feat(bomba): move from docker to native services

2026-06-17 15:24:39 +02:00 · 2026-05-23 18:22:57 +02:00
parent 0f1274172c
commit 2f6f1dd405
14 changed files with 288 additions and 130 deletions
@@ -1,23 +1,25 @@
-{ config, ... }:
+{ ... }:
 {
-  sops = {
-    secrets = {
-      nextcloud_password = {
-        owner = "nextcloud";
+  sops =
+    let
+      default = {
        sopsFile = ../../secrets/bomba.sops.yaml;
      };
-      ntfy_users = {
-        # owner = "ntfy-sh";
-        sopsFile = ../../secrets/bomba.sops.yaml;
-      };
-      ntfy_access = {
-        # owner = "ntfy-sh";
-        sopsFile = ../../secrets/bomba.sops.yaml;
+    in
+    {
+      secrets = {
+        nextcloud_password = default // {
+          owner = "nextcloud";
+        };
+        nixflix_password = default;
+        jellyfin_api_key = default;
+        qbittorrent_api_key = default;
+        qbittorrent_password = default;
+        radarr_api_key = default;
+        sonarr_api_key = default;
+        prowlarr_api_key = default;
+        seerr_api_key = default;
+        indexers_ilcorsaroblu_password = default;
      };
    };
-    templates."ntfy.env".content = ''
-      NTFY_AUTH_USERS='${config.sops.placeholder.ntfy_users}'
-      NTFY_AUTH_ACCESS='${config.sops.placeholder.ntfy_access}'
-    '';
-  };
 }
@@ -0,0 +1,41 @@
+{ config, ... }:
+{
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      "vaultwarden.patrickcanal.it".extraConfig = ''
+          encode zstd gzip
+          reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} {
+            header_up X-Real-IP {remote_host}
+          }
+      '';
+      "gitea.patrickcanal.it".extraConfig = ''
+          reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
+      '';
+      "nextcloud.patrickcanal.it".extraConfig = ''
+          reverse_proxy :8004
+      '';
+      "octoprint.patrickcanal.it".extraConfig = ''
+        reverse_proxy :${toString config.services.octoprint.port}
+      ''; 
+      "jellyfin.patrickcanal.it".extraConfig = ''
+        reverse_proxy :${toString config.nixflix.jellyfin.network.internalHttpPort}
+      '';
+      "qbittorrent.patrickcanal.it".extraConfig = ''
+        reverse_proxy :${toString config.nixflix.downloadarr.qbittorrent.port}
+      '';
+      "radarr.patrickcanal.it".extraConfig = ''
+        reverse_proxy :${toString config.nixflix.radarr.settings.server.port}
+      '';
+      "sonarr.patrickcanal.it".extraConfig = ''
+        reverse_proxy :${toString config.nixflix.sonarr.settings.server.port}
+      '';
+      "prowlarr.patrickcanal.it".extraConfig = ''
+        reverse_proxy :${toString config.nixflix.prowlarr.settings.server.port}
+      '';
+      "seerr.patrickcanal.it".extraConfig = ''
+        reverse_proxy :${toString config.nixflix.seerr.port}
+      '';
+    };
+  };
+}
@@ -1,10 +1,10 @@
 { ... }:
 {
  imports = [
+    ./caddy.nix
    ./gitea.nix
    ./nextcloud.nix
-    ./nginx.nix
-    ./ntfy.nix
+    ./nixflix.nix
    ./octoprint.nix
    ./teamspeak.nix
    ./vaultwarden.nix
@@ -29,9 +29,10 @@
        ];
      };
    };
+    # Required to change nextcloud port 
    nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [
      {
-        addr = "172.18.0.1";
+        addr = "127.0.0.1";
        port = 8004;
      }
    ];
@@ -1,42 +0,0 @@
-{ currentSystemEmail, ... }:
-{
-  services.nginx = {
-    enable = false;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    virtualHosts =
-      let
-        base = locations: {
-          inherit locations;
-
-          enableACME = true;
-          forceSSL = true;
-        };
-        proxy =
-          ipPort:
-          base {
-            "/".proxyPass = "http://" + ipPort + "/";
-          };
-      in
-      {
-        "patrickcanal.it" = {
-          root = "/var/www/patrickcanal.it/public/";
-          enableACME = true;
-          forceSSL = true;
-        };
-        "gitea.patrickcanal.it" = proxy "127.0.0.1:8001" // {
-          default = true;
-        };
-        "vaultwarden.patrickcanal.it" = proxy "172.18.0.2:8002" // {
-          default = true;
-        };
-      };
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = currentSystemEmail;
-  };
-}
@@ -0,0 +1,121 @@
+{ config, ... }:
+let
+  user = "Patrick";
+  baseDir = "/var/lib/nixflix";
+  stateDir = "${baseDir}/state";
+  downloadsDir = "${baseDir}/downloads";
+  mediaDir = "${baseDir}/media";
+  jellyfinPort = 8005;
+  qbittorrentPort = 8006;
+  radarrPort = 8007;
+  prowlarrPort = 8008;
+  seerrPort = 8009;
+  sonarrPort = 8010;
+  hostConfig = {
+    username = user;
+    password._secret = config.sops.secrets.nixflix_password.path;
+  };
+in
+{
+  nixflix = {
+    inherit mediaDir downloadsDir stateDir;
+    enable = true;
+
+    caddy = {
+      enable = true;
+      domain = "patrickcanal.it";
+    };
+
+    flaresolverr.enable = true;
+
+    torrentClients.qbittorrent = {
+      enable = true;
+      webuiPort = qbittorrentPort;
+      password._secret = config.sops.secrets.nixflix_password.path;
+      serverConfig = {
+        LegalNotice.Accepted = true;
+        Preferences.WebUI = {
+          MaxAuthenticationFailCount = 0;
+          Username = user;
+          Password_PBKDF2 = "@ByteArray(8AhaCcVLo4H07+dv5uF7pQ==:m+wRuZuzus0N5mkOGXePQmDZfgTpRZiv2OSKbk1pnOA/QPa/JF4Ai1FwVbyZ1PF9odSOSI1UaRQwDMb3MxOKMg==)";
+        };
+      };
+    };
+
+    radarr = {
+      enable = true;
+      settings.server.port = radarrPort;
+      config = {
+        apiKey._secret = config.sops.secrets.radarr_api_key.path;
+        hostConfig = hostConfig // {
+          port = radarrPort;
+        };
+      };
+    };
+
+    sonarr = {
+      enable = true;
+      settings.server.port = sonarrPort;
+      config = {
+        apiKey._secret = config.sops.secrets.sonarr_api_key.path;
+        hostConfig = hostConfig // {
+          port = sonarrPort;
+        };
+      };
+    };
+
+    prowlarr = {
+      enable = true;
+      settings.server.port = prowlarrPort;
+      config = {
+        apiKey._secret = config.sops.secrets.prowlarr_api_key.path;
+        hostConfig = hostConfig // {
+          port = prowlarrPort;
+        };
+        indexers = [
+          {
+            name = "Il Corsaro Blu";
+            username = "Petrich";
+            password._secret = config.sops.secrets.indexers_ilcorsaroblu_password.path;
+          }
+        ];
+      };
+    };
+
+    seerr = {
+      enable = true;
+      port = seerrPort;
+      apiKey._secret = config.sops.secrets.seerr_api_key.path;
+    };
+
+    jellyfin = {
+      enable = true;
+      apiKey._secret = config.sops.secrets.jellyfin_api_key.path;
+      network = {
+        knownProxies = [ "127.0.0.1" ];
+        internalHttpPort = jellyfinPort;
+      };
+      users."${user}" = {
+        mutable = false;
+        policy.isAdministrator = true;
+        password._secret = config.sops.secrets.nixflix_password.path;
+      };
+      libraries = {
+        Movies = {
+          collectionType = "movies";
+          paths = [
+            "${mediaDir}/movies"
+          ];
+        };
+
+        Shows = {
+          collectionType = "tvshows";
+          seasonZeroDisplayName = "Specials";
+          paths = [
+            "${mediaDir}/tv"
+          ];
+        };
+      };
+    };
+  };
+}
@@ -1,16 +0,0 @@
-{ config, ... }:
-{
-  # services.ntfy-sh = {
-  #   enable = false;
-  #   environmentFile = config.sops.templates."ntfy.env".path;
-  #   settings = {
-  #     listen-http = ":8005";
-  #     base-url = "https://ntfy.patrickcanal.it";
-  #     smtp-server-listen = ":25";
-  #     smtp-server-domain = "patrickcanal.it";
-  #     behind-proxy = true;
-  #     enable-login = true;
-  #     require-login = true;
-  #   };
-  # };
-}
@@ -2,9 +2,9 @@
 {
  services.vaultwarden = {
    enable = true;
-    domain = "vaultwarden.patrickcanal.it";
    config = {
-      ROCKET_ADDRESS = "0.0.0.0";
+      DOMAIN = "https://vaultwarden.patrickcanal.it";
+      ROCKET_ADDRESS = "127.0.0.1";
      ROCKET_PORT = 8003;
    };
  };