diff options
Diffstat (limited to 'hosts/laurel')
-rw-r--r-- | hosts/laurel/configuration.nix | 131 | ||||
-rw-r--r-- | hosts/laurel/hardware-configuration.nix | 7 | ||||
-rw-r--r-- | hosts/laurel/media.nix | 39 | ||||
-rw-r--r-- | hosts/laurel/servarr.nix | 107 |
4 files changed, 269 insertions, 15 deletions
diff --git a/hosts/laurel/configuration.nix b/hosts/laurel/configuration.nix index a40dafd..e824853 100644 --- a/hosts/laurel/configuration.nix +++ b/hosts/laurel/configuration.nix | |||
@@ -9,6 +9,8 @@ | |||
9 | [ | 9 | [ |
10 | # Include the results of the hardware scan. | 10 | # Include the results of the hardware scan. |
11 | ./hardware-configuration.nix | 11 | ./hardware-configuration.nix |
12 | ./servarr.nix | ||
13 | ./media.nix | ||
12 | ]; | 14 | ]; |
13 | 15 | ||
14 | # Use the systemd-boot EFI boot loader. | 16 | # Use the systemd-boot EFI boot loader. |
@@ -20,7 +22,7 @@ | |||
20 | # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. | 22 | # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. |
21 | # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. | 23 | # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. |
22 | networking.hostName = "laurel"; | 24 | networking.hostName = "laurel"; |
23 | networking.firewall.allowedTCPPorts = [ 80 443 ]; | 25 | networking.firewall.allowedTCPPorts = [ 80 443 6197 ]; |
24 | 26 | ||
25 | time.timeZone = "Europe/London"; | 27 | time.timeZone = "Europe/London"; |
26 | i18n.defaultLocale = "en_US.UTF-8"; | 28 | i18n.defaultLocale = "en_US.UTF-8"; |
@@ -31,9 +33,9 @@ | |||
31 | }; | 33 | }; |
32 | 34 | ||
33 | # Enable sound. | 35 | # Enable sound. |
34 | sound.enable = true; | 36 | # sound.enable = true; |
35 | hardware.pulseaudio.enable = true; | 37 | hardware.pulseaudio.enable = true; |
36 | hardware.opengl = { | 38 | hardware.graphics = { |
37 | enable = true; | 39 | enable = true; |
38 | extraPackages = with pkgs; [ | 40 | extraPackages = with pkgs; [ |
39 | intel-media-driver | 41 | intel-media-driver |
@@ -44,15 +46,24 @@ | |||
44 | ]; | 46 | ]; |
45 | }; | 47 | }; |
46 | 48 | ||
47 | environment.systemPackages = with pkgs; [ | 49 | environment.systemPackages = [ |
48 | vim | 50 | pkgs.vim |
49 | wget | 51 | pkgs.wget |
50 | curl | 52 | pkgs.curl |
53 | |||
54 | pkgs.jellyfin | ||
55 | pkgs.jellyfin-web | ||
56 | pkgs.jellyfin-ffmpeg | ||
57 | |||
58 | pkgs.htop | ||
59 | pkgs.ripgrep | ||
60 | pkgs.git | ||
61 | |||
51 | ]; | 62 | ]; |
52 | 63 | ||
53 | users.users.op = { | 64 | users.users.op = { |
54 | isNormalUser = true; | 65 | isNormalUser = true; |
55 | extraGroups = [ "wheel" "tty" ]; | 66 | extraGroups = [ "wheel" "tty" "syncthing" ]; |
56 | home = "/home/op"; | 67 | home = "/home/op"; |
57 | openssh.authorizedKeys.keys = [ | 68 | openssh.authorizedKeys.keys = [ |
58 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4oThdAy5wQtzCarxDPuzWX6ImYw0c1QfkF0+wZNE6o np@myrtle" | 69 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4oThdAy5wQtzCarxDPuzWX6ImYw0c1QfkF0+wZNE6o np@myrtle" |
@@ -66,7 +77,7 @@ | |||
66 | }; | 77 | }; |
67 | 78 | ||
68 | services.invidious = { | 79 | services.invidious = { |
69 | enable = true; | 80 | enable = false; |
70 | port = 3333; | 81 | port = 3333; |
