blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: blake:85ddb74e499d323633476035b2ee3dbdd3f4ec73
Branches Tags
blake:trunk
...
compare: blake:ec96339443849c2230cb54779e8ee07c6b50e1a0
Branches Tags
blake:trunk

17 Commits
85ddb74e49 ... ec96339443

Author SHA1 Message Date
blake
ec96339443 154 current 2025-10-09 12:40:25 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:41:48 -05:00
blake
4beb89228c 153 current 2025-10-09 12:27:20 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:40:27 -05:00
blake
ddf196a04d 153 current 2025-10-09 12:27:20 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:39:41 -05:00
blake
535b2da2e6 153 current 2025-10-09 12:27:20 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:38:14 -05:00
blake
6684472736 153 current 2025-10-09 12:27:20 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:37:31 -05:00
blake
435d2154b8 153 current 2025-10-09 12:27:20 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:36:39 -05:00
blake
7bd74aea43 153 current 2025-10-09 12:27:20 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:36:24 -05:00
blake
126754154d 152 current 2025-10-09 12:19:53 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:27:27 -05:00
blake
044deffeef 152 current 2025-10-09 12:19:53 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:20:12 -05:00
blake
9336907744 adding flaresolverr and bazarr 2025-10-09 12:19:32 -05:00
blake
e9108dd43e 151 current 2025-10-09 12:07:16 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:19:15 -05:00
blake
2ee69f3526 151 current 2025-10-09 12:07:16 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:10:21 -05:00
blake
76fdb30757 150 current 2025-10-09 11:52:30 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:07:19 -05:00
blake
869dc4832d 150 current 2025-10-09 11:52:30 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:05:48 -05:00
blake
72beee30c3 150 current 2025-10-09 11:52:30 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:04:23 -05:00
blake
68840fe56f 150 current 2025-10-09 11:52:30 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:03:27 -05:00
blake
283761bd0e 150 current 2025-10-09 11:52:30 25.05.20251006.20c4598 6.12.50 * 2025-10-09 12:02:47 -05:00
23 changed files with 715 additions and 543 deletions
Expand all files Collapse all files

2
flake.nix
View File

@@ -1,6 +1,6 @@
# flake for blakes nixos config # flake for blakes nixos config
# define new devices in outputs # define new devices in outputs
# generation: 150 current 2025-10-09 11:52:30 25.05.20251006.20c4598 6.12.50 * # generation: 154 current 2025-10-09 12:40:25 25.05.20251006.20c4598 6.12.50 *
{ {
description = "blakes nix config"; description = "blakes nix config";
inputs = { inputs = {

14
hosts/snowbelle/configuration.nix
View File

@@ -30,14 +30,14 @@
nginx-proxy.enable = true; nginx-proxy.enable = true;
}; };
services = { services = {
jellyfin.enable = true; #jellyfin.enable = true;
vaultwarden.enable = true; #vaultwarden.enable = true;
gitea.enable = true; gitea.enable = true;
qbittorrent.enable = true; #qbittorrent.enable = true;
#prowlarr.enable = true; prowlarr.enable = true;
#flaresolverr.enable = true; flaresolverr.enable = true;
#bazarr.enable = true; bazarr.enable = true;
#radarr.enable = true; radarr.enable = true;
sonarr.enable = true; sonarr.enable = true;
}; };
}; };

74
modules/homelab/services/arr.bak/bazarr/default.nix
View File

@@ -1,74 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.bazarr;
ids = 2706;
default_port = 6767;
data_dir = "/var/lib/bazarr";
in
{
options.modules.services.bazarr = {
enable = lib.mkEnableOption "enables bazarr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7106;
description = "set port for bazarr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for bazarr";
};
};
config = lib.mkIf cfg.enable {
# declare bazarr group
users.groups.bazarr = { gid = ids; };
# declare bazarr user
users.users.bazarr = {
description = "bazarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/bazarr";
createHome = false;
group = "bazarr";
extraGroups = [ "media" ];
};
# enable the bazarr service
services.bazarr = {
enable = true;
openFirewall = true;
user = "bazarr";
group = "bazarr";
listenPort = cfg.port;
};
# override systemd service
systemd.services.bazarr.serviceConfig = {
UMask = lib.mkForce "0007";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."bazarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

