Serverraum-mit-Matratze/infra
2
0
Fork 0
Code Issues 3 Pull requests Projects 1 Releases Packages Wiki Activity Actions

Changed NAS Servers
Some checks failed
/ Check Nix Flake (push) Failing after 2m29s
Details

Browse source
This commit is contained in:
Kaybee 2025-07-15 00:39:10 +02:00
parent f68bd065f8
commit c443c2b354
Signed by: kb01
SSH key fingerprint: SHA256:kv2GYUy1MZEqusYnS+Y9nMgrpv77jhm+3kknl3UGV1k
3 changed files with 61 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
modules/nixos/services/traefik-proxy/default.nix
View file

@ -15,8 +15,7 @@ in
}; };
config = lib.mkIf (cfg.enable || config = lib.mkIf (cfg.enable ||
config.services.binary-cache.enable || config.services.binary-cache.enable) {
config.suites.nas.media.enable) {
services.traefik = { services.traefik = {
enable = true; enable = true;
staticConfigOptions = { staticConfigOptions = {

66
modules/nixos/suites/nas/default.nix
View file

@ -26,6 +26,12 @@ in
default = "localhost"; default = "localhost";
description = "NAS Reachable Domain Name"; description = "NAS Reachable Domain Name";
}; };
options.suites.nas.debug = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Insecure, shows Traefik Dashboard";
};
options.suites.nas.media.enable = lib.mkOption { options.suites.nas.media.enable = lib.mkOption {
type = with lib.types; uniq bool; type = with lib.types; uniq bool;
default = true; default = true;
@ -49,8 +55,8 @@ in
######### #########
# Users # # Users #
######### #########
users.groups.media = {}; users.groups.media = lib.mkForce {}; # kavita wants to create user too
users.users.media = { users.users.media = lib.mkForce {
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
description = "Media User"; description = "Media User";
@ -105,6 +111,50 @@ in
}; };
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
#################
# Reverse Proxy #
#################
# Firewall
networking.firewall.allowedTCPPorts = [ 80 443 8080 ];
services.traefik = {
enable = true;
staticConfigOptions = {
api = {
dashboard = true;
insecure = true;
};
entryPoints = {
http = {
address = ":80";
# http.redirections.entrypoint = {
# to = "https";
# scheme = "https";
# };
};
https = {
address = ":443";
};
};
};
};
services.traefik.dynamicConfigOptions = {
# Traefik Dashbaord
http.routers.dashboard.rule = "Host(`traefik.mow0m`)";
http.routers.dashboard.service = "api@internal";
# Jellyfin
http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
http.routers.jellyfin.entrypoints = "http";
http.routers.jellyfin.tls = false;
http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)";
http.routers.jellyfin.service = "jellyfin";
# Kavita
http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ];
http.routers.kavita.entrypoints = "http";
http.routers.kavita.tls = false;
http.routers.kavita.rule = "Host(`kavita.${config.suites.nas.domain}`)";
http.routers.kavita.service = "kavita";
};
################# #################
# Media Servers # # Media Servers #
@ -112,14 +162,10 @@ in
# Jellyfin # Jellyfin
services.jellyfin.enable = cfg.media.servers.enable; services.jellyfin.enable = cfg.media.servers.enable;
services.jellyfin.user = "media"; services.jellyfin.user = "media";
services.traefik.dynamicConfigOptions = { # Kavita
http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ]; services.kavita.enable = cfg.media.servers.enable;
http.routers.jellyfin.entrypoints = "websecure"; services.kavita.user = "media";
http.routers.jellyfin.tls = true; services.kavita.tokenKeyFile = "/home/media/kavitaKeyToken";
#http.routers.jellyfin.tls.certresolver = "letsencrypt";
http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)";
http.routers.jellyfin.service = "jellyfin";
};
}; };

7
systems/x86_64-linux/mow0m/default.nix
View file

@ -6,7 +6,7 @@
]; ];
# Configure Nix # Configure Nix
nix.package = pkgs.lix.override { aws-sdk-cpp = null; }; nix.package = pkgs.lix;
nix.settings = { nix.settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
}; };
@ -75,10 +75,11 @@
# Enable NAS Suite # Enable NAS Suite
suites.nas.enable = true; suites.nas.enable = true;
suites.nas.domain = "mow0m.lan"; suites.nas.debug = true;
suites.nas.domain = "mow0m";
suites.nas.media.enable = true; suites.nas.media.enable = true;
suites.nas.media.folder = "/laowu/media"; suites.nas.media.folder = "/laowu/media";
suites.nas.media.servers.enable = false; suites.nas.media.servers.enable = true;
# Firewall # Firewall
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];