batteredbunny/server.nix
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

Formatting

Browse source
This commit is contained in:
batteredbunny 2024-05-02 14:09:52 +03:00
parent fa02a4c72a
commit 1202eac75c
5 changed files with 134 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

17
caddy.nix
View file

@ -1,10 +1,10 @@
{ { config
config, , pkgs
pkgs, , inputs
inputs, , ...
... }:
}: let let
settings = import ./settings.nix {}; settings = import ./settings.nix { };
elementClient = pkgs.element-web.override { elementClient = pkgs.element-web.override {
conf = { conf = {
@ -17,7 +17,8 @@
}; };
}; };
}; };
in { in
{
services.caddy = { services.caddy = {
enable = true; enable = true;
email = "ssl@catnip.ee"; email = "ssl@catnip.ee";

167
configuration.nix
View file

@ -1,13 +1,14 @@
{ config
, pkgs
, inputs
, system
, lib
, ...
}:
let
settings = import ./settings.nix { };
in
{ {
config,
pkgs,
inputs,
system,
lib,
...
}: let
settings = import ./settings.nix {};
in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./containers.nix ./containers.nix
@ -22,7 +23,7 @@ in {
]; ];
nixpkgs = { nixpkgs = {
overlays = [inputs.nix-minecraft.overlay]; overlays = [ inputs.nix-minecraft.overlay ];
config.allowUnfree = true; config.allowUnfree = true;
}; };
@ -44,10 +45,10 @@ in {
}; };
optimise = { optimise = {
automatic = true; automatic = true;
dates = ["06:00"]; dates = [ "06:00" ];
}; };
settings = { settings = {
experimental-features = ["nix-command" "flakes"]; experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true; auto-optimise-store = true;
allowed-users = [ allowed-users = [
"@wheel" "@wheel"
@ -57,7 +58,7 @@ in {
}; };
boot = { boot = {
supportedFilesystems = ["ntfs" "btrfs" "mergerfs"]; supportedFilesystems = [ "ntfs" "btrfs" "mergerfs" ];
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = { loader = {
@ -67,7 +68,7 @@ in {
}; };
systemd.services = { systemd.services = {
caddy.serviceConfig.ReadWriteDirectories = lib.mkForce ["/var/lib/caddy" "/run/mastodon-web"]; caddy.serviceConfig.ReadWriteDirectories = lib.mkForce [ "/var/lib/caddy" "/run/mastodon-web" ];
mautrix-telegram.path = with pkgs; [ mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package lottieconverter # for animated stickers conversion, unfree package
@ -101,7 +102,7 @@ in {
''; '';
Restart = "always"; Restart = "always";
}; };
wantedBy = ["default.target"]; wantedBy = [ "default.target" ];
}; };
}; };
@ -240,7 +241,7 @@ in {
Domain = "drasl.snailcore.net"; Domain = "drasl.snailcore.net";
BaseURL = "https://drasl.snailcore.net"; BaseURL = "https://drasl.snailcore.net";
ListenAddress = "0.0.0.0:${toString settings.ports.drasl}"; ListenAddress = "0.0.0.0:${toString settings.ports.drasl}";
DefaultAdmins = ["kaya"]; DefaultAdmins = [ "kaya" ];
RegistrationNewPlayer = { RegistrationNewPlayer = {
Allow = true; Allow = true;
@ -302,7 +303,7 @@ in {
sonarr = [ sonarr = [
{ {
url = "http://localhost:8989"; url = "http://localhost:8989";
paths = ["/mnt/drive1/torrents/downloads" "/mnt/drive2/torrents" "/mnt/drive3/torrents" "/mnt/drive4/torrents"]; paths = [ "/mnt/drive1/torrents/downloads" "/mnt/drive2/torrents" "/mnt/drive3/torrents" "/mnt/drive4/torrents" ];
protocols = "torrent"; protocols = "torrent";
timeout = "100s"; timeout = "100s";
delete_delay = "10m"; delete_delay = "10m";
@ -312,7 +313,7 @@ in {
radarr = [ radarr = [
{ {
url = "http://localhost:7878"; url = "http://localhost:7878";
paths = ["/mnt/drive1/torrents/downloads" "/mnt/drive2/torrents" "/mnt/drive3/torrents" "/mnt/drive4/torrents"]; paths = [ "/mnt/drive1/torrents/downloads" "/mnt/drive2/torrents" "/mnt/drive3/torrents" "/mnt/drive4/torrents" ];
protocols = "torrent"; protocols = "torrent";
timeout = "100s"; timeout = "100s";
delete_delay = "10m"; delete_delay = "10m";
@ -494,66 +495,72 @@ in {
"tcp+udp:1.1.1.1" "tcp+udp:1.1.1.1"
"https://1.1.1.1/dns-query" "https://1.1.1.1/dns-query"
]; ];
customDNS = let customDNS =
localDomains = names: ip: let
builtins.listToAttrs (map (x: { localDomains = names: ip:
name = x; builtins.listToAttrs (map
value = ip; (x: {
}) name = x;
names); value = ip;
in { })
mapping = localDomains [ names);
"catnip.ee" in
"files" {
"qbittorrent" mapping = localDomains [
"scrutiny" "catnip.ee"
"archive" "files"
"epic" "qbittorrent"
"scrutiny"
"archive"
"epic"
"sonarr" "sonarr"
"radarr" "radarr"
"prowlarr" "prowlarr"
"bazarr" "bazarr"
"lidarr" "lidarr"
] "100.93.150.89"; ] "100.93.150.89";
}; };
conditional = let conditional =
opennic = names: ip: let
builtins.listToAttrs (map (x: { opennic = names: ip:
name = x; builtins.listToAttrs (map
value = ip; (x: {
}) name = x;
names); value = ip;
in { })
mapping = opennic [ names);
"epic" in
"geek" {
"chan" mapping = opennic [
"fur" "epic"
"cyb" "geek"
"oss" "chan"
"pirate" "fur"
"neo" "cyb"
"libre" "oss"
"dyn" "pirate"
"glue" "neo"
"indy" "libre"
"bbs" "dyn"
"gopher" "glue"
"null" "indy"
"o" "bbs"
"oz" "gopher"
"parody" "null"
"bazar" "o"
"coin" "oz"
"lib" "parody"
"emc" "bazar"
"ku" "coin"
"uu" "lib"
"ti" "emc"
"te" "ku"
] "138.197.140.189"; "uu"
}; "ti"
"te"
] "138.197.140.189";
};
blocking = { blocking = {
blackLists = { blackLists = {
ads = [ ads = [
@ -786,12 +793,12 @@ in {
]; ];
listeners = [ listeners = [
{ {
bind_addresses = ["127.0.0.1"]; bind_addresses = [ "127.0.0.1" ];
port = settings.ports.synapse; port = settings.ports.synapse;
resources = [ resources = [
{ {
compress = true; compress = true;
names = ["client" "federation"]; names = [ "client" "federation" ];
} }
]; ];
tls = false; tls = false;
@ -880,7 +887,7 @@ in {
owo = { owo = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["networkmanager" "wheel" "docker"]; extraGroups = [ "networkmanager" "wheel" "docker" ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi"

