Clean up, remove epicgames-freegames-node, move scrutiny to its own file

2025-01-24 19:18:20 +02:00 · 2025-01-24 19:18:20 +02:00 · 46985b638b
commit 46985b638b
parent 1c6c446cd2
18 changed files with 96 additions and 109 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,3 @@
 # server.nix

-Nix config for my home server
+NixOS config for [catnip.ee](https://catnip.ee)
--- a/caddy/default.nix
+++ b/caddy/default.nix
@ -2,7 +2,6 @@
 , pkgs
 , inputs
 , settings
-, lib
 , ...
 }:
 let
@ -44,9 +43,7 @@ in
    };

    globalConfig = ''
-      servers {
-        metrics
-      }
+      metrics

      admin 0.0.0.0:2019
    '';
@ -71,18 +68,6 @@ in
        @local remote_ip private_ranges 100.64.0.0/10
        reverse_proxy @local http://${config.services.syncthing.guiAddress}
      '';
-      "http://epic.internal".extraConfig = ''
-        @local remote_ip private_ranges 100.64.0.0/10
-        reverse_proxy @local :${toString settings.ports.epicgames-freegames-node}
-      '';
-      "http://scrutiny.internal".extraConfig = ''
-        @local remote_ip private_ranges 100.64.0.0/10
-        reverse_proxy @local :${toString config.services.scrutiny.settings.web.listen.port}
-      '';
-      "http://qbittorrent.internal".extraConfig = ''
-        @local remote_ip private_ranges 100.64.0.0/10
-        reverse_proxy @local :${toString settings.ports.qbittorrent}
-      '';
      "http://files.internal".extraConfig = ''
        @local remote_ip private_ranges 100.64.0.0/10
        root * /mnt/media
@ -138,7 +123,7 @@ in
        handle /.well-known/matrix/client {
          header Content-Type application/json
          header Access-Control-Allow-Origin *
-          respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}`
+          respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}`
        }
        handle /.well-known/matrix/server {
          header Content-Type application/json
@ -147,7 +132,7 @@ in
        }

        handle /telegram/* {
-          reverse_proxy :${toString settings.ports.mautrix-telegram}
+          reverse_proxy :${toString config.services.mautrix-telegram.settings.appservice.port}
        }
      '';

@ -165,7 +150,7 @@ in
        handle /.well-known/matrix/client {
          header Content-Type application/json
          header Access-Control-Allow-Origin *
-          respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}`
+          respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}`
        }
        handle /.well-known/matrix/server {
          header Content-Type application/json
--- a/configuration.nix
+++ b/configuration.nix
@ -1,12 +1,13 @@
 { config
 , pkgs
 , inputs
+, settings
 , ...
 }: {
  imports = [
    ./hardware-configuration.nix
    ./containers
-    ./caddy
+    ./caddy.nix
    ./gui.nix
    ./drives.nix
    ./games/palworld.nix
@ -176,23 +177,14 @@
        # maybe only include /var/lib?
        "/var/lib/mysql"
        "/var/lib/postgresql"
-        "/var/lib/private/drasl"
        "/var/lib/acme"
        "/var/lib/tailscale"
-        "/var/lib/private/scrutiny"
        "/var/lib/caddy"
        "/var/lib/syncthing"
        "/var/lib/matrix-synapse"
-        "/var/lib/influxdb2"

        "/etc/secrets"
        "/etc/nixos"
-        "/srv/minecraft"
-
-        "/home/owo/Documents/server_configs/archivebox"
-        "/home/owo/Documents/server_configs/epicgames-freegames-node"
-        "/home/owo/Documents/server_configs/palworld"
-        "/home/owo/Documents/server_configs/sonic"
      ];

