From 46985b638bc505b2470d9e04eb0b842212edd6ba Mon Sep 17 00:00:00 2001 From: batteredbunny Date: Fri, 24 Jan 2025 19:18:20 +0200 Subject: [PATCH] Clean up, remove epicgames-freegames-node, move scrutiny to its own file --- README.md | 2 +- caddy/default.nix => caddy.nix | 23 ++++------------------- configuration.nix | 19 +++---------------- containers/default.nix | 22 +--------------------- games/minecraft/default.nix | 5 +++++ games/palworld.nix | 19 +++++++++++++------ services/archivebox.nix | 15 +++++++++++---- services/blocky.nix | 1 - services/coturn.nix | 11 ++++------- services/default.nix | 1 + services/mautrix.nix | 8 +++++--- services/nextcloud.nix | 10 ++++++---- services/ntfy.nix | 1 + services/plex.nix | 28 +++++++++++++--------------- services/prosody.nix | 4 +--- services/qbittorrent.nix | 11 ++++++++--- services/scrutiny.nix | 19 +++++++++++++++++++ settings.nix | 6 ------ 18 files changed, 96 insertions(+), 109 deletions(-) rename caddy/default.nix => caddy.nix (83%) create mode 100644 services/scrutiny.nix diff --git a/README.md b/README.md index bc07f84..eaacb75 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,3 @@ # server.nix -Nix config for my home server \ No newline at end of file +NixOS config for [catnip.ee](https://catnip.ee) \ No newline at end of file diff --git a/caddy/default.nix b/caddy.nix similarity index 83% rename from caddy/default.nix rename to caddy.nix index 6961387..7d59f39 100644 --- a/caddy/default.nix +++ b/caddy.nix @@ -2,7 +2,6 @@ , pkgs , inputs , settings -, lib , ... }: let @@ -44,9 +43,7 @@ in }; globalConfig = '' - servers { - metrics - } + metrics admin 0.0.0.0:2019 ''; @@ -71,18 +68,6 @@ in @local remote_ip private_ranges 100.64.0.0/10 reverse_proxy @local http://${config.services.syncthing.guiAddress} ''; - "http://epic.internal".extraConfig = '' - @local remote_ip private_ranges 100.64.0.0/10 - reverse_proxy @local :${toString settings.ports.epicgames-freegames-node} - ''; - "http://scrutiny.internal".extraConfig = '' - @local remote_ip private_ranges 100.64.0.0/10 - reverse_proxy @local :${toString config.services.scrutiny.settings.web.listen.port} - ''; - "http://qbittorrent.internal".extraConfig = '' - @local remote_ip private_ranges 100.64.0.0/10 - reverse_proxy @local :${toString settings.ports.qbittorrent} - ''; "http://files.internal".extraConfig = '' @local remote_ip private_ranges 100.64.0.0/10 root * /mnt/media @@ -138,7 +123,7 @@ in handle /.well-known/matrix/client { header Content-Type application/json header Access-Control-Allow-Origin * - respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}` + respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}` } handle /.well-known/matrix/server { header Content-Type application/json @@ -147,7 +132,7 @@ in } handle /telegram/* { - reverse_proxy :${toString settings.ports.mautrix-telegram} + reverse_proxy :${toString config.services.mautrix-telegram.settings.appservice.port} } ''; @@ -165,7 +150,7 @@ in handle /.well-known/matrix/client { header Content-Type application/json header Access-Control-Allow-Origin * - respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}` + respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}` } handle /.well-known/matrix/server { header Content-Type application/json diff --git a/configuration.nix b/configuration.nix index d770792..01b32cf 