Compare commits

...

10 commits

12 changed files with 242 additions and 65 deletions

View file

@ -27,8 +27,9 @@
uptest = "sudo nixos-rebuild test --flake $HOME/dotfiles"; uptest = "sudo nixos-rebuild test --flake $HOME/dotfiles";
dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles"; dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles";
jq = "gojq"; jq = "gojq";
n = "neovide --fork"; n = "neovide";
v = "nvim"; v = "nvim";
cd = "z";
}; };
dotDir = ".config/zsh"; dotDir = ".config/zsh";
history = { history = {

View file

@ -3,7 +3,8 @@
options.profile.podman = { options.profile.podman = {
enable = lib.mkEnableOption "podman"; enable = lib.mkEnableOption "podman";
caddy.enable = lib.mkEnableOption "caddy podman"; caddy.enable = lib.mkEnableOption "caddy podman";
kavita.enable = lib.mkEnableOption "kavita podman";
pihole.enable = lib.mkEnableOption "pihole podman"; pihole.enable = lib.mkEnableOption "pihole podman";
suwayomi.enable = lib.mkEnableOption "suwayomi podman";
ytptube.enable = lib.mkEnableOption "metube podman";
}; };
} }

View file

@ -13,5 +13,6 @@ in
syncthing.enable = mkEnableOption "syncthing"; syncthing.enable = mkEnableOption "syncthing";
openvpn.enable = mkEnableOption "openvpn"; openvpn.enable = mkEnableOption "openvpn";
stubby.enable = mkEnableOption "stubby"; stubby.enable = mkEnableOption "stubby";
jellyfin.enable = mkEnableOption "jellyfin";
}; };
} }

View file

@ -10,6 +10,7 @@
user = { user = {
name = "homeserver"; name = "homeserver";
fullName = "Homeserver"; fullName = "Homeserver";
getty.autoLogin = true;
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.05";
@ -25,6 +26,8 @@
podman = { podman = {
enable = true; enable = true;
pihole.enable = true; pihole.enable = true;
suwayomi.enable = true;
ytptube.enable = true;
}; };
docker = { docker = {
@ -41,6 +44,7 @@
syncthing.enable = true; syncthing.enable = true;
openvpn.enable = true; openvpn.enable = true;
stubby.enable = true; stubby.enable = true;
jellyfin.enable = true;
}; };
}; };
} }

View file

@ -10,10 +10,12 @@ in
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
dive # look into docker image layers dive # look into docker image layers
podman-tui # status of containers in the terminal podman-tui # status of containers in the terminal
podman-compose # start group of containers for dev
]; ];
systemd.timers."podman-auto-update".enable = true; systemd.timers."podman-auto-update" = {
enable = true;
wantedBy = [ "multi-user.target" ];
};
virtualisation.containers.enable = true; virtualisation.containers.enable = true;
virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.backend = "podman";
virtualisation.podman = { virtualisation.podman = {
@ -30,9 +32,16 @@ in
}; };
# Taken IP-Range Subnets
#
# 10.1.1.0-4 -> Pihole
# 10.1.1.4-8 -> ytptube
# 10.1.1.8-12 -> Suwayomi
# 10.1.1.12-16 -> Suwayomi
imports = [ imports = [
./caddy.nix ./caddy.nix
./kavita.nix
./pihole.nix ./pihole.nix
./suwayomi.nix
./ytptube.nix
]; ];
} }

View file

@ -1,49 +0,0 @@
{ config, lib, pkgs, ... }:
let
user = config.profile.user;
podman = config.profile.podman;
volume = "/nas/kavita";
image = "lscr.io/linuxserver/kavita:latest";
gid = toString user.gid;
uid = toString user.uid;
gateway = "10.1.1.1";
subnet = "10.1.1.0/24";
ip = "10.1.1.3";
ip-range = "10.1.1.3/25";
in
{
config = lib.mkIf (podman.enable && podman.kavita.enable) {
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
reverse_proxy ${ip}:5000
'';
systemd.services.create-kavita-network = with config.virtualisation.oci-containers; {
serviceConfig.Type = "oneshot";
wantedBy = [ "${backend}-kavita.service" ];
script = ''${pkgs.podman}/bin/podman network exists kavita || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} kavita'';
};
system.activationScripts.docker-kavita = ''
mkdir -p ${volume}
chown -R ${user.name}:${gid} ${volume}
'';
virtualisation.oci-containers.containers.kavita = {
inherit image;
environment = {
PUID = uid;
PGID = gid;
TZ = "Asia/Jakarta";
};
extraOptions = [
"--network=kavita"
"--ip=${ip}"
];
autoStart = true;
volumes = [
"${volume}/config:/config"
"${volume}/library:/library"
];
};
};
}

