Compare commits
10 commits
c5761763e7
...
b467579748
Author | SHA1 | Date | |
---|---|---|---|
Tigor Hutasuhut | b467579748 | ||
Tigor Hutasuhut | 0ef9a409f0 | ||
Tigor Hutasuhut | 714cdcea1c | ||
Tigor Hutasuhut | d69819ebb7 | ||
Tigor Hutasuhut | 94e658c279 | ||
Tigor Hutasuhut | 854b3e0d8d | ||
Tigor Hutasuhut | 4507ebd4de | ||
Tigor Hutasuhut | 86f7b971bb | ||
Tigor Hutasuhut | baccbeb7d0 | ||
Tigor Hutasuhut | 049cf0bf4d |
|
@ -27,8 +27,9 @@
|
|||
uptest = "sudo nixos-rebuild test --flake $HOME/dotfiles";
|
||||
dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles";
|
||||
jq = "gojq";
|
||||
n = "neovide --fork";
|
||||
n = "neovide";
|
||||
v = "nvim";
|
||||
cd = "z";
|
||||
};
|
||||
dotDir = ".config/zsh";
|
||||
history = {
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
options.profile.podman = {
|
||||
enable = lib.mkEnableOption "podman";
|
||||
caddy.enable = lib.mkEnableOption "caddy podman";
|
||||
kavita.enable = lib.mkEnableOption "kavita podman";
|
||||
pihole.enable = lib.mkEnableOption "pihole podman";
|
||||
suwayomi.enable = lib.mkEnableOption "suwayomi podman";
|
||||
ytptube.enable = lib.mkEnableOption "metube podman";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -13,5 +13,6 @@ in
|
|||
syncthing.enable = mkEnableOption "syncthing";
|
||||
openvpn.enable = mkEnableOption "openvpn";
|
||||
stubby.enable = mkEnableOption "stubby";
|
||||
jellyfin.enable = mkEnableOption "jellyfin";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
user = {
|
||||
name = "homeserver";
|
||||
fullName = "Homeserver";
|
||||
getty.autoLogin = true;
|
||||
};
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
|
@ -25,6 +26,8 @@
|
|||
podman = {
|
||||
enable = true;
|
||||
pihole.enable = true;
|
||||
suwayomi.enable = true;
|
||||
ytptube.enable = true;
|
||||
};
|
||||
|
||||
docker = {
|
||||
|
@ -41,6 +44,7 @@
|
|||
syncthing.enable = true;
|
||||
openvpn.enable = true;
|
||||
stubby.enable = true;
|
||||
jellyfin.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,10 +10,12 @@ in
|
|||
environment.systemPackages = with pkgs; [
|
||||
dive # look into docker image layers
|
||||
podman-tui # status of containers in the terminal
|
||||
podman-compose # start group of containers for dev
|
||||
];
|
||||
|
||||
systemd.timers."podman-auto-update".enable = true;
|
||||
systemd.timers."podman-auto-update" = {
|
||||
enable = true;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
virtualisation.containers.enable = true;
|
||||
virtualisation.oci-containers.backend = "podman";
|
||||
virtualisation.podman = {
|
||||
|
@ -30,9 +32,16 @@ in
|
|||
};
|
||||
|
||||
|
||||
# Taken IP-Range Subnets
|
||||
#
|
||||
# 10.1.1.0-4 -> Pihole
|
||||
# 10.1.1.4-8 -> ytptube
|
