batteredbunny/server.nix
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

Clean up, remove epicgames-freegames-node, move scrutiny to its own file

Browse source
This commit is contained in:
batteredbunny 2025-01-24 19:18:20 +02:00
parent 1c6c446cd2
commit 46985b638b
18 changed files with 96 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -1,3 +1,3 @@
# server.nix # server.nix
Nix config for my home server NixOS config for [catnip.ee](https://catnip.ee)

23
caddy/default.nix → caddy.nix
View file

@ -2,7 +2,6 @@
, pkgs , pkgs
, inputs , inputs
, settings , settings
, lib
, ... , ...
}: }:
let let
@ -44,9 +43,7 @@ in
}; };
globalConfig = '' globalConfig = ''
servers { metrics
metrics
}
admin 0.0.0.0:2019 admin 0.0.0.0:2019
''; '';
@ -71,18 +68,6 @@ in
@local remote_ip private_ranges 100.64.0.0/10 @local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local http://${config.services.syncthing.guiAddress} reverse_proxy @local http://${config.services.syncthing.guiAddress}
''; '';
"http://epic.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local :${toString settings.ports.epicgames-freegames-node}
'';
"http://scrutiny.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local :${toString config.services.scrutiny.settings.web.listen.port}
'';
"http://qbittorrent.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local :${toString settings.ports.qbittorrent}
'';
"http://files.internal".extraConfig = '' "http://files.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10 @local remote_ip private_ranges 100.64.0.0/10
root * /mnt/media root * /mnt/media
@ -138,7 +123,7 @@ in
handle /.well-known/matrix/client { handle /.well-known/matrix/client {
header Content-Type application/json header Content-Type application/json
header Access-Control-Allow-Origin * header Access-Control-Allow-Origin *
respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}` respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}`
} }
handle /.well-known/matrix/server { handle /.well-known/matrix/server {
header Content-Type application/json header Content-Type application/json
@ -147,7 +132,7 @@ in
} }
handle /telegram/* { handle /telegram/* {
reverse_proxy :${toString settings.ports.mautrix-telegram} reverse_proxy :${toString config.services.mautrix-telegram.settings.appservice.port}
} }
''; '';
@ -165,7 +150,7 @@ in
handle /.well-known/matrix/client { handle /.well-known/matrix/client {
header Content-Type application/json header Content-Type application/json
header Access-Control-Allow-Origin * header Access-Control-Allow-Origin *
respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"},"org.matrix.msc3575.proxy":{"url":"https://sliding-sync.catnip.ee"}}` respond `{"m.homeserver":{"base_url":"https://matrix.catnip.ee/"}}`
} }
handle /.well-known/matrix/server { handle /.well-known/matrix/server {
header Content-Type application/json header Content-Type application/json

19
configuration.nix
View file

@ -1,12 +1,13 @@
{ config { config
, pkgs , pkgs
, inputs , inputs
, settings
, ... , ...
}: { }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./containers ./containers
./caddy ./caddy.nix
./gui.nix ./gui.nix
./drives.nix ./drives.nix
./games/palworld.nix ./games/palworld.nix
@ -176,23 +177,14 @@
# maybe only include /var/lib? # maybe only include /var/lib?
"/var/lib/mysql" "/var/lib/mysql"
"/var/lib/postgresql" "/var/lib/postgresql"
"/var/lib/private/drasl"
"/var/lib/acme" "/var/lib/acme"
"/var/lib/tailscale" "/var/lib/tailscale"
"/var/lib/private/scrutiny"
"/var/lib/caddy" "/var/lib/caddy"
"/var/lib/syncthing" "/var/lib/syncthing"
"/var/lib/matrix-synapse" "/var/lib/matrix-synapse"
"/var/lib/influxdb2"
"/etc/secrets" "/etc/secrets"
"/etc/nixos" "/etc/nixos"
"/srv/minecraft"
"/home/owo/Documents/server_configs/archivebox"
"/home/owo/Documents/server_configs/epicgames-freegames-node"
"/home/owo/Documents/server_configs/palworld"
"/home/owo/Documents/server_configs/sonic"
]; ];
exclude = [ exclude = [
@ -214,11 +206,6 @@
guiAddress = "0.0.0.0:8384"; guiAddress = "0.0.0.0:8384";
openDefaultPorts = true; openDefaultPorts = true;
}; };
scrutiny = {
enable = true;
collector.enable = true;
settings.web.listen.port = 4012;
};
tailscale = { tailscale = {
enable = true; enable = true;
useRoutingFeatures = "server"; useRoutingFeatures = "server";
@ -309,7 +296,7 @@
listeners = [ listeners = [
{ {
bind_addresses = [ "127.0.0.1" ]; bind_addresses = [ "127.0.0.1" ];
port = 8008; port = settings.ports.synapse;
resources = [ resources = [
{ {
compress = true; compress = true;

