misschloe/nix-config
1
0
Fork 0
mirror of https://github.com/harryssecret/homelab-nix.git synced 2025-08-08 06:30:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: misschloe:8998b072c39203d60f6f2f21bbd9452cd1332b59
Branches Tags
misschloe:main
misschloe:next
...
compare: misschloe:65381a0ca484777cfbd0dc76e02d5ffb051cf6de
Branches Tags
misschloe:main
misschloe:next

15 commits
8998b072c3 ... 65381a0ca4

Author SHA1 Message Date
harry
65381a0ca4 (bug): canihazcat :( 2024-08-25 15:30:38 +02:00
harry
83625c3fa0 (bug): impossible to connect to remote server 2024-08-25 14:19:54 +02:00
harry
6e87a94b20 path to custom ssh key 2024-08-25 13:40:21 +02:00
harry
a3cf4ca327 fixed config again 2024-08-25 13:07:10 +02:00
harry
8caf7286c0 fixed typo 2024-08-25 12:57:12 +02:00
harry
2048ba68ea fixed object type 2024-08-25 12:51:32 +02:00
harry
9c47e497d0 (bug): moved parameter 2024-08-25 12:49:10 +02:00
harry
62acd3389b fixed typo 2024-08-25 12:48:06 +02:00
harry
e2b6e2a6a2 fixed timer name 2024-08-25 12:46:55 +02:00
harry
f7bc81be81 fixed secrets path 2024-08-25 12:44:14 +02:00
harry
27730ec2c0 fixed inputs not passed 2024-08-25 12:34:55 +02:00
harry
a0d0a157c4 fixed secrets url 2024-08-25 12:25:03 +02:00
harry
7a041b8471 fix secrets 2024-08-25 12:21:32 +02:00
harry
9afa07edfe prepared secrets migration 2024-08-25 12:20:43 +02:00
harry
7a2f6147a2 exposed jellyfin & cleaned some mess 2024-08-25 12:07:50 +02:00
15 changed files with 92 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

10
features/server/backups-repos.nix
View file

@ -1,5 +1,5 @@
U2FsdGVkX1+pKUtcxhT27nl6afKy5paC7y9iBtZgbq2rnuJebgGFCD0AxE1TOWMV
RaWwqeK7YaU7MnImh+b7JfR3C7b6OgQz3+V+gGhC8f10e23maH/me3m3SNsxLp4w
BS4SQZzrWc5WHS+QHTCH7tfUyFPYBs8xnfMAN+TGqB/ud0l7ZZ7MRvpU2IHpzoi1
8ek6OT+w/oyXU3o5eVklEuXpTEB2dcGJ41hbXCEDn7ELyfpaF/+Tx5yGGIJ73FvS
+P2s1wpjWnrHPj78aphmdm8Q/PZ81vDU4/e2nyg4OcHyOPXVVnwhRUWl1Y9/a/sK
U2FsdGVkX1+alugeaL42d1DXdx+FlLJ9RQErEECKiXmHETExGwdgvNOSSjSXfWc0
Mo22lNDdaoVtCK2gcsBqdxxI8Y6RlxuJvznyk7MO3dqT+CYSxbOS8NMfCu7q+NDg
zelWePoV+99RmeI7dbkgFrwzw1F3YEXlrTnfmsr72Qb9kje1j9GRaN73Tvc3+PMN
Rq0QmIXluZLSt0z1dfn/lOSY9Q4kB2t/60ErNAC4tL58sK7Dry6G2mjT8pHwOzF8
yXP1iuae6jhNDmlgoXuH76ktVYdS+nbURWjvt0uFQENyU29+r9pCpJDhExNdvPKX

