blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: blake:a12677cc6c1e27dc399fc67694dc83007edd8a80
Branches Tags
blake:trunk
...
compare: blake:50601eba6030b73babde1deef8e263856ecb1c9f
Branches Tags
blake:trunk

14 Commits
a12677cc6c ... 50601eba60

Author SHA1 Message Date
blake
50601eba60 add bazarr 2025-10-08 11:06:57 -05:00
blake
9415ada261 add flaresolverr 2025-10-08 11:06:45 -05:00
blake
0229b200ea 80 current 2025-10-08 10:53:26 25.05.20251001.5b5be50 6.12.49 * 2025-10-08 11:01:11 -05:00
blake
f3e024cefc add flaresolverr 2025-10-08 10:54:27 -05:00
blake
ae8894372a 79 current 2025-10-08 00:28:08 25.05.20251001.5b5be50 6.12.49 * 2025-10-08 10:53:28 -05:00
blake
57977e72cd 79 current 2025-10-08 00:28:08 25.05.20251001.5b5be50 6.12.49 * 2025-10-08 10:52:48 -05:00
blake
c43605f627 79 current 2025-10-08 00:28:08 25.05.20251001.5b5be50 6.12.49 * 2025-10-08 10:52:06 -05:00
blake
f80ed87358 add flaresolverr 2025-10-08 10:49:53 -05:00
blake
8bb1fe39b8 refactored port layout 2025-10-08 10:49:38 -05:00
blake
dcc1b675bb 79 current 2025-10-08 00:28:08 25.05.20251001.5b5be50 6.12.49 * 2025-10-08 00:41:39 -05:00
blake
5c5851a48d 78 current 2025-10-08 00:16:03 25.05.20251001.5b5be50 6.12.49 * 2025-10-08 00:28:11 -05:00
blake
e7f072c3d2 78 current 2025-10-08 00:16:03 25.05.20251001.5b5be50 6.12.49 * 2025-10-08 00:26:55 -05:00
blake
7a47bbcd46 add radarr 2025-10-08 00:25:53 -05:00
blake
bf3b8b3270 78 current 2025-10-08 00:16:03 25.05.20251001.5b5be50 6.12.49 * 2025-10-08 00:25:27 -05:00
9 changed files with 253 additions and 24 deletions
Expand all files Collapse all files

2
flake.nix
View File

@@ -1,6 +1,6 @@
# flake for blakes nixos config # flake for blakes nixos config
# define new devices in outputs # define new devices in outputs
# generation: 77 current 2025-10-08 00:10:23 25.05.20251001.5b5be50 6.12.49 * # generation: 80 current 2025-10-08 10:53:26 25.05.20251001.5b5be50 6.12.49 *
{ {
description = "blakes nix config"; description = "blakes nix config";
inputs = { inputs = {

16
hosts/snowbelle/configuration.nix
View File

@@ -32,10 +32,10 @@
jellyfin.enable = true; jellyfin.enable = true;
vaultwarden.enable = true; vaultwarden.enable = true;
gitea.enable = true; gitea.enable = true;
sonarr.enable = true;
sonarr.port = 7105;
prowlarr.enable = true; prowlarr.enable = true;
prowlarr.port = 7104; radarr.enable = true;
sonarr.enable = true;
flaresolverr.enable = true;
}; };
}; };
@@ -70,6 +70,7 @@
# package install list # package install list
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
lf
rsync rsync
wget wget
git git
@@ -78,7 +79,6 @@
neofetch neofetch
btop btop
age age
nvidia-container-toolkit
]; ];
@@ -111,10 +111,10 @@
7102 # srv - yacreader 7102 # srv - yacreader
7103 # srv - qbittorrent 7103 # srv - qbittorrent
7104 # srv - prowlarr 7104 # srv - prowlarr
7105 # srv - sonarr 7105 # srv - flaresolverr
7106 # srv - radarr 7106 # srv - bazarr
7107 # srv - bazarr 7107 # srv - sonarr
7108 # srv - flaresolverr 7108 # srv - radarr
5701 # srv - archivebox 5701 # srv - archivebox
7502 # srv - kiwix 7502 # srv - kiwix
7567 # srv - gitea ssh 7567 # srv - gitea ssh

75
modules/homelab/services/arr/bazarr/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.bazarr;
ids = 2706;
default_port = 6767;
data_dir = "/var/lib/bazarr";
in
{
options.modules.services.bazarr = {
enable = lib.mkEnableOption "enables bazarr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7106;
description = "set port for bazarr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for bazarr";
};
};
config = lib.mkIf cfg.enable {
# declare bazarr group
users.groups.bazarr = { gid = ids; };
# declare bazarr user
users.users.bazarr = {
description = "bazarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/bazarr";
createHome = false;
group = "bazarr";
extraGroups = [ "media" ];
};
# enable the bazarr service
services.bazarr = {
enable = true;
openFirewall = true;
user = "bazarr";
group = "bazarr";
dataDir = data_dir;
listenPort = cfg.port;
};
# override systemd service
systemd.services.bazarr.serviceConfig = {
UMask = lib.mkForce "0007";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."bazarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