50
containers.nix
View file

@ -1,6 +1,8 @@
{...}: let { ... }:
settings = import ./settings.nix {}; let
in { settings = import ./settings.nix { };
in
{
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "docker"; backend = "docker";
containers = { containers = {
@ -35,7 +37,7 @@ in {
plextraktsync = { plextraktsync = {
autoStart = true; autoStart = true;
image = "ghcr.io/taxel/plextraktsync"; image = "ghcr.io/taxel/plextraktsync";
cmd = ["watch"]; cmd = [ "watch" ];
environment = { environment = {
PUID = "1000"; PUID = "1000";
PGID = "1000"; PGID = "1000";
@ -79,26 +81,28 @@ in {
"--interval=60" "--interval=60"
]; ];
}; };
archivebox = let archivebox =
internalHttpPort = 8000; let
in { internalHttpPort = 8000;
autoStart = true; in
image = "docker.io/archivebox/archivebox:master"; {
cmd = [ autoStart = true;
"server" image = "docker.io/archivebox/archivebox:master";
"0.0.0.0:${toString internalHttpPort}" cmd = [
]; "server"
ports = [ "0.0.0.0:${toString internalHttpPort}"
"${toString settings.ports.archivebox}:${toString internalHttpPort}" ];
]; ports = [
environment = { "${toString settings.ports.archivebox}:${toString internalHttpPort}"
ALLOWED_HOSTS = "*"; ];
MEDIA_MAX_SIZE = "750m"; environment = {
ALLOWED_HOSTS = "*";
MEDIA_MAX_SIZE = "750m";
};
volumes = [
"${settings.server_configs_home}/archivebox:/data"
];
}; };
volumes = [
"${settings.server_configs_home}/archivebox:/data"
];
};
wakapi = { wakapi = {
autoStart = true; autoStart = true;
image = "ghcr.io/muety/wakapi:latest"; image = "ghcr.io/muety/wakapi:latest";

20
flake.nix
View file

@ -12,15 +12,15 @@
drasl.url = "github:unmojang/drasl"; drasl.url = "github:unmojang/drasl";
}; };
outputs = { outputs =
self, { self
nixpkgs, , nixpkgs
... , ...
} @ inputs: { } @ inputs: {
nixosConfigurations.server = nixpkgs.lib.nixosSystem rec { nixosConfigurations.server = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {inherit inputs system;}; specialArgs = { inherit inputs system; };
modules = [./configuration.nix]; modules = [ ./configuration.nix ];
};
}; };
};
} }

2
settings.nix
View file

@ -1,4 +1,4 @@
{...}: { { ... }: {
# sudo mkdir -p /var/lib/acme-turn # sudo mkdir -p /var/lib/acme-turn
# sudo chown -R acme:caddy /var/lib/acme-turn # sudo chown -R acme:caddy /var/lib/acme-turn
turnAcmeDir = "/var/lib/acme-turn"; turnAcmeDir = "/var/lib/acme-turn";