Opened Firewall, Added Dashboard-stuff

README.md

@@ -92,6 +92,12 @@ Ram: 3GB of Host
 
 Build: `nixos-rebuild build-vm --flake .#U3ncSovm`
 
+Run VM:
+```bash
+export QEMU_NET_OPTS="hostfwd=tcp::443-:443"
+/nix/store/00your00hash00of00build999999999-nixos-vm/bin/run-U3ncSovm-vm
+```
+
 ## License
 
 [MIT © kB01](../LICENSE)

modules/nixos/services/nas/audiobookshelf.nix

@@ -0,0 +1,29 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  system,
+  ...
+}:
+let
+  cfg = config.services.nas;
+in
+{
+  config = lib.mkIf (cfg.enable && cfg.servers.audiobookshelf.enable) {
+
+    services.audiobookshelf = {
+      enable = true;
+      port = 63001;
+    };
+
+    services.traefik.dynamicConfigOptions = {
+      http.routers.audiobookshelf.entrypoints = "websecure";
+      http.routers.audiobookshelf.tls = true;
+      http.routers.audiobookshelf.rule = "Host(`audiobookshelf.localhost`)";
+      http.routers.audiobookshelf.service = "audiobookshelf";
+      services.audiobookshelf.loadBalancer.servers = [ { url = "http://localhost:63001/"; } ];
+    };
+  };
+}
+

modules/nixos/services/nas/default.nix

@@ -0,0 +1,29 @@
+{ inputs, config, lib, pkgs, ... }:
+let
+  cfg = config.services.nas;
+in
+{
+  imports = [
+    ./traefik-proxy.nix
+    ./audiobookshelf.nix
+  ];
+
+  options.services.nas = {
+    enable = lib.mkOption {
+      type = with lib.types; uniq bool;
+      default = false;
+      description = "Enable NAS Server Configuration";
+    };
+    useTraefik.enable = lib.mkOption {
+      type = with lib.types; uniq bool;
+      default = true;
+      description = "Enables Traefik Reverese Proxy";
+    };
+    servers.audiobookshelf.enable = lib.mkOption {
+      type = with lib.types; uniq bool;
+      default = false;
+      description = "Audiobookshelf Server";
+    };
+  };
+}
+

modules/nixos/services/nas/traefik-proxy.nix

@@ -0,0 +1,37 @@
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  system,
+  ...
+}:
+let
+  cfg = config.services.nas;
+in
+{
+  config = lib.mkIf (cfg.enable && cfg.useTraefik.enable) {
+    # Default Config
+    services.traefik = {
+      enable = true;
+      staticConfigOptions = {
+        entryPoints.web.address = ":80";
+        entryPoints.websecure.address = ":443";
+      };
+    };
+    networking.firewall.interfaces.eth0.allowedTCPPorts = [ 80 443 ];
+
+    # Enable Secure Dashboard
+    services.traefik.staticConfigOptions.api = {};
+    services.traefik.dynamicConfigOptions = {
+      http.routers.dashboard.entrypoints = "websecure";
+      http.routers.dashboard.tls = true;
+      http.routers.dashboard.rule = "Host(`traefik.localhost`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))";
+      http.routers.dashboard.service = "api@internal";
+      http.routers.dashboard.middlewares = "auth";
+      http.middlewares.auth.basicauth.users = "master:\$\$2y\$\$05\$\$JwzsNHz7CMJh0RU1eMe3AOfY5H30Qr1Q/glS1r/qEHCNpo5LvWnRW";
+    };
+
+  };
+}
+

systems/x86_64-linux/U3ncSovm/default.nix

@@ -28,6 +28,7 @@
   users.users.master = {
     initialPassword = "test";
     openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF82e+j7y8qsSvLn/DZuosvsH0S2EsHpqDkvZ8jiONm3 kb@LoyAdjo"
     ];
     isNormalUser = true;
     extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
@@ -45,6 +46,12 @@
     git
   ];
 
+  # Enable NAS Functionality
+  services.nas = {
+    enable = true;
+    servers.audiobookshelf.enable = true;
+  };
+
   # SSH and Mosh
   services.openssh = {
     enable = true;