dissolved homeLab module in favor of separate container and services modules

This commit is contained in:
Aly Raffauf 2024-04-22 20:18:47 -04:00
parent ee0fcb052b
commit 4fcd46cfa3
17 changed files with 363 additions and 267 deletions

View file

@ -14,6 +14,34 @@
networking.hostName = "mauville"; # Define your hostname.
alyraffauf = {
apps = {
steam.enable = true;
podman.enable = true;
virt-manager.enable = true;
};
containers = {
nixos = {
navidrome.enable = true;
};
oci = {
audiobookshelf.enable = true;
freshRSS.enable = true;
jellyfin.enable = true;
plexMediaServer.enable = true;
transmission.enable = true;
};
};
desktop = {
enable = true;
hyprland.enable = true;
};
user = {
aly.enable = true;
dustin.enable = true;
};
services = {
binaryCache.enable = true;
};
system = {
plymouth.enable = true;
zramSwap = {
@ -21,19 +49,131 @@
size = 100;
};
};
user = {
aly.enable = true;
dustin.enable = true;
};
desktop = {
networking = {
firewall = {
allowedTCPPorts = [80 443 51413 9091];
allowedUDPPorts = [51413];
};
# My router doesn't expose settings for NAT loopback
# So we have to use this workaround.
extraHosts = ''
127.0.0.1 music.raffauflabs.com
127.0.0.1 nixcache.raffauflabs.com
127.0.0.1 plex.raffauflabs.com
127.0.0.1 podcasts.raffauflabs.com
127.0.0.1 news.raffauflabs.com
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "alyraffauf@gmail.com";
};
services = {
nginx = {
enable = true;
hyprland.enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4533";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
homeLab.enable = true;
apps = {
steam.enable = true;
podman.enable = true;
virt-manager.enable = true;
};
virtualHosts."news.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
proxy_redirect off;
# Forward the Authorization header for the Google Reader API.
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
'';
};
};
virtualHosts."nixcache.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port
}";
};
virtualHosts."plex.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32400";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."podcasts.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13378";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M;
'';
};
};
};
samba = {
enable = true;
securityType = "user";
openFirewall = true;
shares = {
Media = {
comment = "Media @ ${config.networking.hostName}";
path = "/mnt/Media";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
Archive = {
comment = "Archive @ ${config.networking.hostName}";
path = "/mnt/Archive";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
};
};
samba-wsdd = {
enable = true;
openFirewall = true;
};
};

View file

@ -0,0 +1,8 @@
{
pkgs,
lib,
config,
...
}: {
imports = [./nixos ./oci];
}

View file

@ -0,0 +1,8 @@
{
pkgs,
lib,
config,
...
}: {
imports = [./navidrome];
}

View file

@ -5,14 +5,19 @@
...
}: {
options = {
alyraffauf.homeLab.nixContainers.enable =
lib.mkEnableOption "Enables select nix containers.";
alyraffauf.containers.nixos.navidrome.enable =
lib.mkEnableOption "Enable navidrome nixos container.";
alyraffauf.containers.nixos.navidrome.musicDirectory = lib.mkOption {
description = "Music directory for Navidrome.";
default = "/mnt/Media/Music";
type = lib.types.str;
};
};
config = lib.mkIf config.alyraffauf.homeLab.nixContainers.enable {
config = lib.mkIf config.alyraffauf.containers.nixos.navidrome.enable {
containers.navidrome = {
autoStart = true;
bindMounts."/Music".hostPath = "/mnt/Media/Music";
bindMounts."/Music".hostPath = config.alyraffauf.containers.nixos.navidrome.musicDirectory;
config = {
config,
pkgs,
@ -29,7 +34,7 @@
MusicFolder = "/Music";
DefaultTheme = "Auto";
SubsonicArtistParticipations = true;
UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
UIWelcomeMessage = "Welcome to Navidrome! Registrations are closed.";
};
};
};

View file

@ -0,0 +1,27 @@
{
pkgs,
lib,
config,
...
}: {
options = {
alyraffauf.containers.oci.audiobookshelf.enable =
lib.mkEnableOption "Enable audiobookshelf podcast and audiobook server.";
alyraffauf.containers.oci.audiobookshelf.mediaDirectory = lib.mkOption {
description = "Media directory for audiobookshelf.";
default = "/mnt/Media";
type = lib.types.str;
};
};
config = lib.mkIf config.alyraffauf.containers.oci.audiobookshelf.enable {
virtualisation.oci-containers.containers = {
audiobookshelf = {
ports = ["0.0.0.0:13378:80"];
image = "ghcr.io/advplyr/audiobookshelf:latest";
environment = {TZ = "America/New_York";};
volumes = ["abs_config:/config" "abs_metadata:/metadata" "${config.alyraffauf.containers.oci.audiobookshelf.mediaDirectory}:/Media"];
};
};
};
}

