimedia" ]; + users.users.${my.username}.extraGroups = [ "multimedia" ]; systemd.tmpfiles.rules = [ "d /data 0770 - multimedia - -" ]; - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "plexmediaserver" - ]; - - environment.systemPackages = [ - pkgs.jellyfin-ffmpeg - ]; - services.nginx = { virtualHosts = { - "sonarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; }; - "radarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; }; - "bazarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.bazarr.listenPort}"; }; }; - "readarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8787"; }; }; - "prowlarr.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9696"; }; }; - "transmission.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; }; - "jellyfin.${ivi.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8096"; }; }; + "sonarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; }; + "radarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; }; + "bazarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.bazarr.listenPort}"; }; }; + # "readarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8787"; }; }; + "prowlarr.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9696"; }; }; + "transmission.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; }; + "jellyfin.${my.domain}" = { locations."/" = { proxyPass = "http://127.0.0.1:8096"; }; }; }; }; - services = { - jellyfin = { enable = true; group = "multimedia"; }; - sonarr = { enable = true; group = "multimedia"; }; - radarr = { enable = true; group = "multimedia"; }; - bazarr = { enable = true; group = "multimedia"; }; - readarr = { enable = true; group = "multimedia"; }; - prowlarr = { enable = true; }; - }; + # services = { + # jellyfin = { enable = true; group = "multimedia"; }; + # sonarr = { enable = true; group = "multimedia"; }; + # radarr = { enable = true; group = "multimedia"; }; + # bazarr = { enable = true; group = "multimedia"; }; + # readarr = { enable = true; group = "multimedia"; }; + # prowlarr = { enable = true; }; + # }; virtualisation.oci-containers = { backend = "docker"; containers = { + prowlarr = { + image = "linuxserver/prowlarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/config/prowlarr/data:/config" + ]; + }; + bazarr = { + image = "linuxserver/bazarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/media:/data" + "/data/config/prowlarr/data:/config" + ]; + }; + radarr = { + image = "linuxserver/radarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/media:/data" + "/data/config/radarr/data:/config" + ]; + }; + sonarr = { + image = "linuxserver/sonarr"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/media:/data" + "/data/config/sonarr/data:/config" + ]; + }; + jellyfin = { + image = "jellyfin/jellyfin"; + extraOptions = ["--net=host"]; + volumes = [ + "/data/config/jellyfin/config:/config" + "/data/config/jellyfin/cache:/config" + ]; + }; transmission = { image = "haugene/transmission-openvpn"; extraOptions = ["--cap-add=NET_ADMIN"]; volumes = [ - "/config/ovpn:/etc/openvpn/custom" - "/config/transmission:/config" + "/data/config/ovpn:/etc/openvpn/custom" + "/data/config/transmission:/config" "/data/torrents:/data/torrents" ]; ports = [ @@ -59,13 +89,6 @@ config.secrets.transmission.path ]; }; - # ytdl-sub = { - # image = "ghcr.io/jmbannon/ytdl-sub:latest"; - # environment = { - # TZ=""; - # DOCKER_MODS="linuxserver/mods:universal-cron"; - # }; - # }; }; }; } |