blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

152 current 2025-10-09 12:19:53 25.05.20251006.20c4598 6.12.50 *

Browse Source
This commit is contained in:
blake
2025-10-09 12:27:27 -05:00
parent 044deffeef
commit 126754154d
6 changed files with 4 additions and 371 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hosts/snowbelle/configuration.nix
View File

@@ -30,10 +30,10 @@
nginx-proxy.enable = true; nginx-proxy.enable = true;
}; };
services = { services = {
jellyfin.enable = true; #jellyfin.enable = true;
vaultwarden.enable = true; #vaultwarden.enable = true;
gitea.enable = true; #gitea.enable = true;
qbittorrent.enable = true; #qbittorrent.enable = true;
prowlarr.enable = true; prowlarr.enable = true;
flaresolverr.enable = true; flaresolverr.enable = true;
bazarr.enable = true; bazarr.enable = true;

74
modules/homelab/services/arr.bak/bazarr/default.nix
View File

@@ -1,74 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.bazarr;
ids = 2706;
default_port = 6767;
data_dir = "/var/lib/bazarr";
in
{
options.modules.services.bazarr = {
enable = lib.mkEnableOption "enables bazarr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7106;
description = "set port for bazarr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for bazarr";
};
};
config = lib.mkIf cfg.enable {
# declare bazarr group
users.groups.bazarr = { gid = ids; };
# declare bazarr user
users.users.bazarr = {
description = "bazarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/bazarr";
createHome = false;
group = "bazarr";
extraGroups = [ "media" ];
};
# enable the bazarr service
services.bazarr = {
enable = true;
openFirewall = true;
user = "bazarr";
group = "bazarr";
listenPort = cfg.port;
};
# override systemd service
systemd.services.bazarr.serviceConfig = {
UMask = lib.mkForce "0007";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."bazarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

68
modules/homelab/services/arr.bak/flaresolverr/default.nix
View File

@@ -1,68 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.flaresolverr;
ids = 2008;
default_port = 8189;
in
{
options.modules.services.flaresolverr = {
enable = lib.mkEnableOption "enables flaresolverr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7105;
description = "set port for flaresolverr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for flaresolverr";
};
};
config = lib.mkIf cfg.enable {
# declare flaresolverr group
users.groups.flaresolverr = { gid = ids; };
# declare flaresolverr user
users.users.flaresolverr = {
description = "flaresolverr server user";
uid = ids;
isSystemUser = true;
createHome = false;
group = "flaresolverr";
extraGroups = [];
};
# enable the flaresolverr service
services.flaresolverr = {
enable = true;
openFirewall = true;
port = cfg.port;
};
# override umask to make permissions work out
systemd.services.flaresolverr.serviceConfig = {
User = "flaresolverr";
Group = "flaresolverr";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."flaresolverr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
};
}

76
modules/homelab/services/arr.bak/prowlarr/default.nix
View File

@@ -1,76 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.prowlarr;
ids = 2004;
default_port = 9696;
data_dir = "/var/lib/private";
in
{
options.modules.services.prowlarr = {
enable = lib.mkEnableOption "enables prowlarr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7104;
description = "set port for prowlarr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for prowlarr";
};
};
config = lib.mkIf cfg.enable {
# declare prowlarr group
users.groups.prowlarr = { gid = ids; };
# declare prowlarr user
users.users.prowlarr = {
description = "prowlarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/prowlarr";
createHome = true;
group = "prowlarr";
extraGroups = [ "media" ];
};
# enable the prowlarr service
services.prowlarr = {
enable = true;
openFirewall = true;
settings = {
server.port = cfg.port;
};
};
# override umask to make permissions work out
systemd.services.prowlarr.serviceConfig = {
UMask = lib.mkForce "0007";
User = "prowlarr";
Group = "prowlarr";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."prowlarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

75
modules/homelab/services/arr.bak/radarr/default.nix
View File

@@ -1,75 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.radarr;
ids = lib.mkForce 2006;
default_port = 7878;
data_dir = "/var/lib/radarr";
in
{
options.modules.services.radarr = {
enable = lib.mkEnableOption "enables radarr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7108;
description = "set port for radarr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for radarr";
};
};
config = lib.mkIf cfg.enable {
# declare radarr group
users.groups.radarr = { gid = ids; };
# declare radarr user
users.users.radarr = {
description = "radarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/radarr";
createHome = true;
group = "radarr";
extraGroups = [ "media" ];
};
# enable the radarr service
services.radarr = {
enable = true;
openFirewall = true;
user = "radarr";
group = "radarr";
dataDir = data_dir;
settings = {
server.port = cfg.port;
};
};
# override umask to make permissions work out
systemd.services.radarr.serviceConfig = { UMask = lib.mkForce "0007"; };
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."radarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

74
modules/homelab/services/arr.bak/sonarr/default.nix
View File

@@ -1,74 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.sonarr;
ids = lib.mkForce 2005;
default_port = 8989;
data_dir = "/var/lib/sonarr";
in
{
options.modules.services.sonarr = {
enable = lib.mkEnableOption "enables sonarr";
port = lib.mkOption {
type = lib.types.int;
default = 7107;
description = "set port for sonarr (${toString default_port})";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
config = lib.mkIf cfg.enable {
# declare sonarr group
users.groups.sonarr = { gid = ids; };
# declare sonarr user
users.users.sonarr = {
description = "sonarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/sonarr";
createHome = true;
group = "sonarr";
extraGroups = [ "media" ];
};
# enable the sonarr service
services.sonarr = {
enable = true;
openFirewall = true;
user = "sonarr";
group = "sonarr";
dataDir = data_dir;
settings = {
server.port = cfg.port; # default: 8989
};
};
# override umask to make permissions work out
systemd.services.sonarr.serviceConfig = { UMask = lib.mkForce "0007"; };
# open firewall
#networking.firewall.allowedTCPPorts = [ cfg.port ];
# reverse proxy entryo
services.nginx.virtualHosts."sonarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}