diff --git a/features/server/backups-repos.nix b/features/server/backups-repos.nix index 6dfc3b7..282cf6f 100644 --- a/features/server/backups-repos.nix +++ b/features/server/backups-repos.nix @@ -1,5 +1,5 @@ -U2FsdGVkX1+alugeaL42d1DXdx+FlLJ9RQErEECKiXmHETExGwdgvNOSSjSXfWc0 -Mo22lNDdaoVtCK2gcsBqdxxI8Y6RlxuJvznyk7MO3dqT+CYSxbOS8NMfCu7q+NDg -zelWePoV+99RmeI7dbkgFrwzw1F3YEXlrTnfmsr72Qb9kje1j9GRaN73Tvc3+PMN -Rq0QmIXluZLSt0z1dfn/lOSY9Q4kB2t/60ErNAC4tL58sK7Dry6G2mjT8pHwOzF8 -yXP1iuae6jhNDmlgoXuH76ktVYdS+nbURWjvt0uFQENyU29+r9pCpJDhExNdvPKX +U2FsdGVkX1+pKUtcxhT27nl6afKy5paC7y9iBtZgbq2rnuJebgGFCD0AxE1TOWMV +RaWwqeK7YaU7MnImh+b7JfR3C7b6OgQz3+V+gGhC8f10e23maH/me3m3SNsxLp4w +BS4SQZzrWc5WHS+QHTCH7tfUyFPYBs8xnfMAN+TGqB/ud0l7ZZ7MRvpU2IHpzoi1 +8ek6OT+w/oyXU3o5eVklEuXpTEB2dcGJ41hbXCEDn7ELyfpaF/+Tx5yGGIJ73FvS ++P2s1wpjWnrHPj78aphmdm8Q/PZ81vDU4/e2nyg4OcHyOPXVVnwhRUWl1Y9/a/sK diff --git a/features/server/backups.nix b/features/server/backups.nix index 505917e..d5bb32b 100644 --- a/features/server/backups.nix +++ b/features/server/backups.nix @@ -1,24 +1,11 @@ -{ - config, - secrets, - pkgs, - ... -}: +{ config, ... }: { imports = [ ./backups-repos.nix ]; sops.secrets.borgRepoPassword = { }; sops.secrets.borgRemoteServerPassword = { - sopsFile = "${secrets}/secrets/backup.yaml"; - }; - - sops.secrets.sshBorgOffsiteBackup = { - sopsFile = "${secrets}/secrets/backup.yaml"; - }; - - sops.secrets.borgOffsiteBackupHostKeys = { - sopsFile = "${secrets}/secrets/backup.yaml"; + sopsFile = "/home/homelab/secrets/backup.yaml"; }; services.borgbackup.jobs = { @@ -77,26 +64,25 @@ "/srv/freshrss" "/srv/Minecraft" ]; - postgresql_databases = [ - { name = "forgejo"; } - { name = "nextcloud"; } - { name = "matrix-synapse"; } + postgres_databases = [ + "forgejo" + "nextcloud" + "matrix-synapse" ]; exclude_patterns = [ "/home/*/.cache" ]; - encryption_passcommand = "${pkgs.coreutils}/bin/cat /run/secrets/borgRemoteServerPassword"; - ssh_command = "ssh -o GlobalKnownHostsFile=${config.sops.secrets.borgOffsiteBackupHostKeys.path} -i ${config.sops.secrets.sshBorgOffsiteBackup.path}"; + encryption_passcommand = "cat /run/secrets/borgRemoteServerPassword"; }; }; }; - systemd.timers."borgmatic" = { + systemd.timers.borgmatic = { enable = true; + unit = "borgmatic.service"; wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "*-*-* 03:00:00"; Persistent = true; WakeSystem = true; - Unit = "borgmatic.service"; }; }; } diff --git a/features/server/caddy.nix b/features/server/caddy.nix index 3562437..101e08e 100644 --- a/features/server/caddy.nix +++ b/features/server/caddy.nix @@ -24,10 +24,6 @@ reverse_proxy :8096 ''; - "http://media.hypervirtual.world".extraConfig = '' - reverse_proxy :8096 - ''; - "http://slskd.sisyphe.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :5030 ''; @@ -52,7 +48,7 @@ reverse_proxy :3000 ''; - "http://status.hypervirtual.world".extraConfig = '' + "http://status.normandy.hypervirtual.world".extraConfig = '' reverse_proxy :4000 ''; diff --git a/features/server/default.nix b/features/server/default.nix index 0b54b2e..519f317 100644 --- a/features/server/default.nix +++ b/features/server/default.nix @@ -28,6 +28,6 @@ ethtool networkd-dispatcher transcrypt - libressl_3_9 + libressl_3_8 ]; } diff --git a/features/server/multimedia/arr-suite.nix b/features/server/multimedia/arr-suite.nix index d5e940c..af56b9f 100644 --- a/features/server/multimedia/arr-suite.nix +++ b/features/server/multimedia/arr-suite.nix @@ -1,7 +1,10 @@ { config, + pkgs, + lib, ... }: +with lib; let cfg = config.arrSuite; @@ -32,27 +35,27 @@ in enable = true; openFirewall = true; }; - /* - #TODO: create duplicated instances of Sonarr. - systemd.services."sonarrAnime" = { - enable = true; - description = "Duplicated Sonarr instance, for animes"; - after = [ - "syslog.target" - "network.target" - ]; +/* + #TODO: create duplicated instances of Sonarr. + systemd.services."sonarrAnime" = { + enable = true; + description = "Duplicated Sonarr instance, for animes"; + after = [ + "syslog.target" + "network.target" + ]; - path = [ pkgs.sonarr ]; - serviceConfig = { - Type = "simple"; - User = "sonarr"; - ExecStart = "${pkgs.sonarr}/bin/Sonarr -nobrowser -data=/var/lib/sonarrAnime"; - TimeoutStopSec = "20"; - KillMode = "process"; - Restart = "on-failure"; - }; - wantedBy = [ "multi-user.target" ]; + path = [ pkgs.sonarr ]; + serviceConfig = { + Type = "simple"; + User = "sonarr"; + ExecStart = "${pkgs.sonarr}/bin/Sonarr -nobrowser -data=/var/lib/sonarrAnime"; + TimeoutStopSec = "20"; + KillMode = "process"; + Restart = "on-failure"; }; - */ + wantedBy = [ "multi-user.target" ]; + }; +*/ } diff --git a/features/server/multimedia/jellyfin.nix b/features/server/multimedia/jellyfin.nix index a2001bc..5024104 100644 --- a/features/server/multimedia/jellyfin.nix +++ b/features/server/multimedia/jellyfin.nix @@ -16,7 +16,6 @@ intel-media-sdk # QSV up to 11th gen ]; }; - services.jellyfin = { enable = true; openFirewall = true; diff --git a/features/server/multimedia/slskd.nix b/features/server/multimedia/slskd.nix index 6a5a34c..3835aed 100644 --- a/features/server/multimedia/slskd.nix +++ b/features/server/multimedia/slskd.nix @@ -1,17 +1,12 @@ -{ - config, - lib, - secrets, - ... -}: +{ config, lib, ... }: with lib; let - cfg = config.downloads.music; + cfg = config.slskd; in { options = { - downloads.music.directory = mkOption { + slskd.directory = mkOption { type = types.str; default = "/srv/media/Music"; }; @@ -19,7 +14,7 @@ in config = { sops.secrets.slskd = { - sopsFile = "${secrets}/secrets/slskd.env"; + sopsFile = ../../../secrets/slskd.env; format = "dotenv"; }; diff --git a/features/server/multimedia/transmission.nix b/features/server/multimedia/transmission.nix index 6362b54..18434b7 100644 --- a/features/server/multimedia/transmission.nix +++ b/features/server/multimedia/transmission.nix @@ -1,17 +1,12 @@ -{ - config, - secrets, - lib, - ... -}: +{ config, lib, ... }: with lib; let - cfg = config.downloads.transmission; + cfg = config.transmission; in { options = { - downloads.transmission = { + transmission = { directory = mkOption { type = lib.types.str; default = "/srv/Multimedia"; @@ -21,7 +16,7 @@ in config = { sops.secrets.transmission = { - sopsFile = "${secrets}/secrets/transmission.json"; + sopsFile = ../../../secrets/transmission.json; path = "/var/lib/secrets/transmission/settings.json"; }; diff --git a/features/server/services/freshrss.nix b/features/server/services/freshrss.nix index 1987d24..3775a72 100644 --- a/features/server/services/freshrss.nix +++ b/features/server/services/freshrss.nix @@ -14,14 +14,18 @@ in config = { sops.secrets = { - freshrss_username = { }; - freshrss_password = { }; + freshrss_username = { + sopsFile = ../../secrets/freshrss.yaml; + }; + freshrss_password = { + sopsFile = ../../secrets/freshrss.yaml; + }; }; services.freshrss = { enable = true; language = "fr"; - defaultUser = ""; + defaultUser = config.sops.secrets.freshrss_username; baseUrl = cfg.url; passwordFile = config.sops.secrets.freshrss_password.path; database = { diff --git a/features/server/services/grafana.nix b/features/server/services/grafana.nix index 98ca6aa..b07a949 100644 --- a/features/server/services/grafana.nix +++ b/features/server/services/grafana.nix @@ -4,6 +4,7 @@ enable = true; settings = { server = { + http_addr = "0.0.0.0"; http_port = 3000; }; }; diff --git a/features/server/services/homelab-dashboard.nix b/features/server/services/homelab-dashboard.nix index ea89733..6d260f0 100644 --- a/features/server/services/homelab-dashboard.nix +++ b/features/server/services/homelab-dashboard.nix @@ -1,7 +1,6 @@ { config, lib, - secrets, pkgs, ... }: @@ -34,7 +33,7 @@ in #TODO: add Radarr/Sonarr/... api key support config = { sops.secrets."homepage" = { - sopsFile = "${secrets}/secrets/homepage.env"; + sopsFile = ../../../secrets/homepage.env; format = "dotenv"; }; @@ -221,11 +220,12 @@ in { "Utilitaires" = [ { - "Nextcloud" = { - icon = "nextcloud"; - description = "Sauvegarde de données"; - href = "https://cloud.hypervirtual.world"; + "Photoprism" = { + icon = "photoprism"; + description = "Sauvegarde de photos"; + href = "http://${ip}:2342"; }; + } { "4get" = { diff --git a/features/server/services/i2p.nix b/features/server/services/i2p.nix new file mode 100644 index 0000000..8f5ca24 --- /dev/null +++ b/features/server/services/i2p.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: +{ + services.i2pd = { + enable = true; + upnp.enable = true; + }; +} diff --git a/features/server/services/uptime-kuma.nix b/features/server/services/uptime-kuma.nix index c66d2ae..7c6ab9f 100644 --- a/features/server/services/uptime-kuma.nix +++ b/features/server/services/uptime-kuma.nix @@ -4,6 +4,7 @@ services.uptime-kuma = { enable = true; settings = { + HOST = "0.0.0.0"; PORT = "4000"; }; }; diff --git a/flake.nix b/flake.nix index 817e05f..5a13bb5 100644 --- a/flake.nix +++ b/flake.nix @@ -8,10 +8,8 @@ alejandra.url = "github:kamadorueda/alejandra/3.0.0"; alejandra.inputs.nixpkgs.follows = "nixpkgs"; - nix-secrets = { - url = "git+https://git.hypervirtual.world/harry123/nix-secrets.git"; - flake = false; - }; + nix-secrets.url = "git.hypervirtual.world:harry123/nix-secrets.git"; + nix-secrets.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -23,18 +21,15 @@ }@inputs: let username = "harry123"; - secrets = builtins.toString inputs.nix-secrets; specialArgs = { inherit username; - inherit secrets; }; in { nixosConfigurations = { sisyphe = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - specialArgs = specialArgs; modules = [ ./hosts/sisyphe/configuration.nix sops-nix.nixosModules.sops diff --git a/hosts/sisyphe/server-configuration.nix b/hosts/sisyphe/server-configuration.nix index 8140f1f..c673d69 100644 --- a/hosts/sisyphe/server-configuration.nix +++ b/hosts/sisyphe/server-configuration.nix @@ -3,7 +3,6 @@ config, lib, pkgs, - secrets, ... }: let @@ -37,7 +36,6 @@ in enable = true; allowedTCPPorts = [ 22 # ssh - 80 # http 8008 # matrix-synapse 8448 # matrix-synapse ]; @@ -62,5 +60,5 @@ in sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.keyFile = "/var/lib/sops-nix/key.txt"; sops.age.generateKey = true; - sops.defaultSopsFile = "${secrets}/secrets/secrets.yaml"; + sops.defaultSopsFile = ../../secrets/secrets.yaml; }