Compare commits
10 commits
c5761763e7
...
b467579748
Author | SHA1 | Date | |
---|---|---|---|
Tigor Hutasuhut | b467579748 | ||
Tigor Hutasuhut | 0ef9a409f0 | ||
Tigor Hutasuhut | 714cdcea1c | ||
Tigor Hutasuhut | d69819ebb7 | ||
Tigor Hutasuhut | 94e658c279 | ||
Tigor Hutasuhut | 854b3e0d8d | ||
Tigor Hutasuhut | 4507ebd4de | ||
Tigor Hutasuhut | 86f7b971bb | ||
Tigor Hutasuhut | baccbeb7d0 | ||
Tigor Hutasuhut | 049cf0bf4d |
|
@ -27,8 +27,9 @@
|
||||||
uptest = "sudo nixos-rebuild test --flake $HOME/dotfiles";
|
uptest = "sudo nixos-rebuild test --flake $HOME/dotfiles";
|
||||||
dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles";
|
dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles";
|
||||||
jq = "gojq";
|
jq = "gojq";
|
||||||
n = "neovide --fork";
|
n = "neovide";
|
||||||
v = "nvim";
|
v = "nvim";
|
||||||
|
cd = "z";
|
||||||
};
|
};
|
||||||
dotDir = ".config/zsh";
|
dotDir = ".config/zsh";
|
||||||
history = {
|
history = {
|
||||||
|
|
|
@ -3,7 +3,8 @@
|
||||||
options.profile.podman = {
|
options.profile.podman = {
|
||||||
enable = lib.mkEnableOption "podman";
|
enable = lib.mkEnableOption "podman";
|
||||||
caddy.enable = lib.mkEnableOption "caddy podman";
|
caddy.enable = lib.mkEnableOption "caddy podman";
|
||||||
kavita.enable = lib.mkEnableOption "kavita podman";
|
|
||||||
pihole.enable = lib.mkEnableOption "pihole podman";
|
pihole.enable = lib.mkEnableOption "pihole podman";
|
||||||
|
suwayomi.enable = lib.mkEnableOption "suwayomi podman";
|
||||||
|
ytptube.enable = lib.mkEnableOption "metube podman";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,5 +13,6 @@ in
|
||||||
syncthing.enable = mkEnableOption "syncthing";
|
syncthing.enable = mkEnableOption "syncthing";
|
||||||
openvpn.enable = mkEnableOption "openvpn";
|
openvpn.enable = mkEnableOption "openvpn";
|
||||||
stubby.enable = mkEnableOption "stubby";
|
stubby.enable = mkEnableOption "stubby";
|
||||||
|
jellyfin.enable = mkEnableOption "jellyfin";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,6 +10,7 @@
|
||||||
user = {
|
user = {
|
||||||
name = "homeserver";
|
name = "homeserver";
|
||||||
fullName = "Homeserver";
|
fullName = "Homeserver";
|
||||||
|
getty.autoLogin = true;
|
||||||
};
|
};
|
||||||
system.stateVersion = "24.05";
|
system.stateVersion = "24.05";
|
||||||
|
|
||||||
|
@ -25,6 +26,8 @@
|
||||||
podman = {
|
podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
pihole.enable = true;
|
pihole.enable = true;
|
||||||
|
suwayomi.enable = true;
|
||||||
|
ytptube.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
docker = {
|
docker = {
|
||||||
|
@ -41,6 +44,7 @@
|
||||||
syncthing.enable = true;
|
syncthing.enable = true;
|
||||||
openvpn.enable = true;
|
openvpn.enable = true;
|
||||||
stubby.enable = true;
|
stubby.enable = true;
|
||||||
|
jellyfin.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,10 +10,12 @@ in
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
dive # look into docker image layers
|
dive # look into docker image layers
|
||||||
podman-tui # status of containers in the terminal
|
podman-tui # status of containers in the terminal
|
||||||
podman-compose # start group of containers for dev
|
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.timers."podman-auto-update".enable = true;
|
systemd.timers."podman-auto-update" = {
|
||||||
|
enable = true;
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
virtualisation.containers.enable = true;
|
virtualisation.containers.enable = true;
|
||||||
virtualisation.oci-containers.backend = "podman";
|
