dissolved homeLab module in favor of separate container and services modules

2024-11-22 05:53:56 -05:00 · 2024-04-22 20:18:47 -04:00 · 2024-04-22 20:18:47 -04:00 · 4fcd46cfa3
parent ee0fcb052b
commit 4fcd46cfa3
17 changed files with 363 additions and 267 deletions
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@ -14,6 +14,34 @@
  networking.hostName = "mauville"; # Define your hostname.

  alyraffauf = {
+    apps = {
+      steam.enable = true;
+      podman.enable = true;
+      virt-manager.enable = true;
+    };
+    containers = {
+      nixos = {
+        navidrome.enable = true;
+      };
+      oci = {
+        audiobookshelf.enable = true;
+        freshRSS.enable = true;
+        jellyfin.enable = true;
+        plexMediaServer.enable = true;
+        transmission.enable = true;
+      };
+    };
+    desktop = {
+      enable = true;
+      hyprland.enable = true;
+    };
+    user = {
+      aly.enable = true;
+      dustin.enable = true;
+    };
+    services = {
+      binaryCache.enable = true;
+    };
    system = {
      plymouth.enable = true;
      zramSwap = {
@ -21,19 +49,131 @@
        size = 100;
      };
    };
-    user = {
-      aly.enable = true;
-      dustin.enable = true;
+  };
+
+  networking = {
+    firewall = {
+      allowedTCPPorts = [80 443 51413 9091];
+      allowedUDPPorts = [51413];
    };
-    desktop = {
+    # My router doesn't expose settings for NAT loopback
+    # So we have to use this workaround.
+    extraHosts = ''
+      127.0.0.1 music.raffauflabs.com
+      127.0.0.1 nixcache.raffauflabs.com
+      127.0.0.1 plex.raffauflabs.com
+      127.0.0.1 podcasts.raffauflabs.com
+      127.0.0.1 news.raffauflabs.com
+    '';
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "alyraffauf@gmail.com";
+  };
+
+  services = {
+    nginx = {
      enable = true;
-      hyprland.enable = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+
+      virtualHosts."music.raffauflabs.com" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:4533";
+          proxyWebsockets = true; # needed if you need to use WebSocket
+          extraConfig = ''
+            proxy_buffering off;
+          '';
+        };
+      };
+
+      virtualHosts."news.raffauflabs.com" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8080";
+          proxyWebsockets = true; # needed if you need to use WebSocket
+          extraConfig = ''
+            proxy_buffering off;
+            proxy_redirect off;
+            # Forward the Authorization header for the Google Reader API.
+            proxy_set_header Authorization $http_authorization;
+            proxy_pass_header Authorization;
+          '';
+        };
+      };
+
+      virtualHosts."nixcache.raffauflabs.com" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${
+          toString config.services.nix-serve.port
+        }";
+      };
+
+      virtualHosts."plex.raffauflabs.com" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:32400";
+          proxyWebsockets = true; # needed if you need to use WebSocket
+          extraConfig = ''
+            proxy_buffering off;
+          '';
+        };
+      };
+
+      virtualHosts."podcasts.raffauflabs.com" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:13378";
+          # proxyWebsockets = true; # This breaks audiobookshelf.
+          extraConfig = ''
+            proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+            proxy_set_header  X-Forwarded-Proto $scheme;
+            proxy_set_header  Host              $host;
+            proxy_set_header Upgrade            $http_upgrade;
+            proxy_set_header Connection         "upgrade";
+            proxy_redirect                      http:// https://;
+            proxy_buffering off;
+            client_max_body_size 500M;
+          '';
+        };
+      };
    };
-    homeLab.enable = true;
-    apps = {
-      steam.enable = true;
-      podman.enable = true;
-      virt-manager.enable = true;
+    samba = {
+      enable = true;
+      securityType = "user";
+      openFirewall = true;
+      shares = {
+        Media = {
+          comment = "Media @ ${config.networking.hostName}";
+          path = "/mnt/Media";
+          browseable = "yes";
+          "read only" = "no";
+          "guest ok" = "yes";
+          "create mask" = "0755";
+          "directory mask" = "0755";
+        };
+        Archive = {
+          comment = "Archive @ ${config.networking.hostName}";
+          path = "/mnt/Archive";
+          browseable = "yes";
+          "read only" = "no";
+          "guest ok" = "yes";
+          "create mask" = "0755";
+          "directory mask" = "0755";
+        };
+      };
+    };
+    samba-wsdd = {
+      enable = true;
+      openFirewall = true;
    };
  };

--- a/nixosModules/containers/default.nix
+++ b/nixosModules/containers/default.nix
@ -0,0 +1,8 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  imports = [./nixos ./oci];
+}
--- a/nixosModules/containers/nixos/default.nix
+++ b/nixosModules/containers/nixos/default.nix
@ -0,0 +1,8 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  imports = [./navidrome];
+}
--- a/nixosModules/containers/nixos/navidrome/default.nix
+++ b/nixosModules/containers/nixos/navidrome/default.nix
@ -5,14 +5,19 @@
  ...