68
modules/homelab/services/arr.bak/flaresolverr/default.nix
View File

@@ -1,68 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.flaresolverr;
ids = 2008;
default_port = 8189;
in
{
options.modules.services.flaresolverr = {
enable = lib.mkEnableOption "enables flaresolverr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7105;
description = "set port for flaresolverr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for flaresolverr";
};
};
config = lib.mkIf cfg.enable {
# declare flaresolverr group
users.groups.flaresolverr = { gid = ids; };
# declare flaresolverr user
users.users.flaresolverr = {
description = "flaresolverr server user";
uid = ids;
isSystemUser = true;
createHome = false;
group = "flaresolverr";
extraGroups = [];
};
# enable the flaresolverr service
services.flaresolverr = {
enable = true;
openFirewall = true;
port = cfg.port;
};
# override umask to make permissions work out
systemd.services.flaresolverr.serviceConfig = {
User = "flaresolverr";
Group = "flaresolverr";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."flaresolverr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
};
}

76
modules/homelab/services/arr.bak/prowlarr/default.nix
View File

@@ -1,76 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.prowlarr;
ids = 2004;
default_port = 9696;
data_dir = "/var/lib/private";
in
{
options.modules.services.prowlarr = {
enable = lib.mkEnableOption "enables prowlarr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7104;
description = "set port for prowlarr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for prowlarr";
};
};
config = lib.mkIf cfg.enable {
# declare prowlarr group
users.groups.prowlarr = { gid = ids; };
# declare prowlarr user
users.users.prowlarr = {
description = "prowlarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/prowlarr";
createHome = true;
group = "prowlarr";
extraGroups = [ "media" ];
};
# enable the prowlarr service
services.prowlarr = {
enable = true;
openFirewall = true;
settings = {
server.port = cfg.port;
};
};
# override umask to make permissions work out
systemd.services.prowlarr.serviceConfig = {
UMask = lib.mkForce "0007";
User = "prowlarr";
Group = "prowlarr";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."prowlarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

75
modules/homelab/services/arr.bak/radarr/default.nix
View File

@@ -1,75 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.radarr;
ids = lib.mkForce 2006;
default_port = 7878;
data_dir = "/var/lib/radarr";
in
{
options.modules.services.radarr = {
enable = lib.mkEnableOption "enables radarr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7108;
description = "set port for radarr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for radarr";
};
};
config = lib.mkIf cfg.enable {
# declare radarr group
users.groups.radarr = { gid = ids; };
# declare radarr user
users.users.radarr = {
description = "radarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/radarr";
createHome = true;
group = "radarr";
extraGroups = [ "media" ];
};
# enable the radarr service
services.radarr = {
enable = true;
openFirewall = true;
user = "radarr";
group = "radarr";
dataDir = data_dir;
settings = {
server.port = cfg.port;
};
};
# override umask to make permissions work out
systemd.services.radarr.serviceConfig = { UMask = lib.mkForce "0007"; };
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."radarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

74
modules/homelab/services/arr.bak/sonarr/default.nix
View File

@@ -1,74 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.sonarr;
ids = lib.mkForce 2005;
default_port = 8989;
data_dir = "/var/lib/sonarr";
in
{
options.modules.services.sonarr = {
enable = lib.mkEnableOption "enables sonarr";
port = lib.mkOption {
type = lib.types.int;
default = 7107;
description = "set port for sonarr (${toString default_port})";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
config = lib.mkIf cfg.enable {
# declare sonarr group
users.groups.sonarr = { gid = ids; };
# declare sonarr user
users.users.sonarr = {
description = "sonarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/sonarr";
createHome = true;
group = "sonarr";
extraGroups = [ "media" ];
};
# enable the sonarr service
services.sonarr = {
enable = true;
openFirewall = true;
user = "sonarr";
group = "sonarr";
dataDir = data_dir;
settings = {
server.port = cfg.port; # default: 8989
};
};
# override umask to make permissions work out
systemd.services.sonarr.serviceConfig = { UMask = lib.mkForce "0007"; };
# open firewall
#networking.firewall.allowedTCPPorts = [ cfg.port ];
# reverse proxy entryo
services.nginx.virtualHosts."sonarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

