aboutsummaryrefslogtreecommitdiff
path: root/hosts/laurel
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/laurel')
-rw-r--r--hosts/laurel/configuration.nix131
-rw-r--r--hosts/laurel/hardware-configuration.nix7
-rw-r--r--hosts/laurel/media.nix39
-rw-r--r--hosts/laurel/servarr.nix107
4 files changed, 269 insertions, 15 deletions
diff --git a/hosts/laurel/configuration.nix b/hosts/laurel/configuration.nix
index a40dafd..e824853 100644
--- a/hosts/laurel/configuration.nix
+++ b/hosts/laurel/configuration.nix
@@ -9,6 +9,8 @@
9 [ 9 [
10 # Include the results of the hardware scan. 10 # Include the results of the hardware scan.
11 ./hardware-configuration.nix 11 ./hardware-configuration.nix
12 ./servarr.nix
13 ./media.nix
12 ]; 14 ];
13 15
14 # Use the systemd-boot EFI boot loader. 16 # Use the systemd-boot EFI boot loader.
@@ -20,7 +22,7 @@
20 # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 22 # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
21 # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 23 # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
22 networking.hostName = "laurel"; 24 networking.hostName = "laurel";
23 networking.firewall.allowedTCPPorts = [ 80 443 ]; 25 networking.firewall.allowedTCPPorts = [ 80 443 6197 ];
24 26
25 time.timeZone = "Europe/London"; 27 time.timeZone = "Europe/London";
26 i18n.defaultLocale = "en_US.UTF-8"; 28 i18n.defaultLocale = "en_US.UTF-8";
@@ -31,9 +33,9 @@
31 }; 33 };
32 34
33 # Enable sound. 35 # Enable sound.
34 sound.enable = true; 36 # sound.enable = true;
35 hardware.pulseaudio.enable = true; 37 hardware.pulseaudio.enable = true;
36 hardware.opengl = { 38 hardware.graphics = {
37 enable = true; 39 enable = true;
38 extraPackages = with pkgs; [ 40 extraPackages = with pkgs; [
39 intel-media-driver 41 intel-media-driver
@@ -44,15 +46,24 @@
44 ]; 46 ];
45 }; 47 };
46 48
47 environment.systemPackages = with pkgs; [ 49 environment.systemPackages = [
48 vim 50 pkgs.vim
49 wget 51 pkgs.wget
50 curl 52 pkgs.curl
53
54 pkgs.jellyfin
55 pkgs.jellyfin-web
56 pkgs.jellyfin-ffmpeg
57
58 pkgs.htop
59 pkgs.ripgrep
60 pkgs.git
61
51 ]; 62 ];
52 63
53 users.users.op = { 64 users.users.op = {
54 isNormalUser = true; 65 isNormalUser = true;
55 extraGroups = [ "wheel" "tty" ]; 66 extraGroups = [ "wheel" "tty" "syncthing" ];
56 home = "/home/op"; 67 home = "/home/op";
57 openssh.authorizedKeys.keys = [ 68 openssh.authorizedKeys.keys = [
58 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4oThdAy5wQtzCarxDPuzWX6ImYw0c1QfkF0+wZNE6o np@myrtle" 69 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4oThdAy5wQtzCarxDPuzWX6ImYw0c1QfkF0+wZNE6o np@myrtle"
@@ -66,7 +77,7 @@
66 }; 77 };
67 78
68 services.invidious = { 79 services.invidious = {
69 enable = true; 80 enable = false;
70 port = 3333; 81 port = 3333;
71 domain = "tube.laurel"; 82 domain = "tube.laurel";
72 settings = { 83 settings = {
@@ -103,27 +114,117 @@
103 }; 114 };
104 }; 115 };
105 116
106 services.podgrab = { 117 services.miniflux = {
107 enable = true; 118 enable = true;
108 port = 3434; 119 adminCredentialsFile = "/etc/miniflux/admin";
120 config = {
121 FETCH_YOUTUBE_WATCH_TIME = 1;
122 PORT = 8383;
123 BASE_URL = "http://rss.laurel";
124 };
109 }; 125 };
110 services.nginx.virtualHosts."podcast.laurel" = { 126 services.nginx.virtualHosts."rss.laurel" = {
111 listen = [{ port = 80; addr = "0.0.0.0"; }]; 127 listen = [{ port = 80; addr = "0.0.0.0"; }];
112 locations."/" = { 128 locations."/" = {