 }: {
  options = {
-    alyraffauf.homeLab.nixContainers.enable =
-      lib.mkEnableOption "Enables select nix containers.";
+    alyraffauf.containers.nixos.navidrome.enable =
+      lib.mkEnableOption "Enable navidrome nixos container.";
+    alyraffauf.containers.nixos.navidrome.musicDirectory = lib.mkOption {
+      description = "Music directory for Navidrome.";
+      default = "/mnt/Media/Music";
+      type = lib.types.str;
+    };
  };

-  config = lib.mkIf config.alyraffauf.homeLab.nixContainers.enable {
+  config = lib.mkIf config.alyraffauf.containers.nixos.navidrome.enable {
    containers.navidrome = {
      autoStart = true;
-      bindMounts."/Music".hostPath = "/mnt/Media/Music";
+      bindMounts."/Music".hostPath = config.alyraffauf.containers.nixos.navidrome.musicDirectory;
      config = {
        config,
        pkgs,
@ -29,7 +34,7 @@
            MusicFolder = "/Music";
            DefaultTheme = "Auto";
            SubsonicArtistParticipations = true;
-            UIWelcomeMessage = "Welcome to Navidrome @ raffauflabs.com.";
+            UIWelcomeMessage = "Welcome to Navidrome! Registrations are closed.";
          };
        };
      };
--- a/nixosModules/containers/oci/audiobookshelf/default.nix
+++ b/nixosModules/containers/oci/audiobookshelf/default.nix
@ -0,0 +1,27 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  options = {
+    alyraffauf.containers.oci.audiobookshelf.enable =
+      lib.mkEnableOption "Enable audiobookshelf podcast and audiobook server.";
+    alyraffauf.containers.oci.audiobookshelf.mediaDirectory = lib.mkOption {
+      description = "Media directory for audiobookshelf.";
+      default = "/mnt/Media";
+      type = lib.types.str;
+    };
+  };
+
+  config = lib.mkIf config.alyraffauf.containers.oci.audiobookshelf.enable {
+    virtualisation.oci-containers.containers = {
+      audiobookshelf = {
+        ports = ["0.0.0.0:13378:80"];
+        image = "ghcr.io/advplyr/audiobookshelf:latest";
+        environment = {TZ = "America/New_York";};
+        volumes = ["abs_config:/config" "abs_metadata:/metadata" "${config.alyraffauf.containers.oci.audiobookshelf.mediaDirectory}:/Media"];
+      };
+    };
+  };
+}
--- a/nixosModules/containers/oci/default.nix
+++ b/nixosModules/containers/oci/default.nix
@ -0,0 +1,14 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  imports = [
+    ./audiobookshelf
+    ./freshRSS
+    ./jellyfin
+    ./plexMediaServer
+    ./transmission
+  ];
+}
--- a/nixosModules/containers/oci/freshRSS/default.nix
+++ b/nixosModules/containers/oci/freshRSS/default.nix
@ -0,0 +1,28 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  options = {
+    alyraffauf.containers.oci.freshRSS.enable =
+      lib.mkEnableOption "Enable FreshRSS news client.";
+  };
+
+  config = lib.mkIf config.alyraffauf.containers.oci.freshRSS.enable {
+    virtualisation.oci-containers.containers = {
+      freshrss = {
+        ports = ["0.0.0.0:8080:80"];
+        image = "freshrss/freshrss:latest";
+        environment = {
+          TZ = "America/New_York";
+          CRON_MIN = "1,31";
+        };
+        volumes = [
+          "freshrss_data:/var/www/FreshRSS/data"
+          "freshrss_extensions:/var/www/FreshRSS/extensions"
+        ];
+      };
+    };
+  };
+}
--- a/nixosModules/containers/oci/jellyfin/default.nix
+++ b/nixosModules/containers/oci/jellyfin/default.nix
@ -0,0 +1,37 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  options = {
+    alyraffauf.containers.oci.jellyfin.enable =
+      lib.mkEnableOption "Enable Jellyfin media server.";
+    alyraffauf.containers.oci.jellyfin.mediaDirectory = lib.mkOption {
+      description = "Media directory for Jellyfin.";
