harry123/nix-config
1
0
Fork 0
mirror of https://github.com/harryssecret/homelab-nix.git synced 2025-02-22 22:33:56 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

huge refactoring

Browse source
This commit is contained in:
Harry 2024-08-12 15:56:45 +02:00
parent fffcee128e
commit 7a2fba99cd
30 changed files with 246 additions and 201 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -10,9 +10,9 @@ The goal of this config is to include :
- [x] slskd
- [ ] a cloud solution, to backup family files
- [x] crafty controller\*
- [ ] a matrix server
- [x] a matrix server
- [x] tt-rss / freshrss\*
- [ ] tailscale
- [x] tailscale
\*Not using the "Nix" way (i prefer using Docker atm, i currently lack time)
@ -20,8 +20,8 @@ The goal of this config is to include :
- [x] fix homepage-dashboard secrets
- [ ] use Docker for Sonarr, seems to be a cleaner approach for double instances
- [ ] move crafty-controller to a nix build
- [ ] figure out how to use secrets with freshrss
- [ ] move crafty-controller / fressrss to nix
- [ ] setup mautrix-whatsapp / mautrix-discord
## Installation

36
features/backups.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, ... }:
{
sops.secrets.borgRepoPassword = {};
opt.services.borgbackup.jobs = {
localBackup = {
paths = "/";
exclude = [
"/nix"
"/srv/Multimedia"
"/srv/media"
];
repo = "/srv/backups/serverBackups";
doInit = true;
encryption = {
mode = "repokey";
passCommand = "cat /run/secrets/borgRepoPassword";
};
compression = "auto,lzma";
startAt = "weekly";
};
borgPersonalServer = {
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHyeTAANyYqMFded6mJHWuhGVXROu3TqDV2b8icjolfO root@meowcats-silly-computer"
];
path = "/srv/backups/localComputerBackups";
};
/*
serverBackup = {
};
*/
};
}

16
features/containers/4get.nix Normal file
View file

@ -0,0 +1,16 @@
{config, ...}:
{
virtualisation.oci-containers = {
backend = "docker";
containers = {
fourget = {
image = "luuul/4get:latest";
environment = {
"FOURGET_PROTO" = "http";
"FOURGET_SERVER_NAME" = "192.168.1.177:6942";
};
ports = ["6942:80"];
};
};
};
}

3
features/containers/default.nix
View file

@ -4,7 +4,8 @@
imports = [
./crafty-controller.nix
./flaresolverr.nix
./freshrss.nix
# ./freshrss.nix
./sonarr.nix
./pihole-exporter.nix
];
}

21
features/containers/pihole-exporter.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, ... }:
{
sops.secrets.piholeHostname = {};
sops.secrets.piholePassword = {};
virtualisation.oci-containers = {
backend = "docker";
containers = {
pihole-exporter = {
image = "ekofr/pihole-exporter:latest";
ports = [ "9617:9617" ];
environment = {
"PIHOLE_HOSTNAME" = config.sops.secrets.piholeHostname;
"PIHOLE_PASSWORD" = config.sops.secrets.piholePassword;
};
};
};
};
}

21
features/databases/default.nix Normal file
View file

@ -0,0 +1,21 @@
{pkgs, config, ...} :
{
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [ "photoprism" ];
ensureUsers = [
{
name = "photoprism";
ensurePermissions = {
"photoprism.*" = "ALL PRIVILEGES";
};
}
];
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
};
}

5
features/arr-suite.nix → features/multimedia/arr-suite.nix
View file

@ -35,7 +35,7 @@ in
enable = true;
openFirewall = true;
};
/*
/*
#TODO: create duplicated instances of Sonarr.
systemd.services."sonarrAnime" = {
enable = true;
@ -56,5 +56,6 @@ in
};
wantedBy = [ "multi-user.target" ];
};
*/
*/
}

0
features/calibre-web.nix → features/multimedia/calibre-web.nix
View file

8
features/multimedia/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
imports = [
./arr-suite.nix
./calibre-web.nix
./slskd.nix
./transmission.nix
];
}