View file

@ -0,0 +1,14 @@
{
pkgs,
lib,
config,
...
}: {
imports = [
./audiobookshelf
./freshRSS
./jellyfin
./plexMediaServer
./transmission
];
}

View file

@ -0,0 +1,28 @@
{
pkgs,
lib,
config,
...
}: {
options = {
alyraffauf.containers.oci.freshRSS.enable =
lib.mkEnableOption "Enable FreshRSS news client.";
};
config = lib.mkIf config.alyraffauf.containers.oci.freshRSS.enable {
virtualisation.oci-containers.containers = {
freshrss = {
ports = ["0.0.0.0:8080:80"];
image = "freshrss/freshrss:latest";
environment = {
TZ = "America/New_York";
CRON_MIN = "1,31";
};
volumes = [
"freshrss_data:/var/www/FreshRSS/data"
"freshrss_extensions:/var/www/FreshRSS/extensions"
];
};
};
};
}

View file

@ -0,0 +1,37 @@
{
pkgs,
lib,
config,
...
}: {
options = {
alyraffauf.containers.oci.jellyfin.enable =
lib.mkEnableOption "Enable Jellyfin media server.";
alyraffauf.containers.oci.jellyfin.mediaDirectory = lib.mkOption {
description = "Media directory for Jellyfin.";
default = "/mnt/Media";
type = lib.types.str;
};
alyraffauf.containers.oci.jellyfin.archiveDirectory = lib.mkOption {
description = "Archive directory for Jellyfin.";
default = "/mnt/Archive";
type = lib.types.str;
};
};
config = lib.mkIf config.alyraffauf.containers.oci.jellyfin.enable {
virtualisation.oci-containers.containers = {
jellyfin = {
ports = ["0.0.0.0:8096:8096"];
image = "jellyfin/jellyfin";
environment = {TZ = "America/New_York";};
volumes = [
"jellyfin_config:/config"
"jellyfin_cache:/cache"
"${config.alyraffauf.containers.oci.jellyfin.mediaDirectory}:/Media"
"${config.alyraffauf.containers.oci.jellyfin.archiveDirectory}:/Archive"
];
};
};
};
}

View file

@ -0,0 +1,37 @@
{
pkgs,
lib,
config,
...
}: {
options = {
alyraffauf.containers.oci.plexMediaServer.enable =
lib.mkEnableOption "Enable Plex Media Server.";
alyraffauf.containers.oci.plexMediaServer.mediaDirectory = lib.mkOption {
description = "Media directory for Plex Media Server.";
default = "/mnt/Media";
type = lib.types.str;
};
alyraffauf.containers.oci.plexMediaServer.archiveDirectory = lib.mkOption {
description = "Archive directory for Plex Media Server.";
default = "/mnt/Archive";
type = lib.types.str;
};
};
config = lib.mkIf config.alyraffauf.containers.oci.plexMediaServer.enable {
virtualisation.oci-containers.containers = {
plexMediaServer = {
ports = ["0.0.0.0:32400:32400"];
image = "plexinc/pms-docker:public";
environment = {TZ = "America/New_York";};
volumes = [
"plex_config:/config"
"plex_transcode:/transcode"
"${config.alyraffauf.containers.oci.plexMediaServer.mediaDirectory}:/Media"
"${config.alyraffauf.containers.oci.plexMediaServer.archiveDirectory}:/Archive"
];
};
};
};
}

View file

@ -0,0 +1,40 @@
{
pkgs,
lib,
config,
...
}: {
options = {
alyraffauf.containers.oci.transmission.enable =
lib.mkEnableOption "Enable Transmission Bittorrent server.";
alyraffauf.containers.oci.transmission.mediaDirectory = lib.mkOption {
description = "Media directory for Transmission.";
default = "/mnt/Media";
type = lib.types.str;
};
alyraffauf.containers.oci.transmission.archiveDirectory = lib.mkOption {
description = "Archive directory for Transmission.";
default = "/mnt/Archive";
type = lib.types.str;
};
};
config = lib.mkIf config.alyraffauf.containers.oci.transmission.enable {
virtualisation.oci-containers.containers = {
transmission = {
ports = ["0.0.0.0:9091:9091" "0.0.0.0:51413:51413"];
image = "linuxserver/transmission:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "America/New_York";
};
volumes = [
"transmission_config:/config"
"${config.alyraffauf.containers.oci.transmission.mediaDirectory}:/Media"
"${config.alyraffauf.containers.oci.transmission.archiveDirectory}:/Archive"
];
};
};
};
}

View file

@ -3,5 +3,5 @@
pkgs,
...
}: {
imports = [./apps ./desktop ./homeLab ./services ./system ./user];
imports = [./apps ./containers ./desktop ./services ./system ./user];
}

