made services in defiant configurable

2024-09-21 12:52:44 -05:00 · 2024-09-21 12:52:44 -05:00 · e3990cb6d2
commit e3990cb6d2
parent a0e047db97
3 changed files with 157 additions and 120 deletions
--- a/README.md
+++ b/README.md
@ -38,8 +38,6 @@ set up git configuration for local development: `git config --local include.path
 ## Tech Debt
 - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???)
 - move services from defiant into own flake
 - made base domain in nas services configurable
 - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too)
 - server service system users should also be on local systems for file permission reasons
 ## New Features
--- a/enviroments/server/default.nix
+++ b/enviroments/server/default.nix
@ -1,4 +1,5 @@
 {
  lib,
  config,
  pkgs,
  ...
@ -7,138 +8,172 @@
    ../common
  ];
-  users = {
+  options = {
-    groups = {
+    domains = {
-      jellyfin_media = {
+      base_domain = lib.mkOption { type = lib.types.str; };
-        members = ["jellyfin" "leyla" "ester" "eve"];
+      headscale = {
        subdomain = lib.mkOption {
          type = lib.types.str;
          description = "subdomain of base domain that headscale will be hosted at";
          default = "headscale";
        };
      };
      jellyfin = {
-        members = ["jellyfin" "leyla"];
+        subdomain = lib.mkOption {
          type = lib.types.str;
          description = "subdomain of base domain that jellyfin will be hosted at";
          default = "jellyfin";
        };
        hostname = lib.mkOption {
          type = lib.types.str;
          description = "hosname that jellyfin will be hosted at";
          default = "${config.domains.jellyfin.subdomain}.${config.domains.base_domain}";
        };
      };
-
+      forgejo = {
-      # forgejo = {
+        subdomain = lib.mkOption {
-      #   members = ["forgejo" "leyla"];
+          type = lib.types.str;
-      # };
+          description = "subdomain of base domain that foregjo will be hosted at";
-    };
+          default = "forgejo";
-
+        };
-    users = {
+        hostname = lib.mkOption {
-      jellyfin = {
+          type = lib.types.str;
-        uid = 2000;
+          description = "hosname that forgejo will be hosted at";
-        group = "jellyfin";
+          default = "${config.domains.forgejo.subdomain}.${config.domains.base_domain}";
-        isSystemUser = true;
+        };
      };
      # forgejo = {
      #   uid = 2001;
      #   group = "forgejo";
      #   isSystemUser = true;
      # };
    };
  };
-  systemd.tmpfiles.rules = [
+  config = {
-    "d /home/jellyfin 755 jellyfin jellyfin -"
+    users = {
-    "d /home/jellyfin/media 775 jellyfin jellyfin_media -"
+      groups = {
-    "d /home/jellyfin/config 750 jellyfin jellyfin -"
+        jellyfin_media = {
-    "d /home/jellyfin/cache 755 jellyfin jellyfin_media -"
+          members = ["jellyfin" "leyla" "ester" "eve"];
-    # "d /home/forgejo 750 forgejo forgejo -"
+        };
    # "d /home/forgejo/data 750 forgejo forgejo -"
  ];
-  services = let
+        jellyfin = {
-    jellyfinDomain = "jellyfin.jan-leila.com";
+          members = ["jellyfin" "leyla"];
-    headscaleDomain = "headscale.jan-leila.com";
+        };
    # forgejoDomain = "forgejo.jan-leila.com";
  in {
    nfs.server = {
      enable = true;
      exports = ''
        /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
        /home/eve   192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
        /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
        /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
      '';
    };
-    headscale = {
+        # forgejo = {
-      enable = true;
+        #   members = ["forgejo" "leyla"];
-      address = "0.0.0.0";
+        # };
      port = 8080;
      settings = {
        server_url = "https://${headscaleDomain}";
        dns_config.base_domain = "jan-leila.com";
        logtail.enabled = false;
      };
    };
-    jellyfin = {
+      users = {
-      enable = true;
+        jellyfin = {
-      user = "jellyfin";
+          uid = 2000;
-      group = "jellyfin";
+          group = "jellyfin";
-      dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config
+          isSystemUser = true;
      cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache
      openFirewall = false;
    };
    # TODO: figure out what needs to be here
    # forgejo = {
    #   enable = true;
    #   database.type = "postgres";
    #   lfs.enable = true;
    #   settings = {
    #     server = {
    #       DOMAIN = forgejoDomain;