virtualisation.oci-containers.backend = "podman";
|
||||||
virtualisation.podman = {
|
virtualisation.podman = {
|
||||||
|
@ -30,9 +32,16 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
# Taken IP-Range Subnets
|
||||||
|
#
|
||||||
|
# 10.1.1.0-4 -> Pihole
|
||||||
|
# 10.1.1.4-8 -> ytptube
|
||||||
|
# 10.1.1.8-12 -> Suwayomi
|
||||||
|
# 10.1.1.12-16 -> Suwayomi
|
||||||
imports = [
|
imports = [
|
||||||
./caddy.nix
|
./caddy.nix
|
||||||
./kavita.nix
|
|
||||||
./pihole.nix
|
./pihole.nix
|
||||||
|
./suwayomi.nix
|
||||||
|
./ytptube.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,49 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
user = config.profile.user;
|
|
||||||
podman = config.profile.podman;
|
|
||||||
volume = "/nas/kavita";
|
|
||||||
image = "lscr.io/linuxserver/kavita:latest";
|
|
||||||
gid = toString user.gid;
|
|
||||||
uid = toString user.uid;
|
|
||||||
gateway = "10.1.1.1";
|
|
||||||
subnet = "10.1.1.0/24";
|
|
||||||
ip = "10.1.1.3";
|
|
||||||
ip-range = "10.1.1.3/25";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = lib.mkIf (podman.enable && podman.kavita.enable) {
|
|
||||||
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
|
|
||||||
reverse_proxy ${ip}:5000
|
|
||||||
'';
|
|
||||||
|
|
||||||
systemd.services.create-kavita-network = with config.virtualisation.oci-containers; {
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
wantedBy = [ "${backend}-kavita.service" ];
|
|
||||||
script = ''${pkgs.podman}/bin/podman network exists kavita || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} kavita'';
|
|
||||||
};
|
|
||||||
|
|
||||||
system.activationScripts.docker-kavita = ''
|
|
||||||
mkdir -p ${volume}
|
|
||||||
chown -R ${user.name}:${gid} ${volume}
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.kavita = {
|
|
||||||
inherit image;
|
|
||||||
environment = {
|
|
||||||
PUID = uid;
|
|
||||||
PGID = gid;
|
|
||||||
TZ = "Asia/Jakarta";
|
|
||||||
};
|
|
||||||
extraOptions = [
|
|
||||||
"--network=kavita"
|
|
||||||
"--ip=${ip}"
|
|
||||||
];
|
|
||||||
autoStart = true;
|
|
||||||
volumes = [
|
|
||||||
"${volume}/config:/config"
|
|
||||||
"${volume}/library:/library"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -3,12 +3,13 @@ let
|
||||||
name = "pihole";
|
name = "pihole";
|
||||||
podman = config.profile.podman;
|
podman = config.profile.podman;
|
||||||
pihole = podman.pihole;
|
pihole = podman.pihole;
|
||||||
inherit (lib) mkIf;
|
inherit (lib) mkIf strings attrsets;
|
||||||
gateway = "10.1.1.1";
|
gateway = "10.1.1.1";
|
||||||
subnet = "10.1.1.0/29";
|
subnet = "10.1.1.0/30";
|
||||||
ip = "10.1.1.3";
|
ip = "10.1.1.2";
|
||||||
ip-range = "10.1.1.3/29";
|
ip-range = "10.1.1.2/30";
|
||||||
image = "pihole/pihole:latest";
|
image = "pihole/pihole:latest";
|
||||||
|
piholeDNSIPBind = "192.168.100.3";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkIf (podman.enable && pihole.enable) {
|
config = mkIf (podman.enable && pihole.enable) {
|
||||||
|
@ -22,19 +23,27 @@ in
|
||||||
sopsFile = ../../secrets/pihole.yaml;
|
sopsFile = ../../secrets/pihole.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.nameservers = [ piholeDNSIPBind ];
|
||||||
|
|
||||||
systemd.services.create-kavita-network = {
|
|
||||||
|
systemd.services."create-${name}-network" = {
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
};
|
};
|
||||||
wantedBy = [ "podman-pihole.service" ];
|
wantedBy = [ "podman-${name}.service" ];
|
||||||
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# We have refresh the custom.list dns list when caddy virtual hosts changes,
