harry123/nix-config
1
0
Fork 0
mirror of https://github.com/harryssecret/homelab-nix.git synced 2025-01-19 05:39:34 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
nix-config/server-configuration.nix

346 lines
7.5 KiB
Nix
Raw Normal View History

first commit
2024-07-08 19:11:59 +02:00
{
config,
lib,
pkgs,
...
}:
let
ip = "192.168.1.207";
more -arr config
2024-07-11 12:25:10 +02:00
gateway = "192.168.1.1";
first commit
2024-07-08 19:11:59 +02:00
driveMountPoint = "/mnt/hdd1";
authentik-version = "2024.2.3";
authentik-nix-src = builtins.fetchTarball {
url = "https://github.com/nix-community/authentik-nix/archive/version/${authentik-version}.tar.gz";
sha256 = "15b9a2csd2m3vwhj3xc24nrqnj1hal60jrd69splln0ynbnd9ki4";
};
authentik-nix = import authentik-nix-src;
in
{
# setting up networking!!
networking = {
interfaces = {
ens18.ipv4.addresses = [
{
address = ip;
prefixLength = 24;
}
];
};
more -arr config
2024-07-11 12:25:10 +02:00
defaultGateway = gateway;
first commit
2024-07-08 19:11:59 +02:00
nameservers = [
"1.1.1.1"
"1.0.0.1"
];
nftables.enable = true;
# firewall rules
firewall = {
enable = true;
fixed typo
2024-07-08 19:37:54 +02:00
allowedTCPPorts = [
22
5030
8080
9091
];
first commit
2024-07-08 19:11:59 +02:00
allowedUDPPorts = [ ];
};
};
more -arr config
2024-07-11 12:25:10 +02:00
users.groups.multimedia = {
members = [
"slskd"
"radarr"
"readarr"
"sonarr"
"transmission"
"jellyfin"
"cypherpunk"
];
};
first commit
2024-07-08 19:11:59 +02:00
# enable samba
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
extraConfig = ''
workgroup = WORKGROUP
server string = hyperserver
netbios name = hyperserver
security = user
'';
shares = {
music = {
more -arr config
2024-07-11 12:25:10 +02:00
path = "${driveMountPoint}/Musique";
first commit
2024-07-08 19:11:59 +02:00
browseable = "yes";
"read only" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "cypherpunk";
};
ebooks = {
path = "${driveMountPoint}/Ebooks";
browseable = "yes";
"read only" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "cypherpunk";
};
};
};
imports = [ authentik-nix.nixosModules.default ];
sops.age.sshKeyPaths = [ "/home/cypherpunk/.ssh/id_ed25519" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
more -arr config
2024-07-11 12:25:10 +02:00
# define your secrets with
# `nix-shell -p sops --run "sops ./secrets/yoursecret.env"`
sops.secrets."searx" = {
first commit
2024-07-08 19:11:59 +02:00
sopsFile = ./secrets/searx.env;
format = "dotenv";
};
more -arr config
2024-07-11 12:25:10 +02:00
sops.secrets."slskd" = {
first commit
2024-07-08 19:11:59 +02:00
sopsFile = ./secrets/slskd.env;
format = "dotenv";
};
more -arr config
2024-07-11 12:25:10 +02:00
sops.secrets."authentik" = {
sopsFile = ./secrets/authentik.env;
format = "dotenv";
disable_startup_analytics = true;
};
first commit
2024-07-08 19:11:59 +02:00
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
transmission
sonarr
radarr
prowlarr
readarr
jellyseerr
homepage-dashboard
slskd
niv # for using sops-nix
];
services.jellyfin = {
enable = true;
openFirewall = true;
user = "cypherpunk";
};
more -arr config
2024-07-11 12:25:10 +02:00
# -arr suite
first commit
2024-07-08 19:11:59 +02:00
services.sonarr = {
enable = true;
openFirewall = true;
};
services.radarr = {
enable = true;
openFirewall = true;
};
services.readarr = {
enable = true;
openFirewall = true;
};
services.prowlarr = {
enable = true;
openFirewall = true;
};
services.jellyseerr = {
openFirewall = true;
enable = true;
};
more -arr config
2024-07-11 12:25:10 +02:00
# torrenting apps
first commit
2024-07-08 19:11:59 +02:00
services.transmission = {
enable = true;
openFirewall = true;
openRPCPort = true;
more -arr config
2024-07-11 12:25:10 +02:00
credentialsFile = "";
first commit
2024-07-08 19:11:59 +02:00
settings = {
fixed typo
2024-07-08 19:37:54 +02:00
rpc-bind-address = "0.0.0.0";
first commit
2024-07-08 19:11:59 +02:00
rpc-whitelist-enabled = false;
more -arr config
2024-07-11 12:25:10 +02:00
rpc-authentication-required = true;
first commit
