ghoscht/nix-config
ghoscht/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: ghoscht:e9f7194e35182f7e7496d53b10455dc5b82f4d7d
Branches Tags
ghoscht:main
ghoscht:structural-rework
ghoscht:old-structure
...
compare: ghoscht:a12e904d6e53eb09a5945115db37cd2f67d8a42b
Branches Tags
ghoscht:main
ghoscht:structural-rework
ghoscht:old-structure

3 commits
e9f7194e35 ... a12e904d6e

Author SHA1 Message Date
GHOSCHT
a12e904d6e
Autorestic: change backup times to 4:00 
ISP reassigns public IP around 3:30. If backups take too long the remote backup will fail
 2024-04-20 20:15:29 +02:00
GHOSCHT
16fae21651
Arion: remove old commented-out jellyfin installation 2024-04-20 20:13:54 +02:00
GHOSCHT
0e6a8e8348
Franz: add previous matrix installation 2024-04-20 20:12:58 +02:00
7 changed files with 152 additions and 43 deletions
Show stats Expand all files Collapse all files

1
hosts/franz/arion/default.nix
View file

@ -18,6 +18,7 @@
./smarthome
./signal
./feed
./matrix
];
environment.systemPackages = with pkgs; [arion];

94
hosts/franz/arion/matrix/arion-compose.nix Normal file
View file

@ -0,0 +1,94 @@
{pkgs, ...}: {
project.name = "matrix";
networks.dmz = {
name = "dmz";
external = true;
};
networks.transport = {};
services = {
synapse.service = {
image = "matrixdotorg/synapse:v1.104.0";
container_name = "synapse";
labels = {
"traefik.enable" = "true";
"traefik.http.routers.synapse.entrypoints" = "websecure";
"traefik.http.routers.synapse.rule" = "Host(`synapse.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.synapse.tls" = "true";
"traefik.http.routers.synapse.tls.certresolver" = "letsencrypt";
};
volumes = [
"/storage/dataset/docker/matrix/synapse_data:/data"
];
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
environment = {
UID = "1000";
GID = "1000";
TZ = "Europe/Berlin";
};
dns = ["1.1.1.2" "1.0.0.2" "176.103.130.130" "176.103.130.131" "9.9.9.9" "149.112.112.112" "208.67.222.222" "208.67.220.220"];
restart = "unless-stopped";
networks = [
"dmz"
"transport"
];
};
postgres.service = {
image = "postgres:14";
env_file = [
"/home/ghoscht/.docker/matrix/synapse.env"
];
volumes = [
"/storage/dataset/docker/matrix/synapse_db:/var/lib/postgresql/data"
];
restart = "unless-stopped";
networks = [
"transport"
];
};
matrix-nginx.service = {
container_name = "matrix-nginx";
image = "nginx:1.25.4";
volumes = [
"/storage/dataset/docker/matrix/nginx_data/matrix.conf:/etc/nginx/conf.d/matrix.conf"
"/storage/dataset/docker/matrix/nginx_data/www:/var/www/"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.matrix.entrypoints" = "websecure";
"traefik.http.routers.matrix.rule" = "Host(`matrix.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.matrix.tls" = "true";
"traefik.http.routers.matrix.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"transport"
"dmz"
];
};
element.service = {
image = "vectorim/element-web:v1.11.64";
volumes = [
"/storage/dataset/docker/matrix/element_data/element-config.json:/app/config.json"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.element.entrypoints" = "websecure";
"traefik.http.routers.element.rule" = "Host(`chat.ghoscht.com`)";
"traefik.docker.network" = "dmz";
"traefik.http.routers.element.tls" = "true";
"traefik.http.routers.element.tls.certresolver" = "letsencrypt";
};
restart = "unless-stopped";
networks = [
"dmz"
];
};
};
}

