diff --git a/README.md b/README.md index 31c3e36..07b7633 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,9 @@ The goal of this config is to include : - [x] slskd - [ ] a cloud solution, to backup family files - [x] crafty controller\* -- [ ] a matrix server +- [x] a matrix server - [x] tt-rss / freshrss\* -- [ ] tailscale +- [x] tailscale \*Not using the "Nix" way (i prefer using Docker atm, i currently lack time) @@ -20,8 +20,8 @@ The goal of this config is to include : - [x] fix homepage-dashboard secrets - [ ] use Docker for Sonarr, seems to be a cleaner approach for double instances -- [ ] move crafty-controller to a nix build -- [ ] figure out how to use secrets with freshrss +- [ ] move crafty-controller / fressrss to nix +- [ ] setup mautrix-whatsapp / mautrix-discord ## Installation diff --git a/features/backups.nix b/features/backups.nix new file mode 100644 index 0000000..40f6f27 --- /dev/null +++ b/features/backups.nix @@ -0,0 +1,36 @@ +{ config, ... }: +{ + sops.secrets.borgRepoPassword = {}; + + opt.services.borgbackup.jobs = { + localBackup = { + paths = "/"; + exclude = [ + "/nix" + "/srv/Multimedia" + "/srv/media" + ]; + repo = "/srv/backups/serverBackups"; + doInit = true; + encryption = { + mode = "repokey"; + passCommand = "cat /run/secrets/borgRepoPassword"; + }; + compression = "auto,lzma"; + startAt = "weekly"; + }; + + borgPersonalServer = { + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHyeTAANyYqMFded6mJHWuhGVXROu3TqDV2b8icjolfO root@meowcats-silly-computer" + ]; + path = "/srv/backups/localComputerBackups"; + }; + + /* + serverBackup = { + + }; + */ + }; +} diff --git a/features/containers/4get.nix b/features/containers/4get.nix new file mode 100644 index 0000000..2b0afd8 --- /dev/null +++ b/features/containers/4get.nix @@ -0,0 +1,16 @@ +{config, ...}: +{ + virtualisation.oci-containers = { + backend = "docker"; + containers = { + fourget = { + image = "luuul/4get:latest"; + environment = { + "FOURGET_PROTO" = "http"; + "FOURGET_SERVER_NAME" = "192.168.1.177:6942"; + }; + ports = ["6942:80"]; + }; + }; + }; +} diff --git a/features/containers/default.nix b/features/containers/default.nix index 544760f..4ede4f1 100644 --- a/features/containers/default.nix +++ b/features/containers/default.nix @@ -4,7 +4,8 @@ imports = [ ./crafty-controller.nix ./flaresolverr.nix - ./freshrss.nix + # ./freshrss.nix ./sonarr.nix + ./pihole-exporter.nix ]; } diff --git a/features/containers/pihole-exporter.nix b/features/containers/pihole-exporter.nix new file mode 100644 index 0000000..5dcfde6 --- /dev/null +++ b/features/containers/pihole-exporter.nix @@ -0,0 +1,21 @@ +{ config, ... }: + +{ + + sops.secrets.piholeHostname = {}; + sops.secrets.piholePassword = {}; + + virtualisation.oci-containers = { + backend = "docker"; + containers = { + pihole-exporter = { + image = "ekofr/pihole-exporter:latest"; + ports = [ "9617:9617" ]; + environment = { + "PIHOLE_HOSTNAME" = config.sops.secrets.piholeHostname; + "PIHOLE_PASSWORD" = config.sops.secrets.piholePassword; + }; + }; + }; + }; +} diff --git a/features/databases/default.nix b/features/databases/default.nix new file mode 100644 index 0000000..d068ece --- /dev/null +++ b/features/databases/default.nix @@ -0,0 +1,21 @@ +{pkgs, config, ...