tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tigor:214cf36daf9dfed3d6545ef8be1f482e9a16ff8a
Branches Tags
tigor:main
..
compare: tigor:b46757974818b06eadca6e6fbe4973256333dd05
Branches Tags
tigor:main

No commits in common. "214cf36daf9dfed3d6545ef8be1f482e9a16ff8a" and "b46757974818b06eadca6e6fbe4973256333dd05" have entirely different histories.
214cf36daf ... b467579748

13 changed files with 95 additions and 181 deletions
Show stats Expand all files Collapse all files

1
home/programs/default.nix
View file

@ -8,7 +8,6 @@
./git.nix ./git.nix
./github.nix ./github.nix
./go.nix ./go.nix
./jellyfin.nix
./microsoft-edge.nix ./microsoft-edge.nix
./mpv.nix ./mpv.nix
./neovide.nix ./neovide.nix

2
home/programs/jellyfin.nix
View file

@ -4,7 +4,7 @@ let
in in
{ {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.packages = [ home.packages = lib.mkIf cfg.client.enable [
unstable.jellyfin-media-player unstable.jellyfin-media-player
]; ];
}; };

3
options/podman.nix
View file

@ -6,8 +6,5 @@
pihole.enable = lib.mkEnableOption "pihole podman"; pihole.enable = lib.mkEnableOption "pihole podman";
suwayomi.enable = lib.mkEnableOption "suwayomi podman"; suwayomi.enable = lib.mkEnableOption "suwayomi podman";
ytptube.enable = lib.mkEnableOption "metube podman"; ytptube.enable = lib.mkEnableOption "metube podman";
redmage.enable = lib.mkEnableOption "redmage podman";
redmage-demo.enable = lib.mkEnableOption "redmage-demo podman";
qbittorrent.enable = lib.mkEnableOption "qbittorrent podman";
}; };
} }

3
profiles/homeserver.nix
View file

@ -28,9 +28,6 @@
pihole.enable = true; pihole.enable = true;
suwayomi.enable = true; suwayomi.enable = true;
ytptube.enable = true; ytptube.enable = true;
redmage.enable = true;
redmage-demo.enable = true;
qbittorrent.enable = true;
}; };
docker = { docker = {

37
system/podman/caddy.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, lib, pkgs, ... }:
let
user = config.profile.user;
podman = config.profile.podman;
cache = "/home/${user.name}/.cache/podman/caddy";
in
{
config = lib.mkIf (podman.enable && podman.caddy.enable) {
system.activationScripts.podman-caddy = ''
mkdir -p ${cache}
chown -R ${config.profile.user.name} ${cache}
'';
# https://fictionbecomesfact.com/caddy-container
systemd.services.create-caddy-network = with config.virtualisation.oci-containers; {
serviceConfig.Type = "oneshot";
wantedBy = [ "${backend}-caddy.service" ];
script = ''${pkgs.podman}/bin/podman network exists caddy || ${pkgs.podman}/bin/podman network create caddy'';
};
virtualisation.oci-containers.containers = {
caddy = {
image = "lucaslorentz/caddy-docker-proxy:ci-alpine";
environment = {
TZ = "Asia/Jakarta";
};
ports = [ "80:80" "443:443" ];
autoStart = true;
volumes = [
"/run/user/${toString(user.uid)}/podman/podman.sock:/var/run/docker.sock:z"
"${cache}:/data"
];
extraOptions = [
"--network=caddy"
];
};
};
};
}

14
system/podman/default.nix
View file

@ -34,17 +34,13 @@ in
# Taken IP-Range Subnets # Taken IP-Range Subnets
# #
# 10.88.0.2 -> Redmage # 10.1.1.0-4 -> Pihole
# 10.88.0.3 -> Redmage Demo # 10.1.1.4-8 -> ytptube
# 10.88.0.4 -> ytptube # 10.1.1.8-12 -> Suwayomi
# 10.88.0.5 -> Suwayomi # 10.1.1.12-16 -> Suwayomi
# 10.88.0.6 -> Suwayomi Flaresolverr
# 10.88.1.1 -> Pihole
imports = [ imports = [
./caddy.nix
./pihole.nix ./pihole.nix
./qbittorrent.nix
./redmage-demo.nix
./redmage.nix
./suwayomi.nix ./suwayomi.nix
./ytptube.nix ./ytptube.nix
]; ];