0
features/slskd.nix → features/multimedia/slskd.nix
View file

0
features/transmission.nix → features/multimedia/transmission.nix
View file

0
features/nextcloud.nix
View file

38
features/photoprism.nix
View file

@ -1,38 +0,0 @@
{ pkgs, config, ... }:
{
sops.secrets.adminPassword = {
sopsFile = ../secrets/photoprism.yaml;
format = "dotenv";
};
services.photoprism = {
enable = true;
port = 2342;
originalsPath = "/var/lib/private/photoprism/originals";
settings = {
PHOTOPRISM_ADMIN_USER = "lospussyadminos";
PHOTOPRISM_ADMIN_PASSWORD = config.sops.secrets.adminPassword;
PHOTOPRISM_DEFAULT_LOCALE = "fr";
PHOTOPRISM_DATABASE_DRIVER = "mysql";
PHOTOPRISM_DATABASE_NAME = "photoprism";
PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
PHOTOPRISM_DATABASE_USER = "photoprism";
PHOTOPRISM_SITE_URL = "http://192.168.1.177:2342";
PHOTOPRISM_SITE_TITLE = "hyperreal photoprism???";
};
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [ "photoprism" ];
ensureUsers = [
{
name = "photoprism";
ensurePermissions = {
"photoprism.*" = "ALL PRIVILEGES";
};
}
];
};
}

5
features/prometheus.nix
View file

@ -6,7 +6,10 @@
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
enabledCollectors = [
"logind"
"systemd"
];
port = 9002;
};
};

12
features/services/default.nix Normal file
View file

@ -0,0 +1,12 @@
{config, ...}:
{
imports = [
./homelab-dashboard.nix
./nextcloud.nix
./photoprism.nix
./grafana.nix
./forgejo.nix
./synapse-matrix.nix
./uptime-kuma.nix
];
}

31
features/services/forgejo.nix Normal file
View file

@ -0,0 +1,31 @@
{ config, ... }:
{
sops.secrets.smtp_address = {};
sops.secrets.smtp_password = {};
services.forgejo = {
enable = true;
lfs.enable = true;
service.DISABLE_REGISTRATION = true;
database = {
type = "postgres";
};
server = {
DOMAIN = "git.hypervirtual.world";
ROOT_URL = "https://hypervirtual.world";
HTTP_PORT = 3000;
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
mailer = {
ENABLED = true;
SMTP_ADDR = config.sops.secrets.smtp_address;
};
mailerPasswordFile = config.sops.secrets.smtp_password.path;
};
}

0
features/freshrss.nix → features/services/freshrss.nix
View file

1
features/grafana.nix → features/services/grafana.nix
View file

@ -9,5 +9,4 @@
};
};
};
}

4
features/homelab-dashboard.nix → features/services/homelab-dashboard.nix
View file

@ -228,10 +228,10 @@ in
}
{
"Searx" = {
"4get" = {
icon = "searx";
description = "Moteur de recherche privé pour remplacer Google.";
href = "http://${ip}:8080";
href = "https://4get.hypervirtual.world";
};
}
];

11
features/services/nextcloud.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }:
{
services.nextcould = {
enable = true;
hostName = "cloud.hypervirtual.world";
database.createLocally = true;
config = {
dbtype = "pgsql";
};
};
}

22
features/services/photoprism.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs, config, ... }:
{
sops.secrets.photoprismUser = {};
sops.secrets.photoprismPassword = {};
services.photoprism = {
enable = true;
port = 2342;
originalsPath = "/srv/cloud/photoprism/originals";
settings = {
PHOTOPRISM_ADMIN_USER = config.sops.secrets.photoprismUser;
PHOTOPRISM_ADMIN_PASSWORD = config.sops.secrets.photoprismPassword;
PHOTOPRISM_DEFAULT_LOCALE = "fr";
PHOTOPRISM_DATABASE_DRIVER = "mysql";
PHOTOPRISM_DATABASE_NAME = "photoprism";
PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
PHOTOPRISM_DATABASE_USER = "photoprism";
PHOTOPRISM_SITE_URL = "http://photos.hypervirtual.world";
PHOTOPRISM_SITE_TITLE = "hyperreal photoprism???";
};
};
}

