diff --git a/features/arr-suite.nix b/features/arr-suite.nix index ceccf0e..837461b 100644 --- a/features/arr-suite.nix +++ b/features/arr-suite.nix @@ -1,4 +1,9 @@ -{ pkgs }: +{ pkgs, lib }: +with lib; + +let + cfg = config.arrSuite; +in { services.sonarr = { enable = true; @@ -26,11 +31,29 @@ enable = true; }; - systemd.services.sonarrAnime = { + services.bazarr = { enable = true; + openFirewall = true; + }; + + #TODO: create duplicated instances of Sonarr. + systemd.services."sonarrAnime" = { + enable = true; + description = "Duplicated Sonarr instance, for animes"; + after = [ + "syslog.target" + "network.target" + ]; + path = [ pkgs.sonarr ]; serviceConfig = { - ExecStart = "Sonarr -nobrowser -data=/var/lib/sonarrAnime"; + Type = "simple"; + User = "sonarr"; + ExecStart = "${pkgs.sonarr}/bin/Sonarr -nobrowser -data=/var/lib/sonarrAnime"; + TimeoutStopSec = "20"; + KillMode = "process"; + Restart = "on-failure"; }; + wantedBy = [ "multi-user.target" ]; }; } diff --git a/features/authentik.nix b/features/authentik.nix index 087e09c..193b4cd 100644 --- a/features/authentik.nix +++ b/features/authentik.nix @@ -6,9 +6,9 @@ let sha256 = "15b9a2csd2m3vwhj3xc24nrqnj1hal60jrd69splln0ynbnd9ki4"; }; authentik-nix = import authentik-nix-src; + cfg = config.authentik; in { - imports = [ authentik-nix.nixosModules.default ]; sops.secrets."authentik" = { @@ -16,16 +16,25 @@ in format = "dotenv"; }; + /* + sops.secrets.mail-server = { + sopsFile = ./secrets/mail.json; + format = "json"; + }; + */ + services.authentik = { enable = true; environmentFile = config.sops.secrets."authentik".path; settings = { - email = { - - }; + /* + email = { + host = config.sops.secrets.mail-server."host"; + username = config.sops.secrets.mail-server."username"; + }; + */ disable_startup_analytics = true; - avatars = "initials"; }; }; diff --git a/features/calibre-web.nix b/features/calibre-web.nix new file mode 100644 index 0000000..6960dc4 --- /dev/null +++ b/features/calibre-web.nix @@ -0,0 +1,11 @@ +{ }: + +{ + services.calibre-web = { + enable = true; + openFirewall = true; + options = { + enableBookUploading = true; + }; + }; +} diff --git a/features/containers.nix b/features/containers.nix index d82782b..1ee4efe 100644 --- a/features/containers.nix +++ b/features/containers.nix @@ -1,34 +1,48 @@ -{ ... }: +{ lib, ... }: +with lib; +let + cfg = config.containers; +in { - # docker containers, for apps that aren't avaiable on Nix. (yet) - virtualisation.oci-containers = { - backend = "docker"; - containers = { - flaresolverr = { - ports = [ "8191:8191" ]; - image = "ghcr.io/flaresolverr/flaresolverr:latest"; - environment = { - "LOG_LEVEL" = "info"; + options.containers = { + minecraft.path = mkOption { + type = types.str; + default = "/srv/Minecraft"; + }; + }; + config = { + + # docker containers, for apps that aren't avaiable on Nix. (yet) + virtualisation.oci-containers = { + backend = "docker"; + containers = { + flaresolverr = { + ports = [ "8191:8191" ]; + image = "ghcr.io/flaresolverr/flaresolverr:latest"; + environment = { + "LOG_LEVEL" = "info"; + }; }; - }; - crafty-controller = { - image = "registry.gitlab.com/crafty-controller/crafty-4:latest"; - ports = [ - "8443:8443" - "8123:8123" - "19132:19132/udp" - "25500-25600:25500-25600" - ]; - volumes = [ - "./docker/backups:/crafty/backups" - "./docker/logs:/crafty/logs" - "./docker/servers:/crafty/servers" - "./docker/config:/crafty/app/config" - "./docker/import:/crafty/import" - ]; - environment = { - "TZ" = "Europe/Paris"; + #TODO: move to Nix crafty controller bundle + crafty-controller = { + image = "registry.gitlab.com/crafty-controller/crafty-4:latest"; + ports = [ + "8443:8443" + "8123:8123" + "19132:19132/udp" + "25500-25600:25500-25600" + ]; + volumes = [ + "${cfg.minecraft.path}/docker/backups:/crafty/backups" + "${cfg.minecraft.path}/docker/logs:/crafty/logs" + "${cfg.minecraft.path}/docker/servers:/crafty/servers" + "${cfg.minecraft.path}/docker/config:/crafty/app/config" + "${cfg.minecraft.path}/docker/import:/crafty/import" + ]; + environment = { + "TZ" = "Europe/Paris"; + }; }; }; }; diff --git a/features/freshrss.nix b/features/freshrss.nix new file mode 100644 index 0000000..9e8598e --- /dev/null +++ b/features/freshrss.nix @@ -0,0 +1,10 @@ +{ lib, ... }: +{ + services.freshrss = { + enable = true; + language = "fr"; + database = { + type = "sqlite"; + }; + }; +} diff --git a/features/grafana.nix b/features/grafana.nix new file mode 100644 index 0000000..c59aa61 --- /dev/null +++ b/features/grafana.nix @@ -0,0 +1,13 @@ +{ }: +{ + services.grafana = { + enable = true; + settings = { + server = { + http_addr = "127.0.0.1"; + http_port = 3000; + }; + }; + }; + +} diff --git a/features/homelab-dashboard.nix b/features/homelab-dashboard.nix index a734b26..96cbb98 100644 --- a/features/homelab-dashboard.nix +++ b/features/homelab-dashboard.nix @@ -7,22 +7,66 @@ with lib; let - - ip = config.homelab-dashboard.defaultAddress; + cfg = config.homepage-dashboard; + ip = cfg.baseURL; in { options = { - homelab-dashboard.defaultAddress = mkOption { type = types.str; }; - homelab-dashboard.proxmoxVEIp = mkOption { type = types.str; }; - homelab-dashboard.proxmoxBSIp = mkOption { type = types.str; }; + homelab-dashboard.baseURL = mkOption { + type = types.str; + default = "192.168.1.177"; + }; + homelab-dashboard.proxmoxVEIp = mkOption { + type = types.str; + default = "192.168.1.10"; + }; + homelab-dashboard.proxmoxBSIp = mkOption { + type = types.str; + default = ""; + }; + homelab-dashboard.piholeURL = mkOption { + type = types.str; + default = "192.168.1.25"; + }; }; + + #TODO: add Radarr/Sonarr/... api key support config = { + sops.defaultSopsFile = ./secrets/services-keys.json; + sops.secrets.service-key = { + sonarr = { }; + radarr = { }; + jellyfin = { }; + jellyseerr = { }; + pihole = { }; + transmission = { }; + prowlarr = { }; + proxmoxPassword = { }; + proxmoxUsername = { }; + }; + services.homepage-dashboard = { enable = true; settings = { "headerStyle" = "boxed"; "language" = "fr"; }; + widgets = [ + { + resources = { + cpu = true; + disk = "/"; + memory = true; + }; + } + { + search = { + provider = "duckduckgo"; + target = "_blank"; + }; + } + ]; + services = [ { "Divertissement" = [ @@ -31,6 +75,11 @@ in icon = "jellyfin"; description = "Permet de regarder ou écouter du contenu."; href = "http://${ip}:8096/"; + widget = { + type = "jellyfin"; + url = "http://${ip}:8096"; + key = config.sops.service-key.jellyfin; + }; }; } { @@ -40,6 +89,12 @@ in href = "http://${ip}:8083"; }; } + { + "Serveur Minecraft poulet" = { + icon = "minecraft"; + description = "serveur des trois poulets"; + }; + } ]; } { @@ -49,6 +104,12 @@ in icon = "jellyseerr"; description = "Moteur de recherche de films/séries"; href = "http://${ip}:5055"; + + widget = { + type = "jellyseerr"; + url = "http://${ip}:5055"; + key = config.sops.secrets.service-key.jellyseerr; + }; }; } { @@ -63,6 +124,11 @@ in icon = "readarr"; description = "Moteur de recherche de livres"; href = "http://${ip}:8787/"; + widget = { + type = "readarr"; + url = "http://$ip:8787"; + key = config.sops.secrets.service-key.readarr; + }; }; } { @@ -70,6 +136,10 @@ in icon = "prowlarr"; description = "Indexe les différents sites de téléchargement"; href = "http://${ip}:9696/"; + widget = { + type = "prowlarr"; + key = config.sops.secrets.service-key.prowlarr; + }; }; } { @@ -78,6 +148,10 @@ in icon = "sonarr"; description = "Moteur de recherche pour les séries"; href = "http://${ip}:8989"; + widget = { + type = "sonarr"; + key = config.sops.secrets.service-key.sonarr; + }; }; } { @@ -85,6 +159,10 @@ in icon = "radarr"; description = "Moteur de recherche pour les films"; href = "http://${ip}:7878"; + widget = { + type = "radarr"; + key = config.sops.secrets.service-key.radarr; + }; }; } { @@ -93,6 +171,9 @@ in icon = "transmission"; description = "s'occupe du téléchargement des fichiers"; href = "http://${ip}:9091"; + widget = { + type = "transmission"; + }; }; } ]; @@ -118,15 +199,59 @@ in } { "Administration" = [ + /* + { + "Proxmox Backup Server" = { + icon = "proxmox-light"; + description = "Permet de sauvegarder le serveur."; + href = "https://${cfg.proxmoxBSIp}:8007"; + }; + } + */ { - "Proxmox Backup Server" = { - description = "Permet de sauvegarder le serveur."; + "Proxmox VE" = { + icon = "proxmox"; + description = "Panneau de controle des machines virtuelles"; + href = "https://${cfg.proxmoxVEIp}:8006"; + widget = { + type = "proxmox"; + username = config.sops.secrets.service-key.proxmoxUsername; + key = config.sops.secrets.service-key.proxmoxPassword; + url = "https://${cfg.proxmoxVEIp}:8006"; + node = "pve"; + }; }; - } { + "Pi.hole" = { + icon = "pihole"; + description = "Bloqueur de pubs DNS/DHCP"; + href = "http://${cfg.piholeURL}"; + widget = { + type = "pihole"; + key = config.sops.secrets.service-key.pihole; + url = "http://${cfg.piholeURL}"; + }; + }; + } + { + "Grafana" = { + icon = "grafana"; + description = "Visualiseur de graphiques"; + href = ""; + }; + } + { + "InfluxDB" = { + description = "Traite les statistiques du serveur Proxmox"; - "Proxmox VE" = { }; + }; + } + { + "Uptime Kuma" = { + icon = "uptimekuma"; + description = "Surveille l'état des différents services"; + }; } ]; } @@ -134,5 +259,4 @@ in }; }; - } diff --git a/features/samba-shares.nix b/features/samba-shares.nix index bfbb388..8b32694 100644 --- a/features/samba-shares.nix +++ b/features/samba-shares.nix @@ -1,33 +1,57 @@ -{ username, driveMountPoint }: - +{ lib }: +with lib; +# TODO: add access to series and TV folders. +let + cfg = config.samba; +in { - # enable samba - services.samba = { - enable = true; - securityType = "user"; - openFirewall = true; - extraConfig = '' - workgroup = WORKGROUP - server string = hyperserver - netbios name = hyperserver - security = user - ''; - shares = { - music = { - path = "${driveMountPoint}/Music"; - browseable = "yes"; - "read only" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = username; - }; - ebooks = { - path = "${driveMountPoint}/Ebooks"; - browseable = "yes"; - "read only" = "no"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = username; + options.samba = { + dir = mkOption { + type = types.str; + default = "/srv/Multimedia"; + }; + }; + config = { + + services.samba = { + enable = true; + securityType = "user"; + openFirewall = true; + extraConfig = '' + workgroup = WORKGROUP + server string = hyperserver + netbios name = hyperserver + security = user + ''; + shares = { + music = { + path = "${cfg.dir}/Music"; + browseable = "yes"; + "read only" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + }; + ebooks = { + path = "${cfg.dir}/Ebooks"; + browseable = "yes"; + "read only" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + }; + movies = { + path = "${cfg.dir}/Films"; + browseable = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "read only" = "no"; + }; + shows = { + path = "${cfg.dir}/SeriesTV"; + "read only" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + browseable = "yes"; + }; }; }; }; diff --git a/features/searx.nix b/features/searx.nix new file mode 100644 index 0000000..cc6d0a6 --- /dev/null +++ b/features/searx.nix @@ -0,0 +1,18 @@ +{ config }: +{ + sops.secrets."searx" = { + sopsFile = ./secrets/searx.env; + format = "dotenv"; + }; + + services.searx = { + enable = true; + redisCreateLocally = true; + settings = { + server.port = 8080; + server.secret_key = builtins.toJSON config.sops.secrets."searx"; + + server.bind_address = "0.0.0.0"; + }; + }; +} diff --git a/features/slskd.nix b/features/slskd.nix index 1d299a9..96aa38b 100644 --- a/features/slskd.nix +++ b/features/slskd.nix @@ -6,7 +6,10 @@ let in { options = { - slskd.directory = mkOption { type = types.str; }; + slskd.directory = mkOption { + type = types.str; + default = "/srv/Multimedia/Music"; + }; }; config = { @@ -14,16 +17,17 @@ in sopsFile = ./secrets/slskd.env; format = "dotenv"; }; + services.slskd = { enable = true; openFirewall = true; environmentFile = config.sops.secrets."slskd".path; domain = null; settings = { - shares.directories = [ "${cfg.slskd.directory}/Music" ]; + shares.directories = [ "${cfg.slskd.directory}" ]; soulseek.description = "i luv katz n mewsik"; - directories.files.downloads = "${cfg.slskd.directory}/Music/clean"; - directories.files.incomplete = "${cfg.slskd.directory}/Music/incomplete"; + directories.files.downloads = "${cfg.slskd.directory}/clean"; + directories.files.incomplete = "${cfg.slskd.directory}/incomplete"; }; }; }; diff --git a/features/synapse-matrix.nix b/features/synapse-matrix.nix new file mode 100644 index 0000000..b358e21 --- /dev/null +++ b/features/synapse-matrix.nix @@ -0,0 +1,4 @@ +{ }: +#TODO: implement +{ +} diff --git a/features/transmission.nix b/features/transmission.nix index 1df72a9..ee82668 100644 --- a/features/transmission.nix +++ b/features/transmission.nix @@ -6,7 +6,10 @@ let in { options.transmission = { - directory = mkOption { type = lib.types.str; }; + directory = mkOption { + type = lib.types.str; + default = "/srv/Multimedia"; + }; }; config = { diff --git a/features/uptime-kuma.nix b/features/uptime-kuma.nix new file mode 100644 index 0000000..8857e51 --- /dev/null +++ b/features/uptime-kuma.nix @@ -0,0 +1,10 @@ +{ }: +{ + #TODO: implement uptime-kama + services.uptime-kama = { + enable = true; + settings = { + PORT = "4000"; + }; + }; +} diff --git a/server-configuration.nix b/server-configuration.nix index 11c7597..6bb3bda 100644 --- a/server-configuration.nix +++ b/server-configuration.nix @@ -7,18 +7,23 @@ let ip = "192.168.1.177"; gateway = "192.168.1.1"; - driveMountPoint = "/srv/Multimedia"; username = "homelab"; in { imports = [ - ./features/authentik.nix - ./features/slskd.nix ./features/arr-suite.nix - ./features/samba-shares.nix + ./features/authentik.nix + ./features/calibre-web.nix ./features/containers.nix + ./features/freshrss.nix + ./features/grafana.nix ./features/homelab-dashboard.nix + ./features/samba-shares.nix + ./features/searx.nix + # ./features/synapse-matrix.nix + ./features/slskd.nix ./features/transmission.nix + ./features/uptime-kuma.nix ]; # setting up networking!! @@ -43,14 +48,23 @@ in enable = true; allowedTCPPorts = [ 22 - 5030 - 8080 - 9091 + 5030 # slskd + 8080 # searxng + 8083 # calibre-web + 8443 # crafty-controller + 9091 # transmission ]; allowedUDPPorts = [ ]; }; }; + #TODO: setup fail2ban + services.fail2ban = { + enable = true; + ignoreIP = [ "192.168.1.0/24" ]; + extraPackages = [ ]; + jails = { }; + }; users.groups.multimedia = { members = [ "slskd" @@ -59,6 +73,7 @@ in "sonarr" "transmission" "jellyfin" + "bazarr" username ]; }; @@ -70,11 +85,6 @@ in # define your secrets with # `nix-shell -p sops --run "sops ./secrets/yoursecret.env"` - sops.secrets."searx" = { - sopsFile = ./secrets/searx.env; - format = "dotenv"; - }; - environment.systemPackages = with pkgs; [ jellyfin jellyfin-web @@ -87,6 +97,7 @@ in jellyseerr homepage-dashboard slskd + bazarr ]; services.jellyfin = { @@ -94,38 +105,10 @@ in openFirewall = true; }; - # -arr suite - - services.searx = { - enable = true; - settings = { - server.secret_key = builtins.toJSON config.sops.secrets."searx"; - }; - }; - - services.calibre-web = { - enable = true; - openFirewall = true; - options = { - enableBookUploading = true; - }; - }; - services.caddy = { enable = true; - virtualHosts.":80".extraConfig = '' + virtualHosts."homelab.localhost".extraConfig = '' reverse_proxy :8082 ''; - }; - - /* - services.photoprism = { - enable = true; - settings = { - PHOTOPRISM_DEFAULT_LOCALE = "fr"; - }; - }; - */ - }