mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2025-12-06 09:07:21 +01:00
chore: general cleanup
This commit is contained in:
Leon Schwarzäugl
parent
266ad63ceb
commit
b69ff8e50d
GPG key ID:
26A54C31F2A4FD84
14 changed files with 709 additions and 548 deletions
|
|
@ -1623,16 +1623,6 @@ This machine mainly acts as an external sync helper. It manages the following th
|
||||||
devices = [ "winters" "magicant" "${workHostName}" ];
|
devices = [ "winters" "magicant" "${workHostName}" ];
|
||||||
id = "hgp9s-fyq3p";
|
id = "hgp9s-fyq3p";
|
||||||
};
|
};
|
||||||
".elfeed" = {
|
|
||||||
path = "/sync/elfeed";
|
|
||||||
type = "receiveonly";
|
|
||||||
versioning = {
|
|
||||||
type = "simple";
|
|
||||||
params.keep = "5";
|
|
||||||
};
|
|
||||||
devices = [ "winters" ];
|
|
||||||
id = "h7xbs-fs9v1";
|
|
||||||
};
|
|
||||||
"Documents" = {
|
"Documents" = {
|
||||||
path = "/sync/Documents";
|
path = "/sync/Documents";
|
||||||
type = "receiveonly";
|
type = "receiveonly";
|
||||||
|
|
@ -4685,6 +4675,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
|
||||||
navidrome = lib.mkDefault true;
|
navidrome = lib.mkDefault true;
|
||||||
spotifyd = lib.mkDefault true;
|
spotifyd = lib.mkDefault true;
|
||||||
mpd = lib.mkDefault true;
|
mpd = lib.mkDefault true;
|
||||||
|
postgresql = lib.mkDefault true;
|
||||||
matrix = lib.mkDefault true;
|
matrix = lib.mkDefault true;
|
||||||
nextcloud = lib.mkDefault true;
|
nextcloud = lib.mkDefault true;
|
||||||
immich = lib.mkDefault true;
|
immich = lib.mkDefault true;
|
||||||
|
|
@ -7722,8 +7713,6 @@ Here we just define some aliases for rebuilding the system, and we allow some in
|
||||||
lego
|
lego
|
||||||
];
|
];
|
||||||
|
|
||||||
# users.users.acme = {};
|
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
# secrets.dnstokenfull = { owner = "acme"; };
|
# secrets.dnstokenfull = { owner = "acme"; };
|
||||||
secrets.dnstokenfull = { };
|
secrets.dnstokenfull = { };
|
||||||
|
|
@ -7836,6 +7825,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
|
||||||
user = serviceUser;
|
user = serviceUser;
|
||||||
settings.Port = servicePort;
|
settings.Port = servicePort;
|
||||||
tokenKeyFile = config.sops.secrets.kavita.path;
|
tokenKeyFile = config.sops.secrets.kavita.path;
|
||||||
|
dataDir = "/Vault/data/kavita";
|
||||||
};
|
};
|
||||||
|
|
||||||
nodes.moonside.services.nginx = {
|
nodes.moonside.services.nginx = {
|
||||||
|
|
@ -7960,7 +7950,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
groups = {
|
groups = {
|
||||||
"$(serviceGroup}" = {
|
"${serviceGroup}" = {
|
||||||
gid = 61593;
|
gid = 61593;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -7990,6 +7980,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
|
||||||
Port = servicePort;
|
Port = servicePort;
|
||||||
MusicFolder = "/Vault/Eternor/Music";
|
MusicFolder = "/Vault/Eternor/Music";
|
||||||
PlaylistsPath = "./Playlists";
|
PlaylistsPath = "./Playlists";
|
||||||
|
AutoImportPlaylists = false;
|
||||||
EnableSharing = true;
|
EnableSharing = true;
|
||||||
EnableTranscodingConfig = true;
|
EnableTranscodingConfig = true;
|
||||||
Scanner.GroupAlbumReleases = true;
|
Scanner.GroupAlbumReleases = true;
|
||||||
|
|
@ -8016,6 +8007,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
|
||||||
};
|
};
|
||||||
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
|
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
|
||||||
UIWelcomeMessage = "~SwarselSound~";
|
UIWelcomeMessage = "~SwarselSound~";
|
||||||
|
EnableInsightsCollector = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -8218,13 +8210,35 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
|
||||||
}
|
}
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
|
**** postgresql
|
||||||
|
|
||||||
|
#+begin_src nix :tangle modules/nixos/server/postgresql.nix
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
