Serverraum-mit-Matratze/infra
2
0
Fork 0
Code Issues 3 Pull requests Projects 1 Releases Packages Wiki Activity Actions

Compare commits

base: Serverraum-mit-Matratze:99ac338d3ac6dd7ff6edc6567cf9a5403435b042
Branches Tags
Serverraum-mit-Matratze:main
...
compare: Serverraum-mit-Matratze:c443c2b3540c634569545d932d9868b353122b15
Branches Tags
Serverraum-mit-Matratze:main

2 commits
99ac338d3a ... c443c2b354

Author SHA1 Message Date
Kaybee
c443c2b354
Changed NAS Servers
Some checks failed
/ Check Nix Flake (push) Failing after 2m29s
Details
2025-07-15 00:39:10 +02:00
Kaybee
f68bd065f8
Updated Lix, Updated Systems 2025-07-15 00:38:46 +02:00
5 changed files with 93 additions and 47 deletions
Show stats Expand all files Collapse all files

62
flake.lock generated
View file

@ -3,11 +3,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1747046372,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -127,11 +127,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748227609, "lastModified": 1752467539,
"narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=", "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022", "rev": "1e54837569e0b80797c47be4720fab19e0db1616",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -143,15 +143,15 @@
"lix": { "lix": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1746827285, "lastModified": 1751235704,
"narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", "narHash": "sha256-J4ycLoXHPsoBoQtEXFCelL4xlq5pT8U9tNWNKm43+YI=",
"rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "rev": "1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6.tar.gz?rev=1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz"
} }
}, },
"lix-module": { "lix-module": {
@ -164,15 +164,15 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746838955, "lastModified": 1751240025,
"narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", "narHash": "sha256-SXUAlxpjPRkArRMHy5+Hdi+PiC+ND9yzzIjiaHmTvQU=",
"rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "rev": "8b1094356f4723d6e89d3f8a95b333ee16d9ab02",
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/8b1094356f4723d6e89d3f8a95b333ee16d9ab02.tar.gz?rev=8b1094356f4723d6e89d3f8a95b333ee16d9ab02"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz"
} }
}, },
"nix-minecraft": { "nix-minecraft": {
@ -184,11 +184,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748225187, "lastModified": 1752373696,
"narHash": "sha256-gpNN43fNJQoHhnK1Z+nms4lo6i/t9t2rfZMAxc165vQ=", "narHash": "sha256-xdjUzHG3sPAs3U1wVnx5hf1NrspCN+qtaBmAks+wnsM=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "98c1bcaaa4dbd5980523a08a5b32e35d44e830e5", "rev": "93ca1ac26dc85d8c34f838a5afb7138ff445d2bc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -220,11 +220,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747663185, "lastModified": 1751903740,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", "rev": "032decf9db65efed428afd2fa39d80f7089085eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -235,11 +235,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1747900541, "lastModified": 1752048960,
"narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", "narHash": "sha256-gATnkOe37eeVwKKYCsL+OnS2gU4MmLuZFzzWCtaKLI8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", "rev": "7ced9122cff2163c6a0212b8d1ec8c33a1660806",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -251,11 +251,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748190013, "lastModified": 1751984180,
"narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "62b852f6c6742134ade1abdd2a21685fd617a291", "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -306,11 +306,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747603214, "lastModified": 1751606940,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View file

@ -6,7 +6,7 @@
snowfall-lib.inputs.nixpkgs.follows = "nixpkgs"; snowfall-lib.inputs.nixpkgs.follows = "nixpkgs";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz";
lix-module.inputs.nixpkgs.follows = "nixpkgs"; lix-module.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";

3
modules/nixos/services/traefik-proxy/default.nix
View file

@ -15,8 +15,7 @@ in
}; };
config = lib.mkIf (cfg.enable || config = lib.mkIf (cfg.enable ||
config.services.binary-cache.enable || config.services.binary-cache.enable) {
config.suites.nas.media.enable) {
services.traefik = { services.traefik = {
enable = true; enable = true;
staticConfigOptions = { staticConfigOptions = {

66
modules/nixos/suites/nas/default.nix
View file

@ -26,6 +26,12 @@ in
default = "localhost"; default = "localhost";
description = "NAS Reachable Domain Name"; description = "NAS Reachable Domain Name";
}; };
options.suites.nas.debug = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Insecure, shows Traefik Dashboard";
};
options.suites.nas.media.enable = lib.mkOption { options.suites.nas.media.enable = lib.mkOption {
type = with lib.types; uniq bool; type = with lib.types; uniq bool;
default = true; default = true;
@ -49,8 +55,8 @@ in
######### #########
# Users # # Users #
######### #########
users.groups.media = {}; users.groups.media = lib.mkForce {}; # kavita wants to create user too
users.users.media = { users.users.media = lib.mkForce {
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
description = "Media User"; description = "Media User";
@ -105,6 +111,50 @@ in
}; };
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
#################
# Reverse Proxy #
#################
# Firewall
networking.firewall.allowedTCPPorts = [ 80 443 8080 ];
services.traefik = {
enable = true;
staticConfigOptions = {
api = {
dashboard = true;
insecure = true;
};
entryPoints = {
http = {
address = ":80";
# http.redirections.entrypoint = {
# to = "https";
# scheme = "https";
# };
};
https = {
address = ":443";
};
};
};
};
services.traefik.dynamicConfigOptions = {
# Traefik Dashbaord
http.routers.dashboard.rule = "Host(`traefik.mow0m`)";
http.routers.dashboard.service = "api@internal";
# Jellyfin
http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
http.routers.jellyfin.entrypoints = "http";
http.routers.jellyfin.tls = false;
http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)";
http.routers.jellyfin.service = "jellyfin";
# Kavita
http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ];
http.routers.kavita.entrypoints = "http";
http.routers.kavita.tls = false;
http.routers.kavita.rule = "Host(`kavita.${config.suites.nas.domain}`)";
http.routers.kavita.service = "kavita";
};
################# #################
# Media Servers # # Media Servers #
@ -112,14 +162,10 @@ in
# Jellyfin # Jellyfin
services.jellyfin.enable = cfg.media.servers.enable; services.jellyfin.enable = cfg.media.servers.enable;
services.jellyfin.user = "media"; services.jellyfin.user = "media";
services.traefik.dynamicConfigOptions = { # Kavita
http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ]; services.kavita.enable = cfg.media.servers.enable;
http.routers.jellyfin.entrypoints = "websecure"; services.kavita.user = "media";
http.routers.jellyfin.tls = true; services.kavita.tokenKeyFile = "/home/media/kavitaKeyToken";
#http.routers.jellyfin.tls.certresolver = "letsencrypt";
http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)";
http.routers.jellyfin.service = "jellyfin";
};
}; };

7
systems/x86_64-linux/mow0m/default.nix
View file

@ -6,7 +6,7 @@
]; ];
# Configure Nix # Configure Nix
nix.package = pkgs.lix.override { aws-sdk-cpp = null; }; nix.package = pkgs.lix;
nix.settings = { nix.settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
}; };
@ -75,10 +75,11 @@
# Enable NAS Suite # Enable NAS Suite
suites.nas.enable = true; suites.nas.enable = true;
suites.nas.domain = "mow0m.lan"; suites.nas.debug = true;
suites.nas.domain = "mow0m";
suites.nas.media.enable = true; suites.nas.media.enable = true;
suites.nas.media.folder = "/laowu/media"; suites.nas.media.folder = "/laowu/media";
suites.nas.media.servers.enable = false; suites.nas.media.servers.enable = true;
# Firewall # Firewall
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];