4 files changed, 269 insertions, 15 deletions
diff --git a/hosts/laurel/configuration.nix b/hosts/laurel/configuration.nix
index a40dafd..e824853 100644
--- a/hosts/laurel/configuration.nix
+++ b/hosts/laurel/configuration.nix
@@ -9,6 +9,8 @@
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
+      ./servarr.nix
+      ./media.nix
    ];
  # Use the systemd-boot EFI boot loader.
@@ -20,7 +22,7 @@
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  networking.hostName = "laurel";
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 6197 ];
  time.timeZone = "Europe/London";
  i18n.defaultLocale = "en_US.UTF-8";
@@ -31,9 +33,9 @@
  };
  # Enable sound.
-  sound.enable = true;
+  # sound.enable = true;
  hardware.pulseaudio.enable = true;
-  hardware.opengl = {
+  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver
@@ -44,15 +46,24 @@
    ];
  };
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = [
-    vim
+    pkgs.vim
-    wget
+    pkgs.wget
-    curl
+    pkgs.curl
+    pkgs.jellyfin
+    pkgs.jellyfin-web
+    pkgs.jellyfin-ffmpeg
+    pkgs.htop
+    pkgs.ripgrep
+    pkgs.git
  ];
  users.users.op = {
    isNormalUser = true;
-    extraGroups = [ "wheel" "tty" ];
+    extraGroups = [ "wheel" "tty" "syncthing" ];
    home = "/home/op";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4oThdAy5wQtzCarxDPuzWX6ImYw0c1QfkF0+wZNE6o np@myrtle"
@@ -66,7 +77,7 @@
  };
  services.invidious = {
-    enable = true;
+    enable = false;
    port = 3333;
    domain = "tube.laurel";
    settings = {
@@ -103,27 +114,117 @@
    };
  };
-  services.podgrab = {
+  services.miniflux = {
    enable = true;
-    port = 3434;
+    adminCredentialsFile = "/etc/miniflux/admin";
+    config = {
+      FETCH_YOUTUBE_WATCH_TIME = 1;
+      PORT = 8383;
+      BASE_URL = "http://rss.laurel";
+    };
  };
-  services.nginx.virtualHosts."podcast.laurel" = {
+  services.nginx.virtualHosts."rss.laurel" = {
    listen = [{ port = 80; addr = "0.0.0.0"; }];
    locations."/" = {
-      proxyPass = "http://127.0.0.1:${builtins.toString config.services.podgrab.port}";
+      proxyPass = "http://127.0.0.1:${builtins.toString config.services.miniflux.config.PORT}";
-      proxyWebsockets = true;
    };
  };
  services.nginx.virtualHosts."oppi.li" = {
    listen = [{ port = 8282; addr = "0.0.0.0"; }];
-    root = "/home/op/site/docs";
+    root = "/www/site/docs";
    locations."/" = {
      tryFiles = "$uri $uri/ =404";
      index = "index.html";
    };
  };
+  services.matrix-conduit = {
+    enable = false;
+    settings = {
+      global = {
+        allow_encryption = true;
+        allow_federation = true;
+        allow_registration = false;
+        database_backend = "rocksdb";
+        server_name = "oppi.li";
+        address = "0.0.0.0";
+        port = 6197;
+        enable_lightning_bolt = false;
+      };
+    };
+  };
+  services.mautrix-whatsapp = {
+    enable = false;
+    settings = {
+      homeserver = {
+        address = "http://localhost:6197";
+        domain = "oppi.li";
+      };
+      appservice = { };
+      bridge = {
+        encryption = {
+          allow = true;
+          default = true;
+          require = true;
+        };
+        history_sync = {
+          request_full_sync = true;
+        };
+        mute_bridging = true;
+        permissions = {
+          "*" = "user";
+        };
+        private_chat_portal_meta = true;
+        provisioning = {
+          shared_secret = "disable";
+        };
+      };
+    };
+  };
+  services.radicale = {
+    enable = true;
+    settings = {
+      server.hosts = [ "0.0.0.0:5232" ];
+      auth = {
+        type = "htpasswd";
+        htpasswd_filename = "/etc/radicale/users";
+        htpasswd_encryption = "bcrypt";
+      };
+    };
+  };
+  services.nginx.virtualHosts."radicale.laurel" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:5232";
+    };
+  };
+  services.syncthing = {
+    enable = true;
+    dataDir = "/syncthing";
+  };
+  services.nginx.virtualHosts."sync.laurel" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8384";
+    };
+  };
+  services.readit = {
+    enable = true;
+    port = 9495;
+  };
+  services.nginx.virtualHosts."read.laurel" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:9495";