73
modules/homelab/services/arr/bazarr/default.nix
View File

@@ -1,56 +1,70 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
cfg = config.modules.services.bazarr; service = "bazarr";
ids = 2706; cfg = config.modules.services.${service};
default_port = 6767; sec = config.sops.secrets;
data_dir = "/var/lib/bazarr"; homelab = config.modules.homelab;
in in
{ {
options.modules.services.bazarr = { options.modules.services.${service} = {
enable = lib.mkEnableOption "enables bazarr"; enable = lib.mkEnableOption "enables ${service}";
# set port options # set port options
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = 7106; default = 7105;
description = "set port for bazarr (default: ${toString default_port}"; description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${service}.${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
}; };
backup = lib.mkOption { backup = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = "enable backups for bazarr"; description = "enable backups for ${service}";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# declare bazarr group # declare ${service} group
users.groups.bazarr = { gid = ids; }; users.groups.${service} = { gid = lib.mkForce cfg.ids; };
# declare bazarr user # declare ${service} user
users.users.bazarr = { users.users.${service} = {
description = "bazarr server user"; description = "${service} server user";
uid = ids; uid = lib.mkForce cfg.ids;
isSystemUser = true; isSystemUser = true;
home = "/var/lib/bazarr"; home = cfg.data_dir;
createHome = false; createHome = true;
group = "bazarr"; group = "${service}";
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
# enable the bazarr service # enable the ${service} service
services.bazarr = { services.${service} = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
user = "bazarr"; user = "${service}";
group = "bazarr"; group = "${service}";
listenPort = cfg.port; listenPort = cfg.port;
}; };
# override systemd service # override umask to make permissions work out
systemd.services.bazarr.serviceConfig = { systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007"; UMask = lib.mkForce "0007";
}; };
@@ -58,17 +72,16 @@ in
# networking.firewall.allowedTCPPorts = [ cfg.port ]; # networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry # internal reverse proxy entry
services.nginx.virtualHosts."bazarr.snowbelle.lan" = { services.nginx.virtualHosts."${cfg.url}" = {
enableACME = false;
forceSSL = true; forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
}; };
}; };
# add to backups # add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
}; };
} }

68
modules/homelab/services/arr/flaresolverr/default.nix
View File

@@ -1,65 +1,77 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
cfg = config.modules.services.flaresolverr; service = "flaresolverr";
ids = 2008; cfg = config.modules.services.${service};
default_port = 8189; sec = config.sops.secrets;
homelab = config.modules.homelab;
in in
{ {
options.modules.services.flaresolverr = { options.modules.services.${service} = {
enable = lib.mkEnableOption "enables flaresolverr"; enable = lib.mkEnableOption "enables ${service}";
# set port options # set port options
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = 7105; default = 7120;
description = "set port for flaresolverr (default: ${toString default_port}"; description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${service}.${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
}; };
backup = lib.mkOption { backup = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = "enable backups for flaresolverr"; description = "enable backups for ${service}";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# declare flaresolverr group # declare ${service} group
users.groups.flaresolverr = { gid = ids; }; users.groups.${service} = { gid = lib.mkForce cfg.ids; };
# declare flaresolverr user # declare ${service} user
users.users.flaresolverr = { users.users.${service} = {
description = "flaresolverr server user"; description = "${service} server user";
uid = ids; uid = lib.mkForce cfg.ids;
isSystemUser = true; isSystemUser = true;
createHome = false; group = "${service}";
group = "flaresolverr";
extraGroups = [];
}; };
# enable the flaresolverr service # enable the ${service} service
services.flaresolverr = { services.${service} = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
port = cfg.port; port = cfg.port;
}; };
# override umask to make permissions work out # override umask to make permissions work out
systemd.services.flaresolverr.serviceConfig = { systemd.services.${service}.serviceConfig = {
User = "flaresolverr"; User = "${service}";
Group = "flaresolverr"; Group = "${service}";
}; };
# # open firewall # # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ]; # networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry # internal reverse proxy entry
services.nginx.virtualHosts."flaresolverr.snowbelle.lan" = { services.nginx.virtualHosts."${cfg.url}" = {
enableACME = false;
forceSSL = true; forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
}; };