22
containers/default.nix
View file

@ -1,27 +1,7 @@
{ settings { ... }: {
, ...
}: {
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "docker"; backend = "docker";
containers = { containers = {
epicgames-freegames-node = {
autoStart = true;
image = "ghcr.io/claabs/epicgames-freegames-node:latest";
volumes = [
"${settings.server_configs_home}/epicgames-freegames-node:/usr/app/config"
];
environment = {
BASE_URL = "http://epic.internal";
RUN_ON_STARTUP = "true";
NTFY_PRIORITY = "urgent";
};
environmentFiles = [
"/etc/secrets/efn.env"
];
ports = [
"${toString settings.ports.epicgames-freegames-node}:3000"
];
};
watchtower = { watchtower = {
autoStart = true; autoStart = true;
image = "docker.io/containrrr/watchtower:latest-dev"; image = "docker.io/containrrr/watchtower:latest-dev";

5
games/minecraft/default.nix
View file

@ -50,5 +50,10 @@
}; };
}; };
}; };
borgbackup.jobs."borgbase".paths = [
"/var/lib/private/drasl"
"/srv/minecraft"
];
}; };
} }

19
games/palworld.nix
View file

@ -1,12 +1,15 @@
{ settings { settings
, ... , ...
}: { }: let
serverPort = 8211;
steamQueryPort = 27015;
in {
virtualisation.oci-containers.containers.palworld = { virtualisation.oci-containers.containers.palworld = {
autoStart = true; autoStart = true;
image = "thijsvanloef/palworld-server-docker:latest"; image = "thijsvanloef/palworld-server-docker:latest";
ports = [ ports = [
"${toString settings.ports.palworld}:${toString settings.ports.palworld}/udp" # server "${toString serverPort}:${toString serverPort}/udp" # server
"27015:27015/udp" # QUERY_PORT for steam server? Whatever that is, has to be exposed "${toString steamQueryPort}:27015/udp" # QUERY_PORT for steam server? Whatever that is, has to be exposed
# "8212:8212/tcp" # Uncomment this line if REST API is enabled # "8212:8212/tcp" # Uncomment this line if REST API is enabled
]; ];
environment = { environment = {
@ -14,7 +17,7 @@
PGID = "1000"; PGID = "1000";
TZ = "Europe/Tallinn"; TZ = "Europe/Tallinn";
PORT = toString settings.ports.palworld; PORT = toString serverPort;
PLAYERS = "16"; PLAYERS = "16";
MULTITHREADING = "true"; MULTITHREADING = "true";
RCON_ENABLED = "true"; RCON_ENABLED = "true";
@ -37,7 +40,11 @@
}; };
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
27015 serverPort
settings.ports.palworld steamQueryPort
];
services.borgbackup.jobs."borgbase".paths = [
"/home/owo/Documents/server_configs/palworld"
]; ];
} }

15
services/archivebox.nix
View file

@ -96,8 +96,15 @@ in
}; };
}; };
services.caddy.virtualHosts."http://archive.internal".extraConfig = '' services = {
@local remote_ip private_ranges 100.64.0.0/10 borgbackup.jobs."borgbase".paths = [
reverse_proxy @local :${toString port} "/home/owo/Documents/server_configs/archivebox"
''; "/home/owo/Documents/server_configs/sonic"
];
caddy.virtualHosts."http://archive.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local :${toString port}
'';
};
} }

1
services/blocky.nix
View file

@ -32,7 +32,6 @@
"qbittorrent.internal" "qbittorrent.internal"
"scrutiny.internal" "scrutiny.internal"
"archive.internal" "archive.internal"
"epic.internal"
"sonarr.internal" "sonarr.internal"
"radarr.internal" "radarr.internal"
"prowlarr.internal" "prowlarr.internal"

11
services/coturn.nix
View file

@ -62,16 +62,13 @@ in
}; };
}; };
security.acme.certs = { security.acme.certs.${config.services.coturn.realm} = {
${config.services.coturn.realm} = { webroot = turnAcmeDir;
webroot = turnAcmeDir; postRun = "systemctl restart coturn.service";
postRun = "systemctl restart coturn.service"; group = config.systemd.services.coturn.serviceConfig.Group;
group = config.systemd.services.coturn.serviceConfig.Group;
};
}; };
networking.firewall = { networking.firewall = {
enable = true;
allowedUDPPortRanges = with config.services.coturn; [ allowedUDPPortRanges = with config.services.coturn; [
{ {
from = min-port; from = min-port;

1
services/default.nix
View file

@ -24,5 +24,6 @@
./plex.nix ./plex.nix
./komga.nix ./komga.nix
./prosody.nix ./prosody.nix
./scrutiny.nix
]; ];
} }

8
services/mautrix.nix
View file

@ -1,4 +1,6 @@
{ pkgs, settings, ... }: { { pkgs, settings, ... }: let
appservicePort = 8009;
in {
virtualisation.oci-containers.containers.mautrix-discord = { virtualisation.oci-containers.containers.mautrix-discord = {
autoStart = true; autoStart = true;
image = "dock.mau.dev/mautrix/discord:v0.7.2"; image = "dock.mau.dev/mautrix/discord:v0.7.2";
@ -32,8 +34,8 @@
domain = "catnip.ee"; domain = "catnip.ee";
}; };
appservice = { appservice = {
address = "http://localhost:${toString settings.ports.mautrix-telegram}"; address = "http://localhost:${toString appservicePort}";
port = settings.ports.mautrix-telegram; port = appservicePort;
provisioning.enabled = false; provisioning.enabled = false;
id = "telegram"; id = "telegram";
public = { public = {