+    };
+  };
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  # This option defines the first version of NixOS you have installed on this particular machine,
diff --git a/hosts/laurel/hardware-configuration.nix b/hosts/laurel/hardware-configuration.nix
index 142c4a7..cd34eae 100644
--- a/hosts/laurel/hardware-configuration.nix
+++ b/hosts/laurel/hardware-configuration.nix
@@ -20,6 +20,13 @@
      fsType = "ext4";
    };
+  fileSystems."/servarr" =
+    {
+      device = "/dev/sdb";
+      fsType = "ext4";
+    };
  fileSystems."/boot" =
    {
      device = "/dev/disk/by-uuid/FDC2-EFD1";
diff --git a/hosts/laurel/media.nix b/hosts/laurel/media.nix
new file mode 100644
index 0000000..b5d45dc
--- /dev/null
+++ b/hosts/laurel/media.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+{
+  services.jellyfin = {
+    enable = true;
+    openFirewall = true;
+    group = "torrent";
+  };
+  services.nginx.virtualHosts."stream.${config.networking.hostName}" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8096";
+      proxyWebsockets = true;
+    };
+  };
+  services.navidrome = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      MusicFolder = "/servarr/lidarr/";
+      DataFolder = "/etc/navidrome/data";
+      CacheFolder = "/etc/navidrome/cache";
+      Address = "0.0.0.0";
+      Port = 4533;
+      AuthRequestLimit = 0;
+      EnableTranscodingConfig = true;
+    };
+  };
+  services.nginx.virtualHosts."music.${config.networking.hostName}" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${builtins.toString config.services.navidrome.settings.Port}";
+      proxyWebsockets = true;
+    };
+  };
+}
diff --git a/hosts/laurel/servarr.nix b/hosts/laurel/servarr.nix
new file mode 100644
index 0000000..e9c06c4
--- /dev/null
+++ b/hosts/laurel/servarr.nix
@@ -0,0 +1,107 @@
+{ self, config, lib, pkgs, ... }:
+{
+  imports = [ ];
+  nixpkgs.overlays = with self.overlays; [
+    #flaresolverr
+  ];
+  users.groups."torrent".members = [
+    "op"
+    "sonarr"
+    "radarr"
+    "bazarr"
+    "jackett"
+    "lidarr"
+    "jellyfin"
+    "transmission"
+  ];
+  users.users.torrent = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "tty" ];
+  };
+  services.transmission = {
+    enable = true;
+    openFirewall = true;
+    openRPCPort = true;
+    user = "torrent";
+    settings = {
+      download-dir = "/torrents";
+      incomplete-dir = "/.incomplete";
+      rpc-bind-address = "0.0.0.0";
+      rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*";
+    };
+  };
+  services.nginx.virtualHosts."torrent.${config.networking.hostName}" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:9091";
+    };
+  };
+  services.sonarr = {
+    enable = true;
+    openFirewall = true;
+    group = "torrent";
+  };
+  services.nginx.virtualHosts."sonarr.${config.networking.hostName}" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8989";
+    };
+  };
+  services.radarr = {
+    enable = true;
+    openFirewall = true;
+    group = "torrent";
+  };
+  services.nginx.virtualHosts."radarr.${config.networking.hostName}" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:7878";
+    };
+  };
+  services.bazarr = {
+    enable = true;
+    openFirewall = true;
+    group = "torrent";
+  };
+  services.nginx.virtualHosts."bazarr.${config.networking.hostName}" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:6767";
+    };
+  };
+  services.jackett = {
+    enable = true;
+    openFirewall = true;
+    group = "torrent";
+  };
+  services.nginx.virtualHosts."jackett.${config.networking.hostName}" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:9117";
+    };
+  };
+  services.lidarr = {
+    enable = true;
+    openFirewall = true;
+    group = "torrent";
+  };
+  services.nginx.virtualHosts."lidarr.${config.networking.hostName}" = {
+    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8686";
+    };
+  };
+  services.flaresolverr.enable = true;
+}

diff --git a/hosts/laurel/configuration.nix b/hosts/laurel/configuration.nix index a40dafd..e824853 100644 --- a/hosts/laurel/configuration.nix +++ b/hosts/laurel/configuration.nix
@@ -9,6 +9,8 @@
9	[	9	[
10	# Include the results of the hardware scan.	10	# Include the results of the hardware scan.