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,12 +1,13 @@ { config , pkgs , inputs +, settings , ... }: { imports = [ ./hardware-configuration.nix ./containers - ./caddy + ./caddy.nix ./gui.nix ./drives.nix ./games/palworld.nix @@ -176,23 +177,14 @@ # maybe only include /var/lib? "/var/lib/mysql" "/var/lib/postgresql" - "/var/lib/private/drasl" "/var/lib/acme" "/var/lib/tailscale" - "/var/lib/private/scrutiny" "/var/lib/caddy" "/var/lib/syncthing" "/var/lib/matrix-synapse" - "/var/lib/influxdb2" "/etc/secrets" "/etc/nixos" - "/srv/minecraft" - - "/home/owo/Documents/server_configs/archivebox" - "/home/owo/Documents/server_configs/epicgames-freegames-node" - "/home/owo/Documents/server_configs/palworld" - "/home/owo/Documents/server_configs/sonic" ]; exclude = [ @@ -214,11 +206,6 @@ guiAddress = "0.0.0.0:8384"; openDefaultPorts = true; }; - scrutiny = { - enable = true; - collector.enable = true; - settings.web.listen.port = 4012; - }; tailscale = { enable = true; useRoutingFeatures = "server"; @@ -309,7 +296,7 @@ listeners = [ { bind_addresses = [ "127.0.0.1" ]; - port = 8008; + port = settings.ports.synapse; resources = [ { compress = true; diff --git a/containers/default.nix b/containers/default.nix index ff6970e..03e539f 100644 --- a/containers/default.nix +++ b/containers/default.nix @@ -1,27 +1,7 @@ -{ settings -, ... -}: { +{ ... }: { virtualisation.oci-containers = { backend = "docker"; containers = { - epicgames-freegames-node = { - autoStart = true; - image = "ghcr.io/claabs/epicgames-freegames-node:latest"; - volumes = [ - "${settings.server_configs_home}/epicgames-freegames-node:/usr/app/config" - ]; - environment = { - BASE_URL = "http://epic.internal"; - RUN_ON_STARTUP = "true"; - NTFY_PRIORITY = "urgent"; - }; - environmentFiles = [ - "/etc/secrets/efn.env" - ]; - ports = [ - "${toString settings.ports.epicgames-freegames-node}:3000" - ]; - }; watchtower = { autoStart = true; image = "docker.io/containrrr/watchtower:latest-dev"; diff --git a/games/minecraft/default.nix b/games/minecraft/default.nix index c1c1559..9fe6d74 100644 --- a/games/minecraft/default.nix +++ b/games/minecraft/default.nix @@ -50,5 +50,10 @@ }; }; }; + + borgbackup.jobs."borgbase".paths = [ + "/var/lib/private/drasl" + "/srv/minecraft" + ]; }; } diff --git a/games/palworld.nix b/games/palworld.nix index eb23866..e7f0b9e 100644 --- a/games/palworld.nix +++ b/games/palworld.nix @@ -1,12 +1,15 @@ { settings , ... -}: { +}: let + serverPort = 8211; + steamQueryPort = 27015; +in { virtualisation.oci-containers.containers.palworld = { autoStart = true; image = "thijsvanloef/palworld-server-docker:latest"; ports = [ - "${toString settings.ports.palworld}:${toString settings.ports.palworld}/udp" # server - "27015:27015/udp" # QUERY_PORT for steam server? Whatever that is, has to be exposed + "${toString serverPort}:${toString serverPort}/udp" # server + "${toString steamQueryPort}:27015/udp" # QUERY_PORT for steam server? Whatever that is, has to be exposed # "8212:8212/tcp" # Uncomment this line if REST API is enabled ]; environment = { @@ -14,7 +17,7 @@ PGID = "1000"; TZ = "Europe/Tallinn"; - PORT = toString settings.ports.palworld; + PORT = toString serverPort; PLAYERS = "16"; MULTITHREADING = "true"; RCON_ENABLED = "true"; @@ -37,7 +40,11 @@ }; networking.firewall.allowedUDPPorts = [ - 27015 - settings.ports.palworld + serverPort + steamQueryPort + ]; + + services.borgbackup.jobs."borgbase".paths = [ + "/home/owo/Documents/server_configs/palworld" ]; } diff --git a/services/archivebox.nix b/services/archivebox.nix index c358a01..7379006 100644 --- a/services/archivebox.nix +++ b/services/archivebox.nix @@ -96,8 +96,15 @@ in }; }; - services.caddy.virtualHosts."http://archive.internal".extraConfig = '' - @local remote_ip private_ranges 100.64.0.0/10 - reverse_proxy @local :${toString port} - ''; + services = { + borgbackup.jobs."borgbase".paths = [ + "/home/owo/Documents/server_configs/archivebox" + "/home/owo/Documents/server_configs/sonic" + ]; + + caddy.virtualHosts."http://archive.internal".extraConfig = '' + @local remote_ip private_ranges 100.64.0.0/10 + reverse_proxy @local :${toString port} + ''; + }; } diff --git a/services/blocky.nix b/services/blocky.nix index e44ce79..e7a2880 100644 --- a/services/blocky.nix +++ b/services/blocky.nix @@ -32,7 +32,6 @@ "qbittorrent.internal" "scrutiny.internal" "archive.internal" - "epic.internal" "sonarr.internal" "radarr.internal" "prowlarr.internal" diff --git a/services/coturn.nix b/services/coturn.nix index 11c3205..bc8d24e 100644 --- a/services/coturn.nix +++ b/services/coturn.nix @@ -62,16 +62,13 @@ in }; }; - security.acme.certs = { - ${config.services.coturn.realm} = { - webroot = turnAcmeDir; - postRun = "systemctl restart coturn.service"; - group = config.systemd.services.coturn.serviceConfig.Group; - }; + security.acme.certs.${config.services.coturn.realm} = { + webroot = turnAcmeDir; + postRun = "systemctl restart coturn.service"; + group = config.systemd.services.coturn.serviceConfig.Group; }; networking.firewall = { - enable = true; allowedUDPPortRanges = with config.services.coturn; [ { from = min-port; diff --git a/services/default.nix b/services/default.nix index 6313ef9..98f75f9 100644 --- a/services/default.nix +++ b/services/default.nix @@ -24,5 +24,6 @@ ./plex.nix ./komga.nix ./prosody.nix + ./scrutiny.nix ]; } \ No newline at end of file diff --git a/services/mautrix.nix b/services/mautrix.nix index dfc50ff..7f4769d 100644 --- a/services/mautrix.nix +++ b/services/mautrix.nix @@ -1,4 +1,6 @@ -{ pkgs, settings, ... }: { +{ pkgs, settings, ... }: let + appservicePort = 8009; +in { virtualisation.oci-containers.containers.mautrix-discord = { autoStart = true; image = "dock.mau.dev/mautrix/discord:v0.7.2"; @@ -32,8 +34,8 @@ domain = "catnip.ee"; }; appservice = { - address = "http://localhost:${toString settings.ports.mautrix-telegram}"; - port = settings.ports.mautrix-telegram; + address = "http://localhost:${toString appservicePort}"; + port = appservicePort; provisioning.enabled = false; id = "telegram"; public = { diff --git a/services/nextcloud.nix b/services/nextcloud.nix index d7dd113..c2973ac 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +let port = 4008; -in { +in +{ environment.systemPackages = with pkgs; [ ffmpeg # needed for thumbnails iirc ]; @@ -44,8 +46,8 @@ in { extraApps = with config.services.nextcloud.package.packages.apps; { inherit contacts calendar tasks mail; integration_github = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.0.0/integration_github-v3.0.0.tar.gz"; - sha256 = "sha256-ruLN4lw3Vy8OavTYm1g2L9q1wusRP0a+BpvfXkrZI3A="; + url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.1.1/integration_github-v3.1.1.tar.gz"; + sha256 = "sha256-nm463H33WyXTJkb7+OSsunARNuSl5nc3uGClgwkVvhM="; license = "agpl3Only"; }; }; diff --git a/services/ntfy.nix b/services/ntfy.nix index c1f387a..4464d6a 100644 --- a/services/ntfy.nix +++ b/services/ntfy.nix @@ -8,6 +8,7 @@ base-url = "https://ntfy.catnip.ee"; }; }; + caddy.virtualHosts."ntfy.catnip.ee".extraConfig = '' tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN} diff --git a/services/plex.nix b/services/plex.nix index 0384dfb..ab6e932 100644 --- a/services/plex.nix +++ b/services/plex.nix @@ -19,19 +19,17 @@ }; }; - virtualisation.oci-containers.containers = { - plextraktsync = { - autoStart = true; - image = "ghcr.io/taxel/plextraktsync"; - cmd = [ "watch" ]; - environment = { - PUID = "1000"; - PGID = "1000"; - TZ = "Europe/Tallinn"; - }; - volumes = [ - "${settings.server_configs_home}/plextraktsync:/app/config" - ]; - }; + virtualisation.oci-containers.containers.plextraktsync = { + autoStart = true; + image = "ghcr.io/taxel/plextraktsync"; + cmd = [ "watch" ]; + environment = { + PUID = "1000"; + PGID = "1000"; + TZ = "Europe/Tallinn"; + }; + volumes = [ + "${settings.server_configs_home}/plextraktsync:/app/config" + ]; }; -} \ No newline at end of file +} diff --git a/services/prosody.nix b/services/prosody.nix index 274cd97..b800d0c 100644 --- a/services/prosody.nix +++ b/services/prosody.nix @@ -36,9 +36,7 @@ caddy.virtualHosts."üü.ee" = { useACMEHost = "xn--tdaa.ee"; extraConfig = '' - reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)} { - header_up Host "(.*).xn--tdaa.ee" "$1.üü.ee" - } + reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)} ''; serverAliases = [ diff --git a/services/qbittorrent.nix b/services/qbittorrent.nix index 4bb8540..af2a50a 100644 --- a/services/qbittorrent.nix +++ b/services/qbittorrent.nix @@ -1,4 +1,4 @@ -{ settings, inputs, ... }: { +{ config, inputs, ... }: { imports = [ inputs.common-modules.nixosModules.qbittorrent-nox ]; @@ -9,10 +9,15 @@ openFirewall = true; user = "owo"; group = "users"; - webuiPort = settings.ports.qbittorrent; - torrentingPort = settings.ports.qbittorrent-torrent; + webuiPort = 4010; + torrentingPort = 43125; }; + caddy.virtualHosts."http://qbittorrent.internal".extraConfig = '' + @local remote_ip private_ranges 100.64.0.0/10 + reverse_proxy @local :${toString config.services.qbittorrent-nox.webuiPort} + ''; + borgbackup.jobs."borgbase".paths = [ "/home/owo/.config/qBittorrent" "/home/owo/.local/share/qBittorrent" diff --git a/services/scrutiny.nix b/services/scrutiny.nix new file mode 100644 index 0000000..8a7b623 --- /dev/null +++ b/services/scrutiny.nix @@ -0,0 +1,19 @@ +{ config, ... }: { + services = { + scrutiny = { + enable = true; + collector.enable = true; + settings.web.listen.port = 4012; + }; + + caddy.virtualHosts."http://scrutiny.internal".extraConfig = '' + @local remote_ip private_ranges 100.64.0.0/10 + reverse_proxy @local :${toString config.services.scrutiny.settings.web.listen.port} + ''; + + borgbackup.jobs."borgbase".paths = [ + "/var/lib/private/scrutiny" + "/var/lib/influxdb2" + ]; + }; +} diff --git a/settings.nix b/settings.nix index 2ed20ab..203446a 100644 --- a/settings.nix +++ b/settings.nix @@ -3,12 +3,6 @@ server_configs_home = "/home/owo/Documents/server_configs"; ports = { - palworld = 8211; synapse = 8008; - mautrix-telegram = 8009; - - epicgames-freegames-node = 4018; - qbittorrent-torrent = 43125; - qbittorrent = 4010; }; }