serviceName = "postgresql";
|
||||||
|
postgresVersion = 14;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
|
||||||
|
config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
|
||||||
|
services = {
|
||||||
|
postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs."postgresql_${builtins.toString postgresVersion}";
|
||||||
|
dataDir = "/Vault/data/postgresql/${builtins.toString postgresVersion}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
#+end_src
|
||||||
|
|
||||||
**** matrix
|
**** matrix
|
||||||
:PROPERTIES:
|
:PROPERTIES:
|
||||||
:CUSTOM_ID: h:1e68d84a-8f99-422f-89ac-78f664ac0013
|
:CUSTOM_ID: h:1e68d84a-8f99-422f-89ac-78f664ac0013
|
||||||
:END:
|
:END:
|
||||||
|
|
||||||
#+begin_src nix :tangle modules/nixos/server/matrix.nix
|
#+begin_src nix :tangle modules/nixos/server/matrix.nix
|
||||||
{ config, lib, pkgs, sops, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
matrixDomain = "swatrix.swarsel.win";
|
matrixDomain = "swatrix.swarsel.win";
|
||||||
serviceName = "matrix";
|
serviceName = "matrix";
|
||||||
|
|
@ -8342,12 +8356,16 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
|
||||||
|
|
||||||
matrix-synapse = {
|
matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
dataDir = "/Vault/data/matrix-synapse";
|
||||||
settings = {
|
settings = {
|
||||||
app_service_config_files = [
|
app_service_config_files = let
|
||||||
"/var/lib/matrix-synapse/telegram-registration.yaml"
|
inherit (config.services.matrix-synapse) dataDir;
|
||||||
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
|
in
|
||||||
"/var/lib/matrix-synapse/signal-registration.yaml"
|
[
|
||||||
"/var/lib/matrix-synapse/doublepuppet.yaml"
|
"${dataDir}/telegram-registration.yaml"
|
||||||
|
"${dataDir}/whatsapp-registration.yaml"
|
||||||
|
"${dataDir}/signal-registration.yaml"
|
||||||
|
"${dataDir}/doublepuppet.yaml"
|
||||||
];
|
];
|
||||||
server_name = matrixDomain;
|
server_name = matrixDomain;
|
||||||
public_baseurl = "https://${matrixDomain}";
|
public_baseurl = "https://${matrixDomain}";
|
||||||
|
|
@ -8602,7 +8620,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
|
||||||
};
|
};
|
||||||
package = pkgs.nextcloud31;
|
package = pkgs.nextcloud31;
|
||||||
hostName = serviceDomain;
|
hostName = serviceDomain;
|
||||||
home = "/Vault/apps/nextcloud";
|
home = "/Vault/data/nextcloud";
|
||||||
datadir = "/Vault/data/nextcloud";
|
datadir = "/Vault/data/nextcloud";
|
||||||
https = true;
|
https = true;
|
||||||
configureRedis = true;
|
configureRedis = true;
|
||||||
|
|
@ -8672,7 +8690,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
|
||||||
host = "0.0.0.0";
|
host = "0.0.0.0";
|
||||||
port = servicePort;
|
port = servicePort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
mediaLocation = "/Vault/Eternor/Immich";
|
mediaLocation = "/Vault/Eternor/Immich"; # dataDir
|
||||||
environment = {
|
environment = {
|
||||||
IMMICH_MACHINE_LEARNING_URL = lib.mkForce "http://localhost:3003";
|
IMMICH_MACHINE_LEARNING_URL = lib.mkForce "http://localhost:3003";
|
||||||
};
|
};
|
||||||
|
|
@ -8866,6 +8884,21 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
|
||||||
{ self, pkgs, lib, config, ... }:
|
{ self, pkgs, lib, config, ... }:
|
||||||
let
|
let
|
||||||
serviceDomain = "store.swarsel.win";
|
serviceDomain = "store.swarsel.win";
|
||||||
|
lidarrUser = "lidarr";
|
||||||
|
lidarrGroup = lidarrUser;
|
||||||
|
lidarrPort = 8686;
|
||||||
|
radarrUser = "radarr";
|
||||||
|
radarrGroup = radarrUser;
|
||||||
|
radarrPort = 7878;
|
||||||
|
sonarrUser = "sonarr";
|
||||||
|
sonarrGroup = sonarrUser;
|
||||||
|
sonarrPort = 8989;
|
||||||
|
readarrUser = "readarr";
|
||||||
|
readarrGroup = readarrUser;
|
||||||
|
readarrPort = 8787;
|
||||||
|
prowlarrUser = "prowlarr";
|
||||||
|
prowlarrGroup = prowlarrUser;
|
||||||
|