22
system/podman/pihole.nix
View file

@ -1,10 +1,13 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
name = "pihole"; name = "pihole";
podman = config.profile.podman; podman = config.profile.podman;
pihole = podman.pihole; pihole = podman.pihole;
inherit (lib) mkIf attrsets; inherit (lib) mkIf strings attrsets;
ip = "10.88.1.1"; gateway = "10.1.1.1";
subnet = "10.1.1.0/30";
ip = "10.1.1.2";
ip-range = "10.1.1.2/30";
image = "pihole/pihole:latest"; image = "pihole/pihole:latest";
piholeDNSIPBind = "192.168.100.3"; piholeDNSIPBind = "192.168.100.3";
in in
@ -22,6 +25,16 @@ in
networking.nameservers = [ piholeDNSIPBind ]; networking.nameservers = [ piholeDNSIPBind ];
systemd.services."create-${name}-network" = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
wantedBy = [ "podman-${name}.service" ];
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
};
# We have refresh the custom.list dns list when caddy virtual hosts changes, # We have refresh the custom.list dns list when caddy virtual hosts changes,
# the easiest way to do so is to restart the pihole container. # the easiest way to do so is to restart the pihole container.
# #
@ -50,7 +63,6 @@ in
}; };
virtualisation.oci-containers.containers.${name} = { virtualisation.oci-containers.containers.${name} = {
inherit image; inherit image;
hostname = name;
environment = { environment = {
TZ = "Asia/Jakarta"; TZ = "Asia/Jakarta";
PIHOLE_DNS_ = "192.168.100.5"; PIHOLE_DNS_ = "192.168.100.5";
@ -75,7 +87,7 @@ in
]; ];
extraOptions = [ extraOptions = [
"--ip=${ip}" "--ip=${ip}"
"--network=podman" "--network=${name}"
"--cap-add=NET_ADMIN" "--cap-add=NET_ADMIN"
"--cap-add=NET_BIND_SERVICE" "--cap-add=NET_BIND_SERVICE"
"--cap-add=NET_RAW" "--cap-add=NET_RAW"

54
system/podman/qbittorrent.nix
View file

@ -1,54 +0,0 @@
{ config, lib, ... }:
let
name = "qbittorrent";
domain = "${name}.tigor.web.id";
podman = config.profile.podman;
qbittorrent = podman.qbittorrent;
inherit (lib) mkIf;
ip = "10.88.0.7";
image = "lscr.io/linuxserver/qbittorrent:latest";
volume = "/nas/torrents";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && qbittorrent.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${volume}/{config,downloads,progress,watch}
chown ${uid}:${gid} ${volume} ${volume}/{config,downloads,progress,watch}
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
WEBUI_PORT = "8080";
TORRENTING_PORT = "6881";
};
volumes = [
"${volume}/config:/config"
"${volume}/downloads:/downloads"
"${volume}/progress:/progress"
"${volume}/watch:/watch"
];
ports = [
"6881:6881"
"6881:6881/udp"
];
extraOptions = [
"--ip=${ip}"
"--network=podman"
];
};
};
}

45
system/podman/redmage-demo.nix
View file

@ -1,45 +0,0 @@
{ config, lib, ... }:
let
name = "redmage-demo";
podman = config.profile.podman;
inherit (lib) mkIf;
ip = "10.88.0.3";
image = "git.tigor.web.id/tigor/redmage:latest";
rootVolume = "/nas/redmage-demo";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/db
mkdir -p ${rootVolume}/images
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/db ${rootVolume}/images
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
user = "${uid}:${gid}";
environment = {
TZ = "Asia/Jakarta";
};
volumes = [
"${rootVolume}/db:/app/db"
"${rootVolume}/images:/app/downloads"
];
extraOptions = [
"--network=podman"
"--ip=${ip}"
];
};
};
}

45
system/podman/redmage.nix
View file

@ -1,45 +0,0 @@
{ config, lib, ... }:
let
name = "redmage";
podman = config.profile.podman;
inherit (lib) mkIf;
ip = "10.88.0.2";
image = "git.tigor.web.id/tigor/redmage:latest";
rootVolume = "/nas/redmage";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8080
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/db
mkdir -p ${rootVolume}/images
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/db ${rootVolume}/images
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
user = "${uid}:${gid}";
environment = {
TZ = "Asia/Jakarta";
};
volumes = [
"${rootVolume}/db:/app/db"
"${rootVolume}/images:/app/downloads"
];
extraOptions = [
"--network=podman"
"--ip=${ip}"
];
};
};
}

