marty/config.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server and other shit

Browse source
This commit is contained in:
martyTF 2026-04-11 17:21:28 +02:00
parent 270e1a0be4
commit 804371bf96
65 changed files with 1428 additions and 619 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/server/arr/default.nix
View file

@ -42,13 +42,13 @@
default = 8088;
};
password = lib.mkOption {
default = "EO3HgIK+QJNQN53efrF6zQ==:Ju6k++dsM4pLLgYjP9sLbUWOiNuQMrUH/g6QArdtKXzYisuzaR+XeJL4hEC9Zo3ekVa8EVnPnQu/mJoHxxkLOA==";
}
default = "";
};
};
};
};
config = {
config.server.arr = lib.mkIf config.server.arr.enable {
server.arr = lib.mkIf config.server.arr.enable {
prowlarr.enable = lib.mkDefault true;
radarr.enable = lib.mkDefault true;
sonarr.enable = lib.mkDefault true;
@ -58,28 +58,28 @@
services = {
prowlarr = lib.mkIf config.server.arr.prowlarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.prowlarr.port;
};
};
radarr = lib.mkIf config.server.arr.radarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.radarr.port;
};
};
sonarr = lib.mkIf config.server.arr.sonarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.sonarr.port;
};
};
lidarr = lib.mkIf config.server.arr.lidarr.enable {
enable = true;
server = {
settings.server = {
bindaddress = "0.0.0.0";
port = config.server.arr.lidarr.port;
};

13
modules/server/cloud/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./immich.nix
./nextcloud.nix
];
}

70
modules/server/cloud/immich.nix Normal file
View file

@ -0,0 +1,70 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.cloud.immich = {
enable = lib.mkEnableOption "enable immich";
port = lib.mkOption {
default = 2283;
description = "immich port";
};
public = lib.mkEnableOption "public immich";
subdomain = lib.mkOption {
default = "photos";
description = "immich subdomain";
};
};
};
config = {
users =
if config.server.cloud.immich.enable then
{
users.immich = {
isSystemUser = true;
createHome = true;
home = "/var/lib/immich";
group = "immich";
extraGroups = [
"video"
"render"
];
};
groups.immich = { };
}
else
{ };
services = {
immich = {
enable = config.server.cloud.immich.enable;
port = config.server.cloud.immich.port;
host = "127.0.0.1";
machine-learning = {
enable = true;
environment = {
MACHINE_LEARNING_MODEL_TTL = "600";
MACHINE_LEARNING_REQUEST_THREADS = "4";
MACHINE_LEARNING_MODEL_INTER_OP_THREADS = "2";
};
};
};
nginx =
if config.server.cloud.immich.enable && config.server.cloud.immich.public then
{
virtualHosts."${config.server.cloud.immich.subdomain}.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.cloud.immich.port}";
};
};
}
else
{ };
};
};
}

93
modules/server/cloud/nextcloud.nix Normal file
View file

@ -0,0 +1,93 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.cloud.nextcloud = {
enable = lib.mkEnableOption "enable nextcloud";
port = lib.mkOption {
default = 8009;
description = "nextcloud port";
};
public = lib.mkEnableOption "make nextcloud public";
subdomain = lib.mkOption {
default = "nextcloud";
description = "nextcloud subdomain";
};
};
};
config = {
services = {
nextcloud = {
enable = config.server.cloud.nextcloud.enable;
configureRedis = true;
package = pkgs.nextcloud33;
hostName = "nextcloud-net";
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
adminpassFile = "/home/marty/secrets/nextcloud";
adminuser = "admin";
};
settings = {
trusted_proxies = [
"localhost"
"127.0.0.1"
"${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
config.networking.hostName
];
trusted_domains = [
"${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}"
config.networking.hostName
];
skeletondirectory = "";
preview_ffmpeg_path = "${pkgs.ffmpeg}/bin/ffmpeg";
log_type = "file";
logfile = "nextcloud.log";
loglevel = 0;
};
};
postgresql = {
enable = true;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensureDBOwnership = true;
}
];
};
nginx = {
virtualHosts = {
"nextcloud-net".listen = [
{
addr = "0.0.0.0";
port = config.server.cloud.nextcloud.port;
}
];
"${config.server.cloud.nextcloud.subdomain}.${config.networking.domain}" =
if config.server.cloud.nextcloud.public then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.cloud.nextcloud.port}";
};
}
else
{ };
};
};
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
};
}

