diff --git a/modules/homelab/default.nix b/modules/homelab/default.nix index f5a52f76..c1cd571f 100644 --- a/modules/homelab/default.nix +++ b/modules/homelab/default.nix @@ -3,50 +3,59 @@ { imports = [ ../virtualization + ./reverse_proxy ]; # services.ddclient.enable = true; # services.ddclient.configFile = "/etc/ddclient/ddclient.conf"; - # Open TCP ports for audiobookshelf, plex-server, and transmission-server. - networking.firewall.allowedTCPPorts = [ 80 443 51413 13378 32400 9091 ]; + # Open TCP ports for transmission-server. + networking.firewall.allowedTCPPorts = [ 51413 9091 ]; networking.firewall.allowedUDPPorts = [ 51413 ]; - virtualisation = { - oci-containers.containers = { - plex-server = { - ports = ["0.0.0.0:32400:32400"]; - image = "plexinc/pms-docker:public"; - environment = { - TZ = "America/New_York"; - }; - volumes = [ - "plex_config:/config" - "plex_transcode:/transcode" - "/mnt/Media:/Media" - ]; + + virtualisation.oci-containers.containers = { + audiobookshelf = { + ports = ["0.0.0.0:13378:80"]; + image = "ghcr.io/advplyr/audiobookshelf:latest"; + environment = { + TZ = "America/New_York"; }; - transmission-server = { - ports = ["0.0.0.0:9091:9091" "0.0.0.0:51413:51413"]; - image = "linuxserver/transmission:latest"; - environment = { - TZ = "America/New_York"; - }; - volumes = [ - "transmission_config:/config" - "/mnt/Media/Torrents:/watch" - "/mnt/Media:/Media" - ]; + volumes = [ + "abs_config:/config" + "abs_metadata:/metadata" + "/mnt/Media:/Media" + ]; + }; + plex-server = { + ports = ["0.0.0.0:32400:32400"]; + image = "plexinc/pms-docker:public"; + environment = { + TZ = "America/New_York"; }; + volumes = [ + "plex_config:/config" + "plex_transcode:/transcode" + "/mnt/Media:/Media" + ]; + }; + transmission-server = { + ports = ["0.0.0.0:9091:9091" "0.0.0.0:51413:51413"]; + image = "linuxserver/transmission:latest"; + environment = { + TZ = "America/New_York"; + }; + volumes = [ + "transmission_config:/config" + "/mnt/Media/Torrents:/watch" + "/mnt/Media:/Media" + ]; }; }; containers.navidrome = { autoStart = true; - bindMounts = { - "/Music" = { hostPath = "/mnt/Media/Music"; - isReadOnly = true; - }; + bindMounts."/Music".hostPath = "/mnt/Media/Music"; }; config = { config, pkgs, lib, ... }: { services.navidrome = { @@ -58,93 +67,10 @@ MusicFolder = "/Music"; DefaultTheme = "Auto"; SubsonicArtistParticipations = true; - DefaultDownsamplingFormat = "aac"; + UIWelcomeMessage = "Welcome to Navidrome on Raffauf Labs." }; }; system.stateVersion = "24.05"; }; }; - - containers.audiobookshelf = { - autoStart = true; - bindMounts = { - "/Media" = { hostPath = "/mnt/Media"; - isReadOnly = false; - }; - }; - config = { config, pkgs, lib, ... }: { - services.audiobookshelf = { - enable = true; - openFirewall = true; - port = 13378; - host = "0.0.0.0"; - }; - system.stateVersion = "24.05"; - }; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "alyraffauf@gmail.com"; - }; - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - # other Nginx options - virtualHosts."raffauflabs.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:12345"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = '' - # required when the target is also TLS server with multiple hosts - proxy_ssl_server_name on; - # required when the server wants to use HTTP Authentication - proxy_pass_header Authorization; - ''; - }; - }; - virtualHosts."podcasts.raffauflabs.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:13378"; - # proxyWebsockets = true; # This breaks audiobookshelf. - extraConfig = '' - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_redirect http:// https://; - proxy_buffering off; - ''; - }; - }; - virtualHosts."plex.raffauflabs.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:32400"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = '' - proxy_buffering off; - ''; - }; - }; - virtualHosts."music.raffauflabs.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:4533"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = '' - proxy_buffering off; - ''; - }; - }; - }; } \ No newline at end of file diff --git a/modules/homelab/reverse_proxy/default.nix b/modules/homelab/reverse_proxy/default.nix new file mode 100644 index 00000000..551bed34 --- /dev/null +++ b/modules/homelab/reverse_proxy/default.nix @@ -0,0 +1,81 @@ +{ config, pkgs, ... }: + +{ + # services.ddclient.enable = true; + # services.ddclient.configFile = "/etc/ddclient/ddclient.conf"; + + # Open TCP ports for audiobookshelf, plex-server, and transmission-server. + networking.firewall.allowedTCPPorts = [ 80 443 51413 9091 ]; + networking.firewall.allowedUDPPorts = [ 51413 ]; + + networking.extraHosts = '' + 127.0.0.1 music.raffauflabs.com + 127.0.0.1 podcasts.raffauflabs.com + 127.0.0.1 plex.raffauflabs.com + ''; + + security.acme = { + acceptTerms = true; + defaults.email = "alyraffauf@gmail.com"; + }; + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + # other Nginx options + # virtualHosts."raffauflabs.com" = { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://127.0.0.1:12345"; + # proxyWebsockets = true; # needed if you need to use WebSocket + # extraConfig = '' + # # required when the target is also TLS server with multiple hosts + # proxy_ssl_server_name on; + # # required when the server wants to use HTTP Authentication + # proxy_pass_header Authorization; + # ''; + # }; + # }; + virtualHosts."podcasts.raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:13378"; + # proxyWebsockets = true; # This breaks audiobookshelf. + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect http:// https://; + proxy_buffering off; + ''; + }; + }; + virtualHosts."plex.raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:32400"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_buffering off; + ''; + }; + }; + virtualHosts."music.raffauflabs.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:4533"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_buffering off; + ''; + }; + }; + }; +} \ No newline at end of file