67
modules/homelab/services/arr/prowlarr/default.nix
View File

@@ -1,47 +1,61 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
cfg = config.modules.services.prowlarr; service = "prowlarr";
ids = 2004; cfg = config.modules.services.${service};
default_port = 9696; sec = config.sops.secrets;
data_dir = "/var/lib/private"; homelab = config.modules.homelab;
in in
{ {
options.modules.services.prowlarr = { options.modules.services.${service} = {
enable = lib.mkEnableOption "enables prowlarr"; enable = lib.mkEnableOption "enables ${service}";
# set port options # set port options
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = 7104; default = 7104;
description = "set port for prowlarr (default: ${toString default_port}"; description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${service}.${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
}; };
backup = lib.mkOption { backup = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = "enable backups for prowlarr"; description = "enable backups for ${service}";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# declare prowlarr group # declare ${service} group
users.groups.prowlarr = { gid = ids; }; users.groups.${service} = { gid = lib.mkForce cfg.ids; };
# declare prowlarr user # declare ${service} user
users.users.prowlarr = { users.users.${service} = {
description = "prowlarr server user"; description = "${service} server user";
uid = ids; uid = lib.mkForce cfg.ids;
isSystemUser = true; isSystemUser = true;
home = "/var/lib/prowlarr"; home = cfg.data_dir;
createHome = true; createHome = true;
group = "prowlarr"; group = "${service}";
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
# enable the prowlarr service # enable the ${service} service
services.prowlarr = { services.${service} = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings = { settings = {
@@ -50,27 +64,26 @@ in
}; };
# override umask to make permissions work out # override umask to make permissions work out
systemd.services.prowlarr.serviceConfig = { systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007"; UMask = lib.mkForce "0007";
User = "prowlarr"; User = "${service}";
Group = "prowlarr"; Group = "${service}";
}; };
# # open firewall # # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ]; # networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry # internal reverse proxy entry
services.nginx.virtualHosts."prowlarr.snowbelle.lan" = { services.nginx.virtualHosts."${cfg.url}" = {
enableACME = false;
forceSSL = true; forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
}; };
}; };
# add to backups # add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
}; };
} }

79
modules/homelab/services/arr/radarr/default.nix
View File

@@ -1,75 +1,92 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
cfg = config.modules.services.radarr; service = "radarr";
ids = lib.mkForce 2006; cfg = config.modules.services.${service};
default_port = 7878; sec = config.sops.secrets;
data_dir = "/var/lib/radarr"; homelab = config.modules.homelab;
in in
{ {
options.modules.services.radarr = { options.modules.services.${service} = {
enable = lib.mkEnableOption "enables radarr"; enable = lib.mkEnableOption "enables ${service}";
# set port options # set port options
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = 7108; default = 7107;
description = "set port for radarr (default: ${toString default_port}"; description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${service}.${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
}; };
backup = lib.mkOption { backup = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = "enable backups for radarr"; description = "enable backups for ${service}";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# declare radarr group # declare ${service} group
users.groups.radarr = { gid = ids; }; users.groups.${service} = { gid = lib.mkForce cfg.ids; };
# declare radarr user # declare ${service} user
users.users.radarr = { users.users.${service} = {
description = "radarr server user"; description = "${service} server user";
uid = ids; uid = lib.mkForce cfg.ids;
isSystemUser = true; isSystemUser = true;
home = "/var/lib/radarr"; home = cfg.data_dir;
createHome = true; createHome = true;
group = "radarr"; group = "${service}";
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
# enable the radarr service # enable the ${service} service
services.radarr = { services.${service} = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
user = "radarr"; user = "${service}";
group = "radarr"; group = "${service}";
dataDir = data_dir; dataDir = cfg.data_dir;
settings = { settings = {
server.port = cfg.port; server.port = cfg.port;
}; };
}; };
# override umask to make permissions work out # override umask to make permissions work out
systemd.services.radarr.serviceConfig = { UMask = lib.mkForce "0007"; }; systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "${service}";
# Group = "${service}";
};
# # open firewall # # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ]; # networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry # internal reverse proxy entry
services.nginx.virtualHosts."radarr.snowbelle.lan" = { services.nginx.virtualHosts."${cfg.url}" = {
enableACME = false;
forceSSL = true; forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
}; };
}; };
# add to backups # add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
}; };
} }

