From 0a5754541bb01e96021ca7ee74f1256a8ee68bc4 Mon Sep 17 00:00:00 2001 From: tdback Date: Sat, 21 Dec 2024 15:32:13 -0500 Subject: initial commit to self-hosted git --- modules/retired/forgejo/default.nix | 65 ++++++++++++++++++++++++++++++++ modules/retired/kavita/default.nix | 28 ++++++++++++++ modules/retired/mealie/default.nix | 22 +++++++++++ modules/retired/mumble/default.nix | 11 ++++++ modules/retired/navidrome/default.nix | 31 +++++++++++++++ modules/retired/pihole/default.nix | 52 +++++++++++++++++++++++++ modules/retired/stirling-pdf/default.nix | 23 +++++++++++ modules/retired/xonotic/default.nix | 25 ++++++++++++ 8 files changed, 257 insertions(+) create mode 100644 modules/retired/forgejo/default.nix create mode 100644 modules/retired/kavita/default.nix create mode 100644 modules/retired/mealie/default.nix create mode 100644 modules/retired/mumble/default.nix create mode 100644 modules/retired/navidrome/default.nix create mode 100644 modules/retired/pihole/default.nix create mode 100644 modules/retired/stirling-pdf/default.nix create mode 100644 modules/retired/xonotic/default.nix (limited to 'modules/retired') diff --git a/modules/retired/forgejo/default.nix b/modules/retired/forgejo/default.nix new file mode 100644 index 0000000..9db55b2 --- /dev/null +++ b/modules/retired/forgejo/default.nix @@ -0,0 +1,65 @@ +{ inputs, config, lib, pkgs, ... }: +let + domain = "git.tdback.net"; + port = 3000; +in +{ + services.forgejo = { + enable = true; + package = pkgs.unstable.forgejo; + stateDir = "/tank/forgejo"; + database.type = "postgres"; + lfs.enable = true; + settings = { + server = { + DOMAIN = domain; + ROOT_URL = "https://${domain}/"; + HTTP_PORT = port; + }; + service.DISABLE_REGISTRATION = true; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://${domain}"; + }; + }; + }; + + age.secrets.forgejoAdminPass = { + file = "${inputs.self}/secrets/forgejoAdminPass.age"; + mode = "770"; + owner = "forgejo"; + group = "forgejo"; + }; + + systemd.services.forgejo.preStart = + let + adminCmd = "${lib.getExe config.services.forgejo.package} admin user"; + password = config.age.secrets.forgejoAdminPass.path; + user = "tdback"; + email = "tyler@tdback.net"; + in '' + ${adminCmd} create --admin --email ${email} --username ${user} --password "$(tr -d '\n' < ${password})" || true + ''; + + services.openssh.settings.AllowUsers = [ "forgejo" ]; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:${builtins.toString port} + ''; + + age.secrets.forgejoRunnerToken.file = "${inputs.self}/secrets/forgejoRunnerToken.age"; + services.gitea-actions-runner = { + package = pkgs.unstable.forgejo-runner; + instances.default = { + enable = true; + name = "monolith"; + url = "https://${domain}"; + tokenFile = config.age.secrets.forgejoRunnerToken.path; + labels = [ + "ubuntu-latest:docker://node:20-bookworm" + "ubuntu-22.04:docker://node:20-bookworm" + ]; + }; + }; +} diff --git a/modules/retired/kavita/default.nix b/modules/retired/kavita/default.nix new file mode 100644 index 0000000..c72aca6 --- /dev/null +++ b/modules/retired/kavita/default.nix @@ -0,0 +1,28 @@ +{ ... }: +let + directories = [ + "/opt/kavita" + ]; +in +{ + systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories; + virtualisation.oci-containers.containers.kavita = { + image = "jvmilazz0/kavita:latest"; + autoStart = true; + ports = [ + "5000:5000" + ]; + volumes = [ + "/opt/kavita/config:/kavita/config" + "/lagoon/media/library/Books:/books" + ]; + environment = { + TZ = "America/Detroit"; + }; + }; + + services.caddy.virtualHosts."library.tdback.net".extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:5000 + ''; +} diff --git a/modules/retired/mealie/default.nix b/modules/retired/mealie/default.nix new file mode 100644 index 0000000..2d869ce --- /dev/null +++ b/modules/retired/mealie/default.nix @@ -0,0 +1,22 @@ +{ config, pkgs, ... }: +let + domain = "toasted.brownbread.net"; +in +{ + services.mealie = { + enable = true; + package = pkgs.unstable.mealie; + settings = { + BASE_URL = domain; + DB_ENGINE = "sqlite"; + ALLOW_SIGNUP = "false"; + SECURITY_MAX_LOGIN_ATTEMPTS = 3; + TZ = "America/Detroit"; + }; + }; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:${builtins.toString config.services.mealie.port} + ''; +} diff --git a/modules/retired/mumble/default.nix b/modules/retired/mumble/default.nix new file mode 100644 index 0000000..29e3339 --- /dev/null +++ b/modules/retired/mumble/default.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + services.murmur = { + enable = true; + package = pkgs.murmur; + port = 64738; + openFirewall = true; + environmentFile = "/