diff --git a/hosts/kariru/default.nix b/hosts/kariru/default.nix index 7bf9594..bcb5241 100644 --- a/hosts/kariru/default.nix +++ b/hosts/kariru/default.nix @@ -5,8 +5,8 @@ }: { imports = [ ./hardware-configuration.nix + ./services ../../modules - ../../modules/services/arr ]; boot.loader = { diff --git a/hosts/kariru/services/default.nix b/hosts/kariru/services/default.nix new file mode 100644 index 0000000..c2cbc4f --- /dev/null +++ b/hosts/kariru/services/default.nix @@ -0,0 +1,18 @@ +{...}: { + services.radarr = { + enable = true; + openFirewall = true; + dataDir = "/var/lib/radarr"; + }; + + services.sonarr = { + enable = true; + openFirewall = true; + dataDir = "/var/lib/sonarr"; + }; + + services.prowlarr = { + enable = true; + openFirewall = true; + }; +} diff --git a/hosts/kariru/services/gluetun.nix b/hosts/kariru/services/gluetun.nix new file mode 100644 index 0000000..e69de29 diff --git a/hosts/kariru/services/qbittorrent.nix b/hosts/kariru/services/qbittorrent.nix new file mode 100644 index 0000000..e69de29 diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index caca110..b60ee16 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -5,8 +5,8 @@ }: { imports = [ ./hardware-configuration.nix + ./services ../../modules - ../../modules/services ]; boot.loader = { diff --git a/hosts/sakura/services/default.nix b/hosts/sakura/services/default.nix new file mode 100644 index 0000000..e32b7ba --- /dev/null +++ b/hosts/sakura/services/default.nix @@ -0,0 +1,13 @@ +{...}: { + imports = [ + ./traefik.nix + ./homepage.nix + ./searxng.nix + ./hugo.nix + ./stash.nix + ./foundryvtt.nix + ./forgejo.nix + ./jellyfin.nix + ./rustypaste.nix + ]; +} diff --git a/hosts/sakura/services/forgejo.nix b/hosts/sakura/services/forgejo.nix new file mode 100644 index 0000000..ee6a723 --- /dev/null +++ b/hosts/sakura/services/forgejo.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + services.gitea = { + enable = true; + package = pkgs.forgejo; + appName = "forgejo"; + stateDir = "/sakura/forgejo"; + settings = { + service.DISABLE_REGISTRATION = true; + server = { + HTTP_PORT = 3000; + DOMAIN = "git.notohh.dev"; + ROOT_URL = "https://git.notohh.dev"; + LANDING_PAGE = "/explore/repos"; + }; + }; + }; +} diff --git a/hosts/sakura/services/foundryvtt.nix b/hosts/sakura/services/foundryvtt.nix new file mode 100644 index 0000000..fa7017a --- /dev/null +++ b/hosts/sakura/services/foundryvtt.nix @@ -0,0 +1,20 @@ +{...}: { + sops.secrets.foundry-username = {}; + sops.secrets.foundry-password = {}; + virtualisation.oci-containers.containers.foundryvtt = { + image = "felddy/foundryvtt:release"; + volumes = [ + "/home/notoh/docker/foundryvtt:/data" + ]; + environment = { + CONTAINER_PRESERVE_CONFIG = "true"; + }; + environmentFiles = [ + /run/secrets/foundry-username + /run/secrets/foundry-password + ]; + ports = [ + "30000:30000" + ]; + }; +} diff --git a/hosts/sakura/services/homepage.nix b/hosts/sakura/services/homepage.nix new file mode 100644 index 0000000..a8ca260 --- /dev/null +++ b/hosts/sakura/services/homepage.nix @@ -0,0 +1,12 @@ +{...}: { + virtualisation.oci-containers.containers.homepage = { + image = "ghcr.io/benphelps/homepage"; + volumes = [ + "/home/notoh/docker/homepage:/app/config" + "/var/run/docker.sock:/var/run/docker.sock:ro" + ]; + ports = [ + "3005:3000" + ]; + }; +} diff --git a/hosts/sakura/services/hugo.nix b/hosts/sakura/services/hugo.nix new file mode 100644 index 0000000..b758dbb --- /dev/null +++ b/hosts/sakura/services/hugo.nix @@ -0,0 +1,13 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [hugo]; + virtualisation.oci-containers.containers.hugo = { + image = "klakegg/hugo:0.101.0"; + cmd = ["server"]; + volumes = [ + "/home/notoh/docker/hugo:/src" + ]; + ports = [ + "1313:1313" + ]; + }; +} diff --git a/hosts/sakura/services/jellyfin.nix b/hosts/sakura/services/jellyfin.nix new file mode 100644 index 0000000..65ecce0 --- /dev/null +++ b/hosts/sakura/services/jellyfin.nix @@ -0,0 +1,10 @@ +{...}: { + services.jellyfin = { + enable = true; + openFirewall = true; + }; + services.jellyseerr = { + enable = true; + openFirewall = true; + }; +} diff --git a/hosts/sakura/services/rustypaste.nix b/hosts/sakura/services/rustypaste.nix new file mode 100644 index 0000000..9d590c4 --- /dev/null +++ b/hosts/sakura/services/rustypaste.nix @@ -0,0 +1,28 @@ +{ + pkgs, + config, + ... +}: { + sops.secrets.rusty-auth-token = {}; + environment.systemPackages = with pkgs; [rustypaste]; + + systemd.services.rustypaste = { + enable = true; + wantedBy = [ + "multi-user.target" + ]; + description = "A minimal file upload/pastebin service."; + environment = { + # AUTH_TOKEN = config.sops.secrets.rusty-auth-token.path; + CONFIG = "/var/lib/rustypaste/config.toml"; + }; + serviceConfig = { + User = "root"; + ExecStart = "${pkgs.rustypaste}/bin/rustypaste"; + Restart = "always"; + RestartSec = 30; + StandardOutput = "syslog"; + WorkingDirectory = "/var/lib/rustypaste"; + }; + }; +} diff --git a/hosts/sakura/services/searxng.nix b/hosts/sakura/services/searxng.nix new file mode 100644 index 0000000..95e8820 --- /dev/null +++ b/hosts/sakura/services/searxng.nix @@ -0,0 +1,14 @@ +{...