Serverraum-mit-Matratze/infra
2
0
Fork 0
Code Issues 3 Pull requests Projects 1 Releases Packages Wiki Activity Actions

Compare commits

base: Serverraum-mit-Matratze:46e563dde1dea83c462565f04ac32c3354823383
Branches Tags
Serverraum-mit-Matratze:main
..
compare: Serverraum-mit-Matratze:ad0d22649ed3984f88cebee829144a0abb13cb1e
Branches Tags
Serverraum-mit-Matratze:main

No commits in common. "46e563dde1dea83c462565f04ac32c3354823383" and "ad0d22649ed3984f88cebee829144a0abb13cb1e" have entirely different histories.
46e563dde1 ... ad0d22649e

5 changed files with 99 additions and 99 deletions
Show stats Expand all files Collapse all files

2
modules/nixos/services/traefik-proxy/default.nix
View file

@ -32,6 +32,7 @@ in
websecure = { websecure = {
address = ":443"; address = ":443";
asDefault = true; asDefault = true;
http.tls.certResolver = "letsencrypt";
}; };
}; };
}; };
@ -41,6 +42,7 @@ in
# Configure Letsencrypt # Configure Letsencrypt
services.traefik.staticConfigOptions = { services.traefik.staticConfigOptions = {
certificatesResolvers.letsencrypt.acme = { certificatesResolvers.letsencrypt.acme = {
email = "kb01@kb-one.de";
tlsChallenge = {}; tlsChallenge = {};
storage = "/var/secrets/traefik/acme.json"; storage = "/var/secrets/traefik/acme.json";
}; };

92
modules/nixos/suites/nas/default.nix
View file

@ -10,12 +10,10 @@ let
cfg = config.suites.nas; cfg = config.suites.nas;
in in
{ {
# imports = [ imports = [
# ]; ./jellyfin.nix
./kavita.nix
########### ];
# Options #
###########
options.suites.nas.enable = lib.mkOption { options.suites.nas.enable = lib.mkOption {
type = with lib.types; uniq bool; type = with lib.types; uniq bool;
default = false; default = false;
@ -33,22 +31,18 @@ in
}; };
options.suites.nas.media.folder = lib.mkOption { options.suites.nas.media.folder = lib.mkOption {
type = with lib.types; str; type = with lib.types; str;
default = "/home/media"; default = "/home/media/media";
description = "Media Root Directory"; description = "Media Root Directory";
}; };
options.suites.nas.media.servers.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = true;
description = "Enable Preconfigured Media Servers";
};
# Media Config
config = lib.mkIf (cfg.enable && cfg.media.enable) {
# NAS Config # Media Defaults
config = lib.mkIf (cfg.enable) { suites.nas.media.jellyfin.enable = true;
suites.nas.media.kavita.enable = false;
######### # Create Media User
# Users #
#########
users.groups.media = {}; users.groups.media = {};
users.users.media = { users.users.media = {
isSystemUser = true; isSystemUser = true;
@ -58,70 +52,8 @@ in
home = "/home/media"; home = "/home/media";
}; };
##################
# Network Drives #
##################
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
# Discorvery
"workgroup" = "WORKGROUP";
"netbios name" = "mow0m";
"netbios aliases" = "";
"server string" = "mow0m Server";
# Guest Access
#"restrict anonymous" = "0"; # Default 0
"guest account" = "nobody";
"map to guest" = "Bad User";
# Security
"local master" = "True";
"create mask" = "0664";
"directory mask" = "0775";
#"ntlm auth" = "False";
security = "user";
"invalid users" = [ "root" ];
"passwd program" = "/run/wrappers/bin/passwd %u";
# Networking
"winbind request timeout" = "2";
};
media = {
comment = "Public Media Share";
browsable = "yes";
"guest ok" = "yes"; # same as public = true
"writable" = "yes";
path = "/laowu/media";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "media";
"force group" = "media";
};
};
};
services.samba-wsdd = { # Web Service Discorvery Daemon
enable = true;
openFirewall = true;
};
networking.firewall.allowPing = true;
#################
# Media Servers #
#################
# Jellyfin
services.jellyfin.enable = cfg.media.servers.enable;
services.jellyfin.user = "media";
services.traefik.dynamicConfigOptions = {
http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
http.routers.jellyfin.entrypoints = "websecure";
http.routers.jellyfin.tls = true;
#http.routers.jellyfin.tls.certresolver = "letsencrypt";
http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)";
http.routers.jellyfin.service = "jellyfin";
}; };
};
} }