View file

@ -1,20 +0,0 @@
{
pkgs,
lib,
config,
...
}: {
imports = [./binaryCache ./reverseProxy ./nixContainers ./ociContainers ./samba];
options = {
alyraffauf.homeLab.enable = lib.mkEnableOption "Enables fully functional Home Lab.";
};
config = lib.mkIf config.alyraffauf.homeLab.enable {
alyraffauf.homeLab.binaryCache.enable = lib.mkDefault true;
alyraffauf.homeLab.nixContainers.enable = lib.mkDefault true;
alyraffauf.homeLab.ociContainers.enable = lib.mkDefault true;
alyraffauf.homeLab.reverseProxy.enable = lib.mkDefault true;
alyraffauf.homeLab.samba.enable = lib.mkDefault true;
};
}

View file

@ -1,72 +0,0 @@
{
pkgs,
lib,
config,
...
}: {
options = {
alyraffauf.homeLab.ociContainers.enable =
lib.mkEnableOption "Enables select OCI containers.";
};
config = lib.mkIf config.alyraffauf.homeLab.ociContainers.enable {
alyraffauf.apps.podman.enable = lib.mkDefault true;
virtualisation.oci-containers.containers = {
audiobookshelf = {
ports = ["0.0.0.0:13378:80"];
image = "ghcr.io/advplyr/audiobookshelf:latest";
environment = {TZ = "America/New_York";};
volumes = ["abs_config:/config" "abs_metadata:/metadata" "/mnt/Media:/Media"];
};
plex-server = {
ports = ["0.0.0.0:32400:32400"];
image = "plexinc/pms-docker:public";
environment = {TZ = "America/New_York";};
volumes = [
"plex_config:/config"
"plex_transcode:/transcode"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
transmission-server = {
ports = ["0.0.0.0:9091:9091" "0.0.0.0:51413:51413"];
image = "linuxserver/transmission:latest";
environment = {
PGID = "1000";
PUID = "1000";
TZ = "America/New_York";
};
volumes = [
"transmission_config:/config"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
jellyfin = {
ports = ["0.0.0.0:8096:8096"];
image = "jellyfin/jellyfin";
environment = {TZ = "America/New_York";};
volumes = [
"jellyfin_config:/config"
"jellyfin_cache:/cache"
"/mnt/Media:/Media"
"/mnt/Archive:/Archive"
];
};
freshrss = {
ports = ["0.0.0.0:8080:80"];
image = "freshrss/freshrss:latest";
environment = {
TZ = "America/New_York";
CRON_MIN = "1,31";
};
volumes = [
"freshrss_data:/var/www/FreshRSS/data"
"freshrss_extensions:/var/www/FreshRSS/extensions"
];
};
};
};
}

View file

@ -1,111 +0,0 @@
{
pkgs,
lib,
config,
...
}: {
options = {
alyraffauf.homeLab.reverseProxy.enable =
lib.mkEnableOption "Enables nginx reverse proxy.";
};
config = lib.mkIf config.alyraffauf.homeLab.reverseProxy.enable {
# services.ddclient.enable = true;
# services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
# Open TCP ports for audiobookshelf, plex-server, and transmission-server.
networking = {
firewall = {
allowedTCPPorts = [80 443 51413 9091];
allowedUDPPorts = [51413];
};
# My router doesn't expose settings for NAT loopback
# So we have to use this workaround.
extraHosts = ''
127.0.0.1 music.raffauflabs.com
127.0.0.1 nixcache.raffauflabs.com
127.0.0.1 plex.raffauflabs.com
127.0.0.1 podcasts.raffauflabs.com
127.0.0.1 news.raffauflabs.com
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "alyraffauf@gmail.com";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4533";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."news.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
proxy_redirect off;
# Forward the Authorization header for the Google Reader API.
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
'';
};
};
virtualHosts."nixcache.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port
}";
};
virtualHosts."plex.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:32400";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."podcasts.raffauflabs.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13378";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M;
'';
};
};
};
};
}

View file

@ -1,45 +0,0 @@
{
pkgs,
lib,
config,
...
}: {
options = {
alyraffauf.homeLab.samba.enable =
lib.mkEnableOption "Enables /Archive and /Media samba shares.";
};
config = lib.mkIf config.alyraffauf.homeLab.samba.enable {
services = {
samba = {
enable = true;
securityType = "user";
openFirewall = true;
shares = {
Media = {
comment = "Media @Mauville";
path = "/mnt/Media";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
Archive = {
comment = "Archive @Mauville";
path = "/mnt/Archive";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
};
};
samba-wsdd = {
enable = true;
openFirewall = true;
};
};
};
}

View file

@ -5,10 +5,10 @@
...
}: {
options = {
alyraffauf.homeLab.binaryCache.enable = lib.mkEnableOption "Enables nixpkgs cache.";
alyraffauf.services.binaryCache.enable = lib.mkEnableOption "Enable nixpkgs cache server.";
};
config = lib.mkIf config.alyraffauf.homeLab.binaryCache.enable {
config = lib.mkIf config.alyraffauf.services.binaryCache.enable {
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";

View file

@ -4,5 +4,5 @@
config,
...
}: {
imports = [./flatpak];
imports = [./binaryCache ./flatpak];
}