11	./hardware-configuration.nix	11	./hardware-configuration.nix
		12	./servarr.nix
		13	./media.nix
12	];	14	];
13		15
14	# Use the systemd-boot EFI boot loader.	16	# Use the systemd-boot EFI boot loader.
@@ -20,7 +22,7 @@
20	# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.	22	# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
21	# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.	23	# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
22	networking.hostName = "laurel";	24	networking.hostName = "laurel";
23	networking.firewall.allowedTCPPorts = [ 80 443 ];	25	networking.firewall.allowedTCPPorts = [ 80 443 6197 ];
24		26
25	time.timeZone = "Europe/London";	27	time.timeZone = "Europe/London";
26	i18n.defaultLocale = "en_US.UTF-8";	28	i18n.defaultLocale = "en_US.UTF-8";
@@ -31,9 +33,9 @@
31	};	33	};
32		34
33	# Enable sound.	35	# Enable sound.
34	sound.enable = true;	36	# sound.enable = true;
35	hardware.pulseaudio.enable = true;	37	hardware.pulseaudio.enable = true;
36	hardware.opengl = {	38	hardware.graphics = {
37	enable = true;	39	enable = true;
38	extraPackages = with pkgs; [	40	extraPackages = with pkgs; [
39	intel-media-driver	41	intel-media-driver
@@ -44,15 +46,24 @@
44	];	46	];
45	};	47	};
46		48
47	environment.systemPackages = with pkgs; [	49	environment.systemPackages = [
48	vim	50	pkgs.vim
49	wget	51	pkgs.wget
50	curl	52	pkgs.curl
		53
		54	pkgs.jellyfin
		55	pkgs.jellyfin-web
		56	pkgs.jellyfin-ffmpeg
		57
		58	pkgs.htop
		59	pkgs.ripgrep
		60	pkgs.git
		61
51	];	62	];
52		63
53	users.users.op = {	64	users.users.op = {
54	isNormalUser = true;	65	isNormalUser = true;
55	extraGroups = [ "wheel" "tty" ];	66	extraGroups = [ "wheel" "tty" "syncthing" ];
56	home = "/home/op";	67	home = "/home/op";
57	openssh.authorizedKeys.keys = [	68	openssh.authorizedKeys.keys = [
58	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4oThdAy5wQtzCarxDPuzWX6ImYw0c1QfkF0+wZNE6o np@myrtle"	69	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4oThdAy5wQtzCarxDPuzWX6ImYw0c1QfkF0+wZNE6o np@myrtle"
@@ -66,7 +77,7 @@
66	};	77	};
67		78
68	services.invidious = {	79	services.invidious = {
69	enable = true;	80	enable = false;
70	port = 3333;	81	port = 3333;
71	domain = "tube.laurel";	82	domain = "tube.laurel";
72	settings = {	83	settings = {
@@ -103,27 +114,117 @@
103	};	114	};
104	};	115	};
105		116
106	services.podgrab = {	117	services.miniflux = {
107	enable = true;	118	enable = true;
108	port = 3434;	119	adminCredentialsFile = "/etc/miniflux/admin";
		120	config = {
		121	FETCH_YOUTUBE_WATCH_TIME = 1;
		122	PORT = 8383;
		123	BASE_URL = "http://rss.laurel";
		124	};
109	};	125	};
110	services.nginx.virtualHosts."podcast.laurel" = {	126	services.nginx.virtualHosts."rss.laurel" = {
111	listen = [{ port = 80; addr = "0.0.0.0"; }];	127	listen = [{ port = 80; addr = "0.0.0.0"; }];
112	locations."/" = {	128	locations."/" = {
113	proxyPass = "http://127.0.0.1:${builtins.toString config.services.podgrab.port}";	129	proxyPass = "http://127.0.0.1:${builtins.toString config.services.miniflux.config.PORT}";
114	proxyWebsockets = true;
115	};	130	};
116	};	131	};
117		132
118	services.nginx.virtualHosts."oppi.li" = {	133	services.nginx.virtualHosts."oppi.li" = {
119	listen = [{ port = 8282; addr = "0.0.0.0"; }];	134	listen = [{ port = 8282; addr = "0.0.0.0"; }];
120	root = "/home/op/site/docs";	135	root = "/www/site/docs";
121	locations."/" = {	136	locations."/" = {
122	tryFiles = "$uri $uri/ =404";	137	tryFiles = "$uri $uri/ =404";
