alyraffauf/nixcfg
1
0
Fork 0
mirror of https://github.com/alyraffauf/nixcfg.git synced 2024-11-21 14:33:56 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

raffauflabs: enable vaultwarden and homepage
Some checks are pending
git-mirror / gitlab-sync (push) Waiting to run
Details
nix-build / default-build (push) Waiting to run
Details
nix-build / fallarbor-build (push) Waiting to run
Details
nix-build / lavaridge-build (push) Waiting to run
Details
nix-build / mauville-build (push) Waiting to run
Details
nix-build / petalburg-build (push) Waiting to run
Details
nix-build / rustboro-build (push) Waiting to run
Details
nix-build / slateport-build (push) Waiting to run
Details
nix-check / fmt-check (push) Waiting to run
Details
nix-check / eval-check (push) Waiting to run
Details

Browse source
This commit is contained in:
Aly Raffauf 2024-08-27 14:51:16 -04:00
parent b02c450f9d
commit 4ae9d2ce10
2 changed files with 209 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

97
hosts/mauville/raffauflabs.nix
View file

@ -29,7 +29,7 @@
};
in {
networking = {
firewall.allowedTCPPorts = [80 443 2379 2380 3000 6443];
firewall.allowedTCPPorts = [80 443 2379 2380 3000 6443 61208];
firewall.allowedUDPPorts = [8472];
};
@ -91,12 +91,12 @@ in {
};
};
k3s = {
enable = true;
role = "server";
tokenFile = config.age.secrets.k3s.path;
serverAddr = "https://192.168.0.104:6443";
};
# k3s = {
# enable = true;
# role = "server";
# tokenFile = config.age.secrets.k3s.path;
# serverAddr = "https://192.168.0.104:6443";
# };
navidrome = {
enable = true;
@ -123,44 +123,53 @@ in {
};
};
systemd.services.navidrome.serviceConfig = let
navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
Address = "0.0.0.0";
DefaultTheme = "Auto";
MusicFolder = musicDirectory;
Port = navidrome.port;
SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ ${domain}";
"Spotify.ID" = "@spotifyClientId@";
"Spotify.Secret" = "@spotifyClientSecret@";
"LastFM.Enabled" = true;
"LastFM.ApiKey" = "@lastFMApiKey@";
"LastFM.Secret" = "@lastFMSecret@";
"LastFM.Language" = "en";
});
systemd.services = {
glances = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
path = [pkgs.glances];
script = "glances --webserver --bind 0.0.0.0 --port 61208";
};
navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''
lastFMApiKey=$(cat "${navidrome.lastfm.idFile}")
lastFMSecret=$(cat "${navidrome.lastfm.secretFile}")
spotifyClientId=$(cat "${navidrome.spotify.idFile}")
spotifyClientSecret=$(cat "${navidrome.spotify.secretFile}")
${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \
-e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
${navidromeConfig} > /var/lib/navidrome/navidrome.json
'';
in {
BindReadOnlyPaths = [
navidrome.lastfm.idFile
navidrome.lastfm.secretFile
navidrome.spotify.idFile
navidrome.spotify.secretFile
musicDirectory
];
navidrome.serviceConfig = let
navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
Address = "0.0.0.0";
DefaultTheme = "Auto";
MusicFolder = musicDirectory;
Port = navidrome.port;
SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ ${domain}";
"Spotify.ID" = "@spotifyClientId@";
"Spotify.Secret" = "@spotifyClientSecret@";
"LastFM.Enabled" = true;
"LastFM.ApiKey" = "@lastFMApiKey@";
"LastFM.Secret" = "@lastFMSecret@";
"LastFM.Language" = "en";
});
ExecStartPre = navidrome-secrets;
ExecStart = lib.mkForce ''
${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \
--datafolder /var/lib/navidrome/
'';
navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''
lastFMApiKey=$(cat "${navidrome.lastfm.idFile}")
lastFMSecret=$(cat "${navidrome.lastfm.secretFile}")
spotifyClientId=$(cat "${navidrome.spotify.idFile}")
spotifyClientSecret=$(cat "${navidrome.spotify.secretFile}")
${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \
-e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
${navidromeConfig} > /var/lib/navidrome/navidrome.json
'';
in {
BindReadOnlyPaths = [
navidrome.lastfm.idFile
navidrome.lastfm.secretFile
navidrome.spotify.idFile
navidrome.spotify.secretFile
musicDirectory
];
ExecStartPre = navidrome-secrets;
ExecStart = lib.mkForce ''
${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \
--datafolder /var/lib/navidrome/
'';
};
};
}