12
features/synapse-matrix.nix → features/services/synapse-matrix.nix
View file

@ -4,14 +4,12 @@
lib,
...
}:
#TODO: implement
let
baseUrl = "https://talk.hypervirtual.world";
in
{
networking.domain = "hypervirtual.world";
sops.secrets.data = {
sopsFile = ../secrets/matrix.yaml;
sops.secrets.matrix_data = {
format = "yaml";
owner = "matrix-synapse";
};
@ -64,8 +62,7 @@ in
"user-search"
];
extraConfigFiles = [ "/run/secrets/data" ];
extraConfigFiles = [ "/run/secrets/matrix_data" ];
};
/*
@ -91,11 +88,6 @@ in
};
};
services.mautrix-whatsapp = { };
*/
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
};
}

0
features/uptime-kuma.nix → features/services/uptime-kuma.nix
View file

26
secrets/arrsuite.json
View file

@ -1,26 +0,0 @@
{
"radarr_key": "",
"sonarr_key": "ENC[AES256_GCM,data:DF7j2/br+TVLfbfyhG/B64ks5sLPWtQ+aRWCEV26RMI=,iv:cfmYc/4vnZCifYxCATIEiVUIrw/qfdYErjtJZXIm8Nw=,tag:2mhZAm/gT3rm4yNivZ/O5g==,type:str]",
"jellyfin_key": "",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoa0Q4NGtpeWI2OFRIZXFZ\nd2hsTVdYWm1vMDVkeUFHR1NVcGlwSXNEWkY0Cm1Vb3pONXU5QzVuNXQ1dkNxMkVh\nR21pNGxZUGdmK21LMmR4dXJVNDJveEkKLS0tIDlkb0RXMFZLK2Y5VE1qdXg2THlD\nY2FDS2J6RE1vOUdHMjY1ZGxyMXZyckUK1P+EtjvmmPx0QHUywuznY73tJFO2+LT5\n1JUZaQr+3V2bbJyeU2ZX5NTet1uemxFJTTMMfs4MD4t2xjXPM1AW6A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRzF2VHkwUmhUWDBoTHlp\nZXVQendPL0VqeENiYVhjai9UVEZHSWdtQkQ0CjVuUzFaNlJjTHVlLzlESXdRWk1M\ncG8rcVVzZndSL0xZWmZPQ3hDNjlNVWcKLS0tIFBGcmlGbjVrQzNWOU9qOXRMaTNj\nVHBndVMzY3RXdGZ1K0NxSHNxSytRV28K3bOiWVmMpRdYk2CbAntlGRwOFIxptcBE\n8ehUmdfw3v7zC0776RPHjavbpUZ3u2Yhg5Y1NFaUrvuSkM31ULwKsQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-07-14T13:43:51Z",
"mac": "ENC[AES256_GCM,data:/pX6z+9XMdSo5d9a0FkmHv2KJXoMXYDIv7fHWbz2Jh7ukckfQ+qxQ2kjUjEc5bAFknolSpc+ggbhIPUNwSVcQgtUegwegEQPwyq6+8u90/AGPDTscKj1NHQPMNYI4PpuWyAbPtCnd9JCIpjDc8d5q4BfsMhD+ioV/UIodbpWVRU=,iv:XhbmgYk3tr2h9vsKpCbPDv2n/SfnOyNUOSAB45uQbw8=,tag:bggLlobJLFT4+ApQ+8Q2fg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.0"
}
}