      exclude = [
@ -214,11 +206,6 @@
      guiAddress = "0.0.0.0:8384";
      openDefaultPorts = true;
    };
-    scrutiny = {
-      enable = true;
-      collector.enable = true;
-      settings.web.listen.port = 4012;
-    };
    tailscale = {
      enable = true;
      useRoutingFeatures = "server";
@ -309,7 +296,7 @@
        listeners = [
          {
            bind_addresses = [ "127.0.0.1" ];
-            port = 8008;
+            port = settings.ports.synapse;
            resources = [
              {
                compress = true;
--- a/containers/default.nix
+++ b/containers/default.nix
@ -1,27 +1,7 @@
-{ settings
-, ...
-}: {
+{ ... }: {
  virtualisation.oci-containers = {
    backend = "docker";
    containers = {
-      epicgames-freegames-node = {
-        autoStart = true;
-        image = "ghcr.io/claabs/epicgames-freegames-node:latest";
-        volumes = [
-          "${settings.server_configs_home}/epicgames-freegames-node:/usr/app/config"
-        ];
-        environment = {
-          BASE_URL = "http://epic.internal";
-          RUN_ON_STARTUP = "true";
-          NTFY_PRIORITY = "urgent";
-        };
-        environmentFiles = [
-          "/etc/secrets/efn.env"
-        ];
-        ports = [
-          "${toString settings.ports.epicgames-freegames-node}:3000"
-        ];
-      };
      watchtower = {
        autoStart = true;
        image = "docker.io/containrrr/watchtower:latest-dev";
--- a/games/minecraft/default.nix
+++ b/games/minecraft/default.nix
@ -50,5 +50,10 @@
        };
      };
    };
+
+    borgbackup.jobs."borgbase".paths = [
+      "/var/lib/private/drasl"
+      "/srv/minecraft"
+    ];
  };
 }
--- a/games/palworld.nix
+++ b/games/palworld.nix
@ -1,12 +1,15 @@
 { settings
 , ...
-}: {
+}: let
+  serverPort = 8211;
+  steamQueryPort = 27015;
+in {
  virtualisation.oci-containers.containers.palworld = {
    autoStart = true;
    image = "thijsvanloef/palworld-server-docker:latest";
    ports = [
-      "${toString settings.ports.palworld}:${toString settings.ports.palworld}/udp" # server
-      "27015:27015/udp" # QUERY_PORT for steam server? Whatever that is, has to be exposed
+      "${toString serverPort}:${toString serverPort}/udp" # server
+      "${toString steamQueryPort}:27015/udp" # QUERY_PORT for steam server? Whatever that is, has to be exposed
      # "8212:8212/tcp" # Uncomment this line if REST API is enabled
    ];
    environment = {
@ -14,7 +17,7 @@
      PGID = "1000";
      TZ = "Europe/Tallinn";

-      PORT = toString settings.ports.palworld;
+      PORT = toString serverPort;
      PLAYERS = "16";
      MULTITHREADING = "true";
      RCON_ENABLED = "true";
@ -37,7 +40,11 @@
  };

  networking.firewall.allowedUDPPorts = [
-    27015
-    settings.ports.palworld
+    serverPort
+    steamQueryPort
+  ];
+
+  services.borgbackup.jobs."borgbase".paths = [
+    "/home/owo/Documents/server_configs/palworld"
  ];
 }
--- a/services/archivebox.nix
+++ b/services/archivebox.nix
@ -96,8 +96,15 @@ in
    };
  };

-  services.caddy.virtualHosts."http://archive.internal".extraConfig = ''
-    @local remote_ip private_ranges 100.64.0.0/10
-    reverse_proxy @local :${toString port}
-  '';
+  services = {
+    borgbackup.jobs."borgbase".paths = [
+      "/home/owo/Documents/server_configs/archivebox"
+      "/home/owo/Documents/server_configs/sonic"
+    ];
+
+    caddy.virtualHosts."http://archive.internal".extraConfig = ''
+      @local remote_ip private_ranges 100.64.0.0/10
+      reverse_proxy @local :${toString port}
+    '';
+  };
 }
--- a/services/blocky.nix
+++ b/services/blocky.nix
@ -32,7 +32,6 @@
            "qbittorrent.internal"
            "scrutiny.internal"
            "archive.internal"
-            "epic.internal"
            "sonarr.internal"
            "radarr.internal"
            "prowlarr.internal"
--- a/services/coturn.nix
+++ b/services/coturn.nix
@ -62,16 +62,13 @@ in
    };
  };

-  security.acme.certs = {
-    ${config.services.coturn.realm} = {
-      webroot = turnAcmeDir;
-      postRun = "systemctl restart coturn.service";
-      group = config.systemd.services.coturn.serviceConfig.Group;
-    };
+  security.acme.certs.${config.services.coturn.realm} = {
+    webroot = turnAcmeDir;
+    postRun = "systemctl restart coturn.service";
+    group = config.systemd.services.coturn.serviceConfig.Group;
  };