+      default = "/mnt/Media";
+      type = lib.types.str;
+    };
+    alyraffauf.containers.oci.jellyfin.archiveDirectory = lib.mkOption {
+      description = "Archive directory for Jellyfin.";
+      default = "/mnt/Archive";
+      type = lib.types.str;
+    };
+  };
+
+  config = lib.mkIf config.alyraffauf.containers.oci.jellyfin.enable {
+    virtualisation.oci-containers.containers = {
+      jellyfin = {
+        ports = ["0.0.0.0:8096:8096"];
+        image = "jellyfin/jellyfin";
+        environment = {TZ = "America/New_York";};
+        volumes = [
+          "jellyfin_config:/config"
+          "jellyfin_cache:/cache"
+          "${config.alyraffauf.containers.oci.jellyfin.mediaDirectory}:/Media"
+          "${config.alyraffauf.containers.oci.jellyfin.archiveDirectory}:/Archive"
+        ];
+      };
+    };
+  };
+}
--- a/nixosModules/containers/oci/plexMediaServer/default.nix
+++ b/nixosModules/containers/oci/plexMediaServer/default.nix
@ -0,0 +1,37 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  options = {
+    alyraffauf.containers.oci.plexMediaServer.enable =
+      lib.mkEnableOption "Enable Plex Media Server.";
+    alyraffauf.containers.oci.plexMediaServer.mediaDirectory = lib.mkOption {
+      description = "Media directory for Plex Media Server.";
+      default = "/mnt/Media";
+      type = lib.types.str;
+    };
+    alyraffauf.containers.oci.plexMediaServer.archiveDirectory = lib.mkOption {
+      description = "Archive directory for Plex Media Server.";
+      default = "/mnt/Archive";
+      type = lib.types.str;
+    };
+  };
+
+  config = lib.mkIf config.alyraffauf.containers.oci.plexMediaServer.enable {
+    virtualisation.oci-containers.containers = {
+      plexMediaServer = {
+        ports = ["0.0.0.0:32400:32400"];
+        image = "plexinc/pms-docker:public";
+        environment = {TZ = "America/New_York";};
+        volumes = [
+          "plex_config:/config"
+          "plex_transcode:/transcode"
+          "${config.alyraffauf.containers.oci.plexMediaServer.mediaDirectory}:/Media"
+          "${config.alyraffauf.containers.oci.plexMediaServer.archiveDirectory}:/Archive"
+        ];
+      };
+    };
+  };
+}
--- a/nixosModules/containers/oci/transmission/default.nix
+++ b/nixosModules/containers/oci/transmission/default.nix
@ -0,0 +1,40 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: {
+  options = {
+    alyraffauf.containers.oci.transmission.enable =
+      lib.mkEnableOption "Enable Transmission Bittorrent server.";
+    alyraffauf.containers.oci.transmission.mediaDirectory = lib.mkOption {
+      description = "Media directory for Transmission.";
+      default = "/mnt/Media";
+      type = lib.types.str;
+    };
+    alyraffauf.containers.oci.transmission.archiveDirectory = lib.mkOption {
+      description = "Archive directory for Transmission.";
+      default = "/mnt/Archive";
+      type = lib.types.str;
+    };
+  };
+
+  config = lib.mkIf config.alyraffauf.containers.oci.transmission.enable {
+    virtualisation.oci-containers.containers = {
+      transmission = {
+        ports = ["0.0.0.0:9091:9091" "0.0.0.0:51413:51413"];
+        image = "linuxserver/transmission:latest";
+        environment = {
+          PGID = "1000";
+          PUID = "1000";
+          TZ = "America/New_York";
+        };
+        volumes = [
+          "transmission_config:/config"
+          "${config.alyraffauf.containers.oci.transmission.mediaDirectory}:/Media"
+          "${config.alyraffauf.containers.oci.transmission.archiveDirectory}:/Archive"
+        ];
+      };
+    };
+  };
+}
--- a/nixosModules/default.nix
+++ b/nixosModules/default.nix
@ -3,5 +3,5 @@
  pkgs,
  ...