72
modules/homelab/services/arr/flaresolverr/default.nix Normal file
View File

@@ -0,0 +1,72 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.flaresolverr;
ids = 2008;
default_port = 8189;
data_dir = null; # flaresolverr has no persistence
in
{
options.modules.services.flaresolverr = {
enable = lib.mkEnableOption "enables flaresolverr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7105;
description = "set port for flaresolverr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for flaresolverr";
};
};
config = lib.mkIf cfg.enable {
# declare flaresolverr group
users.groups.flaresolverr = { gid = ids; };
# declare flaresolverr user
users.users.flaresolverr = {
description = "flaresolverr server user";
uid = ids;
isSystemUser = true;
createHome = false;
group = "flaresolverr";
extraGroups = [];
};
# enable the flaresolverr service
services.flaresolverr = {
enable = true;
openFirewall = true;
port = cfg.port;
};
# override umask to make permissions work out
systemd.services.flaresolverr.serviceConfig = {
User = "flaresolverr";
Group = "flaresolverr";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."flaresolverr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

2
modules/homelab/services/arr/prowlarr/default.nix
View File

@@ -13,7 +13,7 @@ in
# set port options # set port options
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = default_port; default = 7104;
description = "set port for prowlarr (default: ${toString default_port}"; description = "set port for prowlarr (default: ${toString default_port}";
}; };

75
modules/homelab/services/arr/radarr/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{ pkgs, config, lib, ... }:
let
cfg = config.modules.services.radarr;
ids = lib.mkForce 2006;
default_port = 7878;
data_dir = "/var/lib/radarr";
in
{
options.modules.services.radarr = {
enable = lib.mkEnableOption "enables radarr";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7108;
description = "set port for radarr (default: ${toString default_port}";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for radarr";
};
};
config = lib.mkIf cfg.enable {
# declare radarr group
users.groups.radarr = { gid = ids; };
# declare radarr user
users.users.radarr = {
description = "radarr server user";
uid = ids;
isSystemUser = true;
home = "/var/lib/radarr";
createHome = true;
group = "radarr";
extraGroups = [ "media" ];
};
# enable the radarr service
services.radarr = {
enable = true;
openFirewall = true;
user = "radarr";
group = "radarr";
dataDir = data_dir;
settings = {
server.port = cfg.port;
};
};
# override umask to make permissions work out
systemd.services.radarr.serviceConfig = { UMask = lib.mkForce "0007"; };
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# internal reverse proxy entry
services.nginx.virtualHosts."radarr.snowbelle.lan" = {
enableACME = false;
forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
};
};
# add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}

2
modules/homelab/services/arr/sonarr/default.nix
View File

@@ -12,7 +12,7 @@ in
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = default_port; default = 7107;
description = "set port for sonarr (${toString default_port})"; description = "set port for sonarr (${toString default_port})";
}; };

4
modules/homelab/services/default.nix
View File

@@ -9,6 +9,8 @@
./gitea/default.nix ./gitea/default.nix
./arr/prowlarr/default.nix ./arr/prowlarr/default.nix
./arr/sonarr/default.nix ./arr/sonarr/default.nix
./arr/radarr/default.nix
./arr/flaresolverr/default.nix
]; ];
@@ -17,4 +19,6 @@
modules.services.gitea.enable = lib.mkDefault false; modules.services.gitea.enable = lib.mkDefault false;
modules.services.prowlarr.enable = lib.mkDefault false; modules.services.prowlarr.enable = lib.mkDefault false;
modules.services.sonarr.enable = lib.mkDefault false; modules.services.sonarr.enable = lib.mkDefault false;
modules.services.radarr.enable = lib.mkDefault false;
modules.services.flaresolverr.enable = lib.mkDefault false;
} }

29
modules/homelab/services/default.nix.template → modules/homelab/services/default_temp.nix
View File

@@ -13,7 +13,7 @@ in
# set port options # set port options
port = lib.mkOption { port = lib.mkOption {
type = lib.types.int; type = lib.types.int;
default = default_port; default = <port>;
description = "set port for <service_name> (default: ${toString default_port}"; description = "set port for <service_name> (default: ${toString default_port}";
}; };
@@ -53,7 +53,11 @@ in
}; };
# override umask to make permissions work out # override umask to make permissions work out
systemd.services.<service_name>.serviceConfig = { UMask = lib.mkForce "0007"; }; systemd.services.<service_name>.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "<service_name>";
# Group = "<service_name>";
};
# # open firewall # # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ]; # networking.firewall.allowedTCPPorts = [ cfg.port ];
@@ -68,16 +72,16 @@ in
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
}; };
}; };
# external reverse proxy entry # # external reverse proxy entry
services.nginx.virtualHosts."<service_name>.blakedheld.xyz" = { # services.nginx.virtualHosts."<service_name>.blakedheld.xyz" = {
enableACME = false; # enableACME = false;
forceSSL = true; # forceSSL = true;
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path; # sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path; # sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
locations."/" = { # locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; # proxyPass = "http://127.0.0.1:${toString cfg.port}";
}; # };
}; # };
sops.secrets = { sops.secrets = {
"<service_name>_" = { "<service_name>_" = {
@@ -88,6 +92,5 @@ in
# add to backups # add to backups
modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ]; modules.system.backups.paths = lib.mkIf cfg.backup [ data_dir ];
};
}; };
} }