peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into nixos-21.11

Browse Source
This commit is contained in:
Giulio De Pasquale 2022-11-14 12:21:30 +01:00
commit c6cd815553
23 changed files with 61 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/architect/bazarr.nix
View File

@ -3,8 +3,9 @@
let
domain = "htbaz.giugl.io";
network = import ./network.nix;
auth_block = (import ./openid.nix).openresty_oidc_block;
in {
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
in
{
services = {
bazarr = {
enable = true;
@ -15,12 +16,9 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:6767";
proxyPass = "http://127.0.0.1:6767";
extraConfig = auth_block {
realm = "master";
client_id = "bazarr";
client_secret = "OPn4Mmto2m3dDPji1cjPfHy9W55M9JFq";
redirect_uri = "https://${domain}";
access_role = "bazarr";
};
};
};

2
hosts/architect/calibre.nix
View File

@ -18,7 +18,7 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8083";
proxyPass = "http://127.0.0.1:8083";
extraConfig = ''
client_max_body_size 500M;
'';

24
hosts/architect/default.nix
View File

@ -23,27 +23,24 @@ in {
./matrix.nix
./fail2ban.nix
./dns.nix
# ./minecraft.nix
./minecraft.nix
./prowlarr.nix
# ./plex.nix
#./githubrunner.nix
./libreddit.nix
./invidious.nix
./nitter.nix
./ccache.nix
./lidarr.nix
# ./navidrome.nix
./navidrome.nix
./jellyfin.nix
./prosody.nix
./deluge.nix
# ./calibre.nix
./calibre.nix
../../cachix.nix
./docker.nix
./keycloak.nix
];
nixpkgs.config.permittedInsecurePackages = [ "nodejs-12.22.12" ];
time.timeZone = "Europe/Rome";
system.stateVersion = "21.11"; # Did you read the comment?
system.stateVersion = "21.11";
users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
boot = {
initrd = {
@ -56,13 +53,6 @@ in {
hostKeys = [ /secrets/ssh_host_rsa_key ];
authorizedKeys = pubkeys;
};
# postCommands = ''
# zpool import backedpool -f
# zpool import zpool -f
# echo "zfs load-key -ar; killall zfs" >> /root/.profile
# '';
};
};
};
@ -88,7 +78,7 @@ in {
supportedFilesystems = [ "zfs" ];
zfs.requestEncryptionCredentials = true;
tmpOnTmpfsSize = "80%";
tmpOnTmpfsSize = "50%";
};
networking = {
@ -133,7 +123,7 @@ in {
'';
};
environment.systemPackages = with pkgs; [ cudatoolkit cachix ];
environment.systemPackages = with pkgs; [ cachix ];
hardware = {
opengl.enable = true;

9
hosts/architect/deluge.nix
View File

@ -3,7 +3,7 @@
let
domain = "htdel.giugl.io";
network = import ./network.nix;
auth_block = (import ./openid.nix).openresty_oidc_block;
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
in {
services = {
deluge = {
@ -37,12 +37,9 @@ in {
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8112";
proxyPass = "http://127.0.0.1:8112";
extraConfig = auth_block {
realm = "master";
client_id = "deluge";
client_secret = "AGa1U9S1zkaM3TJVxtyx4Er76DBk1APR";
redirect_uri = "https://${domain}";
access_role = "deluge";
};
};
};

14
hosts/architect/docker.nix
View File

@ -1,10 +1,10 @@
{
# virtualisation.docker = {
# enable = true;
# extraOptions = ''
# --dns 127.0.0.1 --dns 10.0.0.250 --data-root /docker
# '';
# enableOnBoot = false;
# };
virtualisation.docker = {
enable = true;
extraOptions = ''
--dns 127.0.0.1 --dns 10.0.0.250 --data-root /docker
'';
enableOnBoot = false;
};
users.users.giulio.extraGroups = [ "docker" ];
}

2
hosts/architect/gitea.nix
View File

@ -18,7 +18,7 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:3000";
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
allow 127.0.0.1;
allow 10.0.0.0/24;

50
hosts/architect/hardware.nix.bk
View File

@ -1,50 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "zpool/nixos/root";
fsType = "zfs";
};
fileSystems."/home" = {
device = "zpool/data/home";
fsType = "zfs";
};
fileSystems."/media" = {
device = "datapool/media";
fsType = "zfs";
};
fileSystems."/secrets" = {
device = "backedpool/secrets";
fsType = "zfs";
};
fileSystems."/var/lib" = {
device = "backedpool/services";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/AF19-5616";
fsType = "vfat";
};
# swapDevices = [{
# device = "/dev/sdc1";
# size = 10000;
# }];
}

8
hosts/architect/invidious.nix
View File

@ -1,19 +1,21 @@
{ lib, ... }:
{ lib, pkgs, ... }:
let
domain = "tube.giugl.io";
network = import ./network.nix;
in {
in
{
services = {
invidious = {
enable = true;
port = 9092;
package = pkgs.unstable.invidious;
};
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://localhost:9092"; };
locations."/" = { proxyPass = "http://127.0.0.1:9092"; };
};
};

4
hosts/architect/jellyfin.nix
View File

@ -25,7 +25,7 @@ in {
'';
locations."/" = {
proxyPass = "http://localhost:8096";
proxyPass = "http://127.0.0.1:8096";
# extraConfig = ''
# allow 10.0.0.0/24;
# allow 10.3.0.0/24;
@ -34,7 +34,7 @@ in {
};
locations."/socket" = {
proxyPass = "http://localhost:8096";
proxyPass = "http://127.0.0.1:8096";
proxyWebsockets = true;
# extraConfig = ''
# allow 10.0.0.0/24;