 }: {
-  imports = [./apps ./desktop ./homeLab ./services ./system ./user];
+  imports = [./apps ./containers ./desktop ./services ./system ./user];
 }
--- a/nixosModules/homeLab/default.nix
+++ b/nixosModules/homeLab/default.nix
@ -1,20 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: {
-  imports = [./binaryCache ./reverseProxy ./nixContainers ./ociContainers ./samba];
-
-  options = {
-    alyraffauf.homeLab.enable = lib.mkEnableOption "Enables fully functional Home Lab.";
-  };
-
-  config = lib.mkIf config.alyraffauf.homeLab.enable {
-    alyraffauf.homeLab.binaryCache.enable = lib.mkDefault true;
-    alyraffauf.homeLab.nixContainers.enable = lib.mkDefault true;
-    alyraffauf.homeLab.ociContainers.enable = lib.mkDefault true;
-    alyraffauf.homeLab.reverseProxy.enable = lib.mkDefault true;
-    alyraffauf.homeLab.samba.enable = lib.mkDefault true;
-  };
-}
--- a/nixosModules/homeLab/ociContainers/default.nix
+++ b/nixosModules/homeLab/ociContainers/default.nix
@ -1,72 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: {
-  options = {
-    alyraffauf.homeLab.ociContainers.enable =
-      lib.mkEnableOption "Enables select OCI containers.";
-  };
-
-  config = lib.mkIf config.alyraffauf.homeLab.ociContainers.enable {
-    alyraffauf.apps.podman.enable = lib.mkDefault true;
-
-    virtualisation.oci-containers.containers = {
-      audiobookshelf = {
-        ports = ["0.0.0.0:13378:80"];
-        image = "ghcr.io/advplyr/audiobookshelf:latest";
-        environment = {TZ = "America/New_York";};
-        volumes = ["abs_config:/config" "abs_metadata:/metadata" "/mnt/Media:/Media"];
-      };
-      plex-server = {
-        ports = ["0.0.0.0:32400:32400"];
-        image = "plexinc/pms-docker:public";
-        environment = {TZ = "America/New_York";};
-        volumes = [
-          "plex_config:/config"
-          "plex_transcode:/transcode"
-          "/mnt/Media:/Media"
-          "/mnt/Archive:/Archive"
-        ];
-      };
-      transmission-server = {
-        ports = ["0.0.0.0:9091:9091" "0.0.0.0:51413:51413"];
-        image = "linuxserver/transmission:latest";
-        environment = {
-          PGID = "1000";
-          PUID = "1000";
-          TZ = "America/New_York";
-        };
-        volumes = [
-          "transmission_config:/config"
-          "/mnt/Media:/Media"
-          "/mnt/Archive:/Archive"
-        ];
-      };
-      jellyfin = {
-        ports = ["0.0.0.0:8096:8096"];
-        image = "jellyfin/jellyfin";
-        environment = {TZ = "America/New_York";};
-        volumes = [
-          "jellyfin_config:/config"
-          "jellyfin_cache:/cache"
-          "/mnt/Media:/Media"
-          "/mnt/Archive:/Archive"
-        ];
-      };
-      freshrss = {
-        ports = ["0.0.0.0:8080:80"];
-        image = "freshrss/freshrss:latest";
-        environment = {
-          TZ = "America/New_York";
-          CRON_MIN = "1,31";
-        };
-        volumes = [
-          "freshrss_data:/var/www/FreshRSS/data"
-          "freshrss_extensions:/var/www/FreshRSS/extensions"
-        ];
-      };
-    };
-  };
-}
--- a/nixosModules/homeLab/reverseProxy/default.nix
+++ b/nixosModules/homeLab/reverseProxy/default.nix
@ -1,111 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: {
-  options = {
-    alyraffauf.homeLab.reverseProxy.enable =
-      lib.mkEnableOption "Enables nginx reverse proxy.";
-  };
-
-  config = lib.mkIf config.alyraffauf.homeLab.reverseProxy.enable {
-    # services.ddclient.enable = true;
-    # services.ddclient.configFile = "/etc/ddclient/ddclient.conf";
-
-    # Open TCP ports for audiobookshelf, plex-server, and transmission-server.
-    networking = {
-      firewall = {
-        allowedTCPPorts = [80 443 51413 9091];
-        allowedUDPPorts = [51413];
-      };
-      # My router doesn't expose settings for NAT loopback
-      # So we have to use this workaround.