} : +{ + services.mysql = { + enable = true; + package = pkgs.mariadb; + ensureDatabases = [ "photoprism" ]; + ensureUsers = [ + { + name = "photoprism"; + ensurePermissions = { + "photoprism.*" = "ALL PRIVILEGES"; + }; + } + ]; + }; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_15; + }; +} diff --git a/features/arr-suite.nix b/features/multimedia/arr-suite.nix similarity index 99% rename from features/arr-suite.nix rename to features/multimedia/arr-suite.nix index b44cf17..af56b9f 100644 --- a/features/arr-suite.nix +++ b/features/multimedia/arr-suite.nix @@ -35,7 +35,7 @@ in enable = true; openFirewall = true; }; - /* +/* #TODO: create duplicated instances of Sonarr. systemd.services."sonarrAnime" = { enable = true; @@ -56,5 +56,6 @@ in }; wantedBy = [ "multi-user.target" ]; }; - */ +*/ + } diff --git a/features/calibre-web.nix b/features/multimedia/calibre-web.nix similarity index 100% rename from features/calibre-web.nix rename to features/multimedia/calibre-web.nix diff --git a/features/multimedia/default.nix b/features/multimedia/default.nix new file mode 100644 index 0000000..c32e295 --- /dev/null +++ b/features/multimedia/default.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./arr-suite.nix + ./calibre-web.nix + ./slskd.nix + ./transmission.nix + ]; +} diff --git a/features/slskd.nix b/features/multimedia/slskd.nix similarity index 100% rename from features/slskd.nix rename to features/multimedia/slskd.nix diff --git a/features/transmission.nix b/features/multimedia/transmission.nix similarity index 100% rename from features/transmission.nix rename to features/multimedia/transmission.nix diff --git a/features/nextcloud.nix b/features/nextcloud.nix deleted file mode 100644 index e69de29..0000000 diff --git a/features/photoprism.nix b/features/photoprism.nix deleted file mode 100644 index 796fe15..0000000 --- a/features/photoprism.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ pkgs, config, ... }: -{ - sops.secrets.adminPassword = { - sopsFile = ../secrets/photoprism.yaml; - format = "dotenv"; - }; - - services.photoprism = { - enable = true; - port = 2342; - originalsPath = "/var/lib/private/photoprism/originals"; - settings = { - PHOTOPRISM_ADMIN_USER = "lospussyadminos"; - PHOTOPRISM_ADMIN_PASSWORD = config.sops.secrets.adminPassword; - PHOTOPRISM_DEFAULT_LOCALE = "fr"; - PHOTOPRISM_DATABASE_DRIVER = "mysql"; - PHOTOPRISM_DATABASE_NAME = "photoprism"; - PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock"; - PHOTOPRISM_DATABASE_USER = "photoprism"; - PHOTOPRISM_SITE_URL = "http://192.168.1.177:2342"; - PHOTOPRISM_SITE_TITLE = "hyperreal photoprism???"; - }; - }; - - services.mysql = { - enable = true; - package = pkgs.mariadb; - ensureDatabases = [ "photoprism" ]; - ensureUsers = [ - { - name = "photoprism"; - ensurePermissions = { - "photoprism.