ghoscht/nix-config
ghoscht/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Adapt franz to real installation

Browse source
This commit is contained in:
GHOSCHT 2024-03-17 15:18:23 +01:00
parent d0ae7b1f22
commit d271bd977e
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
16 changed files with 105 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/franz/arion/dashboard/arion-compose.nix
View file

@ -18,8 +18,8 @@
"traefik.http.routers.homarr.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/dashboard/homarr_data:/app/data/configs"
"/home/ghoscht/.docker/dashboard/homarr_icons:/app/public/imgs"
"/drives/hdd/docker/dashboard/homarr_data:/app/data/configs"
"/drives/hdd/docker/dashboard/homarr_icons:/app/public/imgs"
];
restart = "always";
networks = [

2
hosts/franz/arion/default.nix
View file

@ -16,6 +16,8 @@
./media
./dashboard
./smarthome
./signal
./feed
];
environment.systemPackages = with pkgs; [arion];

7
hosts/franz/arion/dns/arion-compose.nix
View file

@ -22,6 +22,7 @@
pihole.service = {
image = "pihole/pihole:latest";
container_name = "pihole";
hostname = "pihole";
environment = {
IPv6 = "True";
TZ = "Europe/Berlin";
@ -29,8 +30,8 @@
VIRTUAL_HOST = "pihole.ghoscht.com";
};
volumes = [
"/home/ghoscht/.docker/dns/pihole_data:/etc/pihole"
"/home/ghoscht/.docker/dns/pihole_dnsmasq:/etc/dnsmasq.d"
"/drives/hdd/docker/dns/pihole_data:/etc/pihole"
"/drives/hdd/docker/dns/pihole_dnsmasq:/etc/dnsmasq.d"
];
labels = {
"traefik.enable" = "true";
@ -65,7 +66,7 @@
container_name = "unbound";
useHostStore = true;
volumes = [
"/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound"
"/drives/hdd/docker/dns/unbound_data:/opt/unbound/etc/unbound"
];
restart = "always";
networks = {

10
hosts/franz/arion/feed/arion-compose.nix
View file

@ -18,27 +18,29 @@
environment = {
PUID = 1000;
PGID = 1000;
DB_HOST = "db";
DB_HOST = "feed-db";
};
env_file = [
"/home/ghoscht/.docker/feed/ttrss.env"
];
restart = "always";
dns = ["1.1.1.1"];
networks = [
"dmz"
"transport"
];
};
db.service = {
feed-db.service = {
image = "postgres:13-alpine";
volumes = [
"/home/ghoscht/.docker/feed/ttrss_db:/var/lib/postgresql/data"
"/drives/hdd/docker/feed/ttrss_db:/var/lib/postgresql/data"
];
env_file = [
"/home/ghoscht/.docker/feed/ttrss.env"
];
restart = "always";
networks = [
"dmz"
"transport"
];
};
};

2
hosts/franz/arion/feed/default.nix
View file

@ -7,7 +7,7 @@ in {
};
};
sops.secrets."ttrs/db_password" = {
sops.secrets."ttrss/db_password" = {
owner = vars.user;
};

9
hosts/franz/arion/git/arion-compose.nix
View file

@ -23,17 +23,18 @@
"traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/git/forgejo_data:/data"
"/drives/hdd/docker/git/forgejo_data:/data"
"/etc/localtime:/etc/localtime:ro"
];
ports = [
"2222:22"
];
dns = ["1.1.1.1"];
environment = {
USER_UID = 1000;
USER_GID = 1000;
GITEA__database__DB_TYPE = "postgres";
GITEA__database__HOST = "db:5432";
GITEA__database__HOST = "git-db:5432";
};
env_file = [
"/home/ghoscht/.docker/git/forgejo.env"
@ -44,12 +45,12 @@
"transport"
];
};
db.service = {
git-db.service = {
image = "postgres:15.3-bullseye";
env_file = [
"/home/ghoscht/.docker/git/forgejo-db.env"
];
volumes = ["/home/ghoscht/.docker/git/forgejo_db:/var/lib/postgresql/data"];
volumes = ["/drives/hdd/docker/git/forgejo_db:/var/lib/postgresql/data"];
restart = "unless-stopped";
networks = [
"transport"

29
hosts/franz/arion/infrastructure/arion-compose.nix
View file

@ -43,18 +43,18 @@
"dmz"
];
};
# cloudflared.service = {
# image = "cloudflare/cloudflared:latest";
# container_name = "cloudflared";
# env_file = [
# "/home/ghoscht/.docker/infrastructure/cloudflared.env"
# ];
# restart = "always";
# command = "tunnel --no-autoupdate --protocol http2 run";
# networks = [
# "dmz"
# ];
# };
cloudflared.service = {
image = "cloudflare/cloudflared:latest";
container_name = "cloudflared";
env_file = [
"/home/ghoscht/.docker/infrastructure/cloudflared.env"
];
restart = "always";
command = "tunnel --no-autoupdate --protocol http2 run";
networks = [
"dmz"
];
};
scrutiny.service = {
image = "ghcr.io/analogj/scrutiny:master-omnibus";
container_name = "scrutiny";
@ -75,7 +75,10 @@
"scrutiny_data:/opt/scrutiny/config"
"scrutiny_db:/opt/scrutiny/influxdb"
];
devices = [];
devices = [
"/dev/sda"
"/dev/nvme0n1"
];
networks = [
"dmz"
];

