diff --git a/servers/midgard/default.nix b/servers/midgard/default.nix index c70e0ff..22a0772 100644 --- a/servers/midgard/default.nix +++ b/servers/midgard/default.nix @@ -14,13 +14,7 @@ personal = { services = { - acme = { - enable = config.personal.services.enable; - }; - adguard = { - enable = config.personal.services.enable; - }; - coredns = { + homedns = { enable = config.personal.services.enable; }; tailscale = { diff --git a/servers/niflheim/default.nix b/servers/niflheim/default.nix index 2a3370b..42448d7 100644 --- a/servers/niflheim/default.nix +++ b/servers/niflheim/default.nix @@ -14,6 +14,18 @@ personal = { services = { + authentik = { + enable = config.personal.services.enable; + }; + media = { + enable = config.personal.services.enable; + }; + minecraft = { + enable = config.personal.services.enable; + }; + nextcloud = { + enable = config.personal.services.enable; + }; tailscale = { enable = config.personal.services.enable; }; diff --git a/servers/niflheim/filesystems.nix b/servers/niflheim/filesystems.nix index b78ca87..19f30ef 100644 --- a/servers/niflheim/filesystems.nix +++ b/servers/niflheim/filesystems.nix @@ -37,6 +37,86 @@ ]; }; + fileSystems."/var/lib/acme" = { + device = "/dev/disk/by-label/acme"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/nzbget" = { + device = "/dev/disk/by-label/nzbget"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/jellyfin" = { + device = "/dev/disk/by-label/jellyfin"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/radarr" = { + device = "/dev/disk/by-label/radarr"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/sonarr" = { + device = "/dev/disk/by-label/sonarr"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/lidarr" = { + device = "/dev/disk/by-label/lidarr"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/readarr" = { + device = "/dev/disk/by-label/readarr"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/bazarr" = { + device = "/dev/disk/by-label/bazarr"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/prowlarr" = { + device = "/dev/disk/by-label/prowlarr"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/downloads" = { + device = "/dev/disk/by-label/downloads"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + fileSystems."/var/lib/movies" = { device = "/dev/disk/by-label/movies"; fsType = "ext4"; @@ -68,4 +148,20 @@ "noatime" ]; }; + + fileSystems."/var/lib/bromance" = { + device = "/dev/disk/by-label/bromance"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; + + fileSystems."/var/lib/owntech" = { + device = "/dev/disk/by-label/owntech"; + fsType = "ext4"; + options = [ + "noatime" + ]; + }; } diff --git a/servers/niflheim/networking.nix b/servers/niflheim/networking.nix index d148488..a7937ad 100644 --- a/servers/niflheim/networking.nix +++ b/servers/niflheim/networking.nix @@ -38,5 +38,11 @@ }; }; }; + + nat = { + enable = true; + externalInterface = "enp3s0"; + internalInterfaces = [ "ve-*" ]; + }; }; } diff --git a/servers/niflheim/partitions.sh b/servers/niflheim/partitions.sh index f58b9fe..85ffcf3 100755 --- a/servers/niflheim/partitions.sh +++ b/servers/niflheim/partitions.sh @@ -161,7 +161,7 @@ mount /dev/disk/by-partlabel/boot1 /mnt/boot # STORAGE # -for PARTITION in ; do +for PARTITION in acme nzbget jellyfin radarr sonarr lidarr readarr bazarr prowlarr; do echo "-----> Create ${PARTITION} volume" lvcreate -y --size 5G --name ${PARTITION} system @@ -173,6 +173,16 @@ for PARTITION in ; do mount -t ext4 /dev/system/${PARTITION} /mnt/var/lib/${PARTITION} done +echo "-----> Create downloads volume" +lvcreate -y --size 200G --name downloads system + +echo "-----> Create downloads filesystem" +mkfs.ext4 -L downloads /dev/system/downloads + +echo "-----> Mount downloads filesystem" +mkdir -p /mnt/var/lib/downloads +mount -t ext4 /dev/system/downloads /mnt/var/lib/downloads + echo "-----> Create movies volume" lvcreate -y --size 2000G --name movies system @@ -212,3 +222,23 @@ mkfs.ext4 -L music /dev/system/music echo "-----> Mount music filesystem" mkdir -p /mnt/var/lib/music mount -t ext4 /dev/system/music /mnt/var/lib/music + +echo "-----> Create bromance volume" +lvcreate -y --size 10G --name bromance system + +echo "-----> Create bromance filesystem" +mkfs.ext4 -L bromance /dev/system/bromance + +echo "-----> Mount bromance filesystem" +mkdir -p /mnt/var/lib/bromance +mount -t ext4 /dev/system/bromance /mnt/var/lib/bromance + +echo "-----> Create owntech volume" +lvcreate -y --size 10G --name owntech system + +echo "-----> Create owntech filesystem" +mkfs.ext4 -L owntech /dev/system/owntech + +echo "-----> Mount owntech filesystem" +mkdir -p /mnt/var/lib/owntech +mount -t ext4 /dev/system/owntech /mnt/var/lib/owntech diff --git a/servers/utgard/default.nix b/servers/utgard/default.nix index 32f8eac..eb511bd 100644 --- a/servers/utgard/default.nix +++ b/servers/utgard/default.nix @@ -3,6 +3,7 @@ { imports = [ ../../shared/modules + ../../shared/programs ../../shared/services ./filesystems.nix @@ -13,15 +14,9 @@ personal = { services = { - acme = { - enable = config.personal.services.enable; - }; hass = { enable = config.personal.services.enable; }; - media = { - enable = config.personal.services.enable; - }; tailscale = { enable = config.personal.services.enable; }; diff --git a/shared/services/acme/default.nix b/shared/services/acme/default.nix index 8efbc3a..e594063 100644 --- a/shared/services/acme/default.nix +++ b/shared/services/acme/default.nix @@ -22,11 +22,12 @@ in acceptTerms = true; defaults = { - email = "hostmaster@boerger.ws"; + reloadServices = [ "nginx" ]; }; certs = { "boerger.ws" = { + email = "hostmaster@boerger.ws"; extraDomainNames = [ "*.boerger.ws" ]; dnsProvider = "cloudflare"; credentialsFile = config.age.secrets."services/acme/credentials".path; diff --git a/shared/services/coredns/default.nix b/shared/services/coredns/default.nix deleted file mode 100644 index b90d722..0000000 --- a/shared/services/coredns/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, config, options, fetchurl, ... }: -with lib; - -let - cfg = config.personal.services.coredns; - -in -{ - options = { - personal = { - services = { - coredns = { - enable = mkEnableOption "CoreDNS"; - }; - }; - }; - }; - - config = mkIf cfg.enable { }; -} diff --git a/shared/services/default.nix b/shared/services/default.nix index 553b6b6..e3c7582 100644 --- a/shared/services/default.nix +++ b/shared/services/default.nix @@ -4,17 +4,14 @@ with lib; { imports = [ ./acme - ./adguard ./authentik - ./coredns + ./homedns ./desktop ./docker - ./dst ./hass ./haveged ./libvirt ./media - ./mediang ./minecraft ./nextcloud ./nixbuild diff --git a/shared/services/dst/default.nix b/shared/services/dst/default.nix deleted file mode 100644 index 30b76df..0000000 --- a/shared/services/dst/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, config, options, fetchurl, ... }: -with lib; - -let - cfg = config.personal.services.dst; - -in -{ - options = { - personal = { - services = { - dst = { - enable = mkEnableOption "Don't Starve Together"; - }; - }; - }; - }; - - config = mkIf cfg.enable { }; -} diff --git a/shared/services/hass/arion.nix b/shared/services/hass/arion.nix deleted file mode 100644 index cb1c80d..0000000 --- a/shared/services/hass/arion.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -{ } diff --git a/shared/services/hass/default.nix b/shared/services/hass/default.nix index 78b78f5..9d2a77e 100644 --- a/shared/services/hass/default.nix +++ b/shared/services/hass/default.nix @@ -64,28 +64,37 @@ in default_config = { }; }; }; + + nginx = { + virtualHosts = + let + base = locations: { + inherit locations; + + useACMEHost = "boerger.ws"; + forceSSL = true; + }; + proxy = port: base { + "/" = { + proxyPass = "http://127.0.0.1:" + toString (port) + "/"; + proxyWebsockets = true; + }; + }; + in + { + "iot.boerger.ws" = proxy 8123; + }; + }; }; personal = { services = { + acme = { + enable = true; + }; + webserver = { enable = true; - - hosts = [ - { - domain = "home.boerger.ws"; - proxy = "http://127.0.0.1:8123"; - - proxyOptions = '' - proxy_http_version 1.1; - - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - ''; - } - ]; }; }; }; diff --git a/shared/services/adguard/default.nix b/shared/services/homedns/default.nix similarity index 58% rename from shared/services/adguard/default.nix rename to shared/services/homedns/default.nix index 0c76cdb..a53450a 100644 --- a/shared/services/adguard/default.nix +++ b/shared/services/homedns/default.nix @@ -2,15 +2,15 @@ with lib; let - cfg = config.personal.services.adguard; + cfg = config.personal.services.homedns; in { options = { personal = { services = { - adguard = { - enable = mkEnableOption "Adguard"; + homedns = { + enable = mkEnableOption "HomeDNS"; }; }; }; @@ -47,19 +47,37 @@ in }]; }; }; + + nginx = { + virtualHosts = + let + base = locations: { + inherit locations; + + useACMEHost = "boerger.ws"; + forceSSL = true; + }; + proxy = port: base { + "/" = { + proxyPass = "http://127.0.0.1:" + toString (port) + "/"; + proxyWebsockets = true; + }; + }; + in + { + "adguard.boerger.ws" = proxy 3000; + }; + }; }; personal = { services = { + acme = { + enable = true; + }; + webserver = { enable = true; - - hosts = [ - { - domain = "adguard.boerger.ws"; - proxy = "http://localhost:3000"; - } - ]; }; }; }; diff --git a/shared/services/dst/arion.nix b/shared/services/media/arion.nix similarity index 100% rename from shared/services/dst/arion.nix rename to shared/services/media/arion.nix diff --git a/shared/services/media/default.nix b/shared/services/media/default.nix index abd77d1..e237783 100644 --- a/shared/services/media/default.nix +++ b/shared/services/media/default.nix @@ -17,116 +17,170 @@ in }; config = mkIf cfg.enable { + # containers = { + # media = + # let + # passwordFile = config.age.secrets."users/media/password".path; + # in + # { + # autoStart = true; + # privateNetwork = true; + # # hostAddress = "192.168.100.10"; + # # localAddress = "192.168.100.11"; + + # config = { config, pkgs, ... }: { + # users = { + # users = { + # media = { + # uid = 20000; + # description = "Media"; + # shell = pkgs.zsh; + # isSystemUser = true; + # group = "media"; + # home = "/var/lib/media"; + # passwordFile = passwordFile; + # }; + # }; + + # groups = { + # media = { + # gid = 20000; + # }; + # }; + # }; + + # services = { + # jellyfin = { + # enable = true; + # user = "media"; + # group = "media"; + # package = pkgs.jellyfin; + # }; + # }; + + # networking.firewall = { + # enable = true; + # allowedTCPPorts = [ + # 8080 + # ]; + # }; + + # environment.etc."resolv.conf".text = "nameserver 8.8.8.8"; + # system.stateVersion = "22.05"; + # }; + # }; + # }; + environment = { systemPackages = with pkgs; [ - nur.repos.tboerger.jellyseerr + sqlite ]; }; - users = { - users = { - media = { - uid = 20000; - description = "Media"; - shell = pkgs.zsh; - isSystemUser = true; - group = "media"; - home = "/var/lib/media"; - passwordFile = config.age.secrets."users/media/password".path; - }; - }; + # users = { + # users = { + # media = { + # uid = 20000; + # description = "Media"; + # shell = pkgs.zsh; + # isSystemUser = true; + # group = "media"; + # home = "/var/lib/media"; + # passwordFile = config.age.secrets."users/media/password".path; + # }; + # }; - groups = { - media = { - gid = 20000; - }; - }; - }; + # groups = { + # media = { + # gid = 20000; + # }; + # }; + # }; services = { - nzbget = { - enable = true; - user = "media"; - group = "media"; + # nzbget = { + # enable = true; + # user = "media"; + # group = "media"; - settings = { - MainDir = "/var/lib/downloads"; - DestDir = "/var/lib/downloads/completed"; - InterDir = "/var/lib/downloads/intermediate"; - NzbDir = "/var/lib/downloads/nzb"; - QueueDir = "/var/lib/downloads/queue"; - TempDir = "/var/lib/downloads/temp"; - ScriptDir = "/var/lib/downloads/scripts"; + # settings = { + # MainDir = "/var/lib/downloads"; + # DestDir = "/var/lib/downloads/completed"; + # InterDir = "/var/lib/downloads/intermediate"; + # NzbDir = "/var/lib/downloads/nzb"; + # QueueDir = "/var/lib/downloads/queue"; + # TempDir = "/var/lib/downloads/temp"; + # ScriptDir = "/var/lib/downloads/scripts"; - "Category1.Name" = "Movies"; - "Category1.Unpack" = "yes"; + # "Category1.Name" = "Movies"; + # "Category1.Unpack" = "yes"; - "Category2.Name" = "Series"; - "Category2.Unpack" = "yes"; + # "Category2.Name" = "Series"; + # "Category2.Unpack" = "yes"; - "Category3.Name" = "Music"; - "Category3.Unpack" = "yes"; + # "Category3.Name" = "Music"; + # "Category3.Unpack" = "yes"; - "Category4.Name" = "Books"; - "Category4.Unpack" = "yes"; + # "Category4.Name" = "Books"; + # "Category4.Unpack" = "yes"; - "Category5.Name" = "Prowlarr"; - "Category5.Unpack" = "yes"; - }; - }; + # "Category5.Name" = "Prowlarr"; + # "Category5.Unpack" = "yes"; + # }; + # }; - jellyfin = { - enable = true; - user = "media"; - group = "media"; - package = pkgs.jellyfin; - }; + # jellyfin = { + # enable = true; + # user = "media"; + # group = "media"; + # package = pkgs.jellyfin; + # }; - radarr = { - enable = true; - user = "media"; - group = "media"; - package = pkgs.radarr; - dataDir = "/var/lib/radarr"; - }; + # radarr = { + # enable = true; + # user = "media"; + # group = "media"; + # package = pkgs.radarr; + # dataDir = "/var/lib/radarr"; + # }; - sonarr = { - enable = true; - user = "media"; - group = "media"; - package = pkgs.sonarr; - dataDir = "/var/lib/sonarr"; - }; + # sonarr = { + # enable = true; + # user = "media"; + # group = "media"; + # package = pkgs.sonarr; + # dataDir = "/var/lib/sonarr"; + # }; - lidarr = { - enable = true; - user = "media"; - group = "media"; - package = pkgs.lidarr; - dataDir = "/var/lib/lidarr"; - }; + # lidarr = { + # enable = true; + # user = "media"; + # group = "media"; + # package = pkgs.lidarr; + # dataDir = "/var/lib/lidarr"; + # }; - readarr = { - enable = true; - user = "media"; - group = "media"; - package = pkgs.nur.repos.tboerger.readarr; - dataDir = "/var/lib/readarr"; - }; + # readarr = { + # enable = true; + # user = "media"; + # group = "media"; + # package = pkgs.nur.repos.tboerger.readarr; + # dataDir = "/var/lib/readarr"; + # }; - bazarr = { - enable = true; - user = "media"; - group = "media"; - package = pkgs.bazarr; - }; + # bazarr = { + # enable = true; + # user = "media"; + # group = "media"; + # package = pkgs.bazarr; + # }; - prowlarr = { - enable = true; - user = "media"; - group = "media"; - package = pkgs.prowlarr; - }; + # prowlarr = { + # enable = true; + # user = "media"; + # group = "media"; + # package = pkgs.prowlarr; + # }; nginx = { virtualHosts = @@ -159,18 +213,22 @@ in personal = { services = { + acme = { + enable = true; + }; + webserver = { enable = true; }; }; }; - networking = { - firewall = { - allowedTCPPorts = [ 8096 ]; - allowedUDPPorts = [ 1900 7359 ]; - }; - }; + # networking = { + # firewall = { + # allowedTCPPorts = [ 8096 ]; + # allowedUDPPorts = [ 1900 7359 ]; + # }; + # }; age.secrets."users/media/password" = { file = ../../../secrets/users/media/password.age; diff --git a/shared/services/mediang/arion.nix b/shared/services/mediang/arion.nix deleted file mode 100644 index cb1c80d..0000000 --- a/shared/services/mediang/arion.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -{ } diff --git a/shared/services/mediang/default.nix b/shared/services/mediang/default.nix deleted file mode 100644 index 9b08f10..0000000 --- a/shared/services/mediang/default.nix +++ /dev/null @@ -1,215 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.personal.services.mediang; - -in -{ - options = { - personal = { - services = { - mediang = { - enable = mkEnableOption "Media"; - }; - }; - }; - }; - - config = mkIf cfg.enable { - # networking = { - # nat = { - # enable = true; - # internalInterfaces = ["ve-+"]; - # externalInterface = "ens3"; - # }; - # }; - - containers = { - media = - let - passwordFile = config.age.secrets."users/media/password".path; - in - { - autoStart = true; - privateNetwork = true; - # hostAddress = "192.168.100.10"; - # localAddress = "192.168.100.11"; - - config = { config, pkgs, ... }: { - users = { - users = { - media = { - uid = 20000; - description = "Media"; - shell = pkgs.zsh; - isSystemUser = true; - group = "media"; - home = "/var/lib/media"; - passwordFile = passwordFile; - }; - }; - - groups = { - media = { - gid = 20000; - }; - }; - }; - - services = { - jellyfin = { - enable = true; - user = "media"; - group = "media"; - package = pkgs.jellyfin; - }; - }; - - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 8080 - ]; - }; - - environment.etc."resolv.conf".text = "nameserver 8.8.8.8"; - system.stateVersion = "22.05"; - }; - }; - }; - - age.secrets."users/media/password" = { - file = ../../../secrets/users/media/password.age; - }; - }; -} - -# services = { -# nzbget = { -# enable = true; -# user = "media"; -# group = "media"; - -# settings = { -# MainDir = "/var/lib/downloads"; -# DestDir = "/var/lib/downloads/completed"; -# InterDir = "/var/lib/downloads/intermediate"; -# NzbDir = "/var/lib/downloads/nzb"; -# QueueDir = "/var/lib/downloads/queue"; -# TempDir = "/var/lib/downloads/temp"; -# ScriptDir = "/var/lib/downloads/scripts"; - -# "Category1.Name" = "Movies"; -# "Category1.Unpack" = "yes"; - -# "Category2.Name" = "Series"; -# "Category2.Unpack" = "yes"; - -# "Category3.Name" = "Music"; -# "Category3.Unpack" = "yes"; - -# "Category4.Name" = "Books"; -# "Category4.Unpack" = "yes"; - -# "Category5.Name" = "Prowlarr"; -# "Category5.Unpack" = "yes"; -# }; -# }; - -# jellyfin = { -# enable = true; -# user = "media"; -# group = "media"; -# package = pkgs.jellyfin; -# }; - -# radarr = { -# enable = true; -# user = "media"; -# group = "media"; -# package = pkgs.radarr; -# dataDir = "/var/lib/radarr"; -# }; - -# sonarr = { -# enable = true; -# user = "media"; -# group = "media"; -# package = pkgs.sonarr; -# dataDir = "/var/lib/sonarr"; -# }; - -# lidarr = { -# enable = true; -# user = "media"; -# group = "media"; -# package = pkgs.lidarr; -# dataDir = "/var/lib/lidarr"; -# }; - -# readarr = { -# enable = true; -# user = "media"; -# group = "media"; -# package = pkgs.nur.repos.tboerger.readarr; -# dataDir = "/var/lib/readarr"; -# }; - -# bazarr = { -# enable = true; -# user = "media"; -# group = "media"; -# package = pkgs.bazarr; -# }; - -# prowlarr = { -# enable = true; -# user = "media"; -# group = "media"; -# package = pkgs.prowlarr; -# }; - -# nginx = { -# virtualHosts = -# let -# base = locations: { -# inherit locations; - -# useACMEHost = "boerger.ws"; -# forceSSL = true; -# }; -# proxy = port: base { -# "/" = { -# proxyPass = "http://127.0.0.1:" + toString (port) + "/"; -# proxyWebsockets = true; -# }; -# }; -# in -# { -# "nzbget.boerger.ws" = proxy 6789; -# "jellyfin.boerger.ws" = proxy 8096; -# "radarr.boerger.ws" = proxy 7878; -# "sonarr.boerger.ws" = proxy 8989; -# "lidarr.boerger.ws" = proxy 8686; -# "readarr.boerger.ws" = proxy 8787; -# "bazarr.boerger.ws" = proxy 6767; -# "prowlarr.boerger.ws" = proxy 9696; -# }; -# }; -# }; - -# personal = { -# services = { -# webserver = { -# enable = true; -# }; -# }; -# }; - -# networking = { -# firewall = { -# allowedTCPPorts = [ 8096 ]; -# allowedUDPPorts = [ 1900 7359 ]; -# }; -# }; diff --git a/shared/services/minecraft/default.nix b/shared/services/minecraft/default.nix index 2dcacd3..9e61a1a 100644 --- a/shared/services/minecraft/default.nix +++ b/shared/services/minecraft/default.nix @@ -16,5 +16,137 @@ in }; }; - config = mkIf cfg.enable { }; + config = mkIf cfg.enable { + # containers = { + # bromance = { + # autoStart = true; + # privateNetwork = true; + # hostAddress = "192.168.100.10"; + # localAddress = "192.168.100.11"; + + # config = { config, pkgs, ... }: { + # nixpkgs = { + # config = { + # allowUnfree = true; + # }; + # }; + + # services = { + # minecraft-server = { + # enable = true; + # package = pkgs.minecraft-server; + # openFirewall = true; + # eula = true; + # declarative = true; + # jvmOpts = "-Xmx2048M -Xms2048M"; + + # whitelist = { + # mompelz = "e640f53a-44a1-4d6d-89b4-988b649cbb6d"; + # }; + + # serverProperties = { + # motd = "Welcome to Bromance!"; + # white-list = true; + # }; + # }; + # }; + + # networking = { + # firewall = { + # enable = true; + # }; + # }; + + # systemd = { + # tmpfiles = { + # rules = [ + # "d /var/lib/minecraft 700 minecraft minecraft -" + # ]; + # }; + # }; + + # environment.etc."resolv.conf".text = "nameserver 1.1.1.1"; + # system.stateVersion = "22.05"; + # }; + + # bindMounts = { + # "/var/lib/minecraft" = { + # hostPath = "/var/lib/bromance/"; + # isReadOnly = false; + # }; + # }; + + # forwardPorts = [{ + # containerPort = 25565; + # hostPort = 25575; + # protocol = "tcp"; + # }]; + # }; + + # owntech = { + # autoStart = true; + # privateNetwork = true; + # hostAddress = "192.168.100.20"; + # localAddress = "192.168.100.21"; + + # config = { config, pkgs, ... }: { + # nixpkgs = { + # config = { + # allowUnfree = true; + # }; + # }; + + # services = { + # minecraft-server = { + # enable = true; + # package = pkgs.minecraft-server; + # openFirewall = true; + # eula = true; + # declarative = true; + # jvmOpts = "-Xmx2048M -Xms2048M"; + + # whitelist = { + # mompelz = "e640f53a-44a1-4d6d-89b4-988b649cbb6d"; + # }; + + # serverProperties = { + # motd = "Welcome to ownTech!"; + # white-list = true; + # }; + # }; + # }; + + # networking = { + # firewall = { + # enable = true; + # }; + # }; + + # systemd = { + # tmpfiles = { + # rules = [ + # "d /var/lib/minecraft 700 minecraft minecraft -" + # ]; + # }; + # }; + + # environment.etc."resolv.conf".text = "nameserver 1.1.1.1"; + # system.stateVersion = "22.05"; + # }; + + # bindMounts = { + # "/var/lib/minecraft" = { + # hostPath = "/var/lib/owntech/"; + # isReadOnly = false; + # }; + # }; + + # forwardPorts = [{ + # containerPort = 25565; + # hostPort = 25585; + # protocol = "tcp"; + # }]; + # }; + # }; + }; } diff --git a/shared/services/nextcloud/arion.nix b/shared/services/nextcloud/arion.nix index 171602b..cb1c80d 100644 --- a/shared/services/nextcloud/arion.nix +++ b/shared/services/nextcloud/arion.nix @@ -1,19 +1,4 @@ { pkgs, lib, config, options, ... }: +with lib; -{ - config = { - services = { - nextcloud = { - nixos = { - configuration = { - services = { - nextcloud = { - enable = true; - }; - }; - }; - }; - }; - }; - }; -} +{ } diff --git a/shared/services/nextcloud/default.nix b/shared/services/nextcloud/default.nix index 3972a85..6398637 100644 --- a/shared/services/nextcloud/default.nix +++ b/shared/services/nextcloud/default.nix @@ -17,10 +17,141 @@ in }; config = mkIf cfg.enable { - virtualisation.arion.projects.prometheus.settings = { - imports = [ - (import ./arion.nix) - ]; - }; + # containers = { + # nextcloud = { + # autoStart = true; + # privateNetwork = true; + # hostAddress = "192.168.101.10"; + # localAddress = "192.168.101.11"; + + # config = { config, pkgs, ... }: { + # services = { + # mysql = { + # enable = true; + + # ensureDatabases = [ + # "nextcloud" + # ]; + + # ensureUsers = [{ + # name = "nextcloud"; + # ensurePermissions = { + # "*.*" = "ALL PRIVILEGES"; + # }; + # }]; + # }; + + # nextcloud = { + # enable = true; + # package = pkgs.nextcloud25; + + # hostName = "cloud.boerger.ws"; + # https = true; + # extraAppsEnable = true; + # globalProfiles = false; + # logType = "systemd"; + # maxUploadSize = "1024M"; + # secretFile = null; + + # trustedProxies = [ + # "192.168.101.0/24" + # ]; + + # config = { + # overwriteProtocol = "https"; + + # adminuser = "devops"; + # adminpassFile = ""; + + # dbtype = "mysql"; + # dbname = "nextcloud"; + # dbhost = "/run/mysql/mysql.sock"; + # dbuser = "nextcloud"; + # dbpassFile = null; + + # defaultPhoneRegion = "DE"; + + # objectstore = { + # s3 = { + # enabel = true; + # hostname = "s3.eu-west-1.wasabisys.com" + # port = 443 + # region = "eu-west-1"; + # bucket = "bws-nextcloud"; + # key = ""; + # secretFile = ""; + # } + # }; + # }; + + # caching = { + # redis = true; + # }; + + # extraOptions = { + # redis = { + # host = "/run/redis/redis.sock"; + # port = 0; + # dbindex = 0; + # password = "secret"; + # timeout = 1.5; + # }; + # }; + + # # extraApps = { + # # bookmarks = pkgs.fetchNextcloudApp { + # # name = "bookmarks"; + # # sha256 = ""; + # # url = "https://github.com/nextcloud/bookmarks/releases/download/v11.0.4/bookmarks-11.0.4.tar.gz"; + # # version = "11.0.4"; + # # }; + # # cookbook = pkgs.fetchNextcloudApp { + # # name = "cookbook"; + # # sha256 = ""; + # # url = "https://github.com/nextcloud/cookbook/releases/download/v0.10.1/Cookbook-0.10.1.tar.gz"; + # # version = "0.10.1"; + # # }; + # # guests = pkgs.fetchNextcloudApp { + # # name = "guests"; + # # sha256 = ""; + # # url = "https://github.com/nextcloud/guests/releases/download/v2.3.0/guests.tar.gz"; + # # version = "2.3.0"; + # # }; + # # impersonate = pkgs.fetchNextcloudApp { + # # name = "impersonate"; + # # sha256 = ""; + # # url = "https://github.com/nextcloud/impersonate/releases/download/v1.8.0/impersonate.tar.gz"; + # # version = "1.8.0"; + # # }; + # # }; + # }; + # }; + + # networking = { + # firewall = { + # enable = true; + # }; + # }; + + # systemd = { + # tmpfiles = { + # rules = [ + # "d /var/lib/nextcloud 700 nextcloud nextcloud -" + # ]; + # }; + # }; + + # environment.etc."resolv.conf".text = "nameserver 1.1.1.1"; + # system.stateVersion = "22.05"; + # }; + + # bindMounts = { + # "/var/lib/nextcloud" = { + # hostPath = "/var/lib/nextcloud/"; + # isReadOnly = false; + # }; + # }; + # }; + # }; }; } diff --git a/shared/services/shares/arion.nix b/shared/services/shares/arion.nix deleted file mode 100644 index cb1c80d..0000000 --- a/shared/services/shares/arion.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -{ }