spoody/server-configuration
spoody/server-configuration
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

cleaned up services

Browse source
This commit is contained in:
Snorre 2025-03-04 12:52:52 +01:00
parent 5575532464
commit 3fcde8ba62
6 changed files with 121 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
flake.lock
View file

@ -97,6 +97,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -138,6 +156,28 @@
"type": "github" "type": "github"
} }
}, },
"microvm": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1739104176,
"narHash": "sha256-bNvtud2PUcbYM0i5Uq1v01Dcgq7RuhVKfjaSKkW2KRI=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "d3a9b7504d420a1ffd7c83c1bb8fe57deaf939d2",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1740560979, "lastModified": 1740560979,
@ -174,6 +214,7 @@
"agenix": "agenix", "agenix": "agenix",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"microvm": "microvm",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"simple-nixos-mailserver": "simple-nixos-mailserver" "simple-nixos-mailserver": "simple-nixos-mailserver"
} }
@ -201,6 +242,22 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1733308308,
"narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
"ref": "refs/heads/main",
"rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
"revCount": 792,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -215,6 +272,21 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

20
services/forgejo.nix
View file

@ -1,9 +1,4 @@
{ {...}: let
config,
pkgs,
lib,
...
}: let
host = "127.0.0.1"; host = "127.0.0.1";
port = 6969; port = 6969;
in { in {
@ -21,7 +16,7 @@ in {
server = { server = {
DOMAIN = "git.spoodythe.one"; DOMAIN = "git.spoodythe.one";
HTTP_PORT = port; HTTP_PORT = port;
ROOT_URL = "http://${host}:${toString port}"; ROOT_URL = "https://git.spoodythe.one";
}; };
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
@ -33,11 +28,7 @@ in {
}; };
}; };
networking.firewall.allowedTCPPorts = [80 443]; services.nginx.virtualHosts."git.spoodythe.one" = {
networking.firewall.allowedUDPPorts = [80 443];
services.nginx.
virtualHosts."git.spoodythe.one" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -45,6 +36,7 @@ in {
}; };
}; };
security.acme.acceptTerms = true; # Open port 80 and 443 for reverse proxy
security.acme.defaults.email = "snorre@altschul.dk"; networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443];
} }

6
services/jellyfin.nix
View file

@ -20,7 +20,7 @@ in {
# Enable Jellyfin # Enable Jellyfin
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
openFirewall = false; openFirewall = false; # We want jellyfin behind a reverse proxy
}; };
# Route subdomain traffic to jellyfin # Route subdomain traffic to jellyfin
@ -39,4 +39,8 @@ in {
proxyPass = "http://${host}:${toString port}"; proxyPass = "http://${host}:${toString port}";
}; };
}; };
# Open port 80 and 443 for reverse proxy
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443];
} }

30
services/nextcloud.nix
View file

@ -1,26 +1,32 @@
{pkgs, ...}: let {pkgs, ...}: let
nextcloud-pkg = pkgs.nextcloud30; nextcloud-pkg = pkgs.nextcloud30;
host = "127.0.0.1";
port = 8008;
in { in {
imports = [
"${fetchTarball {
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
}}/nextcloud-extras.nix"
];
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = nextcloud-pkg; package = nextcloud-pkg;
hostName = "localhost"; hostName = "localhost";
config.adminpassFile = "/var/lib/db/nextcloud/admin-password"; config.adminpassFile = "/var/lib/db/nextcloud/admin-password";
config.dbtype = "sqlite"; config.dbtype = "sqlite";
webserver = "caddy";
}; };
# Place nextcloud behind a reverse proxy
services.nginx.virtualHosts."localhost".listen = [
{
addr = host;
port = port;
}
];
services.nginx.virtualHosts."nextcloud.spoodythe.one" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
};
# Open port 80 and 443 for reverse proxy
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443]; networking.firewall.allowedUDPPorts = [80 443];
environment.systemPackages = [
nextcloud-pkg
];
} }

3
services/nginx.nix
View file

@ -6,4 +6,7 @@
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
}; };
security.acme.acceptTerms = true;
security.acme.defaults.email = "snorre@altschul.dk";
} }

17
services/sonarr.nix Normal file
View file

@ -0,0 +1,17 @@
{...}: let
host = "127.0.0.1";
port = 8989;
in {
services.sonarr = {
enable = true;
openFirewall = false; # Hide sonarr behind firewall
};
services.nginx.virtualHosts."git.spoodythe.one" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${host}:${toString port}";
};
};
}