26
system/podman/suwayomi.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
name = "suwayomi"; name = "suwayomi";
name-flaresolverr = "${name}-flaresolverr"; name-flaresolverr = "${name}-flaresolverr";
@ -6,8 +6,11 @@ let
podman = config.profile.podman; podman = config.profile.podman;
suwayomi = podman.suwayomi; suwayomi = podman.suwayomi;
inherit (lib) mkIf; inherit (lib) mkIf;
ip = "10.88.0.5"; subnet = "10.1.1.8/29";
ip-flaresolverr = "10.88.0.6"; gateway = "10.1.1.9";
ip = "10.1.1.10";
ip-flaresolverr = "10.1.1.11";
ip-range = "10.1.1.10/29";
image = "ghcr.io/suwayomi/tachidesk:latest"; image = "ghcr.io/suwayomi/tachidesk:latest";
image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest"; image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest";
volume = "/nas/podman/suwayomi"; volume = "/nas/podman/suwayomi";
@ -21,14 +24,22 @@ in
reverse_proxy ${ip}:4567 reverse_proxy ${ip}:4567
''; '';
systemd.services."create-${name}-network" = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
wantedBy = [ "podman-${name}.service" ];
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
};
system.activationScripts."podman-${name}" = '' system.activationScripts."podman-${name}" = ''
mkdir -p ${volume} mkdir -p ${volume}
chown ${uid}:${gid} ${volume} chown -R ${uid}:${gid} ${volume}
''; '';
virtualisation.oci-containers.containers.${name} = { virtualisation.oci-containers.containers.${name} = {
inherit image; inherit image;
hostname = name;
autoStart = true; autoStart = true;
user = "${uid}:${gid}"; user = "${uid}:${gid}";
environment = { environment = {
@ -50,21 +61,20 @@ in
]; ];
extraOptions = [ extraOptions = [
"--ip=${ip}" "--ip=${ip}"
"--network=podman" "--network=${name}"
]; ];
dependsOn = [ "${name}-flaresolverr" ]; dependsOn = [ "${name}-flaresolverr" ];
}; };
virtualisation.oci-containers.containers.${name-flaresolverr} = { virtualisation.oci-containers.containers.${name-flaresolverr} = {
image = image-flaresolverr; image = image-flaresolverr;
hostname = name-flaresolverr;
autoStart = true; autoStart = true;
environment = { environment = {
TZ = "Asia/Jakarta"; TZ = "Asia/Jakarta";
}; };
extraOptions = [ extraOptions = [
"--ip=${ip-flaresolverr}" "--ip=${ip-flaresolverr}"
"--network=podman" "--network=${name}"
]; ];
}; };
}; };

19
system/podman/ytptube.nix
View file

@ -3,7 +3,10 @@ let
name = "ytptube"; name = "ytptube";
podman = config.profile.podman; podman = config.profile.podman;
inherit (lib) mkIf; inherit (lib) mkIf;
ip = "10.88.0.4"; gateway = "10.1.1.5";
subnet = "10.1.1.4/30";
ip = "10.1.1.6";
ip-range = "10.1.1.6/30";
image = "ghcr.io/arabcoders/${name}:latest"; image = "ghcr.io/arabcoders/${name}:latest";
volume = "/nas/mediaserver/${name}"; volume = "/nas/mediaserver/${name}";
domain = "${name}.tigor.web.id"; domain = "${name}.tigor.web.id";
@ -16,6 +19,17 @@ in
services.caddy.virtualHosts.${domain}.extraConfig = '' services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8081 reverse_proxy ${ip}:8081
''; '';
systemd.services."create-${name}-network" = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
wantedBy = [ "podman-${name}.service" ];
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
};
system.activationScripts."podman-${name}" = '' system.activationScripts."podman-${name}" = ''
mkdir -p ${volume} mkdir -p ${volume}
chown -R ${uid}:${gid} ${volume} chown -R ${uid}:${gid} ${volume}
@ -62,7 +76,6 @@ in
virtualisation.oci-containers.containers.${name} = { virtualisation.oci-containers.containers.${name} = {
inherit image; inherit image;
hostname = name;
autoStart = true; autoStart = true;
user = "${uid}:${gid}"; user = "${uid}:${gid}";
environment = { environment = {
@ -74,7 +87,7 @@ in
]; ];
extraOptions = [ extraOptions = [
"--ip=${ip}" "--ip=${ip}"
"--network=podman" "--network=${name}"
]; ];
}; };
}; };

5
system/services/stubby.nix
View file

@ -16,10 +16,7 @@ in
upstream_recursive_servers = [ upstream_recursive_servers = [
{ {
address_data = "1.1.1.1"; address_data = "1.1.1.1";
tls_auth_name = "cloudflare-dns.com"; tls_port = 853;
}
{
address_data = "1.0.0.1";
tls_auth_name = "cloudflare-dns.com"; tls_auth_name = "cloudflare-dns.com";
} }
]; ];