*" = "ALL PRIVILEGES"; - }; - } - ]; - }; -} diff --git a/features/prometheus.nix b/features/prometheus.nix index 672ac86..acc78d1 100644 --- a/features/prometheus.nix +++ b/features/prometheus.nix @@ -6,7 +6,10 @@ exporters = { node = { enable = true; - enabledCollectors = [ "systemd" ]; + enabledCollectors = [ + "logind" + "systemd" + ]; port = 9002; }; }; diff --git a/features/services/default.nix b/features/services/default.nix new file mode 100644 index 0000000..4601715 --- /dev/null +++ b/features/services/default.nix @@ -0,0 +1,12 @@ +{config, ...}: +{ + imports = [ + ./homelab-dashboard.nix + ./nextcloud.nix + ./photoprism.nix + ./grafana.nix + ./forgejo.nix + ./synapse-matrix.nix + ./uptime-kuma.nix + ]; +} diff --git a/features/services/forgejo.nix b/features/services/forgejo.nix new file mode 100644 index 0000000..d9b248d --- /dev/null +++ b/features/services/forgejo.nix @@ -0,0 +1,31 @@ +{ config, ... }: +{ + sops.secrets.smtp_address = {}; + sops.secrets.smtp_password = {}; + + services.forgejo = { + enable = true; + lfs.enable = true; + service.DISABLE_REGISTRATION = true; + database = { + type = "postgres"; + }; + server = { + DOMAIN = "git.hypervirtual.world"; + ROOT_URL = "https://hypervirtual.world"; + HTTP_PORT = 3000; + }; + + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; + + mailer = { + ENABLED = true; + SMTP_ADDR = config.sops.secrets.smtp_address; + }; + + mailerPasswordFile = config.sops.secrets.smtp_password.path; + }; +} diff --git a/features/freshrss.nix b/features/services/freshrss.nix similarity index 100% rename from features/freshrss.nix rename to features/services/freshrss.nix diff --git a/features/grafana.nix b/features/services/grafana.nix similarity index 99% rename from features/grafana.nix rename to features/services/grafana.nix index 36f06ec..b07a949 100644 --- a/features/grafana.nix +++ b/features/services/grafana.nix @@ -9,5 +9,4 @@ }; }; }; - } diff --git a/features/homelab-dashboard.nix b/features/services/homelab-dashboard.nix similarity index 99% rename from features/homelab-dashboard.nix rename to features/services/homelab-dashboard.nix index 234b9cf..d3206d4 100644 --- a/features/homelab-dashboard.nix +++ b/features/services/homelab-dashboard.nix @@ -228,10 +228,10 @@ in } { - "Searx" = { + "4get" = { icon = "searx"; description = "Moteur de recherche privé pour remplacer Google."; - href = "http://${ip}:8080"; + href = "https://4get.hypervirtual.world"; }; } ]; diff --git a/features/services/nextcloud.nix b/features/services/nextcloud.nix new file mode 100644 index 0000000..479777d --- /dev/null +++ b/features/services/nextcloud.nix @@ -0,0 +1,11 @@ +{ config, ... }: +{ + services.nextcould = { + enable = true; + hostName = "cloud.hypervirtual.world"; + database.createLocally = true; + config = { + dbtype = "pgsql"; + }; + }; +} diff --git a/features/services/photoprism.nix b/features/services/photoprism.nix new file mode 100644 index 0000000..0810cc0 --- /dev/null +++ b/features/services/photoprism.nix @@ -0,0 +1,22 @@ +{ pkgs, config, ... }: +{ + sops.secrets.photoprismUser = {}; + sops.secrets.photoprismPassword = {}; + + services.photoprism = { + enable = true; + port = 2342; + originalsPath = "/srv/cloud/photoprism/originals"; + settings = { + PHOTOPRISM_ADMIN_USER = config.sops.secrets.photoprismUser; + PHOTOPRISM_ADMIN_PASSWORD = config.sops.secrets.photoprismPassword; + PHOTOPRISM_DEFAULT_LOCALE = "fr"; + PHOTOPRISM_DATABASE_DRIVER = "mysql"; + PHOTOPRISM_DATABASE_NAME = "photoprism"; + PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock"; + PHOTOPRISM_DATABASE_USER = "photoprism"; + PHOTOPRISM_SITE_URL = "http://photos.hypervirtual.world"; + PHOTOPRISM_SITE_TITLE = "hyperreal photoprism???"; + }; + }; +} diff --git a/features/synapse-matrix.nix b/features/services/synapse-matrix.nix similarity index 86% rename from features/synapse-matrix.nix rename to features/services/synapse-matrix.nix index 4108dca..19630b4 100644 --- a/features/synapse-matrix.nix +++ b/features/services/synapse-matrix.nix @@ -4,14 +4,12 @@ lib, ... }: -#TODO: implement let baseUrl = "https://talk.hypervirtual.world"; in { networking.domain = "hypervirtual.world"; - sops.secrets.data = { - sopsFile = ../secrets/matrix.yaml; + sops.secrets.matrix_data = { format = "yaml"; owner = "matrix-synapse"; }; @@ -64,8 +62,7 @@ in "user-search" ]; - extraConfigFiles = [ "/run/secrets/data" ]; - + extraConfigFiles = [ "/run/secrets/matrix_data" ]; }; /* @@ -91,11 +88,6 @@ in }; }; - services.mautrix-whatsapp = { }; */ - services.postgresql = { - enable = true; - package = pkgs.postgresql_15; - }; } diff --git a/features/uptime-kuma.nix b/features/services/uptime-kuma.nix similarity index 100% rename from features/uptime-kuma.nix rename to features/services/uptime-kuma.nix diff --git a/secrets/arrsuite.json b/secrets/arrsuite.json deleted file mode 100644 index 96fc7d8..0000000 --- a/secrets/arrsuite.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "radarr_key": "", - "sonarr_key": "ENC[AES256_GCM,data:DF7j2/br+TVLfbfyhG/B64ks5sLPWtQ+aRWCEV26RMI=,iv:cfmYc/4vnZCifYxCATIEiVUIrw/qfdYErjtJZXIm8Nw=,tag:2mhZAm/gT3rm4yNivZ/O5g==,type:str]", - "jellyfin_key": "", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoa0Q4NGtpeWI2OFRIZXFZ\nd2hsTVdYWm1vMDVkeUFHR1NVcGlwSXNEWkY0Cm1Vb3pONXU5QzVuNXQ1dkNxMkVh\nR21pNGxZUGdmK21LMmR4dXJVNDJveEkKLS0tIDlkb0RXMFZLK2Y5VE1qdXg2THlD\nY2FDS2J6RE1vOUdHMjY1ZGxyMXZyckUK1P+EtjvmmPx0QHUywuznY73tJFO2+LT5\n1JUZaQr+3V2bbJyeU2ZX5NTet1uemxFJTTMMfs4MD4t2xjXPM1AW6A==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRzF2VHkwUmhUWDBoTHlp\nZXVQendPL0VqeENiYVhjai9UVEZHSWdtQkQ0CjVuUzFaNlJjTHVlLzlESXdRWk1M\ncG8rcVVzZndSL0xZWmZPQ3hDNjlNVWcKLS0tIFBGcmlGbjVrQzNWOU9qOXRMaTNj\nVHBndVMzY3RXdGZ1K0NxSHNxSytRV28K3bOiWVmMpRdYk2CbAntlGRwOFIxptcBE\n8ehUmdfw3v7zC0776RPHjavbpUZ3u2Yhg5Y1NFaUrvuSkM31ULwKsQ==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2024-07-14T13:43:51Z", - "mac": "ENC[AES256_GCM,data:/pX6z+9XMdSo5d9a0FkmHv2KJXoMXYDIv7fHWbz2Jh7ukckfQ+qxQ2kjUjEc5bAFknolSpc+ggbhIPUNwSVcQgtUegwegEQPwyq6+8u90/AGPDTscKj1NHQPMNYI4PpuWyAbPtCnd9JCIpjDc8d5q4BfsMhD+ioV/UIodbpWVRU=,iv:XhbmgYk3tr2h9vsKpCbPDv2n/SfnOyNUOSAB45uQbw8=,tag:bggLlobJLFT4+ApQ+8Q2fg==,type:str]", - "pgp": null, - "unencrypted_suffix": "_unencrypted", - "version": "3.9.0" - } -} \ No newline at end of file diff --git a/secrets/freshrss.yaml b/secrets/freshrss.yaml deleted file mode 100644 index 2c44065..0000000 --- a/secrets/freshrss.yaml +++ /dev/null @@ -1,31 +0,0 @@ -freshrss_username: ENC[AES256_GCM,data:uI/v5MkcVBGp,iv:oJlUscDy2dzXQaMj8O09tt8QM6bNoJt40zdZVBW47ho=,tag:7UiBpFYpZHmfq3WhquC7UQ==,type:str] -freshrss_password: ENC[AES256_GCM,data:fCOjuis7ULvsTg0H5tMVnbHH+Pihv1Ezeq0=,iv:5sTcJBdsV/zJ23wb7xueoY9npVDGPV5kbV5IfUyP4yQ=,tag:Ws94G1v8smU9E5xBEARRTw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaGxtWDZySE42eDlMbFVP - cHRCMkt3VVVEY25nd3BBR3FBZ0xJNzZIRW13CkJNQjNXU21UNWx2Tk5zcFgvdEJp - TmwwY0Nxd1k3WU82a0pyeUg2OUxzT0UKLS0tIFE3cGd3SllibFBZdVZJUzhSaldF - Z3V4cEhEU05HQzh4cUU4cEpRN2ZtK1EKQSFyLMrWk1xpkNqWD+PzVdTQGQ0qgCtU - y3327TfcYsmEHcwmXaDPGXAnxSb0XH3p+kiLV08MWiCYxfs9YVZUDw== - -----END AGE ENCRYPTED FILE----- - - recipient: age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ0NIMGJ3N2xWOUdONk5o - SC9CajA3c0Rkc1RsdERRbE1OUWUzNHcxZlJFCklSa1g0K1lUZzhyQlBzQ2xWYnUr - TjF4LzYrcTc3U1ZnODE3dlllelNpTlUKLS0tIEJOcG80UUs5eTM0azhCaXJnM0pE - a05vSlBPamVwRzlWbHNSRXdLWlkwOVkK++2TcdjTKt+G0dQYqUeQzYd9MHkWIPwq - z4aCH5g0MKNJdqEVDlSh+M91wPYkCuZChLZhB26ExySzN4BQZYobIg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-17T17:36:47Z" - mac: ENC[AES256_GCM,data:26oq8oai6g3KjNq84Wj5+kQOZmnVnfPa221v1SCO1rTSC9dLm3zjiB0JfOQGxGvxKRm19QFKUd0rYbfFNt12O8jG9oIyYBExjawB1aBaY31TmU9ziey07pwLJN8AuRshSRFLWVbNz+NPhnROOoosWFsQhnQS4xBJxYHZ6iYA7co=,iv:thGKLGVTBWMxh1tgYBsMJtbarwp6Ny0EEXwcmyAAVgQ=,tag:8QgncQXPjQalelSlBfRbLw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/secrets/homepage.env b/secrets/homepage.env index adff5c7..9e40a63 100644 --- a/secrets/homepage.env +++ b/secrets/homepage.env @@ -6,15 +6,15 @@ HOMEPAGE_VAR_TRANSMISSIONPASSWORD=ENC[AES256_GCM,data:k2NVt94Z+6Vt4hNY3Z0UvhHpP3 HOMEPAGE_VAR_JELLYSEERR=ENC[AES256_GCM,data:Hxs1yAZpu1sWfV733P3I2oL9aecyq3LLUw/YG8PW/rA7aE5v30wS9sLXKWrdHeiT0Mj/b64sHRaPnBmczSb8HBdG1Wo=,iv:oeIEIt308GZd5n8lE204ebnXC48Ra56oKVR76JGrCLk=,tag:NdhMqBRwe8XS3q+Pzw6AbA==,type:str] HOMEPAGE_VAR_PROXMOXUSERNAME=ENC[AES256_GCM,data:nE/fK5Bc16e3wceoOaVmOg==,iv:d8Wa/BxpMzHaAQ8rEz4Ubva4UXxi3ETCaCUx1ZcuplY=,tag:6K8OnOEohCrxHMkvnyeP9Q==,type:str] HOMEPAGE_VAR_PROXMOXPASSWORD=ENC[AES256_GCM,data:fq7uMnkypQ1I5PtW7l59cRQZe5/VhQu8elRg/kUgSmdNFc9g,iv:XPjAuoqA+S30wPC/HU9EEqHSCkekWAGOBfrRGIq+XA0=,tag:851/krrh60hPnY/Nxlbkxg==,type:str] -HOMEPAGE_VAR_RADARR=ENC[AES256_GCM,data:Co9giVCQQpOz7RpM5OhPfVM6LcrfbgzJAPoSr3YD4/0=,iv:JCzLMjqrZfJsLrDuMmPJ/u0L/1Lj5lsj822FyWrKYX4=,tag:AXY9c9qRx2OosOaJ99fK8w==,type:str] +HOMEPAGE_VAR_RADARR=ENC[AES256_GCM,data:ypyp27dJwuZaJGtlgR7IHUdkbCkIDpiQqKq1Dnsj+OE7IA==,iv:j2QXkI+j03Q34zk1C1MSL7AD3n9b8d6qCyrFG8+9KAY=,tag:FSrE2ygSTvo4Py1B9C4pnw==,type:str] HOMEPAGE_VAR_PIHOLE=ENC[AES256_GCM,data:yLYh4pHT6tJ61A/hTVQ5w1wG0rl7DFuYhX1MOgLWdTIw4cvqXx/6IWkYZPHSYyU1mgJBf5tAIduss12cRqEnrg==,iv:5jevBeemEr7WCL7LlHiB1/Z/ewIDgTyiFUQhpJ4P3lo=,tag:UujH6+nLOerI4N6CqBY/gg==,type:str] HOMEPAGE_VAR_UPTIMEROBOT=ENC[AES256_GCM,data:slWhhjU28fWDct8uiPzMuPEF4UjXsdHlelCCf02vdL386EA=,iv:ow9io30DDZFP97ibnhtuOj5Cf8SeIlBwEXevKRw9bj0=,tag:OslEPMwKx8Cc3Sti7ImkSA==,type:str] -HOMEPAGE_VAR_BAZARR=ENC[AES256_GCM,data:2RdLGInV5a2Vh6ER/RztKuMe5Tny36Exc3PLpp9po2U=,iv:JwcWBZQp6W1dwaclfVHLMtrrX4mFYZiwdqaetF+yhpA=,tag:wnW3DrbyvVdbaiuJiS81Og==,type:str] +HOMEPAGE_VAR_BAZARR=ENC[AES256_GCM,data:R5xfRAap02V0aCxbgb2RQJPg/H/flMKCuvT3hBVTCbr8wQ==,iv:GpJzznV7t8NrCkJPEWSYfh8RRCtQCcNrfgRBwjlbT0w=,tag:a4iRc/pDPlEqiV0exfA8Uw==,type:str] sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhRDZvSnVRbjVIbkN2cmVH\nY2hSU3k4VllQa2UwWjJyRzQ5VjJzZ21xdVhRCjlDb1k3QjVhV2laaW1qdlljNEt1\nZmZpaGVCYWpCUTRQWld4YWNiajRvWFUKLS0tIEszamxTeFJRb1pFVVp5S3Vac1lS\nV1FoR0syNzBUelVpMDZBTlE4dXVzUzgKw2l8yB78bceQmbrPZ3pSPRKRxum1iyjz\nRugu8MamsZL8PWs2i4dh8o2FUnXixfs8zudmd77OST7AqEiUd/Yt4A==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_0__map_recipient=age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCRCtrSFVBTVBFeVJZVlIr\nVHJqY2k4WGFlZERYQzR6ZUpaais2dEZxSVZBCkhPdjlLb2d1ZXQzcHlscDVQaUpS\na05FM003dFlsbmRJd3IxN1I1R2dTWU0KLS0tIGhGemN6d1dBM3Y3YUNvdEloVytK\nWFpWTkpwZ2d6V3JzWitNQ3E3ajhnclkK4pYiF8kMxnoDXHmHjk1RJD/k5A0/k8de\nMD2wAv7irB5S8023ALH+81FwNSbC+hQZwKBSSa1GkxK1wc7cNsVDgA==\n-----END AGE ENCRYPTED FILE-----\n sops_age__list_1__map_recipient=age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m -sops_lastmodified=2024-07-18T17:17:03Z -sops_mac=ENC[AES256_GCM,data:v4m9KM5U0uh7Nf2JZIGSXARInB6RfQoTxqH31vrY6rdfkFkZz18m0k/v8Bt5RUSb0gfKHH4YIBCUobjfdtiLgJzHKXjgYPV3nsG845MunxczJBpWTAqX9xstL8HjDlB0i+6CWg7/fim7Pd/FXPJ/HD0q0r/P6a9uHCBzQy/+3Yo=,iv:zUBtqEGYAebApQmwI9Z8y+Cf/YSy9EItOwU5mzwEgUU=,tag:Ow8zJNoih3b5PfvPN4oz7g==,type:str] +sops_lastmodified=2024-07-18T21:29:44Z +sops_mac=ENC[AES256_GCM,data:ZCdDN0FjacDomvttqa1YKeWVcC+8utMqi5gQ8XHCX5EKdWDVi5oWJ6mYO8A+TTekaK0/yP5R+5u8hQWNpYcCVi7Bvkj8Zp71HhA4wwPPtRWArLuwhAd/NYSxk2oCyXYFQ4ycopG0iyK/Fy/7f5atv0ver7geyZ5LcPlHZ4QWocQ=,iv:eZFFx9LcdMwxn50o9XASFcm4ELD5HrJPJgGEmdxPz9M=,tag:Yhn/TrddaXU956THR/WI9w==,type:str] sops_unencrypted_suffix=_unencrypted sops_version=3.9.0 diff --git a/secrets/matrix.yaml b/secrets/matrix.yaml deleted file mode 100644 index f16c134..0000000 --- a/secrets/matrix.yaml +++ /dev/null @@ -1,30 +0,0 @@ -data: ENC[AES256_GCM,data:ol1ty2+0qiPOQZiH3NNAQJU7Qr/eTINitJ1sjm9h99NKqgsUCu8wJ6gBCnHoxSmjgsNqVFNy,iv:C/JBhIt7OSl5H2FVSZFn869sKPoce/iPtDce7OMeq20=,tag:BymIfWMPOo+N0v2ydUyrYw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3YW4zUkZYUnQxVEFwek1j - Z1hLTjlwdVdZNXo1TDl0ZUt2bzdHd2RsWG0wClRlb0lzVTlOQ0JqVkhvZGRKWisz - cEpycjBkcWxnMS90cC9vUGdaNXhuWVUKLS0tIE1lVUE2MU5DcnNYM0tjNkt5R0lj - YVNvTXZMYkQ2Q3IyVU50cnV0SWpmM0EKsJYYHtZ7F21QJRFgEZ1dYztWgkEXVxKV - 0QweN1Uyz5uy2WvSc+UZe57ZGY04CeEU6m8yHtGAAMGZygAHppk/2Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUYjBKMlNEcCtYN0Jla1Vn - UFJVaEJPd1VZK2JOTjdMQXBRalQ5OUxiRmxZCnNYcTJGYll4ZzhKWXk1bk5yMmZF - Y0F6L09mY0RGeFJYZDg2c0xNeDN3RlkKLS0tIHRCT2xOQXE1YTI0di9uT3RGelU5 - Q0RFNFVlRjROci9MbjVHeFkzWll4eGMK9BcSuqD0QCQYg2oD8fWiK7+IoR8GigMf - vFNYHTFADhhWaeNcQJX47Er2iY0jtca8sIMRfDoiJGY3m5m1OEKiNQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-19T14:41:27Z" - mac: ENC[AES256_GCM,data:LTEtWFWfPIyi/j3c619/Tu7Izvc4liPseStr67TVN6vtEaE4wLYbkwP+Tc/ARMMyOZxVkh5mRYMzM9rK4bJusHvkuumok9f68zw0uW/0007c52nnvz02p+fv/NqNzXTM/L/hgVM4uIamNqtIGbdDPJEOk6dae2XwHhutUvCBtSU=,iv:nPDDzMUagjh2u5klsFQBXrXzArzn+h/x3VSVCH8lrAs=,tag:rftqlDrZPh/vyiQUb2sH1g==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/secrets/photoprism.yaml b/secrets/photoprism.yaml deleted file mode 100644 index 221d19a..0000000 --- a/secrets/photoprism.yaml +++ /dev/null @@ -1,30 +0,0 @@ -adminPassword: ENC[AES256_GCM,data:gX6hXEi7/bxBJ3YcOIZHHzQMwU6i8kw=,iv:Q15rclTjHxsSnZ2Ajn7uvzO171ffCXiQZvsFwVavR2E=,tag:KbagGzCfDYPdiPBhcMNUFg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVmdud05IbEU1VENJVDc4 - RkJ1TlJaenNCWWZ1WFNqOE5JTVQ1NTJ5T2dRCklzYmlwWTR0VnAyamlNVzI3bmJq - MmpMalRRTUNsK3Q0SWtCS01NU0lVV0EKLS0tIEkzY1Nhajh4cEVNMUFSaVdiRjlP - ZERSckhJOG9yYjBrN1dJSVRaT1dOblUK7Q/MH1+BhzVfZ6x78ZCwt8TGs+XqNXzk - 2FjEMxgpwrWLeq2tIVTIth3BKzQwSfHpbbrrM45CKLSo5qNWvuatAQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIamZQbUVmMlVpU1R2TG9T - YWpUR0JwNDRiTFg5OS9vU2RINTRmVUE0Y2k0CnE5ajhIcWJMQ0czZ0xoVVA2Mzgw - Skg4R2tRUFk3bEVVd3FNdnRTZlV5WHMKLS0tIERzK3duM2VqOWxnUkJleHJML0Jl - QTBHQTliK1RibXJXMDI4eTJ1dXdiVGsKV9dXgY64y3Nzv01i8m0o+hcYWUxs/s5O - vFU2Cwg9ZNDxECE5X11+PUPGS+YoKtUR+T8pwP4+gmfUQym4wML/WA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-07-27T08:10:13Z" - mac: ENC[AES256_GCM,data:M4VDRhHpXsurPzlyQ76LaLZE6/zo157xp/ygQxJGLZevjVJezSb4j22wE/EAlbxBW4J1pLUI4xM5tGy5QppzlEQmHqLhn944013wQSNfgWYkbw4OYSt4U6KedaWSER+fJz2qnYTqdazO3+GbWIOOahDT1l8kZnWJLKVP2W/iPpw=,iv:AyWGPD8Rm563T02ya1y6VOMc6jt3zubO8WQCoEfM9Ww=,tag:6VYjfhOxy1sAwk/kmx0JFQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml new file mode 100644 index 0000000..71977b5 --- /dev/null +++ b/secrets/secrets.yaml @@ -0,0 +1,39 @@ +borgRepoPassword: ENC[AES256_GCM,data:pgaBumNDhis8ftypaz5MdQfY467ToUJLYUs=,iv:rE0kAaAC1NEQgCvEl7f8hnSk0N6jZOAMABrErDudRMQ=,tag:58ZlN1lseFwQFq/T2gLB2g==,type:str] +photoprismAdmin: ENC[AES256_GCM,data:kSFgrZKGGMA=,iv:fFkWYgUBfCg3lVLQMTFkabQzJvJ2IsciEiyOkObOL4k=,tag:AylOeAP5Vllx/vlOKAPqsA==,type:str] +photoprismPassword: ENC[AES256_GCM,data:3zUZhRZElMmpsBF4zBGz43dci2JC5bc=,iv:qj5wpKHxeu67R3KTDfyjfVbP7Hvydyh7Oxd/FY8YOg0=,tag:bCAQ57eG8CmBdF8oobo3Vg==,type:str] +smtp_address: null +smtp_password: null +matrix_data: ENC[AES256_GCM,data:VinMt0TvPACJ6iz+9nnjf9SsZhUIkRVbvYHqlpEeIhvuYmjRtnO3frJ46uwYpNcTE+fpYcWu,iv:yc/EKM4UFe23wAe6fuGrmPtdIpEZ5XSW/9YzZY3P7yw=,tag:5qZiO4kmnsYHIsINB00gBQ==,type:str] +freshrss_username: ENC[AES256_GCM,data:/J6wt6AmrZa1,iv:RQL1ZZaFgmwhP/U1ZapfEsCPbdlM+XRyo5sCZApIF9E=,tag:N/l6jCsJDwpUMgEK7HSkwg==,type:str] +freshrss_password: ENC[AES256_GCM,data:mlVzCRN53se135pHplVZyD1QtXwmV+6lAwc=,iv:tnsxnse7eJTe4ewm4LMcgv6sNQU3IMfCE+qW7G22p5Y=,tag:s25mxs3HKWOvKza8GqmsqA==,type:str] +piholeHostname: ENC[AES256_GCM,data:XJhC+VJmxIbTaln1,iv:xM15j9vG2/jYIr3S2wO/lJc41+820BPOpcEkRBBCnbY=,tag:xD8AVC/x0wZZa79GzeOHdg==,type:str] +piholeApiToken: null +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1c8kr95dc7cqq34qyjgpnsgfgyntqnt5rlrq2c025ehp32f8h3sjqkf8k3s + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3clFheC9yUklQeDlXMzlo + NGFnWTRWcGlmZ2w1LzI1K3lpSzJ6ZGZoNFU4CmFSYnBoNGcwR0d2MEVHVElKbldI + WG5Kem1vbktpdFFJYWNqMmhJbzM5eXMKLS0tIHAxcm16TXJaNmhnbE9qWHZTSVYr + TFNjaSt2a0FXamFRaU5LbGgzc1hFRVkKLqj/i01uTphBBdL/FL2TcCicQBQoaCkm + ncNq7SplUJvJV1aOhNKcdqBckf5wETENhVsfBmcv6u5jwT6EPbHf0g== + -----END AGE ENCRYPTED FILE----- + - recipient: age17pq9xyrcv6tlms9sznnhql6pejue33r0aukn72hzpcn4jykrg33q4u0a3m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpME1FNHkzUWwyV015OURL + VWVId2hycElVb24xWjdzTkRYblhNNFBiTUZvCjFIYWZ5eDZKeGV5OXIyY20wS2k4 + bTZZWUdyMUNaNy9CNXllYnJySVNpKzgKLS0tIEhiekNpS2lYYXpZVVdCcmN5djJZ + UTYrZ1dWUG5ka1p0b3JrREZXUzZiWlEKBFn4I/U3bwyurfa8gyfy7D3wYAwOtDw7 + K0jQE5SeExD9kluwH0gyGDZbk/DWn+ppWoMNqQKDmICrUQpns6GJnQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-12T12:58:57Z" + mac: ENC[AES256_GCM,data:bbDYAKYVPng7IbS0XwOfvLffY+LLpwYm+FR3d9uOPUZQHs82E8UzwsFYfcYEZsKRFvqjajWeFWc4dU6OJL1a0YVEUMVQz080HiNa4Hoz9a/MxK/KxC8pBViH3FFH5LDUbkwq5tC6HdLgKdExwPJ17GSuHyhArdPzgx8FR6FJ2kE=,iv:EvFxOutagIsgkCJcL6ZbeCvvTZRgHhbBiXyiLZi96Gg=,tag:xPKCxj6UBLhA2yVH/KNeSA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/server-configuration.nix b/server-configuration.nix index f592eaf..cfe002a 100644 --- a/server-configuration.nix +++ b/server-configuration.nix @@ -11,23 +11,14 @@ let in { imports = [ - ./features/arr-suite.nix - # ./features/authentik.nix - ./features/caddy.nix - ./features/calibre-web.nix ./features/containers/default.nix - # ./features/freshrss.nix using the docker container instead - ./features/grafana.nix - ./features/homelab-dashboard.nix - # ./features/nextcloud.nix - # ./features/photoprism.nix + ./features/multimedia/default.nix + ./features/databases/default.nix + ./features/services/default.nix + ./features/backups.nix + ./features/caddy.nix ./features/prometheus.nix ./features/samba-shares.nix - # ./features/searx.nix - ./features/synapse-matrix.nix - ./features/slskd.nix - ./features/transmission.nix - ./features/uptime-kuma.nix ]; # setting up networking!! @@ -52,15 +43,9 @@ in enable = true; allowedTCPPorts = [ 22 # ssh - 3000 # grafana - 4001 # uptime-kuma - 5030 # slskd - 8080 # searxng 8008 # matrix-synapse 8448 # matrix-synapse 5050 # calibre-web - 8400 # crafty-controller - 9000 # authentik 9091 # transmission ]; allowedUDPPorts = [ ]; @@ -92,6 +77,7 @@ in sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.keyFile = "/var/lib/sops-nix/key.txt"; sops.age.generateKey = true; + sops.defaultSopsFile = ./secrets/secrets.yaml; # define your secrets with # `nix-shell -p sops --run "sops ./secrets/yoursecret.env"` @@ -115,6 +101,7 @@ in system.autoUpgrade.enable = true; system.autoUpgrade.allowReboot = true; + services.jellyfin = { enable = true; openFirewall = true; @@ -129,7 +116,7 @@ in networkd-dispatcher = { enable = true; rules."50-tailscale" = { - onState = ["routable"]; + onState = [ "routable" ]; script = '' ${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off '';