2
modules/homelab/services/arr/sonarr/default.nix
View File

@@ -13,7 +13,7 @@ in
# set port options # set port options
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = 7107; default = 7106;
description = "set port for ${service} (default: ${toString cfg.port}"; description = "set port for ${service} (default: ${toString cfg.port}";
}; };
url = lib.mkOption { url = lib.mkOption {

111
modules/homelab/services/bak/gitea/default.nix Normal file
View File

@@ -0,0 +1,111 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.gitea;
ids = 2703;
default_port = 3000;
data_dir = "/var/lib/gitea";
in
{
options.modules.services.gitea = {
enable = lib.mkEnableOption "enables gitea";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7703;
description = "set port for gitea (default: ${toString default_port}";
};
# set ssh port
ssh_port = lib.mkOption {
type = lib.types.int;
default = 7567;
description = "set port for gitea (default: 2222";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for gitea";
};
};
config = lib.mkIf cfg.enable {
# declare gitea group
users.groups.gitea = { gid = ids; };
# declare gitea user
users.users.gitea = {
description = lib.mkForce "gitea server user";
uid = ids;
isSystemUser = true;
shell = pkgs.bash;
home = "/var/lib/gitea";
createHome = true;
group = "gitea";
extraGroups = [];
};
# enable the gitea service
services.gitea = {
enable = true;
user = "gitea";
group = "gitea";
stateDir = data_dir;
appName = "gitea";
settings = {
server = {
DOMAIN = "git.blakedheld.xyz";
HTTP_PORT = cfg.port;
SSH_PORT = cfg.ssh_port;
START_SSH_SERVER = true;
ENABLE_PUSH_CREATE_USER = true;
};
};
database = {
passwordFile = "${toString config.sops.secrets."gitea_database_password".path}";
};
};
# override umask to make permissions work out
systemd.services.gitea.serviceConfig = { UMask = lib.mkForce "0007"; };
# open firewall
networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ];
# internal reverse proxy entry
services.nginx.virtualHosts."git.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# external reverse proxy entry
services.nginx.virtualHosts."git.blakedheld.xyz" = {
enableACME = true;
forceSSL = true;
# sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
# sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
sops.secrets = {
"gitea_database_password" = {
owner = "gitea";
group = "gitea";
# neededForUsers = true;
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

0
modules/homelab/services/jellyfin/default.nix → modules/homelab/services/bak/jellyfin/default.nix
View File

39
modules/homelab/services/bak/nginx-proxy/default.nix Normal file
View File

@@ -0,0 +1,39 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.homelab.nginx-proxy;
in
{
options.modules.homelab.nginx-proxy = {
enable = lib.mkEnableOption "enables nginx-proxy";
};
config = lib.mkIf cfg.enable {
# enable nginx proxy manager
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
# enable acme for auto ssl certs with lets encrypt
security.acme = {
acceptTerms = true;
defaults.email = "me@blakedheld.xyz";
};
# nginx secrets
sops.secrets = {
"ssl_blakedheld_crt" = {
restartUnits = [ "nginx.service" ];
owner = "nginx";
group = "nginx";
# neededForUsers = true;
};
"ssl_blakedheld_key" = {
owner = "nginx";
group = "nginx";
# neededForUsers = true;
};
};
};
}

0
modules/homelab/services/qbittorrent/default.nix → modules/homelab/services/bak/qbittorrent/default.nix
View File

0
modules/homelab/services/vaultwarden/default.nix → modules/homelab/services/bak/vaultwarden/default.nix
View File

14
modules/homelab/services/default.nix
View File

@@ -4,16 +4,16 @@
{ {
imports = [ imports = [
./jellyfin # ./jellyfin
./vaultwarden # ./vaultwarden
./gitea ./gitea
./qbittorrent # ./qbittorrent
./nginx-proxy ./nginx-proxy
# ./arr/prowlarr ./arr/prowlarr
# ./arr/flaresolverr ./arr/flaresolverr
# ./arr/bazarr ./arr/bazarr
./arr/sonarr ./arr/sonarr
# ./arr/radarr ./arr/radarr
]; ];
} }