71 | domain = "tube.laurel"; | 82 | domain = "tube.laurel"; |
72 | settings = { | 83 | settings = { |
@@ -103,27 +114,117 @@ | |||
103 | }; | 114 | }; |
104 | }; | 115 | }; |
105 | 116 | ||
106 | services.podgrab = { | 117 | services.miniflux = { |
107 | enable = true; | 118 | enable = true; |
108 | port = 3434; | 119 | adminCredentialsFile = "/etc/miniflux/admin"; |
120 | config = { | ||
121 | FETCH_YOUTUBE_WATCH_TIME = 1; | ||
122 | PORT = 8383; | ||
123 | BASE_URL = "http://rss.laurel"; | ||
124 | }; | ||
109 | }; | 125 | }; |
110 | services.nginx.virtualHosts."podcast.laurel" = { | 126 | services.nginx.virtualHosts."rss.laurel" = { |
111 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | 127 | listen = [{ port = 80; addr = "0.0.0.0"; }]; |
112 | locations."/" = { | 128 | locations."/" = { |
113 | proxyPass = "http://127.0.0.1:${builtins.toString config.services.podgrab.port}"; | 129 | proxyPass = "http://127.0.0.1:${builtins.toString config.services.miniflux.config.PORT}"; |
114 | proxyWebsockets = true; | ||
115 | }; | 130 | }; |
116 | }; | 131 | }; |
117 | 132 | ||
118 | services.nginx.virtualHosts."oppi.li" = { | 133 | services.nginx.virtualHosts."oppi.li" = { |
119 | listen = [{ port = 8282; addr = "0.0.0.0"; }]; | 134 | listen = [{ port = 8282; addr = "0.0.0.0"; }]; |
120 | root = "/home/op/site/docs"; | 135 | root = "/www/site/docs"; |
121 | locations."/" = { | 136 | locations."/" = { |
122 | tryFiles = "$uri $uri/ =404"; | 137 | tryFiles = "$uri $uri/ =404"; |
123 | index = "index.html"; | 138 | index = "index.html"; |
124 | }; | 139 | }; |
125 | }; | 140 | }; |
126 | 141 | ||
142 | services.matrix-conduit = { | ||
143 | enable = false; | ||
144 | settings = { | ||
145 | global = { | ||
146 | allow_encryption = true; | ||
147 | allow_federation = true; | ||
148 | allow_registration = false; | ||
149 | database_backend = "rocksdb"; | ||
150 | server_name = "oppi.li"; | ||
151 | address = "0.0.0.0"; | ||
152 | port = 6197; | ||
153 | enable_lightning_bolt = false; | ||
154 | }; | ||
155 | }; | ||
156 | }; | ||
157 | services.mautrix-whatsapp = { | ||
158 | enable = false; | ||
159 | settings = { | ||
160 | homeserver = { | ||
161 | address = "http://localhost:6197"; | ||
162 | domain = "oppi.li"; | ||
163 | }; | ||
164 | appservice = { }; | ||
165 | bridge = { | ||
166 | encryption = { | ||
167 | allow = true; | ||
168 | default = true; | ||
169 | require = true; | ||
170 | }; | ||
171 | history_sync = { | ||
172 | request_full_sync = true; | ||
173 | }; | ||
174 | mute_bridging = true; | ||
175 | permissions = { | ||
176 | "*" = "user"; | ||
177 | }; | ||
178 | private_chat_portal_meta = true; | ||
179 | provisioning = { | ||
180 | shared_secret = "disable"; | ||
181 | }; | ||
182 | }; | ||
183 | |||
184 | }; | ||
185 | }; | ||
186 | |||
187 | services.radicale = { | ||
188 | enable = true; | ||
189 | settings = { | ||
190 | server.hosts = [ "0.0.0.0:5232" ]; | ||
191 | auth = { | ||
192 | type = "htpasswd"; | ||
193 | htpasswd_filename = "/etc/radicale/users"; | ||
194 | htpasswd_encryption = "bcrypt"; | ||
195 | }; | ||
196 | }; | ||
197 | }; | ||
198 | services.nginx.virtualHosts."radicale.laurel" = { | ||
199 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
200 | locations."/" = { | ||