||||
# 10.1.1.8-12 -> Suwayomi
|
||||
# 10.1.1.12-16 -> Suwayomi
|
||||
imports = [
|
||||
./caddy.nix
|
||||
./kavita.nix
|
||||
./pihole.nix
|
||||
./suwayomi.nix
|
||||
./ytptube.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,49 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
user = config.profile.user;
|
||||
podman = config.profile.podman;
|
||||
volume = "/nas/kavita";
|
||||
image = "lscr.io/linuxserver/kavita:latest";
|
||||
gid = toString user.gid;
|
||||
uid = toString user.uid;
|
||||
gateway = "10.1.1.1";
|
||||
subnet = "10.1.1.0/24";
|
||||
ip = "10.1.1.3";
|
||||
ip-range = "10.1.1.3/25";
|
||||
in
|
||||
{
|
||||
config = lib.mkIf (podman.enable && podman.kavita.enable) {
|
||||
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
|
||||
reverse_proxy ${ip}:5000
|
||||
'';
|
||||
|
||||
systemd.services.create-kavita-network = with config.virtualisation.oci-containers; {
|
||||
serviceConfig.Type = "oneshot";
|
||||
wantedBy = [ "${backend}-kavita.service" ];
|
||||
script = ''${pkgs.podman}/bin/podman network exists kavita || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} kavita'';
|
||||
};
|
||||
|
||||
system.activationScripts.docker-kavita = ''
|
||||
mkdir -p ${volume}
|
||||
chown -R ${user.name}:${gid} ${volume}
|
||||
'';
|
||||
|
||||
virtualisation.oci-containers.containers.kavita = {
|
||||
inherit image;
|
||||
environment = {
|
||||
PUID = uid;
|
||||
PGID = gid;
|
||||
TZ = "Asia/Jakarta";
|
||||
};
|
||||
extraOptions = [
|
||||
"--network=kavita"
|
||||
"--ip=${ip}"
|
||||
];
|
||||
autoStart = true;
|
||||
volumes = [
|
||||
"${volume}/config:/config"
|
||||
"${volume}/library:/library"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,12 +3,13 @@ let
|
|||
name = "pihole";
|
||||
podman = config.profile.podman;
|
||||
pihole = podman.pihole;
|
||||
inherit (lib) mkIf;
|
||||
inherit (lib) mkIf strings attrsets;
|
||||
gateway = "10.1.1.1";
|
||||
subnet = "10.1.1.0/29";
|
||||
ip = "10.1.1.3";
|
||||
ip-range = "10.1.1.3/29";
|
||||
subnet = "10.1.1.0/30";
|
||||
ip = "10.1.1.2";
|
||||
ip-range = "10.1.1.2/30";
|
||||
image = "pihole/pihole:latest";
|
||||
piholeDNSIPBind = "192.168.100.3";
|
||||
in
|
||||
{
|
||||
config = mkIf (podman.enable && pihole.enable) {
|
||||
|
@ -22,19 +23,27 @@ in
|
|||
sopsFile = ../../secrets/pihole.yaml;
|
||||
};
|
||||
|
||||
networking.nameservers = [ piholeDNSIPBind ];
|
||||
|
||||
systemd.services.create-kavita-network = {
|
||||
|
||||
systemd.services."create-${name}-network" = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
wantedBy = [ "podman-pihole.service" ];
|
||||
wantedBy = [ "podman-${name}.service" ];
|
||||
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
||||
};