View file

@ -3,12 +3,13 @@ let
name = "pihole"; name = "pihole";
podman = config.profile.podman; podman = config.profile.podman;
pihole = podman.pihole; pihole = podman.pihole;
inherit (lib) mkIf; inherit (lib) mkIf strings attrsets;
gateway = "10.1.1.1"; gateway = "10.1.1.1";
subnet = "10.1.1.0/29"; subnet = "10.1.1.0/30";
ip = "10.1.1.3"; ip = "10.1.1.2";
ip-range = "10.1.1.3/29"; ip-range = "10.1.1.2/30";
image = "pihole/pihole:latest"; image = "pihole/pihole:latest";
piholeDNSIPBind = "192.168.100.3";
in in
{ {
config = mkIf (podman.enable && pihole.enable) { config = mkIf (podman.enable && pihole.enable) {
@ -22,19 +23,27 @@ in
sopsFile = ../../secrets/pihole.yaml; sopsFile = ../../secrets/pihole.yaml;
}; };
networking.nameservers = [ piholeDNSIPBind ];
systemd.services.create-kavita-network = {
systemd.services."create-${name}-network" = {
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
}; };
wantedBy = [ "podman-pihole.service" ]; wantedBy = [ "podman-${name}.service" ];
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}''; script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
}; };
# We have refresh the custom.list dns list when caddy virtual hosts changes,
# the easiest way to do so is to restart the pihole container.
#
# This works by collecting all the virtual hosts defined in caddy
# and check if the length of the list changes, if it does, we restart the pihole container.
systemd.services."podman-${name}".restartTriggers = attrsets.mapAttrsToList (name: _: name) config.services.caddy.virtualHosts;
environment.etc."pihole/custom.list" = { environment.etc."pihole/custom.list" = {
# Copy file instead of symlink # Copy file instead of symlink
mode = "0400"; mode = "0444";
# Creates a pihole custom.list file with the following pattern: # Creates a pihole custom.list file with the following pattern:
# #
@ -52,7 +61,7 @@ in
)} )}
''; '';
}; };
virtualisation.oci-containers.containers.pihole = { virtualisation.oci-containers.containers.${name} = {
inherit image; inherit image;
environment = { environment = {
TZ = "Asia/Jakarta"; TZ = "Asia/Jakarta";
@ -65,7 +74,7 @@ in
DNS_FQDN_REQUIRED = "false"; DNS_FQDN_REQUIRED = "false";
}; };
ports = [ ports = [
"192.168.100.4:53:53/udp" "${piholeDNSIPBind}:53:53/udp"
"67:67/udp" "67:67/udp"
]; ];
volumes = [ volumes = [

View file

@ -0,0 +1,81 @@
{ config, lib, pkgs, ... }:
let
name = "suwayomi";
name-flaresolverr = "${name}-flaresolverr";
domain = "manga.tigor.web.id";
podman = config.profile.podman;
suwayomi = podman.suwayomi;
inherit (lib) mkIf;
subnet = "10.1.1.8/29";
gateway = "10.1.1.9";
ip = "10.1.1.10";
ip-flaresolverr = "10.1.1.11";
ip-range = "10.1.1.10/29";
image = "ghcr.io/suwayomi/tachidesk:latest";
image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest";
volume = "/nas/podman/suwayomi";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && suwayomi.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:4567
'';
systemd.services."create-${name}-network" = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
wantedBy = [ "podman-${name}.service" ];
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
};
system.activationScripts."podman-${name}" = ''
mkdir -p ${volume}
chown -R ${uid}:${gid} ${volume}
'';
virtualisation.oci-containers.containers.${name} = {
inherit image;
autoStart = true;
user = "${uid}:${gid}";
environment = {
TZ = "Asia/Jakarta";
DOWNLOAD_AS_CBZ = "true";
AUTO_DOWNLOAD_CHAPTERS = "true";
AUTO_DOWNLOAD_EXCLUDE_UNREAD = "false";
EXTENSION_REPOS = ''["https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json"]'';
MAX_SOURCES_IN_PARALLEL = "20";
UPDATE_EXCLUDE_UNREAD = "false";
UPDATE_EXCLUDE_STARTED = "false";
UPDATE_INTERVAL = "6"; # 6 Hours interval
UPDATE_MANGA_INFO = "true";
FLARESOLVERR_ENABLED = "true";
FLARESOLVERR_URL = "http://${ip-flaresolverr}:8191";
};
volumes = [
"${volume}:/home/suwayomi/.local/share/Tachidesk"
];
extraOptions = [
"--ip=${ip}"
"--network=${name}"
];
dependsOn = [ "${name}-flaresolverr" ];
};
virtualisation.oci-containers.containers.${name-flaresolverr} = {
image = image-flaresolverr;
autoStart = true;
environment = {
TZ = "Asia/Jakarta";
};
extraOptions = [
"--ip=${ip-flaresolverr}"
"--network=${name}"
];
};
};
}