  networking.firewall = {
-    enable = true;
    allowedUDPPortRanges = with config.services.coturn; [
      {
        from = min-port;
--- a/services/default.nix
+++ b/services/default.nix
@ -24,5 +24,6 @@
    ./plex.nix
    ./komga.nix
    ./prosody.nix
+    ./scrutiny.nix
  ];
 }
--- a/services/mautrix.nix
+++ b/services/mautrix.nix
@ -1,4 +1,6 @@
-{ pkgs, settings, ... }: {
+{ pkgs, settings, ... }: let
+  appservicePort = 8009;
+in {
  virtualisation.oci-containers.containers.mautrix-discord = {
    autoStart = true;
    image = "dock.mau.dev/mautrix/discord:v0.7.2";
@ -32,8 +34,8 @@
          domain = "catnip.ee";
        };
        appservice = {
-          address = "http://localhost:${toString settings.ports.mautrix-telegram}";
-          port = settings.ports.mautrix-telegram;
+          address = "http://localhost:${toString appservicePort}";
+          port = appservicePort;
          provisioning.enabled = false;
          id = "telegram";
          public = {
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -1,6 +1,8 @@
-{ config, pkgs, ... }: let
+{ config, pkgs, lib, ... }:
+let
  port = 4008;
-in {
+in
+{
  environment.systemPackages = with pkgs; [
    ffmpeg # needed for thumbnails iirc
  ];
@ -44,8 +46,8 @@ in {
      extraApps = with config.services.nextcloud.package.packages.apps; {
        inherit contacts calendar tasks mail;
        integration_github = pkgs.fetchNextcloudApp {
-          url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.0.0/integration_github-v3.0.0.tar.gz";
-          sha256 = "sha256-ruLN4lw3Vy8OavTYm1g2L9q1wusRP0a+BpvfXkrZI3A=";
+          url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.1.1/integration_github-v3.1.1.tar.gz";
+          sha256 = "sha256-nm463H33WyXTJkb7+OSsunARNuSl5nc3uGClgwkVvhM=";
          license = "agpl3Only";
        };
      };
--- a/services/ntfy.nix
+++ b/services/ntfy.nix
@ -8,6 +8,7 @@
        base-url = "https://ntfy.catnip.ee";
      };
    };
+
    caddy.virtualHosts."ntfy.catnip.ee".extraConfig = ''
      tls {
        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
--- a/services/plex.nix
+++ b/services/plex.nix
@ -19,19 +19,17 @@
    };
  };

-  virtualisation.oci-containers.containers = {
-    plextraktsync = {
-        autoStart = true;
-        image = "ghcr.io/taxel/plextraktsync";
-        cmd = [ "watch" ];
-        environment = {
-          PUID = "1000";
-          PGID = "1000";
-          TZ = "Europe/Tallinn";
-        };
-        volumes = [
-          "${settings.server_configs_home}/plextraktsync:/app/config"
-        ];
-      };
+  virtualisation.oci-containers.containers.plextraktsync = {
+    autoStart = true;
+    image = "ghcr.io/taxel/plextraktsync";
+    cmd = [ "watch" ];
+    environment = {
+      PUID = "1000";
+      PGID = "1000";
+      TZ = "Europe/Tallinn";
+    };
+    volumes = [
+      "${settings.server_configs_home}/plextraktsync:/app/config"
+    ];
  };
-}
+}
--- a/services/prosody.nix
+++ b/services/prosody.nix
@ -36,9 +36,7 @@
    caddy.virtualHosts."üü.ee" = {
      useACMEHost = "xn--tdaa.ee";
      extraConfig = ''
-        reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)} {
-          header_up Host "(.*).xn--tdaa.ee" "$1.üü.ee"
-        }
+        reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)}
      '';

      serverAliases = [
--- a/services/qbittorrent.nix
+++ b/services/qbittorrent.nix
@ -1,4 +1,4 @@
-{ settings, inputs, ... }: {
+{ config, inputs, ... }: {
  imports = [
    inputs.common-modules.nixosModules.qbittorrent-nox
  ];
@ -9,10 +9,15 @@
      openFirewall = true;
      user = "owo";
      group = "users";
-      webuiPort = settings.ports.qbittorrent;
-      torrentingPort = settings.ports.qbittorrent-torrent;
+      webuiPort = 4010;
+      torrentingPort = 43125;
    };

+    caddy.virtualHosts."http://qbittorrent.internal".extraConfig = ''
+      @local remote_ip private_ranges 100.64.0.0/10
+      reverse_proxy @local :${toString config.services.qbittorrent-nox.webuiPort}
+    '';
+
    borgbackup.jobs."borgbase".paths = [
      "/home/owo/.config/qBittorrent"
      "/home/owo/.local/share/qBittorrent"
--- a/services/scrutiny.nix
+++ b/services/scrutiny.nix
@ -0,0 +1,19 @@
+{ config, ... }: {
+  services = {
+    scrutiny = {
+      enable = true;
+      collector.enable = true;
+      settings.web.listen.port = 4012;
+    };
+
+    caddy.virtualHosts."http://scrutiny.internal".extraConfig = ''
+      @local remote_ip private_ranges 100.64.0.0/10
+      reverse_proxy @local :${toString config.services.scrutiny.settings.web.listen.port}
+    '';
+
+    borgbackup.jobs."borgbase".paths = [
+      "/var/lib/private/scrutiny"
+      "/var/lib/influxdb2"
+    ];
+  };
+}
--- a/settings.nix
+++ b/settings.nix
@ -3,12 +3,6 @@
  server_configs_home = "/home/owo/Documents/server_configs";

  ports = {
-    palworld = 8211;
    synapse = 8008;
-    mautrix-telegram = 8009;
-
-    epicgames-freegames-node = 4018;
-    qbittorrent-torrent = 43125;
-    qbittorrent = 4010;
  };
 }