alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-21 16:33:55 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

migrate from raffauflabs flake and drop dependency (#102)

Browse source 
* migrate from raffauflabs and drop dependency

* slateport/nginx: fix forĝejo url
This commit is contained in:
Aly Raffauf 2024-08-26 18:35:57 -04:00 committed by GitHub
parent 3cbe9af978
commit 1b0edff306
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 283 additions and 103 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
flake.lock
View file

@ -568,26 +568,6 @@
"type": "github"
}
},
"raffauflabs": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724047987,
"narHash": "sha256-2be2gK4DRyPwLbddSQ5A9I9UjLM/tGrgdltrosE2AsU=",
"owner": "alyraffauf",
"repo": "raffauflabs",
"rev": "fd6bb8de83bb23f0724cf464fe6ac4a3f07ed831",
"type": "github"
},
"original": {
"owner": "alyraffauf",
"repo": "raffauflabs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
@ -599,7 +579,6 @@
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"raffauflabs": "raffauflabs",
"stylix": "stylix"
}
},

7
flake.nix
View file

@ -26,8 +26,8 @@
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/lanzaboote/v0.4.1";
};
nixhw = {
@ -37,11 +37,6 @@
nur.url = "github:nix-community/NUR";
raffauflabs = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:alyraffauf/raffauflabs";
};
stylix = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:danth/stylix";

54
hosts/mauville/default.nix
View file

@ -6,19 +6,18 @@
...
}: let
archiveDirectory = "/mnt/Archive";
domain = "raffauflabs.com";
mediaDirectory = "/mnt/Media";
in {
imports = [
./disko.nix
./home.nix
./raffauflabs.nix
./secrets.nix
./stylix.nix
self.inputs.nixhw.nixosModules.common-amd-cpu
self.inputs.nixhw.nixosModules.common-amd-gpu
self.inputs.nixhw.nixosModules.common-bluetooth
self.inputs.nixhw.nixosModules.common-ssd
self.inputs.raffauflabs.nixosModules.raffauflabs
self.nixosModules.common-auto-upgrade
self.nixosModules.common-base
self.nixosModules.common-locale
@ -50,8 +49,6 @@ in {
networking.hostName = "mauville";
services = {
forgejo.settings.service.DISABLE_REGISTRATION = lib.mkForce true;
samba = {
enable = true;
openFirewall = true;
@ -94,20 +91,6 @@ in {
enable = true;
openFirewall = true;
};
transmission = {
enable = true;
credentialsFile = config.age.secrets.transmission.path;
openFirewall = true;
openRPCPort = true;
settings = {
download-dir = mediaDirectory;
peer-port = 51413;
rpc-bind-address = "0.0.0.0";
rpc-port = 9091;
};
};
};
environment.variables.GDK_SCALE = "1.25";
@ -153,39 +136,4 @@ in {
};
};
};
raffauflabs = {
inherit domain;
enable = true;
containers.oci.freshRSS.enable = true;
services = {
audiobookshelf.enable = true;
ddclient = {
enable = true;
passwordFile = config.age.secrets.cloudflare.path;
protocol = "cloudflare";
};
forgejo.enable = true;
navidrome = {
enable = true;
lastfm = {
idFile = config.age.secrets.lastfmId.path;
secretFile = config.age.secrets.lastfmSecret.path;
};
spotify = {
idFile = config.age.secrets.spotifyId.path;
secretFile = config.age.secrets.spotifySecret.path;
};
};
plexMediaServer.enable = true;
};
};
}