prowlarrPort = 9696;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.swarselsystems.modules.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
|
options.swarselsystems.modules.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
|
||||||
|
|
@ -8877,11 +8910,11 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
|
||||||
dockeruser = {
|
dockeruser = {
|
||||||
gid = 1155;
|
gid = 1155;
|
||||||
};
|
};
|
||||||
radarr = { };
|
"${radarrGroup}" = { };
|
||||||
readarr = { };
|
"${readarrGroup}" = { };
|
||||||
sonarr = { };
|
"${sonarrGroup}" = { };
|
||||||
lidarr = { };
|
"${lidarrGroup}" = { };
|
||||||
prowlarr = { };
|
"${prowlarrGroup}" = { };
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
dockeruser = {
|
dockeruser = {
|
||||||
|
|
@ -8890,29 +8923,29 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
|
||||||
group = "docker";
|
group = "docker";
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
radarr = {
|
"${radarrUser}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "radarr";
|
group = radarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
readarr = {
|
"${readarrGroup}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "readarr";
|
group = readarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
sonarr = {
|
"${sonarrGroup}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "sonarr";
|
group = sonarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
lidarr = {
|
"${lidarrUser}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "lidarr";
|
group = lidarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
prowlarr = {
|
"${prowlarrGroup}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "prowlarr";
|
group = prowlarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -8938,32 +8971,45 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
|
||||||
services = {
|
services = {
|
||||||
radarr = {
|
radarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
user = radarrUser;
|
||||||
|
group = radarrGroup;
|
||||||
|
settings.server.port = radarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
dataDir = "/Vault/apps/radarr";
|
dataDir = "/Vault/data/radarr";
|
||||||
};
|
};
|
||||||
readarr = {
|
readarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
user = readarrUser;
|
||||||
|
group = readarrGroup;
|
||||||
|
settings.server.port = readarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
dataDir = "/Vault/apps/readarr";
|
dataDir = "/Vault/data/readarr";
|
||||||
};
|
};
|
||||||
sonarr = {
|
sonarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
user = sonarrUser;
|
||||||
|
group = sonarrGroup;
|
||||||
|
settings.server.port = sonarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
dataDir = "/Vault/apps/sonarr";
|
dataDir = "/Vault/data/sonarr";
|
||||||
};
|
};
|
||||||
lidarr = {
|
lidarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
user = lidarrUser;
|
||||||
|
group = lidarrGroup;
|
||||||
|
settings.server.port = lidarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
dataDir = "/Vault/apps/lidarr";
|
dataDir = "/Vault/data/lidarr";
|
||||||
};
|
};
|
||||||
prowlarr = {
|
prowlarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
settings.server.port = prowlarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"store.swarsel.win" = {
|
"${serviceDomain}" = {
|
||||||
enableACME = false;
|
enableACME = false;
|
||||||
forceSSL = false;
|
forceSSL = false;
|
||||||
acmeRoot = null;
|
acmeRoot = null;
|
||||||
|
|
@ -8975,31 +9021,31 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/radarr" = {
|
"/radarr" = {
|
||||||
proxyPass = "http://localhost:7878";
|
proxyPass = "http://localhost:${builtins.toString radarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/readarr" = {
|
"/readarr" = {
|
||||||
proxyPass = "http://localhost:8787";
|
proxyPass = "http://localhost:${builtins.toString readarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/sonarr" = {
|
"/sonarr" = {
|
||||||
