fireproof/nixos
1
0
Fork 0
mirror of https://github.com/nickolaj-jepsen/nixos.git synced 2026-01-22 08:06:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: last bits of server setup

Browse source
This commit is contained in:
Nickolaj Jepsen 2025-04-23 00:02:00 +02:00
parent 9ef90f8dba
commit db85aeb044
12 changed files with 157 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

64
hosts/homelab/arr.nix Normal file
View file

@ -0,0 +1,64 @@
{
config,
username,
...
}: let
user = "media";
group = "media";
mkVirtualHost = port: {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
};
basicAuthFile = "${config.age.secrets.arr-basic-auth.path}";
};
in {
# for linux ISOs
age.secrets = {
arr-basic-auth = {
rekeyFile = ../../secrets/hosts/homelab/basic-auth.age;
owner = config.services.nginx.user;
inherit (config.services.nginx) group;
};
};
users.groups."${group}" = {
members = [username];
};
users.users."${user}" = {
inherit group;
isSystemUser = true;
};
services = {
nginx.virtualHosts = {
"radarr.nickolaj.com" = mkVirtualHost 7878;
"sonarr.nickolaj.com" = mkVirtualHost 8989;
"prowlarr.nickolaj.com" = mkVirtualHost 9696;
"sabnzbd.nickolaj.com" = mkVirtualHost 8080;
};
restic.backups.homelab.paths = [
"/var/lib/radarr"
"/var/lib/sonarr"
"/var/lib/prowlarr"
"/var/lib/sabnzbd"
];
sabnzbd = {
inherit user group;
enable = true;
};
radarr = {
inherit user group;
enable = true;
};
sonarr = {
inherit user group;
enable = true;
};
prowlarr.enable = true;
};
}

8
hosts/homelab/docker-compose-out.sh
View file

@ -1,8 +0,0 @@
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8dbebe22375a lscr.io/linuxserver/radarr:latest "/init" 13 hours ago Up 15 minutes 7878/tcp deployment-radarr-1
b445f1a00c58 lscr.io/linuxserver/prowlarr:latest "/init" 13 hours ago Up 15 minutes 9696/tcp deployment-prowlarr-1
8ae82963dbcc lscr.io/linuxserver/sonarr:latest "/init" 37 hours ago Up 15 minutes 8989/tcp deployment-sonarr-1
44e019b912ea ghcr.io/open-webui/open-webui:ollama "bash start.sh" 37 hours ago Up 15 minutes (healthy) 8080/tcp open-webui
65956cc9ab2b lscr.io/linuxserver/sabnzbd:latest "/init" 3 days ago Up 15 minutes 8080/tcp deployment-sabnzbd-1
bdddf0848dc3 lscr.io/linuxserver/bazarr:latest "/init" 4 days ago Up 15 minutes 6767/tcp deployment-bazarr-1
b1492d62fcb0 nextcloud:latest "/entrypoint.sh apac…" 9 days ago Up 15 minutes 80/tcp deployment-nextcloud-1

2
hosts/homelab/flame.nix
View file

@ -2,6 +2,8 @@ _: let
dataDir = "/var/lib/flame";
domain = "flame.nickolaj.com";
in {
services.restic.backups.homelab.paths = [dataDir];
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;

7
hosts/homelab/home-assistant.nix
View file

@ -5,7 +5,7 @@
...
}: let
mosquittoPort = 1883;
zigbee2mqttPort = 8080;
zigbee2mqttPort = 8180;
homeAssistantPort = 8123;
in {
age.secrets = {
@ -29,6 +29,11 @@ in {
];
services = {
restic.backups.homelab.paths = [
config.services.zigbee2mqtt.dataDir
config.services.home-assistant.configDir
];
nginx.virtualHosts = {
"zigbee.nickolaj.com" = {
enableACME = true;

32
hosts/homelab/nextcloud.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
pkgs,
...
}: {
age.secrets.nextcloud-admin-pass = {
rekeyFile = ../../secrets/hosts/homelab/nextcloud-admin-pass.age;
owner = "nextcloud";
group = "nextcloud";
};
services = {
restic.backups.homelab.paths = [config.services.nextcloud.home];
nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
};
nextcloud = {
package = pkgs.nextcloud31;
enable = true;
https = true;
database.createLocally = true;
hostName = "nextcloud.nickolaj.com";
config = {
adminpassFile = "${config.age.secrets.nextcloud-admin-pass.path}";
dbtype = "pgsql";
};
};
};
}

2
hosts/homelab/plex.nix
View file

@ -14,5 +14,7 @@ in {
services.plex = {
enable = true;
openFirewall = true;
user = "media";
group = "media";
};
}

8
hosts/homelab/postgres.nix Normal file
View file

@ -0,0 +1,8 @@
{config, ...}: {
services = {
restic.backups.homelab.paths = [config.services.postgresqlBackup.location];
postgresql.enable = true;
postgresqlBackup.enable = true;
};
}

13
hosts/homelab/restic.nix
View file

@ -10,10 +10,19 @@
age.secrets.restic-password.rekeyFile = ../../secrets/hosts/homelab/restic-password.age;
age.secrets.restic-env.rekeyFile = ../../secrets/hosts/homelab/restic-env.age;
services.restic.backups.server = {
services.restic.backups.homelab = {
repository = "b2:fireproof-backup";
timerConfig = null;
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
passwordFile = "${config.age.secrets.restic-password.path}";
environmentFile = "${config.age.secrets.restic-env.path}";
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 75"
];
};
}

29
hosts/homelab/vaultwarden.nix
View file

@ -1,21 +1,24 @@
{config, ...}: let
domain = "bitwarden.nickolaj.com";
in {
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://${domain}";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
services = {
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://${domain}";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
};
};
};
restic.backups.homelab.paths = ["/var/lib/vaultwarden"];
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${toString config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}";
nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${toString config.services.vaultwarden.config.ROCKET_ADDRESS}:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
};
}