misschloe/nix-config
1
0
Fork 0
mirror of https://github.com/harryssecret/homelab-nix.git synced 2025-08-08 06:30:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of github.com:harryssecret/homelab-nix

Browse source
This commit is contained in:
chloe 2024-08-19 16:38:20 +02:00
commit 49a987352d
14 changed files with 154 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

40
features/server/caddy.nix
View file

@ -4,65 +4,57 @@
enable = true;
virtualHosts = {
":5050".extraConfig = ''
reverse_proxy :8083
'';
"sisyphe.normandy.hypervirtual.world".extraConfig = ''
"http://sisyphe.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :8003
'';
"git.hypervirtual.world".extraConfig = ''
"http://git.hypervirtual.world".extraConfig = ''
reverse_proxy :3333
'';
"photos.hypervirtual.world".extraConfig = ''
reverse_proxy :2342
'';
"books.hypervirtual.world".extraConfig = ''
"http://books.hypervirtual.world".extraConfig = ''
reverse_proxy :8083
'';
"fish.hypervirtual.world".extraConfig = ''
"http://fish.hypervirtual.world".extraConfig = ''
reverse_proxy :3030
'';
":2344".extraConfig = ''
reverse_proxy :2342
'';
"jellyfin.sisyphe.normandy.hypervirtual.world".extraConfig = ''
"http://jellyfin.sisyphe.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :8096
'';
"slskd.sisyphe.normandy.hypervirtual.world".extraConfig = ''
"http://slskd.sisyphe.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :5030
'';
"radarr.sisyphe.normandy.hypervirtual.world".extraConfig = ''
"http://radarr.sisyphe.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :7878
'';
"sonarr.sisyphe.normandy.hypervirtual.world".extraConfig = ''
"http://sonarr.sisyphe.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :8989
'';
"sonarr-anime.sisyphe.normandy.hypervirtual.world".extraConfig = ''
"http://sonarr-anime.sisyphe.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :8999
'';
"prowlarr.sisyphe.normandy.hypervirtual.world".extraConfig = ''
"http://prowlarr.sisyphe.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :9696
'';
"grafana.sisyphe.normandy.hypervirtual.world".extraConfig = ''
"http://grafana.sisyphe.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :3000
'';
"status.normandy.hypervirtual.world".extraConfig = ''
"http://status.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :4000
'';
"http://transmission.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :9091
'';
};
};

1
features/server/default.nix
View file

@ -28,5 +28,6 @@
ethtool
networkd-dispatcher
transcrypt
libressl_3_8
];
}

18
features/server/multimedia/jellyfin.nix
View file

@ -1,5 +1,21 @@
{ config, ... }:
{ pkgs, config, ... }:
{
# 1. enable vaapi on OS-level
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.opengl = {
# hardware.opengl in 24.05
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
intel-media-sdk # QSV up to 11th gen
];
};
services.jellyfin = {
enable = true;
openFirewall = true;

4
features/server/services/default.nix
View file

@ -1,9 +1,9 @@
{config, ...}:
{ config, ... }:
{
imports = [
./homelab-dashboard.nix
./nextcloud.nix
./photoprism.nix
# ./photoprism.nix
./grafana.nix
./forgejo.nix
./synapse-matrix.nix

10
features/server/services/forgejo-smtp.nix
View file

@ -1,5 +1,5 @@
U2FsdGVkX18oY3efQYeXqacnpNaOkre/hn/Ck1shbtZiKPQbD7G+tdQBjxPdZxIL
7oZi2qay/Z6ZKgjmd5zMW+jFejxl9/PSbDFbydn3nADkOCgPO5QSjN2QX+cswV/T
MlSQovYhJzhBgy37cPNU4oZBM8u5ZyRKLgBdUcbaKOJShyzirwKaKdn4abN0QC9B
nPIRIY5INzJPDHJEi/hgOfp4PLeiJTOvrGjvKF2N65f4Uyi8BOW3NSDK+qp6VcUI
tfF/C6r6XQF4w3p9GD2Zxw==
U2FsdGVkX1+OxQJs9k/4JL1g9iZi/V4LYrvEhkf6JFwvTFhv+sIYDI9YFXpGFk2f
DxWy76EO2LgRWZxTeBAQWTyinbDpYM2Efr3EqJvZmocBsrzrAIOfUyQ5gX9a3f9v
QHIYSPSwapr9qVEkl92bbdLKw8aQExz7SLG4viIouIb8sXShq7HGeajwrXgpj8F9
UsFVRnrsWznu5Ubg5X40Q7EQy3vswzACkL65MeeT1AlF//vbPs/CAqa9zyc1pkoa
QGHEinlNI/0Rb/RJ7rzmuEU28Z8M24tMajQWt5JmJ6Y=