31
secrets/freshrss.yaml
View file

@ -1,31 +0,0 @@
freshrss_username: ENC[AES256_GCM,data:uI/v5MkcVBGp,iv:oJlUscDy2dzXQaMj8O09tt8QM6bNoJt40zdZVBW47ho=,tag:7UiBpFYpZHmfq3WhquC7UQ==,type:str]
freshrss_password: ENC[AES256_GCM,data:fCOjuis7ULvsTg0H5tMVnbHH+Pihv1Ezeq0=,iv:5sTcJBdsV/zJ23wb7xueoY9npVDGPV5kbV5IfUyP4yQ=,tag:Ws94G1v8smU9E5xBEARRTw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaGxtWDZySE42eDlMbFVP
cHRCMkt3VVVEY25nd3BBR3FBZ0xJNzZIRW13CkJNQjNXU21UNWx2Tk5zcFgvdEJp
TmwwY0Nxd1k3WU82a0pyeUg2OUxzT0UKLS0tIFE3cGd3SllibFBZdVZJUzhSaldF
Z3V4cEhEU05HQzh4cUU4cEpRN2ZtK1EKQSFyLMrWk1xpkNqWD+PzVdTQGQ0qgCtU
y3327TfcYsmEHcwmXaDPGXAnxSb0XH3p+kiLV08MWiCYxfs9YVZUDw==
-----END AGE ENCRYPTED FILE-----
- recipient: age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ0NIMGJ3N2xWOUdONk5o
SC9CajA3c0Rkc1RsdERRbE1OUWUzNHcxZlJFCklSa1g0K1lUZzhyQlBzQ2xWYnUr
TjF4LzYrcTc3U1ZnODE3dlllelNpTlUKLS0tIEJOcG80UUs5eTM0azhCaXJnM0pE
a05vSlBPamVwRzlWbHNSRXdLWlkwOVkK++2TcdjTKt+G0dQYqUeQzYd9MHkWIPwq
z4aCH5g0MKNJdqEVDlSh+M91wPYkCuZChLZhB26ExySzN4BQZYobIg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-17T17:36:47Z"
mac: ENC[AES256_GCM,data:26oq8oai6g3KjNq84Wj5+kQOZmnVnfPa221v1SCO1rTSC9dLm3zjiB0JfOQGxGvxKRm19QFKUd0rYbfFNt12O8jG9oIyYBExjawB1aBaY31TmU9ziey07pwLJN8AuRshSRFLWVbNz+NPhnROOoosWFsQhnQS4xBJxYHZ6iYA7co=,iv:thGKLGVTBWMxh1tgYBsMJtbarwp6Ny0EEXwcmyAAVgQ=,tag:8QgncQXPjQalelSlBfRbLw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