147
hosts/mauville/raffauflabs.nix Normal file
View file

@ -0,0 +1,147 @@
{
config,
lib,
pkgs,
...
}: let
audiobookshelf.port = 13378;
domain = "raffauflabs.com";
mediaDirectory = "/mnt/Media";
musicDirectory = "${mediaDirectory}/Music";
navidrome = {
port = 4533;
lastfm = {
idFile = config.age.secrets.lastfmId.path;
secretFile = config.age.secrets.lastfmSecret.path;
};
spotify = {
idFile = config.age.secrets.spotifyId.path;
secretFile = config.age.secrets.spotifySecret.path;
};
};
transmission = {
port = 9091;
bitTorrentPort = 5143;
};
in {
services = {
audiobookshelf = {
enable = true;
port = audiobookshelf.port;
};
forgejo = {
enable = true;
lfs.enable = true;
settings = {
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://github.com";
};
cron = {
ENABLED = true;
RUN_AT_START = false;
};
DEFAULT.APP_NAME = "Forĝejo";
repository = {
DEFAULT_BRANCH = "master";
ENABLE_PUSH_CREATE_ORG = true;
ENABLE_PUSH_CREATE_USER = true;
PREFERRED_LICENSES = "GPL-3.0";
};
federation.ENABLED = true;
picture.ENABLE_FEDERATED_AVATAR = true;
security.PASSWORD_CHECK_PWN = true;
server = {
LANDING_PAGE = "explore";
ROOT_URL = "https://git.${domain}/";
};
service = {
ALLOW_ONLY_INTERNAL_REGISTRATION = true;
DISABLE_REGISTRATION = true;
ENABLE_NOTIFY_MAIL = true;
};
session.COOKIE_SECURE = true;
ui.DEFAULT_THEME = "forgejo-auto";
"ui.meta" = {
AUTHOR = "Forĝejo @ ${domain}";
DESCRIPTION = "Self-hosted git forge for projects + toys.";
KEYWORDS = "git,source code,forge,forĝejo,aly raffauf";
};
};
};
plex = {
enable = true;
openFirewall = true;
};
transmission = {
enable = true;
credentialsFile = config.age.secrets.transmission.path;
openFirewall = true;
openRPCPort = true;
settings = {
download-dir = mediaDirectory;
peer-port = transmission.bitTorrentPort;
rpc-bind-address = "0.0.0.0";
rpc-port = transmission.port;
};
};
};
systemd.services.navidrome.serviceConfig = let
navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
Address = "0.0.0.0";
DefaultTheme = "Auto";
MusicFolder = musicDirectory;
Port = navidrome.port;
SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ ${domain}";
"Spotify.ID" = "@spotifyClientId@";
"Spotify.Secret" = "@spotifyClientSecret@";
"LastFM.Enabled" = true;
"LastFM.ApiKey" = "@lastFMApiKey@";
"LastFM.Secret" = "@lastFMSecret@";
"LastFM.Language" = "en";
});
navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''
lastFMApiKey=$(cat "${navidrome.lastfm.idFile}")
lastFMSecret=$(cat "${navidrome.lastfm.secretFile}")
spotifyClientId=$(cat "${navidrome.spotify.idFile}")
spotifyClientSecret=$(cat "${navidrome.spotify.secretFile}")
${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \
-e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
${navidromeConfig} > /var/lib/navidrome/navidrome.json
'';
in {
BindReadOnlyPaths = [
navidrome.lastfm.idFile
navidrome.lastfm.secretFile
navidrome.spotify.idFile
navidrome.spotify.secretFile
musicDirectory
];
ExecStartPre = navidrome-secrets;
ExecStart = lib.mkForce ''
${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \
--datafolder /var/lib/navidrome/
'';
};
}

25
hosts/slateport/default.nix
View file

@ -2,18 +2,16 @@
config,
self,
...
}: let
domain = "raffauflabs.com";
in {
}: {
imports = [
./disko.nix
./home.nix
./raffauflabs.nix
./secrets.nix
self.inputs.nixhw.nixosModules.common-intel-cpu
self.inputs.nixhw.nixosModules.common-intel-gpu
self.inputs.nixhw.nixosModules.common-bluetooth
self.inputs.nixhw.nixosModules.common-ssd
self.inputs.raffauflabs.nixosModules.raffauflabs
self.nixosModules.common-auto-upgrade
self.nixosModules.common-base
self.nixosModules.common-locale
@ -36,14 +34,6 @@ in {
hardware.enableAllFirmware = true;
networking.hostName = "slateport";
services.k3s = {
enable = true;
clusterInit = true;
role = "server";
tokenFile = config.age.secrets.k3s.path;
};
system.stateVersion = "24.05";
zramSwap.memoryPercent = 100;
@ -62,15 +52,4 @@ in {
};
};
};
raffauflabs = {
inherit domain;
enable = true;
services.ddclient = {
enable = true;
passwordFile = config.age.secrets.cloudflare.path;
protocol = "cloudflare";
};
};
}

132
hosts/slateport/raffauflabs.nix Normal file
View file

@ -0,0 +1,132 @@
{config, ...}: let
ip = "192.168.0.103";
domain = "raffauflabs.com";
in {
networking = {
firewall.allowedTCPPorts = [80 443];
};
security.acme = {
acceptTerms = true;
defaults.email = "alyraffauf@fastmail.com";
};
services = {
ddclient = {
enable = true;
domains = [
"bt.${domain}"
"git.${domain}"
"music.${domain}"
"plex.${domain}"
"podcasts.${domain}"
domain
];
interval = "10min";
passwordFile = config.age.secrets.cloudflare.path;
protocol = "cloudflare";
ssl = true;
use = "web, web=dynamicdns.park-your-domain.com/getip, web-skip='Current IP Address: '";
username = "token";
zone = domain;
};
fail2ban = {
enable = true;
bantime = "1h";
};
k3s = {
enable = true;
clusterInit = true;
role = "server";
tokenFile = config.age.secrets.k3s.path;
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"bt.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "${ip}:${toString 9091}";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
'';
};
};
"git.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${ip}:${toString 3000}";
extraConfig = ''
client_max_body_size 512M;
'';
};
};
"music.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "${ip}:${toString 4533}";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
'';
};
};
"plex.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "${ip}:32400";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
'';
};
};
"podcasts.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "${ip}:${toString 13378}";
extraConfig = ''
client_max_body_size 500M;
proxy_buffering off;
proxy_redirect http:// https://;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};
};
};
}