123	index = "index.html";	138	index = "index.html";
124	};	139	};
125	};	140	};
126		141
		142	services.matrix-conduit = {
		143	enable = false;
		144	settings = {
		145	global = {
		146	allow_encryption = true;
		147	allow_federation = true;
		148	allow_registration = false;
		149	database_backend = "rocksdb";
		150	server_name = "oppi.li";
		151	address = "0.0.0.0";
		152	port = 6197;
		153	enable_lightning_bolt = false;
		154	};
		155	};
		156	};
		157	services.mautrix-whatsapp = {
		158	enable = false;
		159	settings = {
		160	homeserver = {
		161	address = "http://localhost:6197";
		162	domain = "oppi.li";
		163	};
		164	appservice = { };
		165	bridge = {
		166	encryption = {
		167	allow = true;
		168	default = true;
		169	require = true;
		170	};
		171	history_sync = {
		172	request_full_sync = true;
		173	};
		174	mute_bridging = true;
		175	permissions = {
		176	"*" = "user";
		177	};
		178	private_chat_portal_meta = true;
		179	provisioning = {
		180	shared_secret = "disable";
		181	};
		182	};
		183
		184	};
		185	};
		186
		187	services.radicale = {
		188	enable = true;
		189	settings = {
		190	server.hosts = [ "0.0.0.0:5232" ];
		191	auth = {
		192	type = "htpasswd";
		193	htpasswd_filename = "/etc/radicale/users";
		194	htpasswd_encryption = "bcrypt";
		195	};
		196	};
		197	};
		198	services.nginx.virtualHosts."radicale.laurel" = {
		199	listen = [{ port = 80; addr = "0.0.0.0"; }];
		200	locations."/" = {
		201	proxyPass = "http://127.0.0.1:5232";
		202	};
		203	};
		204
		205	services.syncthing = {
		206	enable = true;
		207	dataDir = "/syncthing";
		208	};
		209	services.nginx.virtualHosts."sync.laurel" = {
		210	listen = [{ port = 80; addr = "0.0.0.0"; }];
		211	locations."/" = {
		212	proxyPass = "http://127.0.0.1:8384";
		213	};
		214	};
		215
		216	services.readit = {
		217	enable = true;
		218	port = 9495;
		219	};
		220	services.nginx.virtualHosts."read.laurel" = {
		221	listen = [{ port = 80; addr = "0.0.0.0"; }];
		222	locations."/" = {
		223	proxyPass = "http://127.0.0.1:9495";
		224	};
		225	};
		226
		227
127	nix.settings.experimental-features = [ "nix-command" "flakes" ];	228	nix.settings.experimental-features = [ "nix-command" "flakes" ];
128		229
129	# This option defines the first version of NixOS you have installed on this particular machine,	230	# This option defines the first version of NixOS you have installed on this particular machine,


diff --git a/hosts/laurel/hardware-configuration.nix b/hosts/laurel/hardware-configuration.nix index 142c4a7..cd34eae 100644 --- a/hosts/laurel/hardware-configuration.nix +++ b/hosts/laurel/hardware-configuration.nix
@@ -20,6 +20,13 @@
20	fsType = "ext4";	20	fsType = "ext4";
21	};	21	};
22		22
		23	fileSystems."/servarr" =
		24	{
		25	device = "/dev/sdb";
		26	fsType = "ext4";
		27	};
		28
		29
23	fileSystems."/boot" =	30	fileSystems."/boot" =
24	{	31	{
25	device = "/dev/disk/by-uuid/FDC2-EFD1";	32	device = "/dev/disk/by-uuid/FDC2-EFD1";


diff --git a/hosts/laurel/media.nix b/hosts/laurel/media.nix new file mode 100644 index 0000000..b5d45dc --- /dev/null +++ b/hosts/laurel/media.nix
@@ -0,0 +1,39 @@
		1	{ config, lib, pkgs, ... }:
		2
		3	{
		4	services.jellyfin = {
		5	enable = true;
		6	openFirewall = true;
		7	group = "torrent";
		8	};
		9	services.nginx.virtualHosts."stream.${config.networking.hostName}" = {
		10	listen = [{ port = 80; addr = "0.0.0.0"; }];
		11	locations."/" = {
		12	proxyPass = "http://127.0.0.1:8096";