8
secrets/homepage.env
View file

@ -6,15 +6,15 @@ HOMEPAGE_VAR_TRANSMISSIONPASSWORD=ENC[AES256_GCM,data:k2NVt94Z+6Vt4hNY3Z0UvhHpP3
HOMEPAGE_VAR_JELLYSEERR=ENC[AES256_GCM,data:Hxs1yAZpu1sWfV733P3I2oL9aecyq3LLUw/YG8PW/rA7aE5v30wS9sLXKWrdHeiT0Mj/b64sHRaPnBmczSb8HBdG1Wo=,iv:oeIEIt308GZd5n8lE204ebnXC48Ra56oKVR76JGrCLk=,tag:NdhMqBRwe8XS3q+Pzw6AbA==,type:str]
HOMEPAGE_VAR_PROXMOXUSERNAME=ENC[AES256_GCM,data:nE/fK5Bc16e3wceoOaVmOg==,iv:d8Wa/BxpMzHaAQ8rEz4Ubva4UXxi3ETCaCUx1ZcuplY=,tag:6K8OnOEohCrxHMkvnyeP9Q==,type:str]
HOMEPAGE_VAR_PROXMOXPASSWORD=ENC[AES256_GCM,data:fq7uMnkypQ1I5PtW7l59cRQZe5/VhQu8elRg/kUgSmdNFc9g,iv:XPjAuoqA+S30wPC/HU9EEqHSCkekWAGOBfrRGIq+XA0=,tag:851/krrh60hPnY/Nxlbkxg==,type:str]
HOMEPAGE_VAR_RADARR=ENC[AES256_GCM,data:Co9giVCQQpOz7RpM5OhPfVM6LcrfbgzJAPoSr3YD4/0=,iv:JCzLMjqrZfJsLrDuMmPJ/u0L/1Lj5lsj822FyWrKYX4=,tag:AXY9c9qRx2OosOaJ99fK8w==,type:str]
HOMEPAGE_VAR_RADARR=ENC[AES256_GCM,data:ypyp27dJwuZaJGtlgR7IHUdkbCkIDpiQqKq1Dnsj+OE7IA==,iv:j2QXkI+j03Q34zk1C1MSL7AD3n9b8d6qCyrFG8+9KAY=,tag:FSrE2ygSTvo4Py1B9C4pnw==,type:str]
HOMEPAGE_VAR_PIHOLE=ENC[AES256_GCM,data:yLYh4pHT6tJ61A/hTVQ5w1wG0rl7DFuYhX1MOgLWdTIw4cvqXx/6IWkYZPHSYyU1mgJBf5tAIduss12cRqEnrg==,iv:5jevBeemEr7WCL7LlHiB1/Z/ewIDgTyiFUQhpJ4P3lo=,tag:UujH6+nLOerI4N6CqBY/gg==,type:str]
HOMEPAGE_VAR_UPTIMEROBOT=ENC[AES256_GCM,data:slWhhjU28fWDct8uiPzMuPEF4UjXsdHlelCCf02vdL386EA=,iv:ow9io30DDZFP97ibnhtuOj5Cf8SeIlBwEXevKRw9bj0=,tag:OslEPMwKx8Cc3Sti7ImkSA==,type:str]
HOMEPAGE_VAR_BAZARR=ENC[AES256_GCM,data:2RdLGInV5a2Vh6ER/RztKuMe5Tny36Exc3PLpp9po2U=,iv:JwcWBZQp6W1dwaclfVHLMtrrX4mFYZiwdqaetF+yhpA=,tag:wnW3DrbyvVdbaiuJiS81Og==,type:str]
HOMEPAGE_VAR_BAZARR=ENC[AES256_GCM,data:R5xfRAap02V0aCxbgb2RQJPg/H/flMKCuvT3hBVTCbr8wQ==,iv:GpJzznV7t8NrCkJPEWSYfh8RRCtQCcNrfgRBwjlbT0w=,tag:a4iRc/pDPlEqiV0exfA8Uw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRDZvSnVRbjVIbkN2cmVH\nY2hSU3k4VllQa2UwWjJyRzQ5VjJzZ21xdVhRCjlDb1k3QjVhV2laaW1qdlljNEt1\nZmZpaGVCYWpCUTRQWld4YWNiajRvWFUKLS0tIEszamxTeFJRb1pFVVp5S3Vac1lS\nV1FoR0syNzBUelVpMDZBTlE4dXVzUzgKw2l8yB78bceQmbrPZ3pSPRKRxum1iyjz\nRugu8MamsZL8PWs2i4dh8o2FUnXixfs8zudmd77OST7AqEiUd/Yt4A==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRCtrSFVBTVBFeVJZVlIr\nVHJqY2k4WGFlZERYQzR6ZUpaais2dEZxSVZBCkhPdjlLb2d1ZXQzcHlscDVQaUpS\na05FM003dFlsbmRJd3IxN1I1R2dTWU0KLS0tIGhGemN6d1dBM3Y3YUNvdEloVytK\nWFpWTkpwZ2d6V3JzWitNQ3E3ajhnclkK4pYiF8kMxnoDXHmHjk1RJD/k5A0/k8de\nMD2wAv7irB5S8023ALH+81FwNSbC+hQZwKBSSa1GkxK1wc7cNsVDgA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_1__map_recipient=age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m
sops_lastmodified=2024-07-18T17:17:03Z
sops_mac=ENC[AES256_GCM,data:v4m9KM5U0uh7Nf2JZIGSXARInB6RfQoTxqH31vrY6rdfkFkZz18m0k/v8Bt5RUSb0gfKHH4YIBCUobjfdtiLgJzHKXjgYPV3nsG845MunxczJBpWTAqX9xstL8HjDlB0i+6CWg7/fim7Pd/FXPJ/HD0q0r/P6a9uHCBzQy/+3Yo=,iv:zUBtqEGYAebApQmwI9Z8y+Cf/YSy9EItOwU5mzwEgUU=,tag:Ow8zJNoih3b5PfvPN4oz7g==,type:str]
sops_lastmodified=2024-07-18T21:29:44Z
sops_mac=ENC[AES256_GCM,data:ZCdDN0FjacDomvttqa1YKeWVcC+8utMqi5gQ8XHCX5EKdWDVi5oWJ6mYO8A+TTekaK0/yP5R+5u8hQWNpYcCVi7Bvkj8Zp71HhA4wwPPtRWArLuwhAd/NYSxk2oCyXYFQ4ycopG0iyK/Fy/7f5atv0ver7geyZ5LcPlHZ4QWocQ=,iv:eZFFx9LcdMwxn50o9XASFcm4ELD5HrJPJgGEmdxPz9M=,tag:Yhn/TrddaXU956THR/WI9w==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.0