proxyPass = "http://localhost:8989";
|
proxyPass = "http://localhost:${builtins.toString sonarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/lidarr" = {
|
"/lidarr" = {
|
||||||
proxyPass = "http://localhost:8686";
|
proxyPass = "http://localhost:${builtins.toString lidarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/prowlarr" = {
|
"/prowlarr" = {
|
||||||
proxyPass = "http://localhost:9696";
|
proxyPass = "http://localhost:${builtins.toString prowlarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
|
|
@ -9048,7 +9094,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
|
||||||
user = serviceUser;
|
user = serviceUser;
|
||||||
group = serviceGroup;
|
group = serviceGroup;
|
||||||
dataDir = "/Vault/data/syncthing";
|
dataDir = "/Vault/data/syncthing";
|
||||||
configDir = "/Vault/apps/syncthing";
|
configDir = "/Vault/data/syncthing/.config/syncthing";
|
||||||
guiAddress = "0.0.0.0:${builtins.toString servicePort}";
|
guiAddress = "0.0.0.0:${builtins.toString servicePort}";
|
||||||
openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery
|
openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery
|
||||||
relay.enable = false;
|
relay.enable = false;
|
||||||
|
|
@ -9106,16 +9152,16 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
|
||||||
devices = [ "sync (@oracle)" "magicant" "${workHostName}" "moonside (@oracle)" ];
|
devices = [ "sync (@oracle)" "magicant" "${workHostName}" "moonside (@oracle)" ];
|
||||||
id = "hgp9s-fyq3p";
|
id = "hgp9s-fyq3p";
|
||||||
};
|
};
|
||||||
"Documents" = {
|
# "Documents" = {
|
||||||
path = "/Vault/data/syncthing/Documents";
|
# path = "/Vault/data/syncthing/Documents";
|
||||||
type = "receiveonly";
|
# type = "receiveonly";
|
||||||
versioning = {
|
# versioning = {
|
||||||
type = "simple";
|
# type = "simple";
|
||||||
params.keep = "5";
|
# params.keep = "5";
|
||||||
};
|
# };
|
||||||
devices = [ "magicant" "${workHostName}" "moonside (@oracle)" ];
|
# devices = [ "magicant" "${workHostName}" "moonside (@oracle)" ];
|
||||||
id = "hgr3d-pfu3w";
|
# id = "hgr3d-pfu3w";
|
||||||
};
|
# };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -9188,7 +9234,6 @@ This manages backups for my pictures and obsidian files.
|
||||||
"/Vault/Eternor/Paperless"
|
"/Vault/Eternor/Paperless"
|
||||||
"/Vault/Eternor/Bilder"
|
"/Vault/Eternor/Bilder"
|
||||||
"/Vault/Eternor/Immich"
|
"/Vault/Eternor/Immich"
|
||||||
"/Vault/familymedia"
|
|
||||||
];
|
];
|
||||||
pruneOpts = [
|
pruneOpts = [
|
||||||
"--keep-daily 3"
|
"--keep-daily 3"
|
||||||
|
|
|
||||||
|
|
@ -167,16 +167,6 @@ in
|
||||||
devices = [ "winters" "magicant" "${workHostName}" ];
|
devices = [ "winters" "magicant" "${workHostName}" ];
|
||||||
id = "hgp9s-fyq3p";
|
id = "hgp9s-fyq3p";
|
||||||
};
|
};
|
||||||
".elfeed" = {
|
|
||||||
path = "/sync/elfeed";
|
|
||||||
type = "receiveonly";
|
|
||||||
versioning = {
|
|
||||||
type = "simple";
|
|
||||||
params.keep = "5";
|
|
||||||
};
|
|
||||||
devices = [ "winters" ];
|
|
||||||
id = "h7xbs-fs9v1";
|
|
||||||
};
|
|
||||||
"Documents" = {
|
"Documents" = {
|
||||||
path = "/sync/Documents";
|
path = "/sync/Documents";
|
||||||
type = "receiveonly";
|
type = "receiveonly";
|
||||||
|
|
|
||||||
919
index.html
919
index.html
File diff suppressed because it is too large
Load diff
|
|
@ -20,7 +20,7 @@ in
|
||||||
host = "0.0.0.0";
|
host = "0.0.0.0";
|
||||||
port = servicePort;
|
port = servicePort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
mediaLocation = "/Vault/Eternor/Immich";
|
mediaLocation = "/Vault/Eternor/Immich"; # dataDir
|
||||||
environment = {
|
environment = {
|
||||||
IMMICH_MACHINE_LEARNING_URL = lib.mkForce "http://localhost:3003";
|
IMMICH_MACHINE_LEARNING_URL = lib.mkForce "http://localhost:3003";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,7 @@ in
|
||||||
user = serviceUser;
|
user = serviceUser;
|
||||||
settings.Port = servicePort;