		13	proxyWebsockets = true;
		14	};
		15	};
		16
		17	services.navidrome = {
		18	enable = true;
		19	openFirewall = true;
		20	settings = {
		21	MusicFolder = "/servarr/lidarr/";
		22	DataFolder = "/etc/navidrome/data";
		23	CacheFolder = "/etc/navidrome/cache";
		24	Address = "0.0.0.0";
		25	Port = 4533;
		26	AuthRequestLimit = 0;
		27	EnableTranscodingConfig = true;
		28	};
		29	};
		30	services.nginx.virtualHosts."music.${config.networking.hostName}" = {
		31	listen = [{ port = 80; addr = "0.0.0.0"; }];
		32	locations."/" = {
		33	proxyPass = "http://127.0.0.1:${builtins.toString config.services.navidrome.settings.Port}";
		34	proxyWebsockets = true;
		35	};
		36	};
		37
		38	}
		39


diff --git a/hosts/laurel/servarr.nix b/hosts/laurel/servarr.nix new file mode 100644 index 0000000..e9c06c4 --- /dev/null +++ b/hosts/laurel/servarr.nix
@@ -0,0 +1,107 @@
		1	{ self, config, lib, pkgs, ... }:
		2
		3	{
		4	imports = [ ];
		5
		6	nixpkgs.overlays = with self.overlays; [
		7	#flaresolverr
		8	];
		9
		10	users.groups."torrent".members = [
		11	"op"
		12	"sonarr"
		13	"radarr"
		14	"bazarr"
		15	"jackett"
		16	"lidarr"
		17	"jellyfin"
		18	"transmission"
		19	];
		20	users.users.torrent = {
		21	isNormalUser = true;
		22	extraGroups = [ "wheel" "tty" ];
		23	};
		24	services.transmission = {
		25	enable = true;
		26	openFirewall = true;
		27	openRPCPort = true;
		28	user = "torrent";
		29	settings = {
		30	download-dir = "/torrents";
		31	incomplete-dir = "/.incomplete";
		32	rpc-bind-address = "0.0.0.0";
		33	rpc-whitelist = "127.0.0.1,10.0.0.1,192.168..,100.64..";
		34	};
		35	};
		36	services.nginx.virtualHosts."torrent.${config.networking.hostName}" = {
		37	listen = [{ port = 80; addr = "0.0.0.0"; }];
		38	locations."/" = {
		39	proxyPass = "http://127.0.0.1:9091";
		40	};
		41	};
		42
		43	services.sonarr = {
		44	enable = true;
		45	openFirewall = true;
		46	group = "torrent";
		47	};
		48	services.nginx.virtualHosts."sonarr.${config.networking.hostName}" = {
		49	listen = [{ port = 80; addr = "0.0.0.0"; }];
		50	locations."/" = {
		51	proxyPass = "http://127.0.0.1:8989";
		52	};
		53	};
		54
		55	services.radarr = {
		56	enable = true;
		57	openFirewall = true;
		58	group = "torrent";
		59	};
		60	services.nginx.virtualHosts."radarr.${config.networking.hostName}" = {
		61	listen = [{ port = 80; addr = "0.0.0.0"; }];
		62	locations."/" = {
		63	proxyPass = "http://127.0.0.1:7878";
		64	};
		65	};
		66
		67	services.bazarr = {
		68	enable = true;
		69	openFirewall = true;
		70	group = "torrent";
		71	};
		72	services.nginx.virtualHosts."bazarr.${config.networking.hostName}" = {
		73	listen = [{ port = 80; addr = "0.0.0.0"; }];
		74	locations."/" = {
		75	proxyPass = "http://127.0.0.1:6767";
		76	};
		77	};
		78
		79	services.jackett = {
		80	enable = true;
		81	openFirewall = true;
		82	group = "torrent";
		83	};
		84	services.nginx.virtualHosts."jackett.${config.networking.hostName}" = {
		85	listen = [{ port = 80; addr = "0.0.0.0"; }];
		86	locations."/" = {
		87	proxyPass = "http://127.0.0.1:9117";
		88	};
		89	};
		90
		91	services.lidarr = {
		92	enable = true;
		93	openFirewall = true;
		94	group = "torrent";
		95	};
		96	services.nginx.virtualHosts."lidarr.${config.networking.hostName}" = {
		97	listen = [{ port = 80; addr = "0.0.0.0"; }];
		98	locations."/" = {
		99	proxyPass = "http://127.0.0.1:8686";
		100	};
		101	};
		102
		103	services.flaresolverr.enable = true;
		104
		105	}
		106
		107