2024-07-08 19:11:59 +02:00
download-dir = "${driveMountPoint}/Torrents";
more -arr config
2024-07-11 12:25:10 +02:00
ratio-limit-enabled = true;
};
};
services.slskd = {
enable = true;
openFirewall = true;
environmentFile = config.sops.secrets."slskd".path;
domain = null;
settings = {
shares.directories = [ "${driveMountPoint}/Music" ];
soulseek.description = "i luv katz n mewsik";
directories.files.downloads = "${driveMountPoint}/Music/clean";
directories.files.incomplete = "${driveMountPoint}/Music/incomplete";
first commit
2024-07-08 19:11:59 +02:00
};
};
services.searx = {
enable = true;
settings = {
more -arr config
2024-07-11 12:25:10 +02:00
server.secret_key = builtins.toJSON config.sops.secrets."searx";
first commit
2024-07-08 19:11:59 +02:00
};
};
services.calibre-web = {
enable = true;
openFirewall = true;
options = {
enableBookUploading = true;
};
};
more -arr config
2024-07-11 12:25:10 +02:00
services.caddy = {
enable = true;
virtualHosts."localhost".extraConfig = ''
reverse_proxy :8082
'';
};
first commit
2024-07-08 19:11:59 +02:00
/*
services.authentik = {
enable = true;
more -arr config
2024-07-11 12:25:10 +02:00
environmentFile = config.sops.secrets."authentik".path;
first commit
2024-07-08 19:11:59 +02:00
};
more -arr config
2024-07-11 12:25:10 +02:00
services.photoprism = {
first commit
2024-07-08 19:11:59 +02:00
enable = true;
settings = {
PHOTOPRISM_DEFAULT_LOCALE = "fr";
};
};
*/
more -arr config
2024-07-11 12:25:10 +02:00
# docker containers, for apps that aren't avaiable on Nix. (yet)
first commit
2024-07-08 19:11:59 +02:00
virtualisation.oci-containers = {
backend = "docker";
containers = {
flaresolverr = {
ports = [ "8181:8181" ];
image = "ghcr.io/flaresolverr/flaresolverr:latest";
more -arr config
2024-07-11 12:25:10 +02:00
environment = {
"LOG_LEVEL" = "info";
};
};
crafty-controller = {
image = "registry.gitlab.com/crafty-controller/crafty-4:latest";
ports = [
"8443:8443"
"8123:8123"
"19132:19132/udp"
"25500-25600:25500-25600"
];
volumes = [ ];
environment = {
"TZ" = "Europe/Paris";
};
first commit
2024-07-08 19:11:59 +02:00
};
};
fixed typo
2024-07-08 19:37:54 +02:00
};
first commit
2024-07-08 19:11:59 +02:00
services.homepage-dashboard = {
enable = true;
services = [
{
"Divertissement" = [
{
"Jellyfin" = {
icon = "jellyfin";
description = "Permet de regarder ou écouter du contenu.";
href = "http://${ip}:8096/";
};
}
{
"calibre-web" = {
more -arr config
2024-07-11 12:25:10 +02:00
icon = "Calibre";
first commit
2024-07-08 19:11:59 +02:00
description = "Serveur de livres";
href = "http://${ip}:8083";
};
}
];
}
{
"Téléchargement" = [
{
"Jellyseerr" = {
more -arr config
2024-07-11 12:25:10 +02:00
icon = "Jellyseerr";
first commit
2024-07-08 19:11:59 +02:00
description = "Moteur de recherche de films/séries";
href = "http://${ip}:5055";
};
}
{
"slskd" = {
fixed typo
2024-07-08 19:37:54 +02:00
icon = "slskd";
first commit
2024-07-08 19:11:59 +02:00
description = "Pour télécharger/partager de la musique";
href = "http://${ip}:5030";
};
}
{
"Readarr" = {
fixed typo
2024-07-08 19:37:54 +02:00
icon = "readarr";
first commit
2024-07-08 19:11:59 +02:00
description = "Moteur de recherche de livres";
href = "http://${ip}:8787/";
};
}
{
"Prowlarr" = {
icon = "prowlarr";
description = "Indexe les différents sites de téléchargement";
href = "http://${ip}:9696/";
};
}
{
"Sonarr" = {
icon = "sonarr";
description = "Moteur de recherche pour les séries";
href = "http://${ip}:8989";
};
}
fixed typo
2024-07-08 19:37:54 +02:00
{
"Radarr" = {
icon = "radarr";
description = "Moteur de recherche pour les films";
href = "http://${ip}:7878";
};
}
first commit
2024-07-08 19:11:59 +02:00
{
"Transmission" = {
icon = "transmission";
description = "s'occupe du téléchargement des fichiers";
href = "http://${ip}:9091";
};
}
];
}
{
"Utilitaires" = [
{
"Photoprism" = {
icon = "photoprism";
description = "Sauvegarde de photos";
href = "http://${ip}:2342";
};
}
];
}
];
};
fixed typo
2024-07-08 19:37:54 +02:00
}
Reference in a new issue Copy permalink