171
hosts/slateport/raffauflabs.nix
View file

@ -20,6 +20,7 @@ in {
"bt.${domain}"
"git.${domain}"
"music.${domain}"
"passwords.${domain}"
"plex.${domain}"
"podcasts.${domain}"
domain
@ -39,13 +40,134 @@ in {
bantime = "1h";
};
k3s = {
homepage-dashboard = {
enable = true;
clusterInit = true;
role = "server";
tokenFile = config.age.secrets.k3s.path;
openFirewall = true;
bookmarks = [
# {
# Websites = [
# {
# "Aly Raffauf" = [
# {
# abbr = "AR";
# description = "Personal website and portfolio.";
# href = "https://aly.raffauflabs.com/";
# }
# ];
# }
# ];
# }
];
services = [
{
Websites = [
{
"Aly Raffauf" = {
abbr = "AR";
description = "Personal website and portfolio.";
href = "https://aly.raffauflabs.com/";
};
}
{
"Specular Anomalies" = {
abbr = "SA";
description = "Academic & tech blog.";
href = "https://distort.jp/";
};
}
];
}
{
Media = [
{
"Audiobookshelf" = {
description = "Audiobooks & podcasts.";
href = "https://podcasts.raffauflabs.com";
icon = "audiobookshelf";
};
}
{
"Plex" = {
description = "TV Shows, movies & music.";
href = "https://plex.raffauflabs.com";
icon = "plex";
};
}
{
"Navidrome" = {
description = "Subsonic-compatible music streaming.";
href = "https://music.raffauflabs.com";
icon = "navidrome";
};
}
];
}
{
Tools = [
{
"Forĝejo" = {
description = "Git forge for open source projects.";
href = "https://git.raffauflabs.com";
icon = "forgejo";
};
}
{
"Transmission (Tailnet only)" = {
description = "Torrent client with web UI.";
href = "http://mauville:9091";
icon = "transmission";
};
}
{
"Vaultwarden" = {
description = "Secure password manager.";
href = "https://passwords.raffauflabs.com";
icon = "vaultwarden";
};
}
];
}
];
settings = {
color = "sky";
target = "_self";
title = "RaffaufLabs.com";
};
widgets = [
{
glances = {
url = "http:/mauville:61208/";
cpu = true;
mem = true;
disk = "/mnt/Media";
};
}
{
search = {
provider = "brave";
showSearchSuggestions = true;
};
}
{
datetime = {
text_size = "xl";
format.timeStyle = "short";
};
}
];
};
# k3s = {
# enable = true;
# clusterInit = true;
# role = "server";
# tokenFile = config.age.secrets.k3s.path;
# };
nginx = {
enable = true;
recommendedGzipSettings = true;
@ -53,19 +175,18 @@ in {
recommendedTlsSettings = true;
virtualHosts = {
# "bt.${domain}" = {
# enableACME = true;
# forceSSL = true;
"${domain}" = {
enableACME = true;
forceSSL = true;
# locations."/" = {
# proxyPass = "http://${ip}:${toString 9091}";
# proxyWebsockets = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.homepage-dashboard.listenPort}";
# extraConfig = ''
# proxy_buffering off;
# '';
# };
# };
extraConfig = ''
client_max_body_size 512M;
'';
};
};
"git.${domain}" = {
enableACME = true;
@ -94,6 +215,14 @@ in {
};
};
"passwords.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
"plex.${domain}" = {
enableACME = true;
forceSSL = true;
@ -129,5 +258,17 @@ in {
};
};
};
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://passowrds.raffauflabs.com";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_LOG = "critical";
ROCKET_PORT = 8222;
SIGNUPS_ALLOWED = false;
};
};
};
}