201 | proxyPass = "http://127.0.0.1:5232"; | ||
202 | }; | ||
203 | }; | ||
204 | |||
205 | services.syncthing = { | ||
206 | enable = true; | ||
207 | dataDir = "/syncthing"; | ||
208 | }; | ||
209 | services.nginx.virtualHosts."sync.laurel" = { | ||
210 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
211 | locations."/" = { | ||
212 | proxyPass = "http://127.0.0.1:8384"; | ||
213 | }; | ||
214 | }; | ||
215 | |||
216 | services.readit = { | ||
217 | enable = true; | ||
218 | port = 9495; | ||
219 | }; | ||
220 | services.nginx.virtualHosts."read.laurel" = { | ||
221 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
222 | locations."/" = { | ||
223 | proxyPass = "http://127.0.0.1:9495"; | ||
224 | }; | ||
225 | }; | ||
226 | |||
227 | |||
127 | nix.settings.experimental-features = [ "nix-command" "flakes" ]; | 228 | nix.settings.experimental-features = [ "nix-command" "flakes" ]; |
128 | 229 | ||
129 | # This option defines the first version of NixOS you have installed on this particular machine, | 230 | # This option defines the first version of NixOS you have installed on this particular machine, |
diff --git a/hosts/laurel/hardware-configuration.nix b/hosts/laurel/hardware-configuration.nix index 142c4a7..cd34eae 100644 --- a/hosts/laurel/hardware-configuration.nix +++ b/hosts/laurel/hardware-configuration.nix | |||
@@ -20,6 +20,13 @@ | |||
20 | fsType = "ext4"; | 20 | fsType = "ext4"; |
21 | }; | 21 | }; |
22 | 22 | ||
23 | fileSystems."/servarr" = | ||
24 | { | ||
25 | device = "/dev/sdb"; | ||
26 | fsType = "ext4"; | ||
27 | }; | ||
28 | |||
29 | |||
23 | fileSystems."/boot" = | 30 | fileSystems."/boot" = |
24 | { | 31 | { |
25 | device = "/dev/disk/by-uuid/FDC2-EFD1"; | 32 | device = "/dev/disk/by-uuid/FDC2-EFD1"; |
diff --git a/hosts/laurel/media.nix b/hosts/laurel/media.nix new file mode 100644 index 0000000..b5d45dc --- /dev/null +++ b/hosts/laurel/media.nix | |||
@@ -0,0 +1,39 @@ | |||
1 | { config, lib, pkgs, ... }: | ||
2 | |||
3 | { | ||
4 | services.jellyfin = { | ||
5 | enable = true; | ||
6 | openFirewall = true; | ||
7 | group = "torrent"; | ||
8 | }; | ||
9 | services.nginx.virtualHosts."stream.${config.networking.hostName}" = { | ||
10 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
11 | locations."/" = { | ||
12 | proxyPass = "http://127.0.0.1:8096"; | ||
13 | proxyWebsockets = true; | ||
14 | }; | ||
15 | }; | ||
16 | |||
17 | services.navidrome = { | ||
18 | enable = true; | ||
19 | openFirewall = true; | ||
20 | settings = { | ||
21 | MusicFolder = "/servarr/lidarr/"; | ||
22 | DataFolder = "/etc/navidrome/data"; | ||
23 | CacheFolder = "/etc/navidrome/cache"; | ||
24 | Address = "0.0.0.0"; | ||
25 | Port = 4533; | ||
26 | AuthRequestLimit = 0; | ||
27 | EnableTranscodingConfig = true; | ||
28 | }; | ||
29 | }; | ||
30 | services.nginx.virtualHosts."music.${config.networking.hostName}" = { | ||
31 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
32 | locations."/" = { | ||
33 | proxyPass = "http://127.0.0.1:${builtins.toString config.services.navidrome.settings.Port}"; | ||
34 | proxyWebsockets = true; | ||
35 | }; | ||
36 | }; | ||
37 | |||
38 | } | ||
39 | |||
diff --git a/hosts/laurel/servarr.nix b/hosts/laurel/servarr.nix new file mode 100644 index 0000000..e9c06c4 --- /dev/null +++ b/hosts/laurel/servarr.nix | |||
@@ -0,0 +1,107 @@ | |||
1 | { self, config, lib, pkgs, ... }: | ||
2 | |||
3 | { | ||
4 | imports = [ ]; | ||
5 | |||
6 | nixpkgs.overlays = with self.overlays; [ | ||
7 | #flaresolverr | ||
8 | ]; | ||
9 | |||
10 | users.groups."torrent".members = [ | ||
11 | "op" | ||
12 | "sonarr" | ||
13 | "radarr" | ||
14 | "bazarr" | ||
15 | "jackett" | ||
16 | "lidarr" | ||
17 | "jellyfin" | ||
18 | "transmission" | ||
19 | ]; | ||
20 | users.users.torrent = { | ||
21 | isNormalUser = true; | ||
22 | extraGroups = [ "wheel" "tty" ]; | ||
23 | }; | ||
24 | services.transmission = { | ||
25 | enable = true; | ||
26 | openFirewall = true; | ||
27 | openRPCPort = true; | ||
28 | user = "torrent"; | ||
29 | settings = { | ||
30 | download-dir = "/torrents"; | ||
31 | incomplete-dir = "/.incomplete"; | ||
32 | rpc-bind-address = "0.0.0.0"; | ||
33 | rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*"; | ||
34 | }; | ||
35 | }; | ||
36 | services.nginx.virtualHosts."torrent.${config.networking.hostName}" = { | ||
37 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
38 | locations."/" = { | ||
39 | proxyPass = "http://127.0.0.1:9091"; | ||
40 | }; | ||
41 | }; | ||
42 | |||
43 | services.sonarr = { | ||
44 | enable = true; | ||
45 | openFirewall = true; | ||
46 | group = "torrent"; | ||
47 | }; | ||
48 | services.nginx.virtualHosts."sonarr.${config.networking.hostName}" = { | ||
49 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
50 | locations."/" = { | ||
51 | proxyPass = "http://127.0.0.1:8989"; | ||
52 | }; | ||
53 | }; | ||
54 | |||
55 | services.radarr = { | ||
56 | enable = true; | ||
57 | openFirewall = true; | ||
58 | group = "torrent"; | ||
59 | }; | ||
60 | services.nginx.virtualHosts."radarr.${config.networking.hostName}" = { | ||
61 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
62 | locations."/" = { | ||
63 | proxyPass = "http://127.0.0.1:7878"; | ||
64 | }; | ||
65 | }; | ||
66 | |||
67 | services.bazarr = { | ||
68 | enable = true; | ||
69 | openFirewall = true; | ||
70 | group = "torrent"; | ||
71 | }; | ||
72 | services.nginx.virtualHosts."bazarr.${config.networking.hostName}" = { | ||
73 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
74 | locations."/" = { | ||
75 | proxyPass = "http://127.0.0.1:6767"; | ||
76 | }; | ||
77 | }; | ||
78 | |||
79 | services.jackett = { | ||
80 | enable = true; | ||
81 | openFirewall = true; | ||
82 | group = "torrent"; | ||
83 | }; | ||
84 | services.nginx.virtualHosts."jackett.${config.networking.hostName}" = { | ||
85 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
86 | locations."/" = { | ||
87 | proxyPass = "http://127.0.0.1:9117"; | ||
88 | }; | ||
89 | }; | ||
90 | |||
91 | services.lidarr = { | ||
92 | enable = true; | ||
93 | openFirewall = true; | ||
94 | group = "torrent"; | ||
95 | }; | ||
96 | services.nginx.virtualHosts."lidarr.${config.networking.hostName}" = { | ||
97 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
98 | locations."/" = { | ||
99 | proxyPass = "http://127.0.0.1:8686"; | ||
100 | }; | ||
101 | }; | ||
102 | |||
103 | services.flaresolverr.enable = true; | ||
104 | |||
105 | } | ||
106 | |||
107 | |||