-      extraHosts = ''
-        127.0.0.1 music.raffauflabs.com
-        127.0.0.1 nixcache.raffauflabs.com
-        127.0.0.1 plex.raffauflabs.com
-        127.0.0.1 podcasts.raffauflabs.com
-        127.0.0.1 news.raffauflabs.com
-      '';
-    };
-
-    security.acme = {
-      acceptTerms = true;
-      defaults.email = "alyraffauf@gmail.com";
-    };
-    services.nginx = {
-      enable = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-      recommendedGzipSettings = true;
-
-      virtualHosts."music.raffauflabs.com" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:4533";
-          proxyWebsockets = true; # needed if you need to use WebSocket
-          extraConfig = ''
-            proxy_buffering off;
-          '';
-        };
-      };
-
-      virtualHosts."news.raffauflabs.com" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:8080";
-          proxyWebsockets = true; # needed if you need to use WebSocket
-          extraConfig = ''
-            proxy_buffering off;
-            proxy_redirect off;
-            # Forward the Authorization header for the Google Reader API.
-            proxy_set_header Authorization $http_authorization;
-            proxy_pass_header Authorization;
-          '';
-        };
-      };
-
-      virtualHosts."nixcache.raffauflabs.com" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${
-          toString config.services.nix-serve.port
-        }";
-      };
-
-      virtualHosts."plex.raffauflabs.com" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:32400";
-          proxyWebsockets = true; # needed if you need to use WebSocket
-          extraConfig = ''
-            proxy_buffering off;
-          '';
-        };
-      };
-
-      virtualHosts."podcasts.raffauflabs.com" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:13378";
-          # proxyWebsockets = true; # This breaks audiobookshelf.
-          extraConfig = ''
-            proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
-            proxy_set_header  X-Forwarded-Proto $scheme;
-            proxy_set_header  Host              $host;
-            proxy_set_header Upgrade            $http_upgrade;
-            proxy_set_header Connection         "upgrade";
-            proxy_redirect                      http:// https://;
-            proxy_buffering off;
-            client_max_body_size 500M;
-          '';
-        };
-      };
-    };
-  };
-}
--- a/nixosModules/homeLab/samba/default.nix
+++ b/nixosModules/homeLab/samba/default.nix
@ -1,45 +0,0 @@
-{
-  pkgs,
-  lib,
-  config,
-  ...
-}: {
-  options = {
-    alyraffauf.homeLab.samba.enable =
-      lib.mkEnableOption "Enables /Archive and /Media samba shares.";
-  };
-
-  config = lib.mkIf config.alyraffauf.homeLab.samba.enable {
-    services = {
-      samba = {
-        enable = true;
-        securityType = "user";
-        openFirewall = true;
-        shares = {
-          Media = {
-            comment = "Media @Mauville";
-            path = "/mnt/Media";
-            browseable = "yes";
-            "read only" = "no";
-            "guest ok" = "yes";
-            "create mask" = "0755";
-            "directory mask" = "0755";
-          };
-          Archive = {
-            comment = "Archive @Mauville";
-            path = "/mnt/Archive";
-            browseable = "yes";
-            "read only" = "no";
-            "guest ok" = "yes";
-            "create mask" = "0755";
-            "directory mask" = "0755";
-          };
-        };
-      };
-      samba-wsdd = {
-        enable = true;
-        openFirewall = true;
-      };
-    };
-  };
-}
--- a/nixosModules/services/binaryCache/default.nix
+++ b/nixosModules/services/binaryCache/default.nix
@ -5,10 +5,10 @@
  ...
 }: {
  options = {
-    alyraffauf.homeLab.binaryCache.enable = lib.mkEnableOption "Enables nixpkgs cache.";
+    alyraffauf.services.binaryCache.enable = lib.mkEnableOption "Enable nixpkgs cache server.";
  };

-  config = lib.mkIf config.alyraffauf.homeLab.binaryCache.enable {
+  config = lib.mkIf config.alyraffauf.services.binaryCache.enable {
    services.nix-serve = {
      enable = true;
      secretKeyFile = "/var/cache-priv-key.pem";
--- a/nixosModules/services/default.nix
+++ b/nixosModules/services/default.nix
@ -4,5 +4,5 @@
  config,
  ...
 }: {
-  imports = [./flatpak];
+  imports = [./binaryCache ./flatpak];
 }