30
secrets/matrix.yaml
View file

@ -1,30 +0,0 @@
data: ENC[AES256_GCM,data:ol1ty2+0qiPOQZiH3NNAQJU7Qr/eTINitJ1sjm9h99NKqgsUCu8wJ6gBCnHoxSmjgsNqVFNy,iv:C/JBhIt7OSl5H2FVSZFn869sKPoce/iPtDce7OMeq20=,tag:BymIfWMPOo+N0v2ydUyrYw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3YW4zUkZYUnQxVEFwek1j
Z1hLTjlwdVdZNXo1TDl0ZUt2bzdHd2RsWG0wClRlb0lzVTlOQ0JqVkhvZGRKWisz
cEpycjBkcWxnMS90cC9vUGdaNXhuWVUKLS0tIE1lVUE2MU5DcnNYM0tjNkt5R0lj
YVNvTXZMYkQ2Q3IyVU50cnV0SWpmM0EKsJYYHtZ7F21QJRFgEZ1dYztWgkEXVxKV
0QweN1Uyz5uy2WvSc+UZe57ZGY04CeEU6m8yHtGAAMGZygAHppk/2Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYjBKMlNEcCtYN0Jla1Vn
UFJVaEJPd1VZK2JOTjdMQXBRalQ5OUxiRmxZCnNYcTJGYll4ZzhKWXk1bk5yMmZF
Y0F6L09mY0RGeFJYZDg2c0xNeDN3RlkKLS0tIHRCT2xOQXE1YTI0di9uT3RGelU5
Q0RFNFVlRjROci9MbjVHeFkzWll4eGMK9BcSuqD0QCQYg2oD8fWiK7+IoR8GigMf
vFNYHTFADhhWaeNcQJX47Er2iY0jtca8sIMRfDoiJGY3m5m1OEKiNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-19T14:41:27Z"
mac: ENC[AES256_GCM,data:LTEtWFWfPIyi/j3c619/Tu7Izvc4liPseStr67TVN6vtEaE4wLYbkwP+Tc/ARMMyOZxVkh5mRYMzM9rK4bJusHvkuumok9f68zw0uW/0007c52nnvz02p+fv/NqNzXTM/L/hgVM4uIamNqtIGbdDPJEOk6dae2XwHhutUvCBtSU=,iv:nPDDzMUagjh2u5klsFQBXrXzArzn+h/x3VSVCH8lrAs=,tag:rftqlDrZPh/vyiQUb2sH1g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