32
features/server/backups.nix
View file

@ -1,11 +1,24 @@
{ config, ... }:
{
config,
secrets,
pkgs,
...
}:
{
imports = [
./backups-repos.nix
];
sops.secrets.borgRepoPassword = { };
sops.secrets.borgRemoteServerPassword = {
sopsFile = "/home/homelab/secrets/backup.yaml";
sopsFile = "${secrets}/secrets/backup.yaml";
};
sops.secrets.sshBorgOffsiteBackup = {
sopsFile = "${secrets}/secrets/backup.yaml";
};
sops.secrets.borgOffsiteBackupHostKeys = {
sopsFile = "${secrets}/secrets/backup.yaml";
};
services.borgbackup.jobs = {
@ -64,25 +77,26 @@
"/srv/freshrss"
"/srv/Minecraft"
];
postgres_databases = [
"forgejo"
"nextcloud"
"matrix-synapse"
postgresql_databases = [
{ name = "forgejo"; }
{ name = "nextcloud"; }
{ name = "matrix-synapse"; }
];
exclude_patterns = [ "/home/*/.cache" ];
encryption_passcommand = "cat /run/secrets/borgRemoteServerPassword";
encryption_passcommand = "${pkgs.coreutils}/bin/cat /run/secrets/borgRemoteServerPassword";
ssh_command = "ssh -o GlobalKnownHostsFile=${config.sops.secrets.borgOffsiteBackupHostKeys.path} -i ${config.sops.secrets.sshBorgOffsiteBackup.path}";
};
};
};
systemd.timers.borgmatic = {
systemd.timers."borgmatic" = {
enable = true;
unit = "borgmatic.service";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 03:00:00";
Persistent = true;
WakeSystem = true;
Unit = "borgmatic.service";
};
};
}

6
features/server/caddy.nix
View file

@ -24,6 +24,10 @@
reverse_proxy :8096
'';
"http://media.hypervirtual.world".extraConfig = ''
reverse_proxy :8096
'';
"http://slskd.sisyphe.normandy.hypervirtual.world".extraConfig = ''
reverse_proxy :5030
'';
@ -48,7 +52,7 @@
reverse_proxy :3000
'';
"http://status.normandy.hypervirtual.world".extraConfig = ''
"http://status.hypervirtual.world".extraConfig = ''
reverse_proxy :4000
'';

2
features/server/default.nix
View file

@ -28,6 +28,6 @@
ethtool
networkd-dispatcher
transcrypt
libressl_3_8
libressl_3_9
];
}

43
features/server/multimedia/arr-suite.nix
View file

@ -1,10 +1,7 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.arrSuite;
@ -35,27 +32,27 @@ in
enable = true;
openFirewall = true;
};
/*
#TODO: create duplicated instances of Sonarr.
systemd.services."sonarrAnime" = {
enable = true;
description = "Duplicated Sonarr instance, for animes";
after = [
"syslog.target"
"network.target"
];
/*
#TODO: create duplicated instances of Sonarr.
systemd.services."sonarrAnime" = {
enable = true;
description = "Duplicated Sonarr instance, for animes";
after = [
"syslog.target"
"network.target"
];
path = [ pkgs.sonarr ];
serviceConfig = {
Type = "simple";
User = "sonarr";
ExecStart = "${pkgs.sonarr}/bin/Sonarr -nobrowser -data=/var/lib/sonarrAnime";
TimeoutStopSec = "20";
KillMode = "process";
Restart = "on-failure";
path = [ pkgs.sonarr ];
serviceConfig = {
Type = "simple";
User = "sonarr";
ExecStart = "${pkgs.sonarr}/bin/Sonarr -nobrowser -data=/var/lib/sonarrAnime";
TimeoutStopSec = "20";
KillMode = "process";
Restart = "on-failure";
};
wantedBy = [ "multi-user.target" ];
};
wantedBy = [ "multi-user.target" ];
};
*/
*/
}

1
features/server/multimedia/jellyfin.nix
View file

@ -16,6 +16,7 @@
intel-media-sdk # QSV up to 11th gen
];
};
services.jellyfin = {
enable = true;
openFirewall = true;

13
features/server/multimedia/slskd.nix
View file

@ -1,12 +1,17 @@
{ config, lib, ... }:
{
config,
lib,
secrets,
...
}:
with lib;
let
cfg = config.slskd;
cfg = config.downloads.music;
in
{
options = {
slskd.directory = mkOption {
downloads.music.directory = mkOption {
type = types.str;
default = "/srv/media/Music";
};
@ -14,7 +19,7 @@ in
config = {
sops.secrets.slskd = {
sopsFile = ../../../secrets/slskd.env;
sopsFile = "${secrets}/secrets/slskd.env";
format = "dotenv";
};