51
hosts/franz/arion/media/arion-compose.nix
View file

@ -28,16 +28,17 @@
};
volumes = [
"jellyfin_cache:/cache"
"/home/ghoscht/.docker/media/jellyfin_data:/config"
"/home/ghoscht/.docker/media/data/tv:/tv"
"/home/ghoscht/.docker/media/data/anime:/anime"
"/home/ghoscht/.docker/media/data/movies:/movies"
"/drives/hdd/docker/media/jellyfin_data:/config"
"/drives/hdd/data/media/tv:/tv"
"/drives/hdd/data/media/anime:/anime"
"/drives/hdd/data/media/movies:/movies"
];
environment = {
PUID = 1000;
PGID = 1000;
TZ = "Europe/Berlin";
};
dns = ["1.1.1.1"];
restart = "always";
networks = [
"dmz"
@ -55,8 +56,8 @@
"traefik.http.routers.navidrome.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/navidrome_data:/data"
"/home/ghoscht/.docker/media/data/music:/music"
"/drives/hdd/docker/media/navidrome_data:/data"
"/drives/hdd/data/media/music:/music"
];
environment = {
ND_SESSIONTIMEOUT = "336h";
@ -64,6 +65,7 @@
env_file = [
"/home/ghoscht/.docker/media/navidrome.env"
];
dns = ["1.1.1.1"];
restart = "always";
networks = [
"dmz"
@ -82,8 +84,8 @@
"traefik.http.routers.transmission.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/transmission_data:/config"
"/home/ghoscht/.docker/media/data:/data"
"/drives/hdd/docker/media/transmission_data:/config"
"/drives/hdd/data/:/data"
];
environment = {
PUID = 1000;
@ -104,6 +106,7 @@
capabilities = {
NET_ADMIN = true;
};
dns = ["1.1.1.1"];
restart = "always";
networks = [
"dmz"
@ -122,7 +125,7 @@
"traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/prowlarr_data:/config"
"/drives/hdd/docker/media/prowlarr_data:/config"
];
environment = {
PUID = 1000;
@ -148,8 +151,8 @@
"traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/sonarr_data:/config"
"/home/ghoscht/.docker/media/data:/data"
"/drives/hdd/docker/media/sonarr_data:/config"
"/drives/hdd/data/:/data"
];
environment = {
PUID = 1000;
@ -176,8 +179,8 @@
"traefik.http.routers.radarr.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/radarr_data:/config"
"/home/ghoscht/.docker/media/data:/data"
"/drives/hdd/docker/media/radarr_data:/config"
"/drives/hdd/data/:/data"
];
environment = {
PUID = 1000;
@ -205,10 +208,10 @@
"traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/lidarr_data:/config"
"/home/ghoscht/.docker/media/data:/data"
"/home/ghoscht/.docker/media/lidarr_addons/custom-services.d:/custom-services.d"
"/home/ghoscht/.docker/media/lidarr_addons/custom-cont-init.d:/custom-cont-init.d"
"/drives/hdd/docker/media/lidarr_data:/config"
"/drives/hdd/data/:/data"
"/drives/hdd/docker/media/lidarr_addons/custom-services.d:/custom-services.d"
"/drives/hdd/docker/media/lidarr_addons/custom-cont-init.d:/custom-cont-init.d"
];
environment = {
PUID = 1000;
@ -235,9 +238,10 @@
"traefik.http.routers.bazarr.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/bazarr_data:/config"
"/home/ghoscht/.docker/media/data:/data"
"/drives/hdd/docker/media/bazarr_data:/config"
"/drives/hdd/data/:/data"
];
dns = ["1.1.1.1"];
environment = {
PUID = 1000;
PGID = 1000;
@ -259,13 +263,14 @@
"traefik.http.routers.jellyseerr.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/jellyseerr_data:/app/config"
"/drives/hdd/docker/media/jellyseerr_data:/app/config"
];
environment = {
PUID = 1000;
PGID = 1000;
TZ = "Europe/Berlin";
};
dns = ["1.1.1.1"];
networks = ["dmz"];
restart = "always";
};
@ -282,7 +287,7 @@
"traefik.http.routers.autobrr.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/jellyseerr_data:/app/config"
"/drives/hdd/docker/media/autobrr_data:/config"
];
environment = {
PUID = 1000;
@ -311,7 +316,7 @@
"traefik.http.routers.deemix.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/media/jellyseerr_data:/app/config"
"/drives/hdd/data/deemix:/downloads"
];
environment = {
PUID = 1000;
@ -329,7 +334,7 @@
image = "golift/unpackerr";
container_name = "unpackerr";
volumes = [
"/home/ghoscht/.docker/media/data:/data"
"/drives/hdd/data/:/data"
];
user = "1000:1000";
env_file = [