30
secrets/photoprism.yaml
View file

@ -1,30 +0,0 @@
adminPassword: ENC[AES256_GCM,data:gX6hXEi7/bxBJ3YcOIZHHzQMwU6i8kw=,iv:Q15rclTjHxsSnZ2Ajn7uvzO171ffCXiQZvsFwVavR2E=,tag:KbagGzCfDYPdiPBhcMNUFg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVmdud05IbEU1VENJVDc4
RkJ1TlJaenNCWWZ1WFNqOE5JTVQ1NTJ5T2dRCklzYmlwWTR0VnAyamlNVzI3bmJq
MmpMalRRTUNsK3Q0SWtCS01NU0lVV0EKLS0tIEkzY1Nhajh4cEVNMUFSaVdiRjlP
ZERSckhJOG9yYjBrN1dJSVRaT1dOblUK7Q/MH1+BhzVfZ6x78ZCwt8TGs+XqNXzk
2FjEMxgpwrWLeq2tIVTIth3BKzQwSfHpbbrrM45CKLSo5qNWvuatAQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIamZQbUVmMlVpU1R2TG9T
YWpUR0JwNDRiTFg5OS9vU2RINTRmVUE0Y2k0CnE5ajhIcWJMQ0czZ0xoVVA2Mzgw
Skg4R2tRUFk3bEVVd3FNdnRTZlV5WHMKLS0tIERzK3duM2VqOWxnUkJleHJML0Jl
QTBHQTliK1RibXJXMDI4eTJ1dXdiVGsKV9dXgY64y3Nzv01i8m0o+hcYWUxs/s5O
vFU2Cwg9ZNDxECE5X11+PUPGS+YoKtUR+T8pwP4+gmfUQym4wML/WA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-27T08:10:13Z"
mac: ENC[AES256_GCM,data:M4VDRhHpXsurPzlyQ76LaLZE6/zo157xp/ygQxJGLZevjVJezSb4j22wE/EAlbxBW4J1pLUI4xM5tGy5QppzlEQmHqLhn944013wQSNfgWYkbw4OYSt4U6KedaWSER+fJz2qnYTqdazO3+GbWIOOahDT1l8kZnWJLKVP2W/iPpw=,iv:AyWGPD8Rm563T02ya1y6VOMc6jt3zubO8WQCoEfM9Ww=,tag:6VYjfhOxy1sAwk/kmx0JFQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