113 proxyPass = "http://127.0.0.1:${builtins.toString config.services.podgrab.port}"; 129 proxyPass = "http://127.0.0.1:${builtins.toString config.services.miniflux.config.PORT}";
114 proxyWebsockets = true;
115 }; 130 };
116 }; 131 };
117 132
118 services.nginx.virtualHosts."oppi.li" = { 133 services.nginx.virtualHosts."oppi.li" = {
119 listen = [{ port = 8282; addr = "0.0.0.0"; }]; 134 listen = [{ port = 8282; addr = "0.0.0.0"; }];
120 root = "/home/op/site/docs"; 135 root = "/www/site/docs";
121 locations."/" = { 136 locations."/" = {
122 tryFiles = "$uri $uri/ =404"; 137 tryFiles = "$uri $uri/ =404";
123 index = "index.html"; 138 index = "index.html";
124 }; 139 };
125 }; 140 };
126 141
142 services.matrix-conduit = {
143 enable = false;
144 settings = {
145 global = {
146 allow_encryption = true;
147 allow_federation = true;
148 allow_registration = false;
149 database_backend = "rocksdb";
150 server_name = "oppi.li";
151 address = "0.0.0.0";
152 port = 6197;
153 enable_lightning_bolt = false;
154 };
155 };
156 };
157 services.mautrix-whatsapp = {
158 enable = false;
159 settings = {
160 homeserver = {
161 address = "http://localhost:6197";
162 domain = "oppi.li";
163 };
164 appservice = { };
165 bridge = {
166 encryption = {
167 allow = true;
168 default = true;
169 require = true;
170 };
171 history_sync = {
172 request_full_sync = true;
173 };
174 mute_bridging = true;
175 permissions = {
176 "*" = "user";
177 };
178 private_chat_portal_meta = true;
179 provisioning = {
180 shared_secret = "disable";
181 };
182 };
183
184 };
185 };
186
187 services.radicale = {
188 enable = true;
189 settings = {
190 server.hosts = [ "0.0.0.0:5232" ];
191 auth = {
192 type = "htpasswd";
193 htpasswd_filename = "/etc/radicale/users";
194 htpasswd_encryption = "bcrypt";
195 };
196 };
197 };
198 services.nginx.virtualHosts."radicale.laurel" = {
199 listen = [{ port = 80; addr = "0.0.0.0"; }];
200 locations."/" = {
201 proxyPass = "http://127.0.0.1:5232";
202 };
203 };
204
205 services.syncthing = {
206 enable = true;
207 dataDir = "/syncthing";
208 };
209 services.nginx.virtualHosts."sync.laurel" = {
210 listen = [{ port = 80; addr = "0.0.0.0"; }];
211 locations."/" = {
212 proxyPass = "http://127.0.0.1:8384";
213 };
214 };
215
216 services.readit = {
217 enable = true;
218 port = 9495;
219 };
220 services.nginx.virtualHosts."read.laurel" = {
221 listen = [{ port = 80; addr = "0.0.0.0"; }];
222 locations."/" = {
223 proxyPass = "http://127.0.0.1:9495";
224 };
225 };
226
227
127 nix.settings.experimental-features = [ "nix-command" "flakes" ]; 228 nix.settings.experimental-features = [ "nix-command" "flakes" ];
128 229
129 # This option defines the first version of NixOS you have installed on this particular machine, 230 # This option defines the first version of NixOS you have installed on this particular machine,
diff --git a/hosts/laurel/hardware-configuration.nix b/hosts/laurel/hardware-configuration.nix
index 142c4a7..cd34eae 100644
--- a/hosts/laurel/hardware-configuration.nix
+++ b/hosts/laurel/hardware-configuration.nix
@@ -20,6 +20,13 @@
20 fsType = "ext4"; 20 fsType = "ext4";
21 }; 21 };
22 22
23 fileSystems."/servarr" =
24 {
25 device = "/dev/sdb";
26 fsType = "ext4";
27 };
28
29
23 fileSystems."/boot" = 30 fileSystems."/boot" =
24 { 31 {
25 device = "/dev/disk/by-uuid/FDC2-EFD1"; 32 device = "/dev/disk/by-uuid/FDC2-EFD1";
diff --git a/hosts/laurel/media.nix b/hosts/laurel/media.nix
new file mode 100644
index 0000000..b5d45dc
--- /dev/null
+++ b/hosts/laurel/media.nix
@@ -0,0 +1,39 @@
1{ config, lib, pkgs, ... }:
2
3{
4 services.jellyfin = {
5 enable = true;
6 openFirewall = true;
7 group = "torrent";
8 };
9 services.nginx.virtualHosts."stream.${config.networking.hostName}" = {
10 listen = [{ port = 80; addr = "0.0.0.0"; }];
11 locations."/" = {
12 proxyPass = "http://127.0.0.1:8096";
13 proxyWebsockets = true;
14 };
15 };
16
17 services.navidrome = {
18 enable = true;
19 openFirewall = true;
20 settings = {
21 MusicFolder = "/servarr/lidarr/";
22 DataFolder = "/etc/navidrome/data";
23 CacheFolder = "/etc/navidrome/cache";
24 Address = "0.0.0.0";
25 Port = 4533;
26 AuthRequestLimit = 0;
27 EnableTranscodingConfig = true;
28 };
29 };
30 services.nginx.virtualHosts."music.${config.networking.hostName}" = {
31 listen = [{ port = 80; addr = "0.0.0.0"; }];
32 locations."/" = {
33 proxyPass = "http://127.0.0.1:${builtins.toString config.services.navidrome.settings.Port}";
34 proxyWebsockets = true;
35 };
36 };
37
38}
39
diff --git a/hosts/laurel/servarr.nix b/hosts/laurel/servarr.nix
new file mode 100644
index 0000000..e9c06c4
--- /dev/null
+++ b/hosts/laurel/servarr.nix
@@ -0,0 +1,107 @@
1{ self, config, lib, pkgs, ... }:
2
3{
4 imports = [ ];
5
6 nixpkgs.overlays = with self.overlays; [
7 #flaresolverr
8 ];
9
10 users.groups."torrent".members = [
11 "op"
12 "sonarr"
13 "radarr"
14 "bazarr"
15 "jackett"
16 "lidarr"
17 "jellyfin"
18 "transmission"
19 ];
20 users.users.torrent = {
21 isNormalUser = true;
22 extraGroups = [ "wheel" "tty" ];
23 };
24 services.transmission = {
25 enable = true;
26 openFirewall = true;
27 openRPCPort = true;
28 user = "torrent";
29 settings = {
30 download-dir = "/torrents";
31 incomplete-dir = "/.incomplete";
32 rpc-bind-address = "0.0.0.0";
33 rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*";
34 };
35 };
36 services.nginx.virtualHosts."torrent.${config.networking.hostName}" = {
37 listen = [{ port = 80; addr = "0.0.0.0"; }];
38 locations."/" = {
39 proxyPass = "http://127.0.0.1:9091";
40 };
41 };
42
43 services.sonarr = {
44 enable = true;
45 openFirewall = true;
46 group = "torrent";
47 };
48 services.nginx.virtualHosts."sonarr.${config.networking.hostName}" = {
49 listen = [{ port = 80; addr = "0.0.0.0"; }];
50 locations."/" = {
51 proxyPass = "http://127.0.0.1:8989";
52 };
53 };
54
55 services.radarr = {
56 enable = true;
57 openFirewall = true;
58 group = "torrent";
59 };
60 services.nginx.virtualHosts."radarr.${config.networking.hostName}" = {
61 listen = [{ port = 80; addr = "0.0.0.0"; }];
62 locations."/" = {
63 proxyPass = "http://127.0.0.1:7878";
64 };
65 };
66
67 services.bazarr = {
68 enable = true;
69 openFirewall = true;
70 group = "torrent";
71 };
72 services.nginx.virtualHosts."bazarr.${config.networking.hostName}" = {
73 listen = [{ port = 80; addr = "0.0.0.0"; }];
74 locations."/" = {
75 proxyPass = "http://127.0.0.1:6767";
76 };
77 };
78
79 services.jackett = {
80 enable = true;
81 openFirewall = true;
82 group = "torrent";
83 };
84 services.nginx.virtualHosts."jackett.${config.networking.hostName}" = {
85 listen = [{ port = 80; addr = "0.0.0.0"; }];
86 locations."/" = {
87 proxyPass = "http://127.0.0.1:9117";
88 };
89 };
90
91 services.lidarr = {
92 enable = true;
93 openFirewall = true;
94 group = "torrent";
95 };
96 services.nginx.virtualHosts."lidarr.${config.networking.hostName}" = {
97 listen = [{ port = 80; addr = "0.0.0.0"; }];
98 locations."/" = {
99 proxyPass = "http://127.0.0.1:8686";
100 };
101 };
102
103 services.flaresolverr.enable = true;
104
105}
106
107