6
hosts/franz/arion/matrix/arion-pkgs.nix Normal file
View file

@ -0,0 +1,6 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

30
hosts/franz/arion/matrix/default.nix Normal file
View file

@ -0,0 +1,30 @@
{config, ...}: let
vars = import ../../../../vars.nix;
in {
# virtualisation.arion = {
# projects.matrix.settings = {
# imports = [./arion-compose.nix];
# };
# };
sops.secrets."matrix/postgres_password" = {
owner = vars.user;
};
sops.secrets."matrix/postgres_database" = {
owner = vars.user;
};
sops.secrets."matrix/postgres_user" = {
owner = vars.user;
};
sops.templates."synapse.env" = {
path = "/home/${vars.user}/.docker/matrix/synapse.env";
owner = vars.user;
mode = "0775";
content = ''
POSTGRES_DB="${config.sops.placeholder."matrix/postgres_database"}"
POSTGRES_USER="${config.sops.placeholder."matrix/postgres_user"}"
POSTGRES_PASSWORD="${config.sops.placeholder."matrix/postgres_password"}"
'';
};
}

35
hosts/franz/arion/media/arion-compose.nix
View file

@ -7,39 +7,6 @@
};
services = {
# jellyfin-old.service = {
# image = "jellyfin/jellyfin:2024032802";
# container_name = "jellyfin-old";
# ports = [
# "8097:8096"
# ];
# labels = {
# "traefik.enable" = "true";
# "traefik.http.routers.jellyfin.entrypoints" = "websecure";
# "traefik.http.routers.jellyfin.rule" = "Host(`jellyfin.ghoscht.com`)";
# "traefik.http.services.jellyfin.loadbalancer.server.port" = "8096";
# "traefik.http.services.jellyfin.loadbalancer.passHostHeader" = "true";
# "traefik.http.routers.jellyfin.tls" = "true";
# "traefik.http.routers.jellyfin.tls.certresolver" = "letsencrypt";
# };
# volumes = [
# # "jellyfin_cache:/cache"
# "/storage/dataset/docker/media/jellyfin_data:/config"
# "/storage/dataset/data/media/tv:/tv"
# "/storage/dataset/data/media/anime:/anime"
# "/storage/dataset/data/media/movies:/movies"
# ];
# environment = {
# PUID = 1000;
# PGID = 1000;
# TZ = "Europe/Berlin";
# };
# dns = ["1.1.1.1"];
# restart = "always";
# networks = [
# "dmz"
# ];
# };
jellyfin.service = {
image = "linuxserver/jellyfin:10.8.13";
container_name = "jellyfin";
@ -148,7 +115,9 @@
TRANSMISSION_DOWNLOAD_DIR = "/data/torrents";
TRANSMISSION_INCOMPLETE_DIR = "/data/torrents/incomplete";
TRANSMISSION_WEB_UI = "flood-for-transmission";
WEBPROXY_ENABLED = "true";
};
ports = ["8118:8118"];
env_file = [
"/home/ghoscht/.docker/media/windscribe.env"
];

21
hosts/franz/restic.nix
View file

@ -68,7 +68,7 @@ in {
from: /storage/dataset/docker/dashboard
to:
- zfs
cron: '0 3 * * 0' # Every Sunday at 3:00
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
before:
- arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix stop
@ -78,7 +78,7 @@ in {
from: /storage/dataset/docker/dns
to:
- zfs
cron: '0 3 * * 0' # Every Sunday at 3:00
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
before:
- arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix stop
@ -88,7 +88,7 @@ in {
from: /storage/dataset/docker/feed
to:
- zfs
cron: '0 3 * * 0' # Every Sunday at 3:00
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
before:
- arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix stop
@ -99,7 +99,7 @@ in {
to:
- zfs
- ssd
cron: '0 3 * * *' # Every Day at 3:00
cron: '0 4 * * *' # Every Day at 4:00
hooks:
before:
- arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix stop
@ -109,7 +109,7 @@ in {
from: /storage/dataset/docker/media
to:
- zfs
cron: '0 3 * * *' # Every Day at 3:00
cron: '0 4 * * *' # Every Day at 4:00
hooks:
before:
- arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix stop
@ -120,7 +120,7 @@ in {
to:
- zfs
- ssd
cron: '0 3 * * *' # Every Day at 3:00
cron: '0 4 * * *' # Every Day at 4:00
hooks:
before:
- arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix stop
@ -130,7 +130,7 @@ in {
from: /storage/dataset/docker/smarthome
to:
- zfs
cron: '0 3 * * 0' # Every Sunday at 3:00
cron: '0 4 * * 0' # Every Sunday at 4:00
hooks:
before:
- arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix stop
@ -141,12 +141,17 @@ in {
to:
- zfs
- ssd
cron: '0 3 * * *' # Every Day at 3:00
cron: '0 4 * * *' # Every Day at 4:00
hooks:
before:
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop
after:
- arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
matrix:
from: /storage/dataset/docker/matrix
to:
- zfs
cron: '0 4 * * 0' # Every Sunday at 4:00
backends:
zfs:
type: local