|
||||
|
||||
# We have refresh the custom.list dns list when caddy virtual hosts changes,
|
||||
# the easiest way to do so is to restart the pihole container.
|
||||
#
|
||||
# This works by collecting all the virtual hosts defined in caddy
|
||||
# and check if the length of the list changes, if it does, we restart the pihole container.
|
||||
systemd.services."podman-${name}".restartTriggers = attrsets.mapAttrsToList (name: _: name) config.services.caddy.virtualHosts;
|
||||
environment.etc."pihole/custom.list" = {
|
||||
# Copy file instead of symlink
|
||||
mode = "0400";
|
||||
mode = "0444";
|
||||
|
||||
# Creates a pihole custom.list file with the following pattern:
|
||||
#
|
||||
|
@ -52,7 +61,7 @@ in
|
|||
)}
|
||||
'';
|
||||
};
|
||||
virtualisation.oci-containers.containers.pihole = {
|
||||
virtualisation.oci-containers.containers.${name} = {
|
||||
inherit image;
|
||||
environment = {
|
||||
TZ = "Asia/Jakarta";
|
||||
|
@ -65,7 +74,7 @@ in
|
|||
DNS_FQDN_REQUIRED = "false";
|
||||
};
|
||||
ports = [
|
||||
"192.168.100.4:53:53/udp"
|
||||
"${piholeDNSIPBind}:53:53/udp"
|
||||
"67:67/udp"
|
||||
];
|
||||
volumes = [
|
||||
|
|
81
system/podman/suwayomi.nix
Normal file
81
system/podman/suwayomi.nix
Normal file
|
@ -0,0 +1,81 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
name = "suwayomi";
|
||||
name-flaresolverr = "${name}-flaresolverr";
|
||||
domain = "manga.tigor.web.id";
|
||||
podman = config.profile.podman;
|
||||
suwayomi = podman.suwayomi;
|
||||
inherit (lib) mkIf;
|
||||
subnet = "10.1.1.8/29";
|
||||
gateway = "10.1.1.9";
|
||||
ip = "10.1.1.10";
|
||||
ip-flaresolverr = "10.1.1.11";
|
||||
ip-range = "10.1.1.10/29";
|
||||
image = "ghcr.io/suwayomi/tachidesk:latest";
|
||||
image-flaresolverr = "ghcr.io/flaresolverr/flaresolverr:latest";
|
||||
volume = "/nas/podman/suwayomi";
|
||||
user = config.profile.user;
|
||||
uid = toString user.uid;
|
||||
gid = toString user.gid;
|
||||
in
|
||||
{
|
||||
config = mkIf (podman.enable && suwayomi.enable) {
|
||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||
reverse_proxy ${ip}:4567
|
||||
'';
|
||||
|
||||
systemd.services."create-${name}-network" = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
wantedBy = [ "podman-${name}.service" ];
|
||||
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
||||
};
|
||||
|
||||
system.activationScripts."podman-${name}" = ''
|
||||
mkdir -p ${volume}
|
||||
chown -R ${uid}:${gid} ${volume}
|
||||
'';
|
||||
|
||||
virtualisation.oci-containers.containers.${name} = {
|
||||
inherit image;
|
||||
autoStart = true;
|
||||
user = "${uid}:${gid}";
|
||||
environment = {
|
||||
TZ = "Asia/Jakarta";
|
||||
DOWNLOAD_AS_CBZ = "true";
|
||||
AUTO_DOWNLOAD_CHAPTERS = "true";
|
||||
AUTO_DOWNLOAD_EXCLUDE_UNREAD = "false";
|
||||
EXTENSION_REPOS = ''["https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json"]'';
|
||||
MAX_SOURCES_IN_PARALLEL = "20";
|
||||
UPDATE_EXCLUDE_UNREAD = "false";
|
||||
UPDATE_EXCLUDE_STARTED = "false";
|
||||
UPDATE_INTERVAL = "6"; # 6 Hours interval
|
||||
UPDATE_MANGA_INFO = "true";
|
||||
FLARESOLVERR_ENABLED = "true";
|
||||
FLARESOLVERR_URL = "http://${ip-flaresolverr}:8191";
|
||||
};
|
||||
volumes = [
|
||||
"${volume}:/home/suwayomi/.local/share/Tachidesk"
|
||||
];
|
||||
extraOptions = [
|
||||
"--ip=${ip}"
|
||||
"--network=${name}"
|
||||
];
|
||||
dependsOn = [ "${name}-flaresolverr" ];
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers.${name-flaresolverr} = {
|
||||
image = image-flaresolverr;
|
||||
autoStart = true;
|
||||
environment = {
|
||||
TZ = "Asia/Jakarta";
|
||||
};
|
||||
extraOptions = [
|
||||
"--ip=${ip-flaresolverr}"
|
||||
"--network=${name}"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
94
system/podman/ytptube.nix
Normal file
94
system/podman/ytptube.nix
Normal file
|
@ -0,0 +1,94 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
name = "ytptube";
|
||||
podman = config.profile.podman;
|
||||
inherit (lib) mkIf;
|
||||
gateway = "10.1.1.5";
|
||||
subnet = "10.1.1.4/30";