16
modules/homelab/services/default_temp.nix
View File

@@ -77,7 +77,7 @@ in
# networking.firewall.allowedTCPPorts = [ cfg.port ]; # networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry # internal reverse proxy entry
services.nginx.virtualHosts."${url}" = { services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true; forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path; sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path; sslCertificateKey = sec."ssl_blakedheld_key".path;
@@ -94,13 +94,13 @@ in
# proxyPass = "http://127.0.0.1:${toString cfg.port}"; # proxyPass = "http://127.0.0.1:${toString cfg.port}";
# }; # };
# }; # };
#
sops.secrets = { # sops.secrets = {
"${service}_" = { # "${service}_" = {
owner = "${service}"; # owner = "${service}";
group = "${service}"; # group = "${service}";
}; # };
}; # };
# add to backups # add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ]; modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];

82
modules/homelab/services/gitea/default.nix
View File

@@ -1,59 +1,71 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
cfg = config.modules.services.gitea; service = "gitea";
ids = 2703; cfg = config.modules.services.${service};
default_port = 3000; sec = config.sops.secrets;
data_dir = "/var/lib/gitea"; homelab = config.modules.homelab;
in in
{ {
options.modules.services.gitea = { options.modules.services.${service} = {
enable = lib.mkEnableOption "enables gitea"; enable = lib.mkEnableOption "enables ${service}";
# set port options # set port options
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = 7703; default = 7703;
description = "set port for gitea (default: ${toString default_port}"; description = "set port for ${service} (default: ${toString cfg.port}";
}; };
# set ssh port
ssh_port = lib.mkOption { ssh_port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = 7567; default = 7567;
description = "set port for gitea (default: 2222"; description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${service}.${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
}; };
backup = lib.mkOption { backup = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = "enable backups for gitea"; description = "enable backups for ${service}";
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
# declare gitea group # declare ${service} group
users.groups.gitea = { gid = ids; }; users.groups.${service} = { gid = lib.mkForce cfg.ids; };
# declare gitea user # declare ${service} user
users.users.gitea = { users.users.${service} = {
description = lib.mkForce "gitea server user"; description = lib.mkForce "${service} server user";
uid = ids; uid = lib.mkForce cfg.ids;
isSystemUser = true; isSystemUser = true;
shell = pkgs.bash; shell = pkgs.bash;
home = "/var/lib/gitea"; home = cfg.data_dir;
createHome = true; createHome = true;
group = "gitea"; group = "${service}";
extraGroups = []; extraGroups = [];
}; };
# enable the gitea service # declare the gitea service
services.gitea = { services.gitea = {
enable = true; enable = true;
user = "gitea"; user = "gitea";
group = "gitea"; group = "gitea";
stateDir = data_dir; stateDir = cfg.data_dir;
appName = "gitea"; appName = "gitea";
settings = { settings = {
server = { server = {
@@ -69,19 +81,20 @@ in
passwordFile = "${toString config.sops.secrets."gitea_database_password".path}"; passwordFile = "${toString config.sops.secrets."gitea_database_password".path}";
}; };
}; };
# override umask to make permissions work out # override umask to make permissions work out
systemd.services.gitea.serviceConfig = { UMask = lib.mkForce "0007"; }; systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
};
# open firewall # open firewall
networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ]; networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ];
# internal reverse proxy entry # internal reverse proxy entry
services.nginx.virtualHosts."git.snowbelle.lan" = { services.nginx.virtualHosts."${cfg.url}" = {
enableACME = false;
forceSSL = true; forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
}; };
@@ -90,22 +103,19 @@ in
services.nginx.virtualHosts."git.blakedheld.xyz" = { services.nginx.virtualHosts."git.blakedheld.xyz" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
# sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
# sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
}; };
}; };
sops.secrets = { sops.secrets = {
"gitea_database_password" = { "${service}_database_password" = {
owner = "gitea"; owner = "${service}";
group = "gitea"; group = "${service}";
# neededForUsers = true;
}; };
}; };
# add to backups # add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
}; };
} }