|
settings.Port = servicePort;
|
||||||
tokenKeyFile = config.sops.secrets.kavita.path;
|
tokenKeyFile = config.sops.secrets.kavita.path;
|
||||||
|
dataDir = "/Vault/data/kavita";
|
||||||
};
|
};
|
||||||
|
|
||||||
nodes.moonside.services.nginx = {
|
nodes.moonside.services.nginx = {
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, sops, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
matrixDomain = "swatrix.swarsel.win";
|
matrixDomain = "swatrix.swarsel.win";
|
||||||
serviceName = "matrix";
|
serviceName = "matrix";
|
||||||
|
|
@ -116,12 +116,17 @@ in
|
||||||
|
|
||||||
matrix-synapse = {
|
matrix-synapse = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
dataDir = "/Vault/data/matrix-synapse";
|
||||||
settings = {
|
settings = {
|
||||||
app_service_config_files = [
|
app_service_config_files =
|
||||||
"/var/lib/matrix-synapse/telegram-registration.yaml"
|
let
|
||||||
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
|
inherit (config.services.matrix-synapse) dataDir;
|
||||||
"/var/lib/matrix-synapse/signal-registration.yaml"
|
in
|
||||||
"/var/lib/matrix-synapse/doublepuppet.yaml"
|
[
|
||||||
|
"${dataDir}/telegram-registration.yaml"
|
||||||
|
"${dataDir}/whatsapp-registration.yaml"
|
||||||
|
"${dataDir}/signal-registration.yaml"
|
||||||
|
"${dataDir}/doublepuppet.yaml"
|
||||||
];
|
];
|
||||||
server_name = matrixDomain;
|
server_name = matrixDomain;
|
||||||
public_baseurl = "https://${matrixDomain}";
|
public_baseurl = "https://${matrixDomain}";
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ in
|
||||||
|
|
||||||
users = {
|
users = {
|
||||||
groups = {
|
groups = {
|
||||||
"$(serviceGroup}" = {
|
"${serviceGroup}" = {
|
||||||
gid = 61593;
|
gid = 61593;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -47,6 +47,7 @@ in
|
||||||
Port = servicePort;
|
Port = servicePort;
|
||||||
MusicFolder = "/Vault/Eternor/Music";
|
MusicFolder = "/Vault/Eternor/Music";
|
||||||
PlaylistsPath = "./Playlists";
|
PlaylistsPath = "./Playlists";
|
||||||
|
AutoImportPlaylists = false;
|
||||||
EnableSharing = true;
|
EnableSharing = true;
|
||||||
EnableTranscodingConfig = true;
|
EnableTranscodingConfig = true;
|
||||||
Scanner.GroupAlbumReleases = true;
|
Scanner.GroupAlbumReleases = true;
|
||||||
|
|
@ -73,6 +74,7 @@ in
|
||||||
};
|
};
|
||||||
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
|
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
|
||||||
UIWelcomeMessage = "~SwarselSound~";
|
UIWelcomeMessage = "~SwarselSound~";
|
||||||
|
EnableInsightsCollector = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@ in
|
||||||
};
|
};
|
||||||
package = pkgs.nextcloud31;
|
package = pkgs.nextcloud31;
|
||||||
hostName = serviceDomain;
|
hostName = serviceDomain;
|
||||||
home = "/Vault/apps/nextcloud";
|
home = "/Vault/data/nextcloud";
|
||||||
datadir = "/Vault/data/nextcloud";
|
datadir = "/Vault/data/nextcloud";
|
||||||
https = true;
|
https = true;
|
||||||
configureRedis = true;
|
configureRedis = true;
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,6 @@
|
||||||
lego
|
lego
|
||||||
];
|
];
|
||||||
|
|
||||||
# users.users.acme = {};
|
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
# secrets.dnstokenfull = { owner = "acme"; };
|
# secrets.dnstokenfull = { owner = "acme"; };
|
||||||
secrets.dnstokenfull = { };
|
secrets.dnstokenfull = { };
|
||||||
|
|
|
||||||
17
modules/nixos/server/postgresql.nix
Normal file
17
modules/nixos/server/postgresql.nix
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
serviceName = "postgresql";
|
||||||
|
postgresVersion = 14;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
|
||||||
|
config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
|
||||||
|
services = {
|
||||||
|
postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs."postgresql_${builtins.toString postgresVersion}";
|
||||||
|