5
hosts/architect/libreddit.nix
View File

@ -3,7 +3,8 @@
let
domain = "reddit.giugl.io";
network = import ./network.nix;
in {
in
{
services = {
libreddit = {
enable = true;
@ -13,7 +14,7 @@ in {
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://localhost:9090"; };
locations."/" = { proxyPass = "http://127.0.0.1:9090"; };
};
};

9
hosts/architect/lidarr.nix
View File

@ -3,7 +3,7 @@
let
domain = "htlid.giugl.io";
network = import ./network.nix;
auth_block = (import ./openid.nix).openresty_oidc_block;
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
in {
services = {
lidarr = {
@ -15,12 +15,9 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8686";
proxyPass = "http://127.0.0.1:8686";
extraConfig = auth_block {
realm = "master";
client_id = "lidarr";
client_secret = "7s4dd1SEi84F4fUFsqRaQmSSucZhyTco";
redirect_uri = "https://${domain}";
access_role = "lidarr";
};
};
};

4
hosts/architect/matrix.nix
View File

@ -25,7 +25,7 @@ in {
];
listeners = [{
port = 8008;
bind_addresses = [ "::1" ];
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
@ -86,7 +86,7 @@ in {
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = {
proxyPass = "http://[::1]:8008"; # without a trailing /
proxyPass = "http://127.0.0.1:8008"; # without a trailing /
};
};

2
hosts/architect/minio.nix
View File

@ -11,7 +11,7 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:9000";
proxyPass = "http://127.0.0.1:9000";
extraConfig = ''
allow 10.0.0.0/24;
${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}

2
hosts/architect/navidrome.nix
View File

@ -26,7 +26,7 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:4533";
proxyPass = "http://127.0.0.1:4533";
# extraConfig = ''
# allow 10.0.0.0/24;
# ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}

2
hosts/architect/nextcloud.nix
View File

@ -23,7 +23,7 @@ in {
enable = true;
hostName = domain;
https = true;
package = pkgs.unstable.nextcloud24;
package = pkgs.unstable.nextcloud25;
caching = {
redis = true;

3
hosts/architect/nitter.nix
View File

@ -7,6 +7,7 @@ in {
services = {
nitter = {
enable = true;
redisCreateLocally = false;
server = {
port = 9093;
hostname = domain;
@ -21,7 +22,7 @@ in {
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = { proxyPass = "http://localhost:9093"; };
locations."/" = { proxyPass = "http://127.0.0.1:9093"; };
};
};

9
hosts/architect/nzbget.nix
View File

@ -3,7 +3,7 @@
let
domain = "htnzb.giugl.io";
network = import ./network.nix;
auth_block = (import ./openid.nix).openresty_oidc_block;
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
in {
services = {
nzbget = {
@ -15,12 +15,9 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:6789";
proxyPass = "http://127.0.0.1:6789";
extraConfig = auth_block {
realm = "master";
client_id = "nzbget";
client_secret = "tkjzdqnUoWTlGUYah5tgMqVPFMlOUvk9";
redirect_uri = "https://${domain}";
access_role = "nzbget";
};
};
};

8
hosts/architect/openid.nix
View File

@ -2,12 +2,12 @@
{
openresty_oidc_block =
{ realm, client_id, client_secret, redirect_uri, access_role ? "" }: ''
{ access_role ? "" }: ''
access_by_lua_block {
local opts = {
discovery = "https://auth.giugl.io/realms/${realm}/.well-known/openid-configuration",
client_id = "${client_id}",
client_secret = "${client_secret}",
discovery = "https://auth.giugl.io/realms/master/.well-known/openid-configuration",
client_id = "nginx",
client_secret = "9C6BYxPhTbrRS4DIwd3Smk7e11ABmnt8",
logout_path = "/logout",
redirect_after_logout_uri = "/",
redirect_uri = "/redirect_uri",

2
hosts/architect/plex.nix
View File

@ -77,7 +77,7 @@ in {
proxy_redirect off;
proxy_buffering off;
'';
locations."/" = { proxyPass = "http://localhost:32400"; };
locations."/" = { proxyPass = "http://127.0.0.1:32400"; };
};
};

2
hosts/architect/prowlarr.nix
View File

@ -11,7 +11,7 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:9696";
proxyPass = "http://127.0.0.1:9696";
extraConfig = ''
allow 10.0.0.0/24;
${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}

9
hosts/architect/radarr.nix
View File

@ -3,7 +3,7 @@
let
domain = "htrad.giugl.io";
network = import ./network.nix;
auth_block = (import ./openid.nix).openresty_oidc_block;
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
in {
services = {
radarr = {
@ -15,12 +15,9 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:7878";
proxyPass = "http://127.0.0.1:7878";
extraConfig = auth_block {
realm = "master";
client_id = "radarr";
client_secret = "DCoeN4PwqGrAoG6Mqw73orrUjojJ1fmn";
redirect_uri = "https://${domain}";
access_role = "radarr";
};
};
};

9
hosts/architect/sonarr.nix
View File

@ -3,7 +3,7 @@
let
domain = "htson.giugl.io";
network = import ./network.nix;
auth_block = (import ./openid.nix).openresty_oidc_block;
auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block;
in {
services = {
sonarr = {
@ -15,12 +15,9 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8989";
proxyPass = "http://127.0.0.1:8989";
extraConfig = auth_block {
realm = "master";
client_id = "sonarr";
client_secret = "d36ehMSPCI3xLfOGNcnSUKZWQblyGumi";
redirect_uri = "https://${domain}";
access_role = "sonarr";
};
};
};

2
hosts/architect/transmission.nix
View File

@ -24,7 +24,7 @@ in {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:9091";
proxyPass = "http://127.0.0.1:9091";
extraConfig = ''
allow 10.0.0.0/24;
${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}