}: { + virtualisation.oci-containers.containers.searxng = { + image = "searxng/searxng"; + volumes = [ + "/home/notoh/docker/searxng:/etc/searxng:rw" + ]; + environment = { + INSTANCE_NAME = "SearXNG"; + }; + ports = [ + "8085:8080" + ]; + }; +} diff --git a/hosts/sakura/services/stash.nix b/hosts/sakura/services/stash.nix new file mode 100644 index 0000000..db7f5c7 --- /dev/null +++ b/hosts/sakura/services/stash.nix @@ -0,0 +1,23 @@ +{...}: { + virtualisation.oci-containers.containers.stash = { + image = "stashapp/stash"; + environment = { + STASH_STASH = "/data/"; + STASH_GENERATED = "/generated/"; + STASH_METADATA = "/metadata/"; + STASH_CACHE = "/cache/"; + STASH_PORT = "9999"; + }; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/home/notoh/docker/stash/.config:/root/.stash" + "/home/notoh/docker/stash/data:/data" + "/home/notoh/docker/stash/.metadata:/metadata" + "/home/notoh/docker/stash/cache:/cache" + "/home/notoh/docker/stash/generated:/generated" + ]; + ports = [ + "9999:9999" + ]; + }; +} diff --git a/hosts/sakura/services/traefik.nix b/hosts/sakura/services/traefik.nix new file mode 100644 index 0000000..58ac533 --- /dev/null +++ b/hosts/sakura/services/traefik.nix @@ -0,0 +1,120 @@ +{config, ...}: { + sops.secrets.cloudflare-api-key = {}; + networking.firewall.allowedTCPPorts = [80 443]; + systemd.user.services.traefik.after = ["docker.service"]; + systemd.services.traefik = { + environment = { + CLOUDFLARE_EMAIL = "jch0tm2e@notohh.dev"; + }; + serviceConfig = { + EnvironmentFile = config.sops.secrets.cloudflare-api-key.path; + }; + }; + services.traefik = { + enable = true; + dynamicConfigOptions = { + http = { + routers = { + api = { + rule = "PathPrefix(`/api/`)"; + entryPoints = ["websecure"]; + service = "api@internal"; + }; + homepage = { + rule = "Host(`dashboard.lab`)"; + entrypoints = ["web"]; + service = "homepage"; + }; + searxng = { + rule = "Host(`searxng.lab`)"; + entrypoints = ["web"]; + service = "searxng"; + }; + stash = { + rule = "Host(`stash.lab`)"; + entrypoints = ["web"]; + service = "stash"; + }; + jellyfin = { + rule = "Host(`jellyfin.lab`)"; + entrypoints = ["web"]; + service = "jellyfin"; + }; + hugo = { + rule = "Host(`notohh.dev`)"; + entryPoints = ["websecure"]; + service = "hugo"; + tls.domains = [{main = "*.notohh.dev";}]; + tls.certresolver = "production"; + }; + foundryvtt = { + rule = "Host(`foundry.notohh.dev`)"; + entrypoints = ["websecure"]; + service = "foundryvtt"; + tls.domains = [{main = "*.notohh.dev";}]; + tls.certresolver = "production"; + }; + gitea = { + rule = "Host(`git.notohh.dev`)"; + entrypoints = ["websecure"]; + service = "gitea"; + tls.domains = [{main = "*.notohh.dev";}]; + tls.certresolver = "production"; + }; + rustypaste = { + rule = "Host(`img.notohh.dev`)"; + entrypoints = ["websecure"]; + service = "rustypaste"; + tls.domains = [{main = "*.notohh.dev";}]; + tls.certresolver = "production"; + }; + }; + services = { + homepage.loadBalancer.servers = [{url = "http://localhost:3005";}]; + searxng.loadBalancer.servers = [{url = "http://localhost:8085";}]; + hugo.loadBalancer.servers = [{url = "http://localhost:1313";}]; + stash.loadBalancer.servers = [{url = "http://localhost:9999";}]; + jellyfin.loadBalancer.servers = [{url = "http://localhost:8096";}]; + foundryvtt.loadBalancer.servers = [{url = "http://localhost:30000";}]; + gitea.loadBalancer.servers = [{url = "http://localhost:3000";}]; + rustypaste.loadBalancer.servers = [{url = "http://localhost:8000";}]; + }; + }; + }; + staticConfigOptions = { + log.level = "DEBUG"; + api.dashboard = false; + api.insecure = false; + global = { + checkNewVersion = false; + sendAnonymousUsage = false; + }; + entryPoints = { + websecure.address = ":443"; + web.address = ":80"; + }; + certificatesResolvers = { + staging.acme = { + email = "x3xr6n66@notohh.dev"; + storage = "/var/lib/traefik/acme.json"; + caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = ["1.1.1.1:53" "1.0.0.1:53"]; + delayBeforeCheck = "0"; + }; + }; + production.acme = { + email = "x3xr6n66@notohh.dev"; + storage = "/var/lib/traefik/acme.json"; + caServer = "https://acme-v02.api.letsencrypt.org/directory"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = ["1.1.1.1:53" "1.0.0.1:53"]; + delayBeforeCheck = "0"; + }; + }; + }; + }; + }; +}