dataDir = "/Vault/data/postgresql/${builtins.toString postgresVersion}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -30,7 +30,6 @@ in
|
||||||
"/Vault/Eternor/Paperless"
|
"/Vault/Eternor/Paperless"
|
||||||
"/Vault/Eternor/Bilder"
|
"/Vault/Eternor/Bilder"
|
||||||
"/Vault/Eternor/Immich"
|
"/Vault/Eternor/Immich"
|
||||||
"/Vault/familymedia"
|
|
||||||
];
|
];
|
||||||
pruneOpts = [
|
pruneOpts = [
|
||||||
"--keep-daily 3"
|
"--keep-daily 3"
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ in
|
||||||
user = serviceUser;
|
user = serviceUser;
|
||||||
group = serviceGroup;
|
group = serviceGroup;
|
||||||
dataDir = "/Vault/data/syncthing";
|
dataDir = "/Vault/data/syncthing";
|
||||||
configDir = "/Vault/apps/syncthing";
|
configDir = "/Vault/data/syncthing/.config/syncthing";
|
||||||
guiAddress = "0.0.0.0:${builtins.toString servicePort}";
|
guiAddress = "0.0.0.0:${builtins.toString servicePort}";
|
||||||
openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery
|
openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery
|
||||||
relay.enable = false;
|
relay.enable = false;
|
||||||
|
|
@ -84,16 +84,16 @@ in
|
||||||
devices = [ "sync (@oracle)" "magicant" "${workHostName}" "moonside (@oracle)" ];
|
devices = [ "sync (@oracle)" "magicant" "${workHostName}" "moonside (@oracle)" ];
|
||||||
id = "hgp9s-fyq3p";
|
id = "hgp9s-fyq3p";
|
||||||
};
|
};
|
||||||
"Documents" = {
|
# "Documents" = {
|
||||||
path = "/Vault/data/syncthing/Documents";
|
# path = "/Vault/data/syncthing/Documents";
|
||||||
type = "receiveonly";
|
# type = "receiveonly";
|
||||||
versioning = {
|
# versioning = {
|
||||||
type = "simple";
|
# type = "simple";
|
||||||
params.keep = "5";
|
# params.keep = "5";
|
||||||
};
|
# };
|
||||||
devices = [ "magicant" "${workHostName}" "moonside (@oracle)" ];
|
# devices = [ "magicant" "${workHostName}" "moonside (@oracle)" ];
|
||||||
id = "hgr3d-pfu3w";
|
# id = "hgr3d-pfu3w";
|
||||||
};
|
# };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,21 @@
|
||||||
{ self, pkgs, lib, config, ... }:
|
{ self, pkgs, lib, config, ... }:
|
||||||
let
|
let
|
||||||
serviceDomain = "store.swarsel.win";
|
serviceDomain = "store.swarsel.win";
|
||||||
|
lidarrUser = "lidarr";
|
||||||
|
lidarrGroup = lidarrUser;
|
||||||
|
lidarrPort = 8686;
|
||||||
|
radarrUser = "radarr";
|
||||||
|
radarrGroup = radarrUser;
|
||||||
|
radarrPort = 7878;
|
||||||
|
sonarrUser = "sonarr";
|
||||||
|
sonarrGroup = sonarrUser;
|
||||||
|
sonarrPort = 8989;
|
||||||
|
readarrUser = "readarr";
|
||||||
|
readarrGroup = readarrUser;
|
||||||
|
readarrPort = 8787;
|
||||||
|
prowlarrUser = "prowlarr";
|
||||||
|
prowlarrGroup = prowlarrUser;
|
||||||
|
prowlarrPort = 9696;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.swarselsystems.modules.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
|
options.swarselsystems.modules.server.transmission = lib.mkEnableOption "enable transmission and friends on server";
|
||||||
|
|
@ -12,11 +27,11 @@ in
|
||||||
dockeruser = {
|
dockeruser = {
|
||||||
gid = 1155;
|
gid = 1155;
|
||||||
};
|
};
|
||||||
radarr = { };
|
"${radarrGroup}" = { };
|
||||||
readarr = { };
|
"${readarrGroup}" = { };
|
||||||
sonarr = { };
|
"${sonarrGroup}" = { };
|
||||||
lidarr = { };
|
"${lidarrGroup}" = { };
|
||||||
prowlarr = { };
|
"${prowlarrGroup}" = { };
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
dockeruser = {
|
dockeruser = {
|
||||||
|
|
@ -25,29 +40,29 @@ in
|
||||||
group = "docker";
|
group = "docker";
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
radarr = {
|
"${radarrUser}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "radarr";
|
group = radarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
readarr = {
|
"${readarrGroup}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "readarr";
|
group = readarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
