Serverraum-mit-Matratze/infra
2
0
Fork 0
Code Issues 3 Pull requests Projects 1 Releases Packages Wiki Activity Actions
infra/modules/nixos/suites/nas/default.nix
Kaybee 6746a035b4
Some checks failed
/ Check Nix Flake (push) Failing after 1m45s
Details
Configured Web-Servers for Public Access
2025-07-15 01:28:19 +02:00

179 lines
4.9 KiB
Nix
Raw Blame History

{
inputs,
config,
lib,
pkgs,
system,
...
}:
let
cfg = config.suites.nas;
in
{
# imports = [
# ];
###########
# Options #
###########
options.suites.nas.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enable Preconfigured NAS Config";
};
options.suites.nas.domain = lib.mkOption {
type = with lib.types; string;
default = "localhost";
description = "NAS Reachable Domain Name";
};
options.suites.nas.debug = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Insecure, shows Traefik Dashboard";
};
options.suites.nas.media.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = true;
description = "Enable Media Servers";
};
options.suites.nas.media.folder = lib.mkOption {
type = with lib.types; str;
default = "/home/media";
description = "Media Root Directory";
};
options.suites.nas.media.servers.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = true;
description = "Enable Preconfigured Media Servers";
};
# NAS Config
config = lib.mkIf (cfg.enable) {
#########
# Users #
#########
users.groups.media = lib.mkForce {}; # kavita wants to create user too
users.users.media = lib.mkForce {
isSystemUser = true;
createHome = true;
description = "Media User";
group = "media";
home = "/home/media";
};
##################
# Network Drives #
##################
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
# Discorvery
"workgroup" = "WORKGROUP";
"netbios name" = "mow0m";
"netbios aliases" = "";
"server string" = "mow0m Server";
# Guest Access
#"restrict anonymous" = "0"; # Default 0
"guest account" = "nobody";
"map to guest" = "Bad User";
# Security
"local master" = "True";
"create mask" = "0664";
"directory mask" = "0775";
#"ntlm auth" = "False";
security = "user";
"invalid users" = [ "root" ];
"passwd program" = "/run/wrappers/bin/passwd %u";
# Networking
"winbind request timeout" = "2";
};
media = {
comment = "Public Media Share";
browsable = "yes";
"guest ok" = "yes"; # same as public = true
"writable" = "yes";
path = "/laowu/media";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "media";
"force group" = "media";
};
};
};
services.samba-wsdd = { # Web Service Discorvery Daemon
enable = true;
openFirewall = true;
};
networking.firewall.allowPing = true;
#################
# Reverse Proxy #
#################
# Firewall
networking.firewall.allowedTCPPorts = [ 80 443 8080 ];
services.traefik = {
enable = true;
staticConfigOptions = {
api = {
dashboard = false;
insecure = false;
};
entryPoints = {
http = {
address = ":80";
http.redirections.entrypoint = {
to = "https";
scheme = "https";
};
};
https = {
address = ":443";
};
};
certificatesResolvers.letsencrypt.acme = {
storage = "/run/secrets/acme.json";
httpchallenge.entrypoint = "http";
};
};
};
services.traefik.dynamicConfigOptions = {
# Traefik Dashbaord
http.routers.dashboard.rule = "Host(`traefik.hopp14.de`)";
http.routers.dashboard.service = "api@internal";
# Jellyfin
http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ];
http.routers.jellyfin.entrypoints = "https";
#http.routers.jellyfin.tls = true;
http.routers.jellyfin.tls.certresolver = "letsencrypt";
http.routers.jellyfin.rule = "Host(`jellyfin.${config.suites.nas.domain}`)";
http.routers.jellyfin.service = "jellyfin";
# Kavita
http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ];
http.routers.kavita.entrypoints = "https";
#http.routers.kavita.tls = true;
http.routers.kavita.tls.certresolver = "letsencrypt";
http.routers.kavita.rule = "Host(`kavita.${config.suites.nas.domain}`)";
http.routers.kavita.service = "kavita";
};
#################
# Media Servers #
#################
# Jellyfin
services.jellyfin.enable = cfg.media.servers.enable;
services.jellyfin.user = "media";
# Kavita
services.kavita.enable = cfg.media.servers.enable;
services.kavita.user = "media";
services.kavita.tokenKeyFile = "/home/media/kavitaKeyToken";
};
}
Reference in a new issue View git blame Copy permalink