7
modules/server/default.nix
View file

@ -7,6 +7,11 @@
{
imports = [
./docker
./arr
./cloud
./media
./misc
./social
./nginx.nix
];
}

14
modules/server/docker/default.nix
View file

@ -1,14 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs = {
lazydocker = {
enable = true;
};
};
}

13
modules/server/media/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./jellyfin.nix
./navidrome.nix
];
}

75
modules/server/media/jellyfin.nix
View file

@ -11,64 +11,67 @@
enable = lib.mkEnableOption "enable jelyfin";
port = lib.mkOption {
default = 8096;
description = "set jellyfin port"
description = "set jellyfin port";
};
public = {
enable = lib.mkEnableOption "make jellyfin public";
subdomain = lib.mkOption {
default = "watch";
description = "set jellyfin subdomain";
};
public = lib.mkEnableOption "make jellyfin public";
subdomain = lib.mkOption {
default = "watch";
description = "set jellyfin subdomain";
};
};
jellyseer = {
enable = lib.mkEnableOption "enable jellyseer";
port = lib.mkOption {
default = 8097;
description = "set jellyseer port"
description = "set jellyseer port";
};
public = {
enable = lib.mkEnableOption "make jellyseer public";
subdomain = lib.mkOption {
default = "jellyseer";
description = "set jellyseer subdomain";
};
public = lib.mkEnableOption "make jellyseer public";
subdomain = lib.mkOption {
default = "jellyseer";
description = "set jellyseer subdomain";
};
};
};
config = {
environment.systemPackages = config.server.jellyfin.enable [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
environment.systemPackages =
[ ]
++ (
if config.server.jellyfin.enable then
[
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
]
else
[ ]
);
services = {
jellyfin = lib.mkIf config.server.jellyfin.enable {
enable = true;
};
jellyseer = lib.mkIf config.server-jellyseer.enable {
seerr = lib.mkIf config.server.jellyseer.enable {
enable = true;
};
nginx.virtualHosts = {
"${config.server.jellyfin.public.subdomain}.${config.domain}" =
lib.mkIf config.server.jellyfin.public.enable
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyfin.port}";
"${config.server.jellyfin.subdomain}.${config.networking.domain}" =
lib.mkIf config.server.jellyfin.public
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyfin.port}";
};
};
};
"${config.server.jellyseer.public.subdomain}.${config.domain}" = lib.mkIf config.server.jellyfin.public.enable {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyseer.port}";
"${config.server.jellyseer.subdomain}.${config.networking.domain}" =
lib.mkIf config.server.jellyfin.public
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${config.server.jellyseer.port}";
};
};
};
};
};
};
};
};

66
modules/server/media/navidrome.nix Normal file
View file

@ -0,0 +1,66 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.media.navidrome = {
enable = lib.mkEnableOption "enable navidrome";
port = lib.mkOption {
default = 4533;
description = "navidrome port";
};
public = lib.mkEnableOption "make navidrome public";
subdomain = lib.mkOption {
default = "music";
description = "navidrome subdomain";
};
};
};
config = {
services = {
navidrome = {
enable = config.server.media.navidrome.enable;
user = config.user.userName;
group = "users";
settings = {
Address = "0.0.0.0";
Port = config.server.media.navidrome.port;
MusicFolder = "/mnt/Data/Media/Music";
Agents = "lastfm";
AlbumPlayCountMode = "normalized";
EnableDownloads = true;
EnableFavourites = true;
EnableNowPlaying = true;
EnableStarRating = true;
EnableUserEditing = true;
LastFM.Enabled = true;
LastFM.Language = "en";
LastFM.ScrobbleFirstArtistOnly = false;
ListenBrainz.Enabled = true;
Scanner.Enabled = true;
Scanner.Schedule = "1h";
Subsonic.ArtistParticipations = true;
};
};
nginx = {
virtualHosts = {
"${config.server.media.navidrome.subdomain}.${config.networking.domain}" =
if config.server.media.navidrome.public then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.media.navidrome.port}";
};
}
else
{ };
};
};
};
};
}

34
modules/server/misc/dawarich.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.misc.dawarich = {
enable = lib.mkEnableOption "enable dawarich";
port = lib.mkOption {
default = 2975;
description = "dawarich port";
};
public = lib.mkEnableOption "make dawarich public";
subdomain = lib.mkOption {
default = "dawarich";
description = "dawarich subdomain";
};
};
};
config = {
services.dawarich = {
enable = config.server.misc.dawarich.enable;
webPort = config.server.misc.dawarich.port;
localDomain =
if config.server.misc.dawarich.public then
"${config.server.misc.dawarich.subdomain}.${config.networking.domain}"
else
config.networking.hostName;
};
};
}

14
modules/server/misc/default.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./dawarich.nix
./forgejo.nix
./lauti.nix
];
}

72
modules/server/misc/forgejo.nix Normal file
View file

@ -0,0 +1,72 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.misc.forgejo = {
enable = lib.mkEnableOption "enable forgejo";
port = lib.mkOption {
default = 2934;
description = "forgejo port";
};
public = lib.mkEnableOption "public forgejo";
subdomain = lib.mkOption {
default = "git";
description = "forgejo subdomain";
};
settings = {
app_name = lib.mkOption {
default = "${config.user.userName}'s code dump";
description = "forgejo app name";
};
app_slogan = lib.mkOption {
default = "if code could talk, mine would cry";
description = "forgejo app slogan";
};
};
};
};
config = {
services = {
forgejo = {
enable = config.server.misc.forgejo.enable;
database.type = "postgres";
settings = {
server = {
DOMAIN = "${config.server.misc.forgejo.subdomain}.${config.networking.domain}";
ROOT_URL = "https://${config.server.misc.forgejo.subdomain}.${config.networking.domain}";
HTTP_PORT = config.server.misc.forgejo.port;
};
DEFAULT = {
APP_NAME = config.server.misc.forgejo.settings.app_name;
APP_SLOGAN = config.server.misc.forgejo.settings.app_slogan;
};
REPOSITORY = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
service.DISABLE_REGISTRATION = true;
};
};
nginx = {
virtualHosts = {
"${config.server.misc.forgejo.subdomain}.${config.networking.domain}" =
if config.server.misc.forgejo.public then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.misc.forgejo.port}";
};
}
else
{ };
};
};
};
};
}

54
modules/server/misc/lauti.nix Normal file
View file

@ -0,0 +1,54 @@
{
config,
lib,
pkgs,
...
}:
{
options = {
server.misc.lauti = {
enable = lib.mkEnableOption "enable lauti";
port = lib.mkOption {
default = 3333;
description = "lauti port";
};
public = lib.mkEnableOption "make lauti public";
subdomain = lib.mkOption {
default = "lauti";
description = "lauti subdomain";
};
};
};
config = {
services = {
lauti = {
enable = config.server.misc.lauti.enable;
settings = {
LAUTI_ADMIN_EMAIL = "lauti@${config.networking.domain}";
LAUTI_BASE_URL = "https://${config.server.misc.lauti.subdomain}.${config.networking.domain}";
LAUTI_OSM_TILE_CACHE_DIR = "/var/lib/lauti/osm";
LAUTI_OSM_TILE_SERVER = "https://tile.openstreetmap.org/{z}/{x}/{y}.png";
LAUTI_TIMEZONE = "Europe/Berlin";
LAUTI_LANGUAGE = config.console.keyMap;
};
secrets = [ /home/${config.user.userName}/secrets/lauti ];
};
nginx = {
virtualHosts = {
"${config.server.misc.lauti.subdomain}.${config.networking.domain}" =
if config.server.misc.lauti.public then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.misc.lauti.port}";
};
}
else
{ };
};
};
};
};
}

16
modules/server/nginx.nix
View file

@ -6,20 +6,6 @@
}:
{
options = {
domain = lib.mkOption {
default = "marty.tf";
description = "set domain name";
};
email = lib.mkOption {
default = "${config.user.userName}@${config.domain}";
description = "set email";
};
nginx = {
};
};
config = {
users = {
users = {
@ -50,7 +36,7 @@
security = {
acme = {
acceptTerms = true;
defaults.email = config.email;
defaults.email = config.user.email;
};
};
};

13
modules/server/social/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./gotosocial.nix
./synapse.nix
];
}

64
modules/server/social/gotosocial.nix Normal file
View file

@ -0,0 +1,64 @@
{
config,
pkgs,
inputs,
lib,
...
}:
{
options = {
server.social.gotosocial = {
enable = lib.mkEnableOption "enable gotosocial";
port = lib.mkOption {
default = 8008;
description = "gotosocial port";
};
public = lib.mkOption {
default = true;
description = "public gotosocial";
};
subdomain = lib.mkOption {
default = "fedi";
description = "gotosocial subdomain";
};
};
};
config = {
services = {
gotosocial = {
enable = config.server.social.gotosocial.enable;
settings = {
application_name = "The Martyverse";
host = "${config.server.social.gotosocial.subdomain}.${config.networking.domain}";
bind-address = "127.0.0.1";
port = config.server.social.gotosocial.port;
protocol = "https";
landing-page-user = "${config.user.userName}";
db-address = "/home/${config.user.userName}/gotosocial/storage/sqlite.db";
storage-local-base-path = "/home/${config.user.userName}/gotosocial/storage";
db-type = "sqlite";
accounts-allow-custom-css = true;
accounts-registration-open = true;
accounts-reason-required = true;
accounts-registration-backlog-limit = 20;
};
};
nginx = {
virtualHosts = {
"${config.server.social.gotosocial.subdomain}.${config.networking.domain}" =
if config.server.social.gotosocial.public && config.server.social.gotosocial.enable then
{
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.server.social.gotosocial.port}";
proxyWebsockets = true;
};
}
else
{ };
};
};
};
};
}

117
modules/server/social/synapse.nix Normal file
View file

@ -0,0 +1,117 @@
{
config,
lib,
pkgs,
...
}:
let
fqdn = "${config.server.synapse.subdomain}.${config.networking.domain}";
baseUrl = "https://${fqdn}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${fqdn}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
{
options = {
server.synapse = {
enable = lib.mkEnableOption "enable synapse";
subdomain = lib.mkOption {
default = "yap";
description = "synapse subdomain";
};
port = lib.mkOption {
default = 8008;
description = "synapse port";
};
};
};
config = {
services =
if config.server.synapse.enable then
{
postgresql.enable = true;
matrix-synapse = {
enable = true;
configureRedisLocally = true;
extras = [
"cache-memory" # Provide statistics about caching memory consumption
"jwt" # JSON Web Token authentication
"oidc" # OpenID Connect authentication
"postgres" # PostgreSQL database backend
"redis" # Redis support for the replication stream between worker processes
#"saml2" # SAML2 authentication
"sentry" # Error tracking and performance metrics
"systemd" # Provide the JournalHandler used in the default log_config
"url-preview" # Support for oEmbed URL previews
];
settings = {
url_preview_enabled = true;
server_name = "${config.networking.domain}";
public_baseurl = baseUrl;
media_store_path = "/mnt/Data/Matrix/Media";
max_upload_size = "10G";
enable_registration = false;
registration_shared_secret = "";
generic = {
enabled = true;
outbound = true;
urlPrefix = "https://https://yap.marty.tf/webhooks/";
allowJsTransformationFunctions = false;
waitForComplete = false;
enableHttpGet = false;
};
listeners = [
{
port = config.server.synapse.port;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
};
};
nginx = {
virtualHosts = {
"${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
"${config.server.synapse.subdomain}.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations = {
"~ ^(/_matrix|/_synapse/client|/)" = {
proxyPass = "http://127.0.0.1:${toString config.server.synapse.port}";
proxyWebsockets = true;
extraConfig =
"proxy_set_header X-Forwarded-For $remote_addr;"
+ "proxy_set_header X-Forwarded-Proto $scheme;"
+ "proxy_set_header Host $host:$server_port;";
};
};
};
};
};
}
else
{ };
};
}