41
modules/nixos/suites/nas/jellyfin.nix Normal file
View file

@ -0,0 +1,41 @@
{
inputs,
config,
lib,
pkgs,
system,
...
}:
let
cfg = config.suites.nas.media.jellyfin;
in
{
options.suites.nas.media.jellyfin.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enable Preconfigured Jellyfin Config";
};
options.suites.nas.media.jellyfin.subdomain = lib.mkOption {
type = with lib.types; string;
default = "watch";
description = "Subdomain for Jellyfin Server";
};
config = lib.mkIf (cfg.enable) {
services.jellyfin.enable = true;
services.jellyfin.user = "media";
# Configure Reverse-Proxy
services.traefik.dynamicConfigOptions = {
http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
http.routers.jellyfin.entrypoints = "websecure";
http.routers.jellyfin.tls = true;
#http.routers.jellyfin.tls.certresolver = "letsencrypt";
http.routers.jellyfin.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)";
http.routers.jellyfin.service = "jellyfin";
};
};
}

42
modules/nixos/suites/nas/kavita.nix Normal file
View file

@ -0,0 +1,42 @@
{
inputs,
config,
lib,
pkgs,
system,
...
}:
let
cfg = config.suites.nas.media.kavita;
in
{
options.suites.nas.media.kavita.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enable Preconfigured kavita Config";
};
options.suites.nas.media.kavita.subdomain = lib.mkOption {
type = with lib.types; string;
default = "read";
description = "Kavita Subdomain";
};
config = lib.mkIf (cfg.enable) {
services.kavita.enable = true;
services.kavita.user = "media";
services.kavita.tokenKeyFile = "/home/media/secrets/kavita-secret";
# Configure Reverse-Proxy
services.traefik.dynamicConfigOptions = {
http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ];
http.routers.kavita.entrypoints = "websecure";
http.routers.kavita.tls = true;
#http.routers.kavita.tls.certresolver = "letsencrypt";
http.routers.kavita.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)";
http.routers.kavita.service = "kavita";
};
};
}

19
systems/x86_64-linux/mow0m/default.nix
View file

@ -10,7 +10,6 @@
nix.settings = { nix.settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
}; };
nix.settings.trusted-users=[ "remotebuild" ];
# Networking # Networking
networking.hostName = "mow0m"; networking.hostName = "mow0m";
@ -37,18 +36,9 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICc3ShcoW5cPw1sbwiKI8ldMNtPi5xb6FPd/oH4AoSJW kb@Ohybke" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICc3ShcoW5cPw1sbwiKI8ldMNtPi5xb6FPd/oH4AoSJW kb@Ohybke"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGL0MCmqvwph9Py81MtAjpJHtw5ecyE3s3q/SQW+D7HJ wdlbrmft" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGL0MCmqvwph9Py81MtAjpJHtw5ecyE3s3q/SQW+D7HJ wdlbrmft"
]; ];
}; };
users.users.remotebuild = {
isNormalUser = true;
createHome = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW6aXcRu9+eYHi6taG8uWiG3XMJ429sax8EMyLHa31C kissen@Lolquak"
];
};
# programs.firefox.enable = true; # programs.firefox.enable = true;
# System Packages: (search via $ nix search wget) # System Packages: (search via $ nix search wget)
@ -73,13 +63,6 @@
services.asterisk-phony.enable = true; services.asterisk-phony.enable = true;
# Enable NAS Suite
suites.nas.enable = true;
suites.nas.domain = "mow0m.lan";
suites.nas.media.enable = true;
suites.nas.media.folder = "/laowu/media";
suites.nas.media.servers.enable = false;
# Firewall # Firewall
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];