sonarr = {
|
"${sonarrGroup}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "sonarr";
|
group = sonarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
lidarr = {
|
"${lidarrUser}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "lidarr";
|
group = lidarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
prowlarr = {
|
"${prowlarrGroup}" = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
group = "prowlarr";
|
group = prowlarrGroup;
|
||||||
extraGroups = [ "users" ];
|
extraGroups = [ "users" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -73,32 +88,45 @@ in
|
||||||
services = {
|
services = {
|
||||||
radarr = {
|
radarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
user = radarrUser;
|
||||||
|
group = radarrGroup;
|
||||||
|
settings.server.port = radarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
dataDir = "/Vault/apps/radarr";
|
dataDir = "/Vault/data/radarr";
|
||||||
};
|
};
|
||||||
readarr = {
|
readarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
user = readarrUser;
|
||||||
|
group = readarrGroup;
|
||||||
|
settings.server.port = readarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
dataDir = "/Vault/apps/readarr";
|
dataDir = "/Vault/data/readarr";
|
||||||
};
|
};
|
||||||
sonarr = {
|
sonarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
user = sonarrUser;
|
||||||
|
group = sonarrGroup;
|
||||||
|
settings.server.port = sonarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
dataDir = "/Vault/apps/sonarr";
|
dataDir = "/Vault/data/sonarr";
|
||||||
};
|
};
|
||||||
lidarr = {
|
lidarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
user = lidarrUser;
|
||||||
|
group = lidarrGroup;
|
||||||
|
settings.server.port = lidarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
dataDir = "/Vault/apps/lidarr";
|
dataDir = "/Vault/data/lidarr";
|
||||||
};
|
};
|
||||||
prowlarr = {
|
prowlarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
settings.server.port = prowlarrPort;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nginx = {
|
nginx = {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"store.swarsel.win" = {
|
"${serviceDomain}" = {
|
||||||
enableACME = false;
|
enableACME = false;
|
||||||
forceSSL = false;
|
forceSSL = false;
|
||||||
acmeRoot = null;
|
acmeRoot = null;
|
||||||
|
|
@ -110,31 +138,31 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/radarr" = {
|
"/radarr" = {
|
||||||
proxyPass = "http://localhost:7878";
|
proxyPass = "http://localhost:${builtins.toString radarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/readarr" = {
|
"/readarr" = {
|
||||||
proxyPass = "http://localhost:8787";
|
proxyPass = "http://localhost:${builtins.toString readarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/sonarr" = {
|
"/sonarr" = {
|
||||||
proxyPass = "http://localhost:8989";
|
proxyPass = "http://localhost:${builtins.toString sonarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/lidarr" = {
|
"/lidarr" = {
|
||||||
proxyPass = "http://localhost:8686";
|
proxyPass = "http://localhost:${builtins.toString lidarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"/prowlarr" = {
|
"/prowlarr" = {
|
||||||
proxyPass = "http://localhost:9696";
|
proxyPass = "http://localhost:${builtins.toString prowlarrPort}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
'';
|
'';
|
||||||
|
|
|
||||||
|
|
@ -24,6 +24,7 @@
|
||||||
navidrome = lib.mkDefault true;
|
navidrome = lib.mkDefault true;
|
||||||
spotifyd = lib.mkDefault true;
|
spotifyd = lib.mkDefault true;
|
||||||
mpd = lib.mkDefault true;
|
mpd = lib.mkDefault true;
|
||||||
|
postgresql = lib.mkDefault true;
|
||||||
matrix = lib.mkDefault true;
|
matrix = lib.mkDefault true;
|
||||||
nextcloud = lib.mkDefault true;
|
nextcloud = lib.mkDefault true;
|
||||||
immich = lib.mkDefault true;
|
immich = lib.mkDefault true;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue