ghoscht/nix-config
ghoscht/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Adapt franz to real installation

Browse source
This commit is contained in:
GHOSCHT 2024-03-17 15:18:23 +01:00
parent d0ae7b1f22
commit d271bd977e
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
16 changed files with 105 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/franz/arion/dashboard/arion-compose.nix
View file

@ -18,8 +18,8 @@
"traefik.http.routers.homarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.homarr.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/dashboard/homarr_data:/app/data/configs" "/drives/hdd/docker/dashboard/homarr_data:/app/data/configs"
"/home/ghoscht/.docker/dashboard/homarr_icons:/app/public/imgs" "/drives/hdd/docker/dashboard/homarr_icons:/app/public/imgs"
]; ];
restart = "always"; restart = "always";
networks = [ networks = [

2
hosts/franz/arion/default.nix
View file

@ -16,6 +16,8 @@
./media ./media
./dashboard ./dashboard
./smarthome ./smarthome
./signal
./feed
]; ];
environment.systemPackages = with pkgs; [arion]; environment.systemPackages = with pkgs; [arion];

7
hosts/franz/arion/dns/arion-compose.nix
View file

@ -22,6 +22,7 @@
pihole.service = { pihole.service = {
image = "pihole/pihole:latest"; image = "pihole/pihole:latest";
container_name = "pihole"; container_name = "pihole";
hostname = "pihole";
environment = { environment = {
IPv6 = "True"; IPv6 = "True";
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
@ -29,8 +30,8 @@
VIRTUAL_HOST = "pihole.ghoscht.com"; VIRTUAL_HOST = "pihole.ghoscht.com";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/dns/pihole_data:/etc/pihole" "/drives/hdd/docker/dns/pihole_data:/etc/pihole"
"/home/ghoscht/.docker/dns/pihole_dnsmasq:/etc/dnsmasq.d" "/drives/hdd/docker/dns/pihole_dnsmasq:/etc/dnsmasq.d"
]; ];
labels = { labels = {
"traefik.enable" = "true"; "traefik.enable" = "true";
@ -65,7 +66,7 @@
container_name = "unbound"; container_name = "unbound";
useHostStore = true; useHostStore = true;
volumes = [ volumes = [
"/home/ghoscht/.docker/dns/unbound_data:/opt/unbound/etc/unbound" "/drives/hdd/docker/dns/unbound_data:/opt/unbound/etc/unbound"
]; ];
restart = "always"; restart = "always";
networks = { networks = {

10
hosts/franz/arion/feed/arion-compose.nix
View file

@ -18,27 +18,29 @@
environment = { environment = {
PUID = 1000; PUID = 1000;
PGID = 1000; PGID = 1000;
DB_HOST = "db"; DB_HOST = "feed-db";
}; };
env_file = [ env_file = [
"/home/ghoscht/.docker/feed/ttrss.env" "/home/ghoscht/.docker/feed/ttrss.env"
]; ];
restart = "always"; restart = "always";
dns = ["1.1.1.1"];
networks = [ networks = [
"dmz" "dmz"
"transport"
]; ];
}; };
db.service = { feed-db.service = {
image = "postgres:13-alpine"; image = "postgres:13-alpine";
volumes = [ volumes = [
"/home/ghoscht/.docker/feed/ttrss_db:/var/lib/postgresql/data" "/drives/hdd/docker/feed/ttrss_db:/var/lib/postgresql/data"
]; ];
env_file = [ env_file = [
"/home/ghoscht/.docker/feed/ttrss.env" "/home/ghoscht/.docker/feed/ttrss.env"
]; ];
restart = "always"; restart = "always";
networks = [ networks = [
"dmz" "transport"
]; ];
}; };
}; };

2
hosts/franz/arion/feed/default.nix
View file

@ -7,7 +7,7 @@ in {
}; };
}; };
sops.secrets."ttrs/db_password" = { sops.secrets."ttrss/db_password" = {
owner = vars.user; owner = vars.user;
}; };

9
hosts/franz/arion/git/arion-compose.nix
View file

@ -23,17 +23,18 @@
"traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt"; "traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/git/forgejo_data:/data" "/drives/hdd/docker/git/forgejo_data:/data"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
ports = [ ports = [
"2222:22" "2222:22"
]; ];
dns = ["1.1.1.1"];
environment = { environment = {
USER_UID = 1000; USER_UID = 1000;
USER_GID = 1000; USER_GID = 1000;
GITEA__database__DB_TYPE = "postgres"; GITEA__database__DB_TYPE = "postgres";
GITEA__database__HOST = "db:5432"; GITEA__database__HOST = "git-db:5432";
}; };
env_file = [ env_file = [
"/home/ghoscht/.docker/git/forgejo.env" "/home/ghoscht/.docker/git/forgejo.env"
@ -44,12 +45,12 @@
"transport" "transport"
]; ];
}; };
db.service = { git-db.service = {
image = "postgres:15.3-bullseye"; image = "postgres:15.3-bullseye";
env_file = [ env_file = [
"/home/ghoscht/.docker/git/forgejo-db.env" "/home/ghoscht/.docker/git/forgejo-db.env"
]; ];
volumes = ["/home/ghoscht/.docker/git/forgejo_db:/var/lib/postgresql/data"]; volumes = ["/drives/hdd/docker/git/forgejo_db:/var/lib/postgresql/data"];
restart = "unless-stopped"; restart = "unless-stopped";
networks = [ networks = [
"transport" "transport"

29
hosts/franz/arion/infrastructure/arion-compose.nix
View file

@ -43,18 +43,18 @@
"dmz" "dmz"
]; ];
}; };
# cloudflared.service = { cloudflared.service = {
# image = "cloudflare/cloudflared:latest"; image = "cloudflare/cloudflared:latest";
# container_name = "cloudflared"; container_name = "cloudflared";
# env_file = [ env_file = [
# "/home/ghoscht/.docker/infrastructure/cloudflared.env" "/home/ghoscht/.docker/infrastructure/cloudflared.env"
# ]; ];
# restart = "always"; restart = "always";
# command = "tunnel --no-autoupdate --protocol http2 run"; command = "tunnel --no-autoupdate --protocol http2 run";
# networks = [ networks = [
# "dmz" "dmz"
# ]; ];
# }; };
scrutiny.service = { scrutiny.service = {
image = "ghcr.io/analogj/scrutiny:master-omnibus"; image = "ghcr.io/analogj/scrutiny:master-omnibus";
container_name = "scrutiny"; container_name = "scrutiny";
@ -75,7 +75,10 @@
"scrutiny_data:/opt/scrutiny/config" "scrutiny_data:/opt/scrutiny/config"
"scrutiny_db:/opt/scrutiny/influxdb" "scrutiny_db:/opt/scrutiny/influxdb"
]; ];
devices = []; devices = [
"/dev/sda"
"/dev/nvme0n1"
];
networks = [ networks = [
"dmz" "dmz"
]; ];

51
hosts/franz/arion/media/arion-compose.nix
View file

@ -28,16 +28,17 @@
}; };
volumes = [ volumes = [
"jellyfin_cache:/cache" "jellyfin_cache:/cache"
"/home/ghoscht/.docker/media/jellyfin_data:/config" "/drives/hdd/docker/media/jellyfin_data:/config"
"/home/ghoscht/.docker/media/data/tv:/tv" "/drives/hdd/data/media/tv:/tv"
"/home/ghoscht/.docker/media/data/anime:/anime" "/drives/hdd/data/media/anime:/anime"
"/home/ghoscht/.docker/media/data/movies:/movies" "/drives/hdd/data/media/movies:/movies"
]; ];
environment = { environment = {
PUID = 1000; PUID = 1000;
PGID = 1000; PGID = 1000;
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
dns = ["1.1.1.1"];
restart = "always"; restart = "always";
networks = [ networks = [
"dmz" "dmz"
@ -55,8 +56,8 @@
"traefik.http.routers.navidrome.tls.certresolver" = "letsencrypt"; "traefik.http.routers.navidrome.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/navidrome_data:/data" "/drives/hdd/docker/media/navidrome_data:/data"
"/home/ghoscht/.docker/media/data/music:/music" "/drives/hdd/data/media/music:/music"
]; ];
environment = { environment = {
ND_SESSIONTIMEOUT = "336h"; ND_SESSIONTIMEOUT = "336h";
@ -64,6 +65,7 @@
env_file = [ env_file = [
"/home/ghoscht/.docker/media/navidrome.env" "/home/ghoscht/.docker/media/navidrome.env"
]; ];
dns = ["1.1.1.1"];
restart = "always"; restart = "always";
networks = [ networks = [
"dmz" "dmz"
@ -82,8 +84,8 @@
"traefik.http.routers.transmission.tls.certresolver" = "letsencrypt"; "traefik.http.routers.transmission.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/transmission_data:/config" "/drives/hdd/docker/media/transmission_data:/config"
"/home/ghoscht/.docker/media/data:/data" "/drives/hdd/data/:/data"
]; ];
environment = { environment = {
PUID = 1000; PUID = 1000;
@ -104,6 +106,7 @@
capabilities = { capabilities = {
NET_ADMIN = true; NET_ADMIN = true;
}; };
dns = ["1.1.1.1"];
restart = "always"; restart = "always";
networks = [ networks = [
"dmz" "dmz"
@ -122,7 +125,7 @@
"traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.prowlarr.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/prowlarr_data:/config" "/drives/hdd/docker/media/prowlarr_data:/config"
]; ];
environment = { environment = {
PUID = 1000; PUID = 1000;
@ -148,8 +151,8 @@
"traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.sonarr.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/sonarr_data:/config" "/drives/hdd/docker/media/sonarr_data:/config"
"/home/ghoscht/.docker/media/data:/data" "/drives/hdd/data/:/data"
]; ];
environment = { environment = {
PUID = 1000; PUID = 1000;
@ -176,8 +179,8 @@
"traefik.http.routers.radarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.radarr.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/radarr_data:/config" "/drives/hdd/docker/media/radarr_data:/config"
"/home/ghoscht/.docker/media/data:/data" "/drives/hdd/data/:/data"
]; ];
environment = { environment = {
PUID = 1000; PUID = 1000;
@ -205,10 +208,10 @@
"traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.lidarr.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/lidarr_data:/config" "/drives/hdd/docker/media/lidarr_data:/config"
"/home/ghoscht/.docker/media/data:/data" "/drives/hdd/data/:/data"
"/home/ghoscht/.docker/media/lidarr_addons/custom-services.d:/custom-services.d" "/drives/hdd/docker/media/lidarr_addons/custom-services.d:/custom-services.d"
"/home/ghoscht/.docker/media/lidarr_addons/custom-cont-init.d:/custom-cont-init.d" "/drives/hdd/docker/media/lidarr_addons/custom-cont-init.d:/custom-cont-init.d"
]; ];
environment = { environment = {
PUID = 1000; PUID = 1000;
@ -235,9 +238,10 @@
"traefik.http.routers.bazarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.bazarr.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/bazarr_data:/config" "/drives/hdd/docker/media/bazarr_data:/config"
"/home/ghoscht/.docker/media/data:/data" "/drives/hdd/data/:/data"
]; ];
dns = ["1.1.1.1"];
environment = { environment = {
PUID = 1000; PUID = 1000;
PGID = 1000; PGID = 1000;
@ -259,13 +263,14 @@
"traefik.http.routers.jellyseerr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.jellyseerr.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/jellyseerr_data:/app/config" "/drives/hdd/docker/media/jellyseerr_data:/app/config"
]; ];
environment = { environment = {
PUID = 1000; PUID = 1000;
PGID = 1000; PGID = 1000;
TZ = "Europe/Berlin"; TZ = "Europe/Berlin";
}; };
dns = ["1.1.1.1"];
networks = ["dmz"]; networks = ["dmz"];
restart = "always"; restart = "always";
}; };
@ -282,7 +287,7 @@
"traefik.http.routers.autobrr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.autobrr.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/jellyseerr_data:/app/config" "/drives/hdd/docker/media/autobrr_data:/config"
]; ];
environment = { environment = {
PUID = 1000; PUID = 1000;
@ -311,7 +316,7 @@
"traefik.http.routers.deemix.tls.certresolver" = "letsencrypt"; "traefik.http.routers.deemix.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/media/jellyseerr_data:/app/config" "/drives/hdd/data/deemix:/downloads"
]; ];
environment = { environment = {
PUID = 1000; PUID = 1000;
@ -329,7 +334,7 @@
image = "golift/unpackerr"; image = "golift/unpackerr";
container_name = "unpackerr"; container_name = "unpackerr";
volumes = [ volumes = [
"/home/ghoscht/.docker/media/data:/data" "/drives/hdd/data/:/data"
]; ];
user = "1000:1000"; user = "1000:1000";
env_file = [ env_file = [

2
hosts/franz/arion/nas/arion-compose.nix
View file

@ -23,7 +23,7 @@
}; };
command = "-s 'public;/mount;yes;no;yes' -p"; command = "-s 'public;/mount;yes;no;yes' -p";
volumes = [ volumes = [
"/home/ghoscht:/mount" "/drives/hdd/nas:/mount"
]; ];
restart = "always"; restart = "always";
networks = [ networks = [

