fucking goodnight (template done, network diagram prepped)
This commit is contained in:
@@ -88,40 +88,37 @@
|
||||
|
||||
# Open ports in the firewall.
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
80 # http
|
||||
111 # portmapper for nfs
|
||||
139 # smb
|
||||
443 # https
|
||||
445 # cifs
|
||||
1883
|
||||
2049 # nfs
|
||||
2222 # syncthing
|
||||
3030 # jellyfin
|
||||
3131 # audiobookshelf
|
||||
3232 #
|
||||
3333 # qbittorrent
|
||||
3434 # yacreader
|
||||
3535 # prowlarr
|
||||
3636 # sonarr
|
||||
3737 # radarr
|
||||
3838 # bazarr
|
||||
3939 # flaresolverr
|
||||
3923 # copyparty
|
||||
4141 # hass
|
||||
4142 # mqtt
|
||||
4242 # immich
|
||||
4444 # gitea
|
||||
5050 # kiwix
|
||||
5656 # archivebox
|
||||
7070 # vaultwarden
|
||||
7567 # gitea ssh
|
||||
7777 # glance
|
||||
8080 # nginx webui
|
||||
8181 # uptime kuma
|
||||
25777 # minecraft
|
||||
25565
|
||||
25566
|
||||
25567
|
||||
80 # set - http
|
||||
111 # set - portmapper for nfs
|
||||
139 # set - smb
|
||||
443 # set - https
|
||||
445 # set - cifs
|
||||
1883 # set - mqtt
|
||||
2049 # set - nfs
|
||||
2222 # srv - syncthing
|
||||
7100 # srv - jellyfin
|
||||
7101 # srv - audiobookshelf
|
||||
7102 # srv - yacreader
|
||||
7103 # srv - qbittorrent
|
||||
7104 # srv - prowlarr
|
||||
7105 # srv - sonarr
|
||||
7106 # srv - radarr
|
||||
7107 # srv - bazarr
|
||||
7108 # srv - flaresolverr
|
||||
5701 # srv - archivebox
|
||||
7502 # srv - kiwix
|
||||
7567 # srv - gitea ssh
|
||||
7700 # srv - glance
|
||||
7701 # srv - vaultwarden
|
||||
7702 # srv - immich
|
||||
7703 # srv - gitea
|
||||
7704 # srv - hass
|
||||
7705 # srv - zigbee2mqtt
|
||||
7901 # srv - uptime kuma
|
||||
25777 # srv - minecraft
|
||||
25565 # ^ ^ ^
|
||||
25566 # | | |
|
||||
25567 # | | |
|
||||
];
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.modules.services.<name>;
|
||||
in
|
||||
{
|
||||
options.modules.system.docker = {
|
||||
enable = lib.mkEnableOption "enables <name>";
|
||||
# extra options
|
||||
# mode = lib.mkOption {
|
||||
# type = lib.types.enum [ "server" "client" ];
|
||||
# default = "client";
|
||||
# description = "whether syncthing should run as a client (user) or server (system-wide).";
|
||||
# };
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
};
|
||||
}
|
||||
61
modules/homelab/services/default.nix.template
Normal file
61
modules/homelab/services/default.nix.template
Normal file
@@ -0,0 +1,61 @@
|
||||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.modules.services.<service_name>;
|
||||
ids = <gid_and_uid_number>;
|
||||
in
|
||||
{
|
||||
options.modules.services.<service_name> = {
|
||||
enable = lib.mkEnableOption "enables <service_name>";
|
||||
# extra options
|
||||
# mode = lib.mkOption {
|
||||
# type = lib.types.enum [ "server" "client" ];
|
||||
# default = "client";
|
||||
# description = "whether syncthing should run as a client (user) or server (system-wide).";
|
||||
# };
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
# declare <service_name> group
|
||||
users.groups.<service_name> = { gid = ids; };
|
||||
|
||||
# declare <service_name> user
|
||||
users.users.<service_name> = {
|
||||
description = "<service_name> media server user";
|
||||
uid = ids;
|
||||
isSystemUser = true;
|
||||
home = "/var/lib/<service_name>";
|
||||
createHome = true;
|
||||
group = "<service_name>";
|
||||
extraGroups = [ "media" "video" "render" ];
|
||||
};
|
||||
|
||||
# enable the <service_name> service
|
||||
services.<service_name> = {
|
||||
enable = true;
|
||||
openFirewall = true; # Opens 8096/8920 automatically
|
||||
user = "<service_name>"; # Default: <service_name>
|
||||
group = "<service_name>"; # Default: <service_name>
|
||||
dataDir = "/var/lib/<service_name>"; # Config + metadata storage
|
||||
};
|
||||
|
||||
# override umask to make permissions work out
|
||||
systemd.services.<service_name>.serviceConfig = { UMask = lib.mkForce "0007"; };
|
||||
|
||||
# open firewall
|
||||
#networking.firewall.allowedTCPPorts = [ 8096 ];
|
||||
|
||||
# reverse proxy entryo
|
||||
services.nginx.virtualHosts."media.blakedheld.xyz" = {
|
||||
enableACME = false;
|
||||
forceSSL = true;
|
||||
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
||||
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8096";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
let
|
||||
cfg = config.modules.services.jellyfin;
|
||||
ids = 701;
|
||||
in
|
||||
{
|
||||
options.modules.services.jellyfin = {
|
||||
@@ -18,12 +19,12 @@ in
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
# declare jellyfin group
|
||||
users.groups.jellyfin = { gid = 701; };
|
||||
users.groups.jellyfin = { gid = ids; };
|
||||
|
||||
# declare jellyfin user
|
||||
users.users.jellyfin = {
|
||||
description = "jellyfin media server user";
|
||||
uid = 701;
|
||||
uid = ids;
|
||||
isSystemUser = true;
|
||||
home = "/var/lib/jellyfin";
|
||||
createHome = true;
|
||||
|
||||
Reference in New Issue
Block a user