    #       HTTP_PORT = 8081;
    #     };
    #     service.DISABLE_REGISTRATION = true;
    #   };
    # };
    nginx = {
      enable = false; # TODO: enable this when you want to test all the configs
      virtualHosts = {
        ${headscaleDomain} = {
          forceSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://localhost:${toString config.services.headscale.port}";
            proxyWebsockets = true;
          };
        };
-        ${jellyfinDomain} = {
+
-          forceSSL = true;
+        # forgejo = {
-          enableACME = true;
+        #   uid = 2001;
-          locations."/".proxyPass = "http://localhost:8096";
+        #   group = "forgejo";
-        };
+        #   isSystemUser = true;
        # ${forgejoDomain} = {
        #   forceSSL = true;
        #   enableACME = true;
        #   locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
        # };
      };
    };
    systemd.tmpfiles.rules = [
      "d /home/jellyfin 755 jellyfin jellyfin -"
      "d /home/jellyfin/media 775 jellyfin jellyfin_media -"
      "d /home/jellyfin/config 750 jellyfin jellyfin -"
      "d /home/jellyfin/cache 755 jellyfin jellyfin_media -"
      # "d /home/forgejo 750 forgejo forgejo -"
      # "d /home/forgejo/data 750 forgejo forgejo -"
    ];
    services = {
      nfs.server = {
        enable = true;
        exports = ''
          /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
          /home/eve   192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
          /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
          /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
        '';
      };
      headscale = {
        enable = true;
        address = "0.0.0.0";
        port = 8080;
        settings = {
          server_url = "${config.domains.headscale.subdomain}.${config.domains.base_domain}";
          dns_config.base_domain = config.domains.base_domain;
          logtail.enabled = false;
        };
      };
      jellyfin = {
        enable = true;
        user = "jellyfin";
        group = "jellyfin";
        dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config
        cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache
      };
      # TODO: figure out what needs to be here
      # forgejo = {
      #   enable = true;
      #   database.type = "postgres";
      #   lfs.enable = true;
      #   settings = {
      #     server = {
      #       DOMAIN = forgejoDomain;
      #       HTTP_PORT = 8081;
      #     };
      #     service.DISABLE_REGISTRATION = true;
      #   };
      # };
      nginx = {
        enable = false; # TODO: enable this when you want to test all the configs
        virtualHosts = {
          ${config.domains.headscale.hostname} = {
            forceSSL = true;
            enableACME = true;
            locations."/" = {
              proxyPass = "http://localhost:${toString config.services.headscale.port}";
              proxyWebsockets = true;
            };
          };
          ${config.domains.jellyfin.hostname} = {
            forceSSL = true;
            enableACME = true;
            locations."/".proxyPass = "http://localhost:8096";
          };
          # ${config.domains.forgejo.hostname} = {
          #   forceSSL = true;
          #   enableACME = true;
          #   locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
          # };
        };
      };
    };
    security.acme = {
      acceptTerms = true;
      defaults.email = "jan-leila@protonmail.com";
    };
    # disable computer sleeping
    systemd.targets = {
      sleep.enable = false;
      suspend.enable = false;
      hibernate.enable = false;
      hybrid-sleep.enable = false;
    };
    networking.firewall.allowedTCPPorts = [2049];
    environment.systemPackages = [
      config.services.headscale.package
      pkgs.jellyfin
      pkgs.jellyfin-web
      pkgs.jellyfin-ffmpeg
    ];
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "jan-leila@protonmail.com";
  };
  # disable computer sleeping
  systemd.targets = {
    sleep.enable = false;
    suspend.enable = false;
    hibernate.enable = false;
    hybrid-sleep.enable = false;
  };
  networking.firewall.allowedTCPPorts = [2049];
  environment.systemPackages = [
    config.services.headscale.package
    pkgs.jellyfin
    pkgs.jellyfin-web
    pkgs.jellyfin-ffmpeg
  ];
 }
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@ -25,6 +25,10 @@
  nixpkgs.config.allowUnfree = true;
  domains = {
    base_domain = "jan-leila.com";
  };
  services = {
    zfs = {
      autoScrub.enable = true;