14
hosts/franz/arion/nextcloud/arion-compose.nix
View file

@ -22,24 +22,22 @@
"traefik.http.routers.nextcloud.tls.certresolver" = "letsencrypt"; "traefik.http.routers.nextcloud.tls.certresolver" = "letsencrypt";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/nextcloud/nextcloud_data:/var/www/html" "/drives/hdd/docker/nextcloud/nextcloud_data:/var/www/html"
];
environment = {MYSQL_HOST = "nextcloud-db";};
env_file = [
"/home/ghoscht/.docker/nextcloud/nextcloud.env"
]; ];
hostname = "nextcloud.ghoscht.com";
dns = ["1.1.1.1"];
restart = "unless-stopped"; restart = "unless-stopped";
networks = [ networks = [
"dmz" "dmz"
"transport" "transport"
]; ];
}; };
db.service = { nextcloud-db.service = {
image = "mariadb:10.5"; image = "mariadb:11.4.1-rc-jammy";
env_file = [ env_file = [
"/home/ghoscht/.docker/nextcloud/nextcloud.env" "/home/ghoscht/.docker/nextcloud/nextcloud.env"
]; ];
volumes = ["/home/ghoscht/.docker/nextcloud/nextcloud_db:/var/lib/mysql"]; volumes = ["/drives/hdd/docker/nextcloud/nextcloud_db:/var/lib/mysql"];
restart = "unless-stopped"; restart = "unless-stopped";
command = "--transaction-isolation=READ-COMMITTED --binlog-format=ROW"; command = "--transaction-isolation=READ-COMMITTED --binlog-format=ROW";
networks = [ networks = [

3
hosts/franz/arion/passwords/arion-compose.nix
View file

@ -17,8 +17,9 @@
"traefik.http.routers.vaultwarden.tls" = "true"; "traefik.http.routers.vaultwarden.tls" = "true";
"traefik.http.routers.vaultwarden.tls.certresolver" = "letsencrypt"; "traefik.http.routers.vaultwarden.tls.certresolver" = "letsencrypt";
}; };
dns = ["1.1.1.1"];
volumes = [ volumes = [
"/home/ghoscht/.docker/infrastructure/vaultwarden_data/:/data" "/drives/hdd/docker/passwords/vaultwarden_data/:/data"
]; ];
environment = { environment = {
DOMAIN = "http://vaultwarden.ghoscht.com"; DOMAIN = "http://vaultwarden.ghoscht.com";

7
hosts/franz/arion/signal/arion-compose.nix
View file

@ -24,13 +24,10 @@
"traefik.http.routers.mollysocket.tls" = "true"; "traefik.http.routers.mollysocket.tls" = "true";
"traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt"; "traefik.http.routers.mollysocket.tls.certresolver" = "letsencrypt";
}; };
volumes = [
"/home/ghoscht/.docker/signal/mollysocket_data:/data"
];
environment = { environment = {
MOLLY_DB = "/data/mollysocket.db"; MOLLY_DB = "/data/mollysocket.db";
MOLLY_ALLOWED_ENDPOINTS = "['https://push.ghoscht.com','*]"; MOLLY_ALLOWED_ENDPOINTS = "[\"https://push.ghoscht.com\",\"*\"]";
MOLLY_ALLOWED_UUIDS = "['*']"; MOLLY_ALLOWED_UUIDS = "[\"*\"]";
MOLLY_HOST = "0.0.0.0"; MOLLY_HOST = "0.0.0.0";
MOLLY_PORT = 8020; MOLLY_PORT = 8020;
RUST_LOG = "info"; RUST_LOG = "info";

2
hosts/franz/arion/signal/default.nix
View file

@ -1,6 +1,6 @@
{config, ...}: { {config, ...}: {
virtualisation.arion = { virtualisation.arion = {
projects.infrastructure.settings = { projects.signal.settings = {
imports = [./arion-compose.nix]; imports = [./arion-compose.nix];
}; };
}; };

2
hosts/franz/arion/smarthome/arion-compose.nix
View file

@ -20,7 +20,7 @@
"traefik.http.services.homeassistant.loadbalancer.server.port" = "8123"; "traefik.http.services.homeassistant.loadbalancer.server.port" = "8123";
}; };
volumes = [ volumes = [
"/home/ghoscht/.docker/smarthome/homeassistant_data:/config" "/drives/hdd/docker/smarthome/homeassistant_data:/config"
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
"/run/dbus:/run/dbus:ro" "/run/dbus:/run/dbus:ro"
]; ];

18
hosts/franz/default.nix
View file

@ -26,11 +26,21 @@ in {
]; ];
users.mutableUsers = true; users.mutableUsers = true;
users.users.${vars.user}.password = "changeme"; users.users.${vars.user} = {
password = "changeme";
openssh.authorizedKeys.keys = [
#Desktop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJd6Gut34abkwlZ4tZVBO4Qt7CkIpPm/Z8R6JCisjnYy openpgp:0xBD0CFCA0"
nix.extraOptions = '' #Convertible
download-speed = 4000 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
''; ];
};
security.pam.enableSSHAgentAuth = true;
fileSystems."/drives/hdd" = {
device = "/dev/disk/by-uuid/7d5eaff7-c17d-4fac-b7d7-7aa3c35b9a29";
};
nixpkgs = { nixpkgs = {
overlays = [ overlays = [

25
hosts/franz/hardware-configuration.nix
View file

@ -1,25 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp166s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }