Superredstone/nixos
1
0
Fork 0
mirror of https://github.com/Superredstone/nixos.git synced 2026-06-17 15:24:39 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(bomba): move from docker to native services

Browse Source
This commit is contained in:
Patrick Canal
2026-05-23 18:22:57 +02:00
parent 0f1274172c
commit 2f6f1dd405
14 changed files with 288 additions and 130 deletions
Download Patch File Download Diff File Expand all files Collapse all files
machines/bomba/services/caddy.nix
+41
View File
@@ -0,0 +1,41 @@
{ config, ... }:
{
services.caddy = {
enable = true;
virtualHosts = {
"vaultwarden.patrickcanal.it".extraConfig = ''
encode zstd gzip
reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} {
header_up X-Real-IP {remote_host}
}
'';
"gitea.patrickcanal.it".extraConfig = ''
reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
'';
"nextcloud.patrickcanal.it".extraConfig = ''
reverse_proxy :8004
'';
"octoprint.patrickcanal.it".extraConfig = ''
reverse_proxy :${toString config.services.octoprint.port}
'';
"jellyfin.patrickcanal.it".extraConfig = ''
reverse_proxy :${toString config.nixflix.jellyfin.network.internalHttpPort}
'';
"qbittorrent.patrickcanal.it".extraConfig = ''
reverse_proxy :${toString config.nixflix.downloadarr.qbittorrent.port}
'';
"radarr.patrickcanal.it".extraConfig = ''
reverse_proxy :${toString config.nixflix.radarr.settings.server.port}
'';
"sonarr.patrickcanal.it".extraConfig = ''
reverse_proxy :${toString config.nixflix.sonarr.settings.server.port}
'';
"prowlarr.patrickcanal.it".extraConfig = ''
reverse_proxy :${toString config.nixflix.prowlarr.settings.server.port}
'';
"seerr.patrickcanal.it".extraConfig = ''
reverse_proxy :${toString config.nixflix.seerr.port}
'';
};
};
}
machines/bomba/services/default.nix
+2 -2
View File
@@ -1,10 +1,10 @@
{ ... }:
{
imports = [
./caddy.nix
./gitea.nix
./nextcloud.nix
./nginx.nix
./ntfy.nix
./nixflix.nix
./octoprint.nix
./teamspeak.nix
./vaultwarden.nix
machines/bomba/services/nextcloud.nix
+2 -1
View File
@@ -29,9 +29,10 @@
];
};
};
# Required to change nextcloud port
nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [
{
addr = "172.18.0.1";
addr = "127.0.0.1";
port = 8004;
}
];
machines/bomba/services/nginx.nix
-42
View File
@@ -1,42 +0,0 @@
{ currentSystemEmail, ... }:
{
services.nginx = {
enable = false;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts =
let
base = locations: {
inherit locations;
enableACME = true;
forceSSL = true;
};
proxy =
ipPort:
base {
"/".proxyPass = "http://" + ipPort + "/";
};
in
{
"patrickcanal.it" = {
root = "/var/www/patrickcanal.it/public/";
enableACME = true;
forceSSL = true;
};
"gitea.patrickcanal.it" = proxy "127.0.0.1:8001" // {
default = true;
};
"vaultwarden.patrickcanal.it" = proxy "172.18.0.2:8002" // {
default = true;
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = currentSystemEmail;
};
}
machines/bomba/services/nixflix.nix
+121
View File
@@ -0,0 +1,121 @@
{ config, ... }:
let
user = "Patrick";
baseDir = "/var/lib/nixflix";
stateDir = "${baseDir}/state";
downloadsDir = "${baseDir}/downloads";
mediaDir = "${baseDir}/media";
jellyfinPort = 8005;
qbittorrentPort = 8006;
radarrPort = 8007;
prowlarrPort = 8008;
seerrPort = 8009;
sonarrPort = 8010;
hostConfig = {
username = user;
password._secret = config.sops.secrets.nixflix_password.path;
};
in
{
nixflix = {
inherit mediaDir downloadsDir stateDir;
enable = true;
caddy = {
enable = true;
domain = "patrickcanal.it";
};
flaresolverr.enable = true;
torrentClients.qbittorrent = {
enable = true;
webuiPort = qbittorrentPort;
password._secret = config.sops.secrets.nixflix_password.path;
serverConfig = {
LegalNotice.Accepted = true;
Preferences.WebUI = {
MaxAuthenticationFailCount = 0;
Username = user;
Password_PBKDF2 = "@ByteArray(8AhaCcVLo4H07+dv5uF7pQ==:m+wRuZuzus0N5mkOGXePQmDZfgTpRZiv2OSKbk1pnOA/QPa/JF4Ai1FwVbyZ1PF9odSOSI1UaRQwDMb3MxOKMg==)";
};
};
};
radarr = {
enable = true;
settings.server.port = radarrPort;
config = {
apiKey._secret = config.sops.secrets.radarr_api_key.path;
hostConfig = hostConfig // {
port = radarrPort;
};
};
};
sonarr = {
enable = true;
settings.server.port = sonarrPort;
config = {
apiKey._secret = config.sops.secrets.sonarr_api_key.path;
hostConfig = hostConfig // {
port = sonarrPort;
};
};
};
prowlarr = {
enable = true;
settings.server.port = prowlarrPort;
config = {
apiKey._secret = config.sops.secrets.prowlarr_api_key.path;
hostConfig = hostConfig // {
port = prowlarrPort;
};
indexers = [
{
name = "Il Corsaro Blu";
username = "Petrich";
password._secret = config.sops.secrets.indexers_ilcorsaroblu_password.path;
}
];
};
};
seerr = {
enable = true;
port = seerrPort;
apiKey._secret = config.sops.secrets.seerr_api_key.path;
};
jellyfin = {
enable = true;
apiKey._secret = config.sops.secrets.jellyfin_api_key.path;
network = {
knownProxies = [ "127.0.0.1" ];
internalHttpPort = jellyfinPort;
};
users."${user}" = {
mutable = false;
policy.isAdministrator = true;
password._secret = config.sops.secrets.nixflix_password.path;
};
libraries = {
Movies = {
collectionType = "movies";
paths = [
"${mediaDir}/movies"
];
};
Shows = {
collectionType = "tvshows";
seasonZeroDisplayName = "Specials";
paths = [
"${mediaDir}/tv"
];
};
};
};
};
}
machines/bomba/services/ntfy.nix
-16
View File
@@ -1,16 +0,0 @@
{ config, ... }:
{
# services.ntfy-sh = {
# enable = false;
# environmentFile = config.sops.templates."ntfy.env".path;
# settings = {
# listen-http = ":8005";
# base-url = "https://ntfy.patrickcanal.it";
# smtp-server-listen = ":25";
# smtp-server-domain = "patrickcanal.it";
# behind-proxy = true;
# enable-login = true;
# require-login = true;
# };
# };
}
machines/bomba/services/vaultwarden.nix
+2 -2
View File
@@ -2,9 +2,9 @@
{
services.vaultwarden = {
enable = true;
domain = "vaultwarden.patrickcanal.it";
config = {
ROCKET_ADDRESS = "0.0.0.0";
DOMAIN = "https://vaultwarden.patrickcanal.it";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8003;
};
};