Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

made services in defiant configurable

Browse source
This commit is contained in:
Leyla Becker 2024-09-21 12:52:44 -05:00
parent a0e047db97
commit e3990cb6d2
3 changed files with 157 additions and 120 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -38,8 +38,6 @@ set up git configuration for local development: `git config --local include.path
## Tech Debt
- allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???)
- move services from defiant into own flake
- made base domain in nas services configurable
- vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too)
- server service system users should also be on local systems for file permission reasons
## New Features

271
enviroments/server/default.nix
View file

@ -1,4 +1,5 @@
{
lib,
config,
pkgs,
...
@ -7,138 +8,172 @@
../common
];
users = {
groups = {
jellyfin_media = {
members = ["jellyfin" "leyla" "ester" "eve"];
options = {
domains = {
base_domain = lib.mkOption { type = lib.types.str; };
headscale = {
subdomain = lib.mkOption {
type = lib.types.str;
description = "subdomain of base domain that headscale will be hosted at";
default = "headscale";
};
};
jellyfin = {
members = ["jellyfin" "leyla"];
subdomain = lib.mkOption {
type = lib.types.str;
description = "subdomain of base domain that jellyfin will be hosted at";
default = "jellyfin";
};
hostname = lib.mkOption {
type = lib.types.str;
description = "hosname that jellyfin will be hosted at";
default = "${config.domains.jellyfin.subdomain}.${config.domains.base_domain}";
};
};
# forgejo = {
# members = ["forgejo" "leyla"];
# };
};
users = {
jellyfin = {
uid = 2000;
group = "jellyfin";
isSystemUser = true;
forgejo = {
subdomain = lib.mkOption {
type = lib.types.str;
description = "subdomain of base domain that foregjo will be hosted at";
default = "forgejo";
};
hostname = lib.mkOption {
type = lib.types.str;
description = "hosname that forgejo will be hosted at";
default = "${config.domains.forgejo.subdomain}.${config.domains.base_domain}";
};
};
# forgejo = {
# uid = 2001;
# group = "forgejo";
# isSystemUser = true;
# };
};
};
systemd.tmpfiles.rules = [
"d /home/jellyfin 755 jellyfin jellyfin -"
"d /home/jellyfin/media 775 jellyfin jellyfin_media -"
"d /home/jellyfin/config 750 jellyfin jellyfin -"
"d /home/jellyfin/cache 755 jellyfin jellyfin_media -"
# "d /home/forgejo 750 forgejo forgejo -"
# "d /home/forgejo/data 750 forgejo forgejo -"
];
config = {
users = {
groups = {
jellyfin_media = {
members = ["jellyfin" "leyla" "ester" "eve"];
};
services = let
jellyfinDomain = "jellyfin.jan-leila.com";
headscaleDomain = "headscale.jan-leila.com";
# forgejoDomain = "forgejo.jan-leila.com";
in {
nfs.server = {
enable = true;
exports = ''
/home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
/home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
/home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
/home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
'';
};
jellyfin = {
members = ["jellyfin" "leyla"];
};
headscale = {
enable = true;
address = "0.0.0.0";
port = 8080;
settings = {
server_url = "https://${headscaleDomain}";
dns_config.base_domain = "jan-leila.com";
logtail.enabled = false;
# forgejo = {
# members = ["forgejo" "leyla"];
# };
};
};
jellyfin = {
enable = true;
user = "jellyfin";
group = "jellyfin";
dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config
cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache
openFirewall = false;
};
# TODO: figure out what needs to be here
# forgejo = {
# enable = true;
# database.type = "postgres";
# lfs.enable = true;
# settings = {
# server = {
# DOMAIN = forgejoDomain;
# HTTP_PORT = 8081;
# };
# service.DISABLE_REGISTRATION = true;
# };
# };
nginx = {
enable = false; # TODO: enable this when you want to test all the configs
virtualHosts = {
${headscaleDomain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
users = {
jellyfin = {
uid = 2000;
group = "jellyfin";
isSystemUser = true;
};
${jellyfinDomain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:8096";
};
# ${forgejoDomain} = {
# forceSSL = true;
# enableACME = true;
# locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
# forgejo = {
# uid = 2001;
# group = "forgejo";
# isSystemUser = true;
# };
};
};
systemd.tmpfiles.rules = [
"d /home/jellyfin 755 jellyfin jellyfin -"
"d /home/jellyfin/media 775 jellyfin jellyfin_media -"
"d /home/jellyfin/config 750 jellyfin jellyfin -"
"d /home/jellyfin/cache 755 jellyfin jellyfin_media -"
# "d /home/forgejo 750 forgejo forgejo -"
# "d /home/forgejo/data 750 forgejo forgejo -"
];
services = {
nfs.server = {
enable = true;
exports = ''
/home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
/home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
/home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
/home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
'';
};
headscale = {
enable = true;
address = "0.0.0.0";
port = 8080;
settings = {
server_url = "${config.domains.headscale.subdomain}.${config.domains.base_domain}";
dns_config.base_domain = config.domains.base_domain;
logtail.enabled = false;
};
};
jellyfin = {
enable = true;
user = "jellyfin";
group = "jellyfin";
dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config
cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache
};
# TODO: figure out what needs to be here
# forgejo = {
# enable = true;
# database.type = "postgres";
# lfs.enable = true;
# settings = {
# server = {
# DOMAIN = forgejoDomain;
# HTTP_PORT = 8081;
# };
# service.DISABLE_REGISTRATION = true;
# };
# };
nginx = {
enable = false; # TODO: enable this when you want to test all the configs
virtualHosts = {
${config.domains.headscale.hostname} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
${config.domains.jellyfin.hostname} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:8096";
};
# ${config.domains.forgejo.hostname} = {
# forceSSL = true;
# enableACME = true;
# locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
# };
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "jan-leila@protonmail.com";
};
# disable computer sleeping
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
networking.firewall.allowedTCPPorts = [2049];
environment.systemPackages = [
config.services.headscale.package
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
};
security.acme = {
acceptTerms = true;
defaults.email = "jan-leila@protonmail.com";
};
# disable computer sleeping
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
networking.firewall.allowedTCPPorts = [2049];
environment.systemPackages = [
config.services.headscale.package
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
}

4
hosts/defiant/configuration.nix
View file

@ -25,6 +25,10 @@
nixpkgs.config.allowUnfree = true;
domains = {
base_domain = "jan-leila.com";
};
services = {
zfs = {
autoScrub.enable = true;