|
||||||
|
# the easiest way to do so is to restart the pihole container.
|
||||||
|
#
|
||||||
|
# This works by collecting all the virtual hosts defined in caddy
|
||||||
|
# and check if the length of the list changes, if it does, we restart the pihole container.
|
||||||
|
systemd.services."podman-${name}".restartTriggers = attrsets.mapAttrsToList (name: _: name) config.services.caddy.virtualHosts;
|
||||||
environment.etc."pihole/custom.list" = {
|
environment.etc."pihole/custom.list" = {
|
||||||
# Copy file instead of symlink
|
# Copy file instead of symlink
|
||||||
mode = "0400";
|
mode = "0444";
|
||||||
|
|
||||||
# Creates a pihole custom.list file with the following pattern:
|
# Creates a pihole custom.list file with the following pattern:
|
||||||
#
|
#
|
||||||
|
@ -52,7 +61,7 @@ in
|
||||||
)}
|
)}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
virtualisation.oci-containers.containers.pihole = {
|
virtualisation.oci-containers.containers.${name} = {
|
||||||
inherit image;
|
inherit image;
|
||||||
environment = {
|
environment = {
|
||||||
TZ = "Asia/Jakarta";
|
TZ = "Asia/Jakarta";
|
||||||
|
@ -65,7 +74,7 @@ in
|
||||||
DNS_FQDN_REQUIRED = "false";
|
DNS_FQDN_REQUIRED = "false";
|
||||||
};
|
};
|
||||||
ports = [
|
ports = [
|
||||||
"192.168.100.4:53:53/udp"
|
"${piholeDNSIPBind}:53:53/udp"
|
||||||
"67:67/udp"
|
"67:67/udp"
|
||||||
];
|
];
|
||||||
volumes = [
|
volumes = [
|
||||||
|
|
81
system/podman/suwayomi.nix
Normal file
81
system/podman/suwayomi.nix
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
name = "suwayomi";
|
||||||
|
name-flaresolverr = "${name}-flaresolverr";
|
||||||
|
domain = "manga.tigor.web.id";
|
||||||
|
podman = config.profile.podman;
|
||||||
|
suwayomi = podman.suwayomi;
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
subnet = "10.1.1.8/29";
|
||||||
|
gateway = "10.1.1.9";
|
||||||
|
ip = "10.1.1.10";
|
||||||
|
ip-flaresolverr = "10.1.1.11";
|
||||||
|
ip-range = "10.1.1.10/29";
|
||||||
|
image = "ghcr.io/suwayomi/tachidesk:latest";
|
||||||
|
image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest";
|
||||||
|
volume = "/nas/podman/suwayomi";
|
||||||
|
user = config.profile.user;
|
||||||
|
uid = toString user.uid;
|
||||||
|
gid = toString user.gid;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf (podman.enable && suwayomi.enable) {
|
||||||
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
|
reverse_proxy ${ip}:4567
|
||||||
|
'';
|
||||||
|
|
||||||
|
systemd.services."create-${name}-network" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
wantedBy = [ "podman-${name}.service" ];
|
||||||
|
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
||||||
|
};
|
||||||
|
|
||||||
|
system.activationScripts."podman-${name}" = ''
|
||||||
|
mkdir -p ${volume}
|
||||||
|
chown -R ${uid}:${gid} ${volume}
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${name} = {
|
||||||
|
inherit image;
|
||||||
|
autoStart = true;
|
||||||
|
user = "${uid}:${gid}";
|
||||||
|
environment = {
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
DOWNLOAD_AS_CBZ = "true";
|
||||||
|
AUTO_DOWNLOAD_CHAPTERS = "true";
|
||||||
|
AUTO_DOWNLOAD_EXCLUDE_UNREAD = "false";
|
||||||
|
EXTENSION_REPOS = ''["https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json"]'';
|
||||||
|
MAX_SOURCES_IN_PARALLEL = "20";
|
||||||
|
UPDATE_EXCLUDE_UNREAD = "false";
|
||||||
|
UPDATE_EXCLUDE_STARTED = "false";
|
||||||
|
UPDATE_INTERVAL = "6"; # 6 Hours interval
|
||||||
|
UPDATE_MANGA_INFO = "true";
|
||||||
|
FLARESOLVERR_ENABLED = "true";
|
||||||
|
FLARESOLVERR_URL = "http://${ip-flaresolverr}:8191";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"${volume}:/home/suwayomi/.local/share/Tachidesk"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--ip=${ip}"
|
||||||
|
"--network=${name}"
|
||||||
|
];
|
||||||
|
dependsOn = [ "${name}-flaresolverr" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${name-flaresolverr} = {
|
||||||
|
image = image-flaresolverr;
|
||||||
|
autoStart = true;
|
||||||
|
environment = {
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
};
|
||||||
|
extraOptions = [
|
||||||
|
"--ip=${ip-flaresolverr}"
|
||||||
|
"--network=${name}"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
94
system/podman/ytptube.nix
Normal file
94
system/podman/ytptube.nix
Normal file
|
@ -0,0 +1,94 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
name = "ytptube";
|
||||||
|
podman = config.profile.podman;
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
gateway = "10.1.1.5";
|
||||||
|
