spoody/server-configuration
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

cleaned up services

Browse source
This commit is contained in:
Snorre 2025-03-04 12:52:52 +01:00
parent 5575532464
commit 3fcde8ba62
6 changed files with 121 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
flake.lock
View file

@ -97,6 +97,24 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -138,6 +156,28 @@
"type": "github"
}
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1739104176,
"narHash": "sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1740560979,
@ -174,6 +214,7 @@
"agenix": "agenix",
"disko": "disko",
"home-manager": "home-manager_2",
"microvm": "microvm",
"nixpkgs": "nixpkgs",
"simple-nixos-mailserver": "simple-nixos-mailserver"
}
@ -201,6 +242,22 @@
"type": "gitlab"
}
},
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1733308308,
"narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
"ref": "refs/heads/main",
"rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
"revCount": 792,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -215,6 +272,21 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

20
services/forgejo.nix
View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}: let
{...}: let
host = "127.0.0.1";
port = 6969;
in {
@ -21,7 +16,7 @@ in {
server = {
DOMAIN = "git.spoodythe.one";
HTTP_PORT = port;
ROOT_URL = "http://${host}:${toString port}";
ROOT_URL = "https://git.spoodythe.one";
};
service.DISABLE_REGISTRATION = true;
@ -33,11 +28,7 @@ in {
};
};
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443];
services.nginx.
virtualHosts."git.spoodythe.one" = {
services.nginx.virtualHosts."git.spoodythe.one" = {
addSSL = true;
enableACME = true;
locations."/" = {
@ -45,6 +36,7 @@ in {
};
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "snorre@altschul.dk";
# Open port 80 and 443 for reverse proxy
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443];
}

6
services/jellyfin.nix
View file

@ -20,7 +20,7 @@ in {
# Enable Jellyfin
services.jellyfin = {
enable = true;
openFirewall = false;
openFirewall = false; # We want jellyfin behind a reverse proxy
};
# Route subdomain traffic to jellyfin
@ -39,4 +39,8 @@ in {
proxyPass = "http://${host}:${toString port}";
};
};
# Open port 80 and 443 for reverse proxy
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443];
}

30
services/nextcloud.nix
View file

@ -1,26 +1,32 @@
{pkgs, ...}: let
nextcloud-pkg = pkgs.nextcloud30;
host = "127.0.0.1";
port = 8008;
in {
imports = [
"${fetchTarball {
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
}}/nextcloud-extras.nix"
];
services.nextcloud = {
enable = true;
package = nextcloud-pkg;
hostName = "localhost";
config.adminpassFile = "/var/lib/db/nextcloud/admin-password";
config.dbtype = "sqlite";
webserver = "caddy";
};
# Place nextcloud behind a reverse proxy
services.nginx.virtualHosts."localhost".listen = [
{
addr = host;
port = port;
}
];
services.nginx.virtualHosts."nextcloud.spoodythe.one" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
};
# Open port 80 and 443 for reverse proxy
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443];
environment.systemPackages = [
nextcloud-pkg
];
}

3
services/nginx.nix
View file

@ -6,4 +6,7 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "snorre@altschul.dk";
}

17
services/sonarr.nix Normal file
View file

@ -0,0 +1,17 @@
{...}: let
host = "127.0.0.1";
port = 8989;
in {
services.sonarr = {
enable = true;
openFirewall = false; # Hide sonarr behind firewall
};
services.nginx.virtualHosts."git.spoodythe.one" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
};
}