alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:4550ca1a4e2edc2ab26dd0c0cee2fe256326a7da
Branches Tags
alex:main
...
compare: alex:334bc9eb58d71df4b37868e9b5e41e9791857c28
Branches Tags
alex:main

10 Commits
4550ca1a4e ... 334bc9eb58

Author SHA1 Message Date
Alexander Heldt
334bc9eb58 backwards: Enable jellyseerr for jellyfin 2024-09-16 21:34:56 +02:00
Alexander Heldt
441138b1e9 backwards: Enable radarr for jellyfin 2024-09-16 21:34:56 +02:00
Alexander Heldt
8603ec662f backwards: Enable sonarr for jellyfin 2024-09-16 21:34:56 +02:00
Alexander Heldt
daa1d80e33 backwards: Enable prowlarr for jellyfin 2024-09-16 21:34:56 +02:00
Alexander Heldt
666611af45 backwards: Add reverse proxy for jellyfin 2024-09-16 21:34:56 +02:00
Alexander Heldt
96adbf74b6 tadpole: Remove unneeded assertion of existing certs for gitea 2024-09-16 21:34:56 +02:00
Alexander Heldt
c0939cb8fc backwards: Add reverse proxy for transmission 2024-09-16 21:34:56 +02:00
Alexander Heldt
54bc15af50 backwards: Add nginx module 2024-09-16 21:24:52 +02:00
Alexander Heldt
a843b7accc tadpole: Clean up nginx and certs modules 2024-09-16 21:24:43 +02:00
Alexander Heldt
466f3662ee tadpole: Change default email for certs 2024-09-16 21:24:17 +02:00
7 changed files with 89 additions and 27 deletions
Expand all files Collapse all files

1
hosts/backwards/modules/default.nix
View File

@@ -12,6 +12,7 @@ in
ssh.enable = true; ssh.enable = true;
git.enable = true; git.enable = true;
nginx.enable = true;
syncthing.enable = true; syncthing.enable = true;
restic.enable = true; restic.enable = true;
transmission.enable = true; transmission.enable = true;

47
hosts/backwards/modules/jellyfin/default.nix
View File

@@ -1,4 +1,12 @@
{ pkgs, ... }: {
pkgs,
lib,
config,
...
}:
let
nginxEnabled = config.mod.nginx.enable;
in
{ {
fileSystems."/home/alex/media" = { fileSystems."/home/alex/media" = {
device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764"; device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
@@ -26,7 +34,8 @@
}; };
}; };
services.jellyfin = { services = {
jellyfin = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@@ -36,6 +45,40 @@
dataDir = "/home/alex/media/jellyfin"; dataDir = "/home/alex/media/jellyfin";
}; };
prowlarr.enable = true;
sonarr = {
enable = true;
user = "alex";
group = "users";
};
radarr = {
enable = true;
user = "alex";
group = "users";
};
jellyseerr.enable = true;
nginx = lib.mkIf nginxEnabled {
virtualHosts."jelly.ppp.pm" = {
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8096";
};
"/socket" = {
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
};
};
};
};
};
environment.systemPackages = [ environment.systemPackages = [
pkgs.jellyfin pkgs.jellyfin
pkgs.jellyfin-web pkgs.jellyfin-web

22
hosts/backwards/modules/nginx/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
};
}

10
hosts/backwards/modules/transmission/default.nix
View File

@@ -6,6 +6,8 @@
}: }:
let let
enabled = config.mod.transmission.enable; enabled = config.mod.transmission.enable;
nginxEnabled = config.mod.nginx.enable;
in in
{ {
options = { options = {
@@ -42,6 +44,14 @@ in
rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi"; rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
}; };
}; };
nginx = lib.mkIf nginxEnabled {
virtualHosts."ts.ppp.pm" = {
locations."/" = {
proxyPass = "http://localhost:9191";
};
};
};
}; };
}; };
} }

8
hosts/tadpole/modules/certs/default.nix
View File

@@ -1,16 +1,20 @@
{ ... }: { ... }:
{ {
security.acme = { security.acme = {
acceptTerms = true;
defaults = {
email = "acme@ppp.pm";
};
certs = { certs = {
"ppp.pm" = { "ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/"; webroot = "/var/lib/acme/acme-challenge/";
email = "p@ppp.pm";
group = "nginx"; group = "nginx";
}; };
"git.ppp.pm" = { "git.ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/"; webroot = "/var/lib/acme/acme-challenge/";
email = "p@ppp.pm";
group = "nginx"; group = "nginx";
}; };
}; };

8
hosts/tadpole/modules/gitea/default.nix
View File

@@ -43,14 +43,6 @@ in
assertion = conf.baseDomain != ""; assertion = conf.baseDomain != "";
message = "Option 'mod.gitea.baseDomain' cannot be empty"; message = "Option 'mod.gitea.baseDomain' cannot be empty";
} }
{
assertion = builtins.hasAttr gitDomain config.security.acme.certs;
message = "There is no cert configured for ${gitDomain} used by gitea";
}
{
assertion = conf.webfingerEnable && builtins.hasAttr conf.baseDomain config.security.acme.certs;
message = "There is no cert configured for ${conf.baseDomain} used by webfinger";
}
{ {
assertion = conf.webfingerEnable && conf.webfingerAccounts != [ ]; assertion = conf.webfingerEnable && conf.webfingerAccounts != [ ];
message = "Option 'mod.gitea.webfingerAccounts' cannot be empty"; message = "Option 'mod.gitea.webfingerAccounts' cannot be empty";

10
hosts/tadpole/modules/nginx/default.nix
View File

@@ -10,16 +10,6 @@ in
}; };
config = lib.mkIf enabled { config = lib.mkIf enabled {
security = {
acme = {
acceptTerms = true;
defaults = {
email = "p@ppp.pm";
};
};
};
services = { services = {
nginx = { nginx = {
enable = true; enable = true;