13
features/server/multimedia/transmission.nix
View file

@ -1,12 +1,17 @@
{ config, lib, ... }:
{
config,
secrets,
lib,
...
}:
with lib;
let
cfg = config.transmission;
cfg = config.downloads.transmission;
in
{
options = {
transmission = {
downloads.transmission = {
directory = mkOption {
type = lib.types.str;
default = "/srv/Multimedia";
@ -16,7 +21,7 @@ in
config = {
sops.secrets.transmission = {
sopsFile = ../../../secrets/transmission.json;
sopsFile = "${secrets}/secrets/transmission.json";
path = "/var/lib/secrets/transmission/settings.json";
};

10
features/server/services/freshrss.nix
View file

@ -14,18 +14,14 @@ in
config = {
sops.secrets = {
freshrss_username = {
sopsFile = ../../secrets/freshrss.yaml;
};
freshrss_password = {
sopsFile = ../../secrets/freshrss.yaml;
};
freshrss_username = { };
freshrss_password = { };
};
services.freshrss = {
enable = true;
language = "fr";
defaultUser = config.sops.secrets.freshrss_username;
defaultUser = "";
baseUrl = cfg.url;
passwordFile = config.sops.secrets.freshrss_password.path;
database = {

1
features/server/services/grafana.nix
View file

@ -4,7 +4,6 @@
enable = true;
settings = {
server = {
http_addr = "0.0.0.0";
http_port = 3000;
};
};

12
features/server/services/homelab-dashboard.nix
View file

@ -1,6 +1,7 @@
{
config,
lib,
secrets,
pkgs,
...
}:
@ -33,7 +34,7 @@ in
#TODO: add Radarr/Sonarr/... api key support
config = {
sops.secrets."homepage" = {
sopsFile = ../../../secrets/homepage.env;
sopsFile = "${secrets}/secrets/homepage.env";
format = "dotenv";
};
@ -220,12 +221,11 @@ in
{
"Utilitaires" = [
{
"Photoprism" = {
icon = "photoprism";
description = "Sauvegarde de photos";
href = "http://${ip}:2342";
"Nextcloud" = {
icon = "nextcloud";
description = "Sauvegarde de données";
href = "https://cloud.hypervirtual.world";
};
}
{
"4get" = {

7
features/server/services/i2p.nix
View file

@ -1,7 +0,0 @@
{ config, pkgs, ... }:
{
services.i2pd = {
enable = true;
upnp.enable = true;
};
}

1
features/server/services/uptime-kuma.nix
View file

@ -4,7 +4,6 @@
services.uptime-kuma = {
enable = true;
settings = {
HOST = "0.0.0.0";
PORT = "4000";
};
};

9
flake.nix
View file

@ -8,8 +8,10 @@
alejandra.url = "github:kamadorueda/alejandra/3.0.0";
alejandra.inputs.nixpkgs.follows = "nixpkgs";
nix-secrets.url = "git.hypervirtual.world:harry123/nix-secrets.git";
nix-secrets.inputs.nixpkgs.follows = "nixpkgs";
nix-secrets = {
url = "git+https://git.hypervirtual.world/harry123/nix-secrets.git";
flake = false;
};
};
outputs =
@ -21,15 +23,18 @@
}@inputs:
let
username = "harry123";
secrets = builtins.toString inputs.nix-secrets;
specialArgs = {
inherit username;
inherit secrets;
};
in
{
nixosConfigurations = {
sisyphe = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = specialArgs;
modules = [
./hosts/sisyphe/configuration.nix
sops-nix.nixosModules.sops

4
hosts/sisyphe/server-configuration.nix
View file

@ -3,6 +3,7 @@
config,
lib,
pkgs,
secrets,
...
}:
let
@ -36,6 +37,7 @@ in
enable = true;
allowedTCPPorts = [
22 # ssh
80 # http
8008 # matrix-synapse
8448 # matrix-synapse
];
@ -60,5 +62,5 @@ in
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
sops.defaultSopsFile = ../../secrets/secrets.yaml;
sops.defaultSopsFile = "${secrets}/secrets/secrets.yaml";
}