8
secrets/franz.yaml
View file

@ -31,6 +31,10 @@ autorestic:
zfs_key: ENC[AES256_GCM,data:HyZBD202BoG6ncw37Tg9LPvfvQPnOaLJKk+gMvdZflt+XZ/7lx6TZOp/loiDhSSBTMusAXaI/aDkAFx2a7yDUQ==,iv:nQAHi9TyUXamSlFq99NYvWLOBSuZstuYNJLgVpxF1JU=,tag:mIS/E4Wr6IdWsZtehNY7UA==,type:str]
ssd_key: ENC[AES256_GCM,data:xgJCpNkmIn8VU+jG++0kLW8WM9RbTBmsZeOuOz1WWmc4sOdN4lWfPvLjcTAHZDIXFvX7NodEcGAYDmcWNw7QBw==,iv:wGJcz7CEjhwsUlVEyuHOBcayzE97PfWi2f0TvITzafg=,tag:wpaJFcQBd/kAmExfD6fwJQ==,type:str]
eustachius_key: ENC[AES256_GCM,data:qiq6Y05bV7mf0OOBDzR09MrW5g01WxmWVHB3vJ04XQaOVMGzl7hZq0ewcLOxitbFw3VcN5GQBpA8smlmahz8VA==,iv:epq7+tXG9QYAjNu8qHI2gjBYUuoPNdZg8+2XCLOwu1Q=,tag:qM8YdSZhwwM3GDrNPfo/Jg==,type:str]
matrix:
postgres_database: ENC[AES256_GCM,data:9O0vYjbTuQ==,iv:L5QCwhFSjPW0OiUMjCQo6BcLktUXJcqTsTXEi5JdaWo=,tag:LUPRSZl0pza5WOWI8RrAmw==,type:str]
postgres_user: ENC[AES256_GCM,data:S9ksmTOAbBg=,iv:q/6Oo9JhiSAqQq3ZKa0dbQGtfYAuD0oeiDLR4YwV0nk=,tag:RIc/1UVs88Jg8+4zGnW6vQ==,type:str]
postgres_password: ENC[AES256_GCM,data:sKlU4HKDDNERv4LZK9/M2+kvnNht1uxQ7+pQSIZWPkk=,iv:fD98XPUMjo+eZOmE/cVOh5TFkmTY/KDCjfZcf5fSWOg=,tag:B5zsxgjvs7+czDWcCst/eg==,type:str]
sops:
kms: []
gcp_kms: []
@ -46,8 +50,8 @@ sops:
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-09T20:05:32Z"
mac: ENC[AES256_GCM,data:QpiN3iCM46/cg3YpHSXvQ4hz33oc24yqcMYuYfumUCwFZiP/tBIgjAOTm8abnyR7+Vs8vrs3BATiHoA8xpIWIWgJGROLqbyM4yFOP4YE0CTrJq86QQbtluYB3aidgijsHERfL6MJ2/na0oC2KC39P7c0dwmF4HOGfGGq3eqAis4=,iv:FfHAgntSRKCOQ5m88X/k30OXk1QdcSw32NxYcaZQitU=,tag:zndSmXNnNt7p/ElRHdqe1Q==,type:str]
lastmodified: "2024-04-13T14:40:45Z"
mac: ENC[AES256_GCM,data:KnlhlaJkO0WMjXn9xqSTViciHL1Hvb9nlb40H5jB0AF6QzcZbteLZRCRfX1VGgsoGoqRprkNEAIZfirnRHxIId8rnLJezV/+e0R5+py8UkOOIAPxrnTyIJ2ThCsAxvfV2JTGo3TwM8PdzxH/zbhVpSaea4Or2+Y3pipZB+qtq74=,iv:lSWzwg9pdqeJzbuxZHIS1upfkFHklFQCfhzE4nqnPl4=,tag:iYx6xkhomksHkpz78WCw3w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1