94
system/podman/ytptube.nix Normal file
View file

@ -0,0 +1,94 @@
{ config, lib, pkgs, ... }:
let
name = "ytptube";
podman = config.profile.podman;
inherit (lib) mkIf;
gateway = "10.1.1.5";
subnet = "10.1.1.4/30";
ip = "10.1.1.6";
ip-range = "10.1.1.6/30";
image = "ghcr.io/arabcoders/${name}:latest";
volume = "/nas/mediaserver/${name}";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:8081
'';
systemd.services."create-${name}-network" = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
wantedBy = [ "podman-${name}.service" ];
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
};
system.activationScripts."podman-${name}" = ''
mkdir -p ${volume}
chown -R ${uid}:${gid} ${volume}
'';
environment.etc."podman/${name}/ytdlp.json" = {
# https://github.com/arabcoders/ytptube?tab=readme-ov-file#ytdlpjson-file
source = (pkgs.formats.json { }).generate "config.json" {
windowsfilenames = true;
writesubtitles = true;
writeinfojson = true;
writethumbnail = true;
writeautomaticsub = false;
merge_output_format = "mkv";
live_from_start = true;
format_sort = [ "codec:abc:m4a" ];
subtitleslangs = [ "en" ];
postprocessors = [
# this processor convert the downloaded thumbnail to jpg.
{
key = "FFmpegThumbnailsConvertor";
format = "jpg";
}
# This processor convert subtitles to srt format.
{
key = "FFmpegSubtitlesConvertor";
format = "srt";
}
# This processor embed metadata & info.json file into the final mkv file.
{
key = "FFmpegMetadata";
add_infojson = true;
add_metadata = true;
}
# This process embed subtitles into the final file if it doesn't have subtitles embedded
{
key = "FFmpegEmbedSubtitle";
already_have_subtitle = false;
}
];
};
mode = "0444";
};
virtualisation.oci-containers.containers.${name} = {
inherit image;
autoStart = true;
user = "${uid}:${gid}";
environment = {
TZ = "Asia/Jakarta";
};
volumes = [
"${volume}:/downloads"
"/etc/podman/${name}/ytdlp.json:/config/ytdlp.json"
];
extraOptions = [
"--ip=${ip}"
"--network=${name}"
];
};
};
}

View file

@ -10,5 +10,6 @@
./kavita.nix ./kavita.nix
./openvpn.nix ./openvpn.nix
./stubby.nix ./stubby.nix
./jellyfin.nix
]; ];
} }

View file

@ -0,0 +1,25 @@
{ config, lib, ... }:
let
cfg = config.profile.services.jellyfin;
dataDir = "/nas/mediaserver/jellyfin";
domain = "jellyfin.tigor.web.id";
inherit (lib) mkIf;
username = config.profile.user.name;
in
{
config = mkIf cfg.enable {
users.users.${username}.extraGroups = [ "jellyfin" ];
users.users.jellyfin.extraGroups = [ username ];
system.activationScripts.jellyfin-prepare = ''
mkdir -p ${dataDir}
chmod -R 0777 /nas/mediaserver
'';
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy 0.0.0.0:8096
'';
services.jellyfin = {
enable = true;
inherit dataDir;
};
};
}

View file

@ -1,12 +1,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.profile.services.stubby; cfg = config.profile.services.stubby;
inherit (lib) mkIf; inherit (lib) mkIf lists;
in in
{ {
config = mkIf cfg.enable { config = mkIf cfg.enable {
networking.resolvconf.useLocalResolver = false; networking.resolvconf.useLocalResolver = false;
networking.nameservers = [ "192.168.100.5" ]; networking.nameservers = lists.optional (!config.profile.podman.pihole.enable) "192.168.100.5";
services.stubby = { services.stubby = {
enable = true; enable = true;
settings = pkgs.stubby.passthru.settingsExample // { settings = pkgs.stubby.passthru.settingsExample // {