diff --git a/README.md b/README.md index d6830d5..bb41e97 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,6 @@ set up git configuration for local development: `git config --local include.path ## Tech Debt - allowUnfree should be enabled user side not host side (this isn't enabled at all right now for some reason???) -- move services from defiant into own flake -- made base domain in nas services configurable - vscode extensions should be in own flake (make sure to add the nixpkgs.overlays in it too) - server service system users should also be on local systems for file permission reasons ## New Features diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix index 8b32992..f7f7e25 100644 --- a/enviroments/server/default.nix +++ b/enviroments/server/default.nix @@ -1,4 +1,5 @@ { + lib, config, pkgs, ... @@ -7,138 +8,172 @@ ../common ]; - users = { - groups = { - jellyfin_media = { - members = ["jellyfin" "leyla" "ester" "eve"]; + options = { + domains = { + base_domain = lib.mkOption { type = lib.types.str; }; + headscale = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that headscale will be hosted at"; + default = "headscale"; + }; }; - jellyfin = { - members = ["jellyfin" "leyla"]; + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that jellyfin will be hosted at"; + default = "jellyfin"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that jellyfin will be hosted at"; + default = "${config.domains.jellyfin.subdomain}.${config.domains.base_domain}"; + }; }; - - # forgejo = { - # members = ["forgejo" "leyla"]; - # }; - }; - - users = { - jellyfin = { - uid = 2000; - group = "jellyfin"; - isSystemUser = true; + forgejo = { + subdomain = lib.mkOption { + type = lib.types.str; + description = "subdomain of base domain that foregjo will be hosted at"; + default = "forgejo"; + }; + hostname = lib.mkOption { + type = lib.types.str; + description = "hosname that forgejo will be hosted at"; + default = "${config.domains.forgejo.subdomain}.${config.domains.base_domain}"; + }; }; - - # forgejo = { - # uid = 2001; - # group = "forgejo"; - # isSystemUser = true; - # }; }; }; - systemd.tmpfiles.rules = [ - "d /home/jellyfin 755 jellyfin jellyfin -" - "d /home/jellyfin/media 775 jellyfin jellyfin_media -" - "d /home/jellyfin/config 750 jellyfin jellyfin -" - "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" - # "d /home/forgejo 750 forgejo forgejo -" - # "d /home/forgejo/data 750 forgejo forgejo -" - ]; + config = { + users = { + groups = { + jellyfin_media = { + members = ["jellyfin" "leyla" "ester" "eve"]; + }; - services = let - jellyfinDomain = "jellyfin.jan-leila.com"; - headscaleDomain = "headscale.jan-leila.com"; - # forgejoDomain = "forgejo.jan-leila.com"; - in { - nfs.server = { - enable = true; - exports = '' - /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) - ''; - }; + jellyfin = { + members = ["jellyfin" "leyla"]; + }; - headscale = { - enable = true; - address = "0.0.0.0"; - port = 8080; - settings = { - server_url = "https://${headscaleDomain}"; - dns_config.base_domain = "jan-leila.com"; - logtail.enabled = false; + # forgejo = { + # members = ["forgejo" "leyla"]; + # }; }; - }; - jellyfin = { - enable = true; - user = "jellyfin"; - group = "jellyfin"; - dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config - cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache - openFirewall = false; - }; - - # TODO: figure out what needs to be here - # forgejo = { - # enable = true; - # database.type = "postgres"; - # lfs.enable = true; - # settings = { - # server = { - # DOMAIN = forgejoDomain; - # HTTP_PORT = 8081; - # }; - # service.DISABLE_REGISTRATION = true; - # }; - # }; - - nginx = { - enable = false; # TODO: enable this when you want to test all the configs - virtualHosts = { - ${headscaleDomain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; + users = { + jellyfin = { + uid = 2000; + group = "jellyfin"; + isSystemUser = true; }; - ${jellyfinDomain} = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:8096"; - }; - # ${forgejoDomain} = { - # forceSSL = true; - # enableACME = true; - # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + + # forgejo = { + # uid = 2001; + # group = "forgejo"; + # isSystemUser = true; # }; }; }; + + systemd.tmpfiles.rules = [ + "d /home/jellyfin 755 jellyfin jellyfin -" + "d /home/jellyfin/media 775 jellyfin jellyfin_media -" + "d /home/jellyfin/config 750 jellyfin jellyfin -" + "d /home/jellyfin/cache 755 jellyfin jellyfin_media -" + # "d /home/forgejo 750 forgejo forgejo -" + # "d /home/forgejo/data 750 forgejo forgejo -" + ]; + + services = { + nfs.server = { + enable = true; + exports = '' + /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/eve 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt) + ''; + }; + + headscale = { + enable = true; + address = "0.0.0.0"; + port = 8080; + settings = { + server_url = "${config.domains.headscale.subdomain}.${config.domains.base_domain}"; + dns_config.base_domain = config.domains.base_domain; + logtail.enabled = false; + }; + }; + + jellyfin = { + enable = true; + user = "jellyfin"; + group = "jellyfin"; + dataDir = "/home/jellyfin/config"; # location on existing server: /home/docker/jellyfin/config + cacheDir = "/home/jellyfin/cache"; # location on existing server: /home/docker/jellyfin/cache + }; + + # TODO: figure out what needs to be here + # forgejo = { + # enable = true; + # database.type = "postgres"; + # lfs.enable = true; + # settings = { + # server = { + # DOMAIN = forgejoDomain; + # HTTP_PORT = 8081; + # }; + # service.DISABLE_REGISTRATION = true; + # }; + # }; + + nginx = { + enable = false; # TODO: enable this when you want to test all the configs + virtualHosts = { + ${config.domains.headscale.hostname} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + ${config.domains.jellyfin.hostname} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:8096"; + }; + # ${config.domains.forgejo.hostname} = { + # forceSSL = true; + # enableACME = true; + # locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}"; + # }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "jan-leila@protonmail.com"; + }; + + # disable computer sleeping + systemd.targets = { + sleep.enable = false; + suspend.enable = false; + hibernate.enable = false; + hybrid-sleep.enable = false; + }; + + networking.firewall.allowedTCPPorts = [2049]; + + environment.systemPackages = [ + config.services.headscale.package + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; }; - - security.acme = { - acceptTerms = true; - defaults.email = "jan-leila@protonmail.com"; - }; - - # disable computer sleeping - systemd.targets = { - sleep.enable = false; - suspend.enable = false; - hibernate.enable = false; - hybrid-sleep.enable = false; - }; - - networking.firewall.allowedTCPPorts = [2049]; - - environment.systemPackages = [ - config.services.headscale.package - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - ]; } diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 42cf19f..1fd09eb 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -25,6 +25,10 @@ nixpkgs.config.allowUnfree = true; + domains = { + base_domain = "jan-leila.com"; + }; + services = { zfs = { autoScrub.enable = true;