15
features/server/services/forgejo.nix
View file

@ -1,10 +1,16 @@
{ config, ... }:
{ config, lib, ... }:
{
imports = [ ./forgejo-smtp.nix ];
sops.secrets.smtp_address = { };
sops.secrets.smtp_password = {
owner = "forgejo";
};
sops.secrets.forgejoInitialMail = {
owner = "forgejo";
};
sops.secrets.forgejoInitialPassword = {
owner = "forgejo";
};
services.forgejo = {
enable = true;
@ -15,7 +21,7 @@
settings = {
server = {
DOMAIN = "git.hypervirtual.world";
ROOT_URL = "https://hypervirtual.world";
ROOT_URL = "https://git.hypervirtual.world";
HTTP_PORT = 3333;
};
actions = {
@ -29,4 +35,9 @@
};
mailerPasswordFile = config.sops.secrets.smtp_password.path;
};
systemd.services.forgejo.preStart = ''
create="${lib.getExe config.services.forgejo.package} admin user create"
$create --admin --email "`cat ${config.sops.secrets.forgejoInitialMail.path}`" --username you --password "`cat ${config.sops.secrets.forgejoInitialPassword.path}`" &>/dev/null || true
'';
}

3
features/server/services/nextcloud-network.nix Normal file
View file

@ -0,0 +1,3 @@
U2FsdGVkX18gq8c8sLObTxZnVycdd9qBcE6mzuVR+7ff6J7ntoPxlWdeNWTSnWiI
cVRz0XEH9+DX7EyUbuwQcDtzepoJONsGowXM6Hs+N1A5feaku0J+jGFoMtXX1kv8
SXpR3emmKFbtNmwCqW0++DLolU9R/pdRlWFlQiABlMc=

82
features/server/services/nextcloud.nix
View file

@ -1,4 +1,9 @@
{ config, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports = [
"${
@ -7,6 +12,7 @@
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
}
}/nextcloud-extras.nix"
./nextcloud-network.nix
]; # adding caddy support
sops.secrets.adminNextcloudPass = {
@ -23,18 +29,68 @@
dbtype = "pgsql";
adminpassFile = config.sops.secrets.adminNextcloudPass.path;
};
settings.enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
settings = {
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
trustedDomains = [ "cloud.hypervirtual.world" ];
overwriteprotocol = "https";
log_type = "file"; # temporary fix for https://nixos.org/manual/nixos/stable/#module-services-nextcloud-warning-logreader
default_phone_region = "FR";
default_locale = "fr_FR";
default_language = "fr";
default_timezone = "Europe/Paris";
};
phpExtraExtensions = all: [
all.pdlib
all.redis
all.bz2
];
phpOptions."opcache.interned_strings_buffer" = "23";
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
contacts
calendar
previewgenerator
twofactor_nextcloud_notification
;
memories = pkgs.fetchNextcloudApp {
sha256 = "sha256-DJPskJ4rTECTaO1XJFeOD1EfA3TQR4YXqG+NIti0UPE=";
url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz";
license = "agpl3Only";
};
/*
not useful for me
registration = pkgs.fetchNextcloudApp {
sha256 = "sha256-dDaQHyHdkkd8ZammLdck2HNGqqfEaunwevdPzbWzB8Y=";
url = "https://github.com/nextcloud-releases/registration/releases/download/v2.4.0/registration-v2.4.0.tar.gz";
license = "agpl3Only";
};
*/
facerecognition = pkgs.fetchNextcloudApp {
sha256 = "1dfpmnyyrjyn7wbjfj3w072rzfl7zwm8ppphgsg8ampw2dy7y6yk";
url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.51/facerecognition.tar.gz";
license = "agpl3Only";
};
};
extraAppsEnable = true;
appstoreEnable = true; # why i would want appstore to be disabled ???
autoUpdateApps.enable = true;
extraOptions."memories.exiftool" = "${lib.getExe pkgs.exiftool}";
};
}

10
features/server/services/photoprism.nix
View file

@ -3,10 +3,15 @@
sops.secrets.photoprismAdmin = { };
sops.secrets.photoprismPassword = { };
environment.systemPackages = with pkgs; [
photoprism
];
services.photoprism = {
enable = true;
port = 2342;
originalsPath = "/srv/cloud/photoprism/originals";
importPath = "/srv/cloud/photoprism/imports";
settings = {
PHOTOPRISM_ADMIN_USER = "admin";
PHOTOPRISM_DEFAULT_LOCALE = "fr";
@ -19,4 +24,9 @@
};
passwordFile = config.sops.secrets.photoprismPassword.path;
};
systemd.tmpfiles.rules = [
"d /srv/cloud/photoprism/originals 0755 photoprism photoprism -"
"d /srv/cloud/photoprism/imports 0755 photoprism photoprism -"
];
}

5
features/server/services/synapse-matrix.nix
View file

@ -21,6 +21,7 @@ in
server_name = "hypervirtual.world";
public_baseurl = baseUrl;
enable_registration = false;
enable_metrics = true;
listeners = [
{
port = 8008;
@ -36,7 +37,6 @@ in
names = [
"client"
"federation"
"metrics"
];
compress = true;
}
@ -48,7 +48,7 @@ in
tls = false;
bind_addresses = [
"::1"
"0.0.0.0"
"127.0.0.1"
];
resources = [ ];
}
@ -87,7 +87,6 @@ in
};
};
*/
}

20
features/server/tailscale.nix
View file

@ -2,16 +2,18 @@
{
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
# useRoutingFeatures = "server";
};
services.networkd-dispatcher = {
enable = true;
rules."50-tailscale" = {
onState = [ "routable" ];
script = ''
${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off
'';
/*
services.networkd-dispatcher = {
enable = true;
rules."50-tailscale" = {
onState = [ "routable" ];
script = ''
${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off
'';
};
};
};
*/
}