subnet = "10.1.1.4/30";
|
||||||
|
ip = "10.1.1.6";
|
||||||
|
ip-range = "10.1.1.6/30";
|
||||||
|
image = "ghcr.io/arabcoders/${name}:latest";
|
||||||
|
volume = "/nas/mediaserver/${name}";
|
||||||
|
domain = "${name}.tigor.web.id";
|
||||||
|
user = config.profile.user;
|
||||||
|
uid = toString user.uid;
|
||||||
|
gid = toString user.gid;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf (podman.enable && podman.${name}.enable) {
|
||||||
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
|
reverse_proxy ${ip}:8081
|
||||||
|
'';
|
||||||
|
|
||||||
|
systemd.services."create-${name}-network" = {
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
wantedBy = [ "podman-${name}.service" ];
|
||||||
|
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
system.activationScripts."podman-${name}" = ''
|
||||||
|
mkdir -p ${volume}
|
||||||
|
chown -R ${uid}:${gid} ${volume}
|
||||||
|
'';
|
||||||
|
|
||||||
|
environment.etc."podman/${name}/ytdlp.json" = {
|
||||||
|
# https://github.com/arabcoders/ytptube?tab=readme-ov-file#ytdlpjson-file
|
||||||
|
source = (pkgs.formats.json { }).generate "config.json" {
|
||||||
|
windowsfilenames = true;
|
||||||
|
writesubtitles = true;
|
||||||
|
writeinfojson = true;
|
||||||
|
writethumbnail = true;
|
||||||
|
writeautomaticsub = false;
|
||||||
|
merge_output_format = "mkv";
|
||||||
|
live_from_start = true;
|
||||||
|
format_sort = [ "codec:abc:m4a" ];
|
||||||
|
subtitleslangs = [ "en" ];
|
||||||
|
postprocessors = [
|
||||||
|
# this processor convert the downloaded thumbnail to jpg.
|
||||||
|
{
|
||||||
|
key = "FFmpegThumbnailsConvertor";
|
||||||
|
format = "jpg";
|
||||||
|
}
|
||||||
|
# This processor convert subtitles to srt format.
|
||||||
|
{
|
||||||
|
key = "FFmpegSubtitlesConvertor";
|
||||||
|
format = "srt";
|
||||||
|
}
|
||||||
|
# This processor embed metadata & info.json file into the final mkv file.
|
||||||
|
{
|
||||||
|
key = "FFmpegMetadata";
|
||||||
|
add_infojson = true;
|
||||||
|
add_metadata = true;
|
||||||
|
}
|
||||||
|
# This process embed subtitles into the final file if it doesn't have subtitles embedded
|
||||||
|
{
|
||||||
|
key = "FFmpegEmbedSubtitle";
|
||||||
|
already_have_subtitle = false;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
mode = "0444";
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${name} = {
|
||||||
|
inherit image;
|
||||||
|
autoStart = true;
|
||||||
|
user = "${uid}:${gid}";
|
||||||
|
environment = {
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"${volume}:/downloads"
|
||||||
|
"/etc/podman/${name}/ytdlp.json:/config/ytdlp.json"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--ip=${ip}"
|
||||||
|
"--network=${name}"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -10,5 +10,6 @@
|
||||||
./kavita.nix
|
./kavita.nix
|
||||||
./openvpn.nix
|
./openvpn.nix
|
||||||
./stubby.nix
|
./stubby.nix
|
||||||
|
./jellyfin.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
25
system/services/jellyfin.nix
Normal file
25
system/services/jellyfin.nix
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.jellyfin;
|
||||||
|
dataDir = "/nas/mediaserver/jellyfin";
|
||||||
|
domain = "jellyfin.tigor.web.id";
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
username = config.profile.user.name;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
users.users.${username}.extraGroups = [ "jellyfin" ];
|
||||||
|
users.users.jellyfin.extraGroups = [ username ];
|
||||||
|
system.activationScripts.jellyfin-prepare = ''
|
||||||
|
mkdir -p ${dataDir}
|
||||||
|
chmod -R 0777 /nas/mediaserver
|
||||||
|
'';
|
||||||
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
|
reverse_proxy 0.0.0.0:8096
|
||||||
|
'';
|
||||||
|
services.jellyfin = {
|
||||||
|
enable = true;
|
||||||
|
inherit dataDir;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,12 +1,12 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.services.stubby;
|
cfg = config.profile.services.stubby;
|
||||||
inherit (lib) mkIf;
|
inherit (lib) mkIf lists;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
networking.resolvconf.useLocalResolver = false;
|
networking.resolvconf.useLocalResolver = false;
|
||||||
networking.nameservers = [ "192.168.100.5" ];
|
networking.nameservers = lists.optional (!config.profile.podman.pihole.enable) "192.168.100.5";
|
||||||
services.stubby = {
|
services.stubby = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = pkgs.stubby.passthru.settingsExample // {
|
settings = pkgs.stubby.passthru.settingsExample // {
|
||||||
|
|
Loading…
Reference in a new issue