|
||||
ip = "10.1.1.6";
|
||||
ip-range = "10.1.1.6/30";
|
||||
image = "ghcr.io/arabcoders/${name}:latest";
|
||||
volume = "/nas/mediaserver/${name}";
|
||||
domain = "${name}.tigor.web.id";
|
||||
user = config.profile.user;
|
||||
uid = toString user.uid;
|
||||
gid = toString user.gid;
|
||||
in
|
||||
{
|
||||
config = mkIf (podman.enable && podman.${name}.enable) {
|
||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||
reverse_proxy ${ip}:8081
|
||||
'';
|
||||
|
||||
systemd.services."create-${name}-network" = {
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
wantedBy = [ "podman-${name}.service" ];
|
||||
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
||||
};
|
||||
|
||||
|
||||
system.activationScripts."podman-${name}" = ''
|
||||
mkdir -p ${volume}
|
||||
chown -R ${uid}:${gid} ${volume}
|
||||
'';
|
||||
|
||||
environment.etc."podman/${name}/ytdlp.json" = {
|
||||
# https://github.com/arabcoders/ytptube?tab=readme-ov-file#ytdlpjson-file
|
||||
source = (pkgs.formats.json { }).generate "config.json" {
|
||||
windowsfilenames = true;
|
||||
writesubtitles = true;
|
||||
writeinfojson = true;
|
||||
writethumbnail = true;
|
||||
writeautomaticsub = false;
|
||||
merge_output_format = "mkv";
|
||||
live_from_start = true;
|
||||
format_sort = [ "codec:abc:m4a" ];
|
||||
subtitleslangs = [ "en" ];
|
||||
postprocessors = [
|
||||
# this processor convert the downloaded thumbnail to jpg.
|
||||
{
|
||||
key = "FFmpegThumbnailsConvertor";
|
||||
format = "jpg";
|
||||
}
|
||||
# This processor convert subtitles to srt format.
|
||||
{
|
||||
key = "FFmpegSubtitlesConvertor";
|
||||
format = "srt";
|
||||
}
|
||||
# This processor embed metadata & info.json file into the final mkv file.
|
||||
{
|
||||
key = "FFmpegMetadata";
|
||||
add_infojson = true;
|
||||
add_metadata = true;
|
||||
}
|
||||
# This process embed subtitles into the final file if it doesn't have subtitles embedded
|
||||
{
|
||||
key = "FFmpegEmbedSubtitle";
|
||||
already_have_subtitle = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
mode = "0444";
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers.${name} = {
|
||||
inherit image;
|
||||
autoStart = true;
|
||||
user = "${uid}:${gid}";
|
||||
environment = {
|
||||
TZ = "Asia/Jakarta";
|
||||
};
|
||||
volumes = [
|
||||
"${volume}:/downloads"
|
||||
"/etc/podman/${name}/ytdlp.json:/config/ytdlp.json"
|
||||
];
|
||||
extraOptions = [
|
||||
"--ip=${ip}"
|
||||
"--network=${name}"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -10,5 +10,6 @@
|
|||
./kavita.nix
|
||||
./openvpn.nix
|
||||
./stubby.nix
|
||||
./jellyfin.nix
|
||||
];
|
||||
}
|
||||
|
|
25
system/services/jellyfin.nix
Normal file
25
system/services/jellyfin.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.services.jellyfin;
|
||||
dataDir = "/nas/mediaserver/jellyfin";
|
||||
domain = "jellyfin.tigor.web.id";
|
||||
inherit (lib) mkIf;
|
||||
username = config.profile.user.name;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
users.users.${username}.extraGroups = [ "jellyfin" ];
|
||||
users.users.jellyfin.extraGroups = [ username ];
|
||||
system.activationScripts.jellyfin-prepare = ''
|
||||
mkdir -p ${dataDir}
|
||||
chmod -R 0777 /nas/mediaserver
|
||||
'';
|
||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||
reverse_proxy 0.0.0.0:8096
|
||||
'';
|
||||
services.jellyfin = {
|
||||
enable = true;
|
||||
inherit dataDir;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,12 +1,12 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.profile.services.stubby;
|
||||
inherit (lib) mkIf;
|
||||
inherit (lib) mkIf lists;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
networking.resolvconf.useLocalResolver = false;
|
||||
networking.nameservers = [ "192.168.100.5" ];
|
||||
networking.nameservers = lists.optional (!config.profile.podman.pihole.enable) "192.168.100.5";
|
||||
services.stubby = {
|
||||
enable = true;
|
||||
settings = pkgs.stubby.passthru.settingsExample // {
|
||||
|
|
Loading…
Reference in a new issue