10
services/nextcloud.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }: let { config, pkgs, lib, ... }:
let
port = 4008; port = 4008;
in { in
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ffmpeg # needed for thumbnails iirc ffmpeg # needed for thumbnails iirc
]; ];
@ -44,8 +46,8 @@ in {
extraApps = with config.services.nextcloud.package.packages.apps; { extraApps = with config.services.nextcloud.package.packages.apps; {
inherit contacts calendar tasks mail; inherit contacts calendar tasks mail;
integration_github = pkgs.fetchNextcloudApp { integration_github = pkgs.fetchNextcloudApp {
url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.0.0/integration_github-v3.0.0.tar.gz"; url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.1.1/integration_github-v3.1.1.tar.gz";
sha256 = "sha256-ruLN4lw3Vy8OavTYm1g2L9q1wusRP0a+BpvfXkrZI3A="; sha256 = "sha256-nm463H33WyXTJkb7+OSsunARNuSl5nc3uGClgwkVvhM=";
license = "agpl3Only"; license = "agpl3Only";
}; };
}; };

1
services/ntfy.nix
View file

@ -8,6 +8,7 @@
base-url = "https://ntfy.catnip.ee"; base-url = "https://ntfy.catnip.ee";
}; };
}; };
caddy.virtualHosts."ntfy.catnip.ee".extraConfig = '' caddy.virtualHosts."ntfy.catnip.ee".extraConfig = ''
tls { tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN} dns cloudflare {env.CLOUDFLARE_API_TOKEN}

26
services/plex.nix
View file

@ -19,19 +19,17 @@
}; };
}; };
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers.plextraktsync = {
plextraktsync = { autoStart = true;
autoStart = true; image = "ghcr.io/taxel/plextraktsync";
image = "ghcr.io/taxel/plextraktsync"; cmd = [ "watch" ];
cmd = [ "watch" ]; environment = {
environment = { PUID = "1000";
PUID = "1000"; PGID = "1000";
PGID = "1000"; TZ = "Europe/Tallinn";
TZ = "Europe/Tallinn"; };
}; volumes = [
volumes = [ "${settings.server_configs_home}/plextraktsync:/app/config"
"${settings.server_configs_home}/plextraktsync:/app/config" ];
];
};
}; };
} }

4
services/prosody.nix
View file

@ -36,9 +36,7 @@
caddy.virtualHosts."üü.ee" = { caddy.virtualHosts."üü.ee" = {
useACMEHost = "xn--tdaa.ee"; useACMEHost = "xn--tdaa.ee";
extraConfig = '' extraConfig = ''
reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)} { reverse_proxy :${toString (builtins.elemAt config.services.prosody.httpPorts 0)}
header_up Host "(.*).xn--tdaa.ee" "$1.üü.ee"
}
''; '';
serverAliases = [ serverAliases = [

11
services/qbittorrent.nix
View file

@ -1,4 +1,4 @@
{ settings, inputs, ... }: { { config, inputs, ... }: {
imports = [ imports = [
inputs.common-modules.nixosModules.qbittorrent-nox inputs.common-modules.nixosModules.qbittorrent-nox
]; ];
@ -9,10 +9,15 @@
openFirewall = true; openFirewall = true;
user = "owo"; user = "owo";
group = "users"; group = "users";
webuiPort = settings.ports.qbittorrent; webuiPort = 4010;
torrentingPort = settings.ports.qbittorrent-torrent; torrentingPort = 43125;
}; };
caddy.virtualHosts."http://qbittorrent.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local :${toString config.services.qbittorrent-nox.webuiPort}
'';
borgbackup.jobs."borgbase".paths = [ borgbackup.jobs."borgbase".paths = [
"/home/owo/.config/qBittorrent" "/home/owo/.config/qBittorrent"
"/home/owo/.local/share/qBittorrent" "/home/owo/.local/share/qBittorrent"

19
services/scrutiny.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, ... }: {
services = {
scrutiny = {
enable = true;
collector.enable = true;
settings.web.listen.port = 4012;
};
caddy.virtualHosts."http://scrutiny.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local :${toString config.services.scrutiny.settings.web.listen.port}
'';
borgbackup.jobs."borgbase".paths = [
"/var/lib/private/scrutiny"
"/var/lib/influxdb2"
];
};
}

6
settings.nix
View file

@ -3,12 +3,6 @@
server_configs_home = "/home/owo/Documents/server_configs"; server_configs_home = "/home/owo/Documents/server_configs";
ports = { ports = {
palworld = 8211;
synapse = 8008; synapse = 8008;
mautrix-telegram = 8009;
epicgames-freegames-node = 4018;
qbittorrent-torrent = 43125;
qbittorrent = 4010;
}; };
} }