39
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,39 @@
borgRepoPassword: ENC[AES256_GCM,data:pgaBumNDhis8ftypaz5MdQfY467ToUJLYUs=,iv:rE0kAaAC1NEQgCvEl7f8hnSk0N6jZOAMABrErDudRMQ=,tag:58ZlN1lseFwQFq/T2gLB2g==,type:str]
photoprismAdmin: ENC[AES256_GCM,data:kSFgrZKGGMA=,iv:fFkWYgUBfCg3lVLQMTFkabQzJvJ2IsciEiyOkObOL4k=,tag:AylOeAP5Vllx/vlOKAPqsA==,type:str]
photoprismPassword: ENC[AES256_GCM,data:3zUZhRZElMmpsBF4zBGz43dci2JC5bc=,iv:qj5wpKHxeu67R3KTDfyjfVbP7Hvydyh7Oxd/FY8YOg0=,tag:bCAQ57eG8CmBdF8oobo3Vg==,type:str]
smtp_address: null
smtp_password: null
matrix_data: ENC[AES256_GCM,data:VinMt0TvPACJ6iz+9nnjf9SsZhUIkRVbvYHqlpEeIhvuYmjRtnO3frJ46uwYpNcTE+fpYcWu,iv:yc/EKM4UFe23wAe6fuGrmPtdIpEZ5XSW/9YzZY3P7yw=,tag:5qZiO4kmnsYHIsINB00gBQ==,type:str]
freshrss_username: ENC[AES256_GCM,data:/J6wt6AmrZa1,iv:RQL1ZZaFgmwhP/U1ZapfEsCPbdlM+XRyo5sCZApIF9E=,tag:N/l6jCsJDwpUMgEK7HSkwg==,type:str]
freshrss_password: ENC[AES256_GCM,data:mlVzCRN53se135pHplVZyD1QtXwmV+6lAwc=,iv:tnsxnse7eJTe4ewm4LMcgv6sNQU3IMfCE+qW7G22p5Y=,tag:s25mxs3HKWOvKza8GqmsqA==,type:str]
piholeHostname: ENC[AES256_GCM,data:XJhC+VJmxIbTaln1,iv:xM15j9vG2/jYIr3S2wO/lJc41+820BPOpcEkRBBCnbY=,tag:xD8AVC/x0wZZa79GzeOHdg==,type:str]
piholeApiToken: null
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clFheC9yUklQeDlXMzlo
NGFnWTRWcGlmZ2w1LzI1K3lpSzJ6ZGZoNFU4CmFSYnBoNGcwR0d2MEVHVElKbldI
WG5Kem1vbktpdFFJYWNqMmhJbzM5eXMKLS0tIHAxcm16TXJaNmhnbE9qWHZTSVYr
TFNjaSt2a0FXamFRaU5LbGgzc1hFRVkKLqj/i01uTphBBdL/FL2TcCicQBQoaCkm
ncNq7SplUJvJV1aOhNKcdqBckf5wETENhVsfBmcv6u5jwT6EPbHf0g==
-----END AGE ENCRYPTED FILE-----
- recipient: age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpME1FNHkzUWwyV015OURL
VWVId2hycElVb24xWjdzTkRYblhNNFBiTUZvCjFIYWZ5eDZKeGV5OXIyY20wS2k4
bTZZWUdyMUNaNy9CNXllYnJySVNpKzgKLS0tIEhiekNpS2lYYXpZVVdCcmN5djJZ
UTYrZ1dWUG5ka1p0b3JrREZXUzZiWlEKBFn4I/U3bwyurfa8gyfy7D3wYAwOtDw7
K0jQE5SeExD9kluwH0gyGDZbk/DWn+ppWoMNqQKDmICrUQpns6GJnQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-12T12:58:57Z"
mac: ENC[AES256_GCM,data:bbDYAKYVPng7IbS0XwOfvLffY+LLpwYm+FR3d9uOPUZQHs82E8UzwsFYfcYEZsKRFvqjajWeFWc4dU6OJL1a0YVEUMVQz080HiNa4Hoz9a/MxK/KxC8pBViH3FFH5LDUbkwq5tC6HdLgKdExwPJ17GSuHyhArdPzgx8FR6FJ2kE=,iv:EvFxOutagIsgkCJcL6ZbeCvvTZRgHhbBiXyiLZi96Gg=,tag:xPKCxj6UBLhA2yVH/KNeSA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

29
server-configuration.nix
View file

@ -11,23 +11,14 @@ let
in
{
imports = [
./features/arr-suite.nix
# ./features/authentik.nix
./features/caddy.nix
./features/calibre-web.nix
./features/containers/default.nix
# ./features/freshrss.nix using the docker container instead
./features/grafana.nix
./features/homelab-dashboard.nix
# ./features/nextcloud.nix
# ./features/photoprism.nix
./features/multimedia/default.nix
./features/databases/default.nix
./features/services/default.nix
./features/backups.nix
./features/caddy.nix
./features/prometheus.nix
./features/samba-shares.nix
# ./features/searx.nix
./features/synapse-matrix.nix
./features/slskd.nix
./features/transmission.nix
./features/uptime-kuma.nix
];
# setting up networking!!
@ -52,15 +43,9 @@ in
enable = true;
allowedTCPPorts = [
22 # ssh
3000 # grafana
4001 # uptime-kuma
5030 # slskd
8080 # searxng
8008 # matrix-synapse
8448 # matrix-synapse
5050 # calibre-web
8400 # crafty-controller
9000 # authentik
9091 # transmission
];
allowedUDPPorts = [ ];
@ -92,6 +77,7 @@ in
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
sops.defaultSopsFile = ./secrets/secrets.yaml;
# define your secrets with
# `nix-shell -p sops --run "sops ./secrets/yoursecret.env"`
@ -115,6 +101,7 @@ in
system.autoUpgrade.enable = true;
system.autoUpgrade.allowReboot = true;
services.jellyfin = {
enable = true;
openFirewall = true;
@ -129,7 +116,7 @@ in
networkd-dispatcher = {
enable = true;
rules."50-tailscale" = {
onState = ["routable"];
onState = [ "routable" ];
script = ''
${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off
'';