2
hosts/franz/arion/nas/arion-compose.nix
View file

@ -23,7 +23,7 @@
};
command = "-s 'public;/mount;yes;no;yes' -p";
volumes = [
"/home/ghoscht:/mount"
"/drives/hdd/nas:/mount"
];
restart = "always";
networks = [

14
hosts/franz/arion/nextcloud/arion-compose.nix
View file

@ -22,24 +22,22 @@
"traefik.http.routers.nextcloud.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html"
];
environment = {MYSQL_HOST = "nextcloud-db";};
env_file = [
"/home/ghoscht/.docker/nextcloud/nextcloud.env"
"/drives/hdd/docker/nextcloud/nextcloud_data:/var/www/html"
];
hostname = "nextcloud.ghoscht.com";
dns = ["1.1.1.1"];
restart = "unless-stopped";
networks = [
"dmz"
"transport"
];
};
db.service = {
image = "mariadb:10.5";
nextcloud-db.service = {
image = "mariadb:11.4.1-rc-jammy";
env_file = [
"/home/ghoscht/.docker/nextcloud/nextcloud.env"
];
volumes = ["/home/ghoscht/.docker/nextcloud/nextcloud_db:/var/lib/mysql"];
volumes = ["/drives/hdd/docker/nextcloud/nextcloud_db:/var/lib/mysql"];
restart = "unless-stopped";
command = "--transaction-isolation=READ-COMMITTED --binlog-format=ROW";
networks = [

3
hosts/franz/arion/passwords/arion-compose.nix
View file

@ -17,8 +17,9 @@
"traefik.http.routers.vaultwarden.tls" = "true";
"traefik.http.routers.vaultwarden.tls.certresolver" = "letsencrypt";
};
dns = ["1.1.1.1"];
volumes = [
"/home/ghoscht/.docker/infrastructure/vaultwarden_data/:/data"
"/drives/hdd/docker/passwords/vaultwarden_data/:/data"
];
environment = {
DOMAIN = "http://vaultwarden.ghoscht.com";

7
hosts/franz/arion/signal/arion-compose.nix
View file

@ -24,13 +24,10 @@
"traefik.http.routers.mollysocket.tls" = "true";
"traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt";
};
volumes = [
"/home/ghoscht/.docker/signal/mollysocket_data:/data"
];
environment = {
MOLLY_DB = "/data/mollysocket.db";
MOLLY_ALLOWED_ENDPOINTS = "['https://push.ghoscht.com','*]";
MOLLY_ALLOWED_UUIDS = "['*']";
MOLLY_ALLOWED_ENDPOINTS = "[\"https://push.ghoscht.com\",\"*\"]";
MOLLY_ALLOWED_UUIDS = "[\"*\"]";
MOLLY_HOST = "0.0.0.0";
MOLLY_PORT = 8020;
RUST_LOG = "info";

2
hosts/franz/arion/signal/default.nix
View file

@ -1,6 +1,6 @@
{config, ...}: {
virtualisation.arion = {
projects.infrastructure.settings = {
projects.signal.settings = {
imports = [./arion-compose.nix];
};
};

2
hosts/franz/arion/smarthome/arion-compose.nix
View file

@ -20,7 +20,7 @@
"traefik.http.services.homeassistant.loadbalancer.server.port" = "8123";
};
volumes = [
"/home/ghoscht/.docker/smarthome/homeassistant_data:/config"
"/drives/hdd/docker/smarthome/homeassistant_data:/config"
"/etc/localtime:/etc/localtime:ro"
"/run/dbus:/run/dbus:ro"
];

18
hosts/franz/default.nix
View file

@ -26,11 +26,21 @@ in {
];
users.mutableUsers = true;
users.users.${vars.user}.password = "changeme";
users.users.${vars.user} = {
password = "changeme";
openssh.authorizedKeys.keys = [
#Desktop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJd6Gut34abkwlZ4tZVBO4Qt7CkIpPm/Z8R6JCisjnYy openpgp:0xBD0CFCA0"
nix.extraOptions = ''
download-speed = 4000
'';
#Convertible
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
];
};
security.pam.enableSSHAgentAuth = true;
fileSystems."/drives/hdd" = {
device = "/dev/disk/by-uuid/7d5eaff7-c17d-4fac-b7d7-7aa3c35b9a29";
};
nixpkgs = {
overlays = [

25
hosts/franz/hardware-configuration.nix
View file

@ -1,25 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}