108
modules/homelab/services/jellyfin/default_temp.nix Normal file
View File

@@ -0,0 +1,108 @@
{ pkgs, config, lib, ... }:
let
service = "";
cfg = config.modules.services.${service};
sec = config.sops.secrets;
homelab = config.modules.homelab;
in
{
options.modules.services.${service} = {
enable = lib.mkEnableOption "enables ${service}";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = <port>;
description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${service}.${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for ${service}";
};
};
config = lib.mkIf cfg.enable {
# declare ${service} group
users.groups.${service} = { gid = lib.mkForce cfg.ids; };
# declare ${service} user
users.users.${service} = {
description = "${service} server user";
uid = lib.mkForce cfg.ids;
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
extraGroups = [ "media" ];
};
# enable the ${service} service
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
dataDir = cfg.data_dir;
settings = {
server.port = cfg.port;
};
};
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "${service}";
# Group = "${service}";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# # external reverse proxy entry
# services.nginx.virtualHosts."${service}.blakedheld.xyz" = {
# forceSSL = true;
# sslCertificate = sec."ssl_blakedheld_crt".path;
# sslCertificateKey = sec."ssl_blakedheld_key".path;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${toString cfg.port}";
# };
# };
#
# sops.secrets = {
# "${service}_" = {
# owner = "${service}";
# group = "${service}";
# };
# };
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
};
}

108
modules/homelab/services/qbittorrent/default_temp.nix Normal file
View File

@@ -0,0 +1,108 @@
{ pkgs, config, lib, ... }:
let
service = "";
cfg = config.modules.services.${service};
sec = config.sops.secrets;
homelab = config.modules.homelab;
in
{
options.modules.services.${service} = {
enable = lib.mkEnableOption "enables ${service}";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = <port>;
description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${service}.${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for ${service}";
};
};
config = lib.mkIf cfg.enable {
# declare ${service} group
users.groups.${service} = { gid = lib.mkForce cfg.ids; };
# declare ${service} user
users.users.${service} = {
description = "${service} server user";
uid = lib.mkForce cfg.ids;
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
extraGroups = [ "media" ];
};
# enable the ${service} service
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
dataDir = cfg.data_dir;
settings = {
server.port = cfg.port;
};
};
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "${service}";
# Group = "${service}";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# # external reverse proxy entry
# services.nginx.virtualHosts."${service}.blakedheld.xyz" = {
# forceSSL = true;
# sslCertificate = sec."ssl_blakedheld_crt".path;
# sslCertificateKey = sec."ssl_blakedheld_key".path;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${toString cfg.port}";
# };
# };
#
# sops.secrets = {
# "${service}_" = {
# owner = "${service}";
# group = "${service}";
# };
# };
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
};
}

108
modules/homelab/services/vaultwarden/default_temp.nix Normal file
View File

@@ -0,0 +1,108 @@
{ pkgs, config, lib, ... }:
let
service = "";
cfg = config.modules.services.${service};
sec = config.sops.secrets;
homelab = config.modules.homelab;
in
{
options.modules.services.${service} = {
enable = lib.mkEnableOption "enables ${service}";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = <port>;
description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${service}.${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for ${service}";
};
};
config = lib.mkIf cfg.enable {
# declare ${service} group
users.groups.${service} = { gid = lib.mkForce cfg.ids; };
# declare ${service} user
users.users.${service} = {
description = "${service} server user";
uid = lib.mkForce cfg.ids;
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
extraGroups = [ "media" ];
};
# enable the ${service} service
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
dataDir = cfg.data_dir;
settings = {
server.port = cfg.port;
};
};
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "${service}";
# Group = "${service}";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
sslCertificate = sec."ssl_blakedheld_crt".path;
sslCertificateKey = sec."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# # external reverse proxy entry
# services.nginx.virtualHosts."${service}.blakedheld.xyz" = {
# forceSSL = true;
# sslCertificate = sec."ssl_blakedheld_crt".path;
# sslCertificateKey = sec."ssl_blakedheld_key".path;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${toString cfg.port}";
# };
# };
#
# sops.secrets = {
# "${service}_" = {
# owner = "${service}";
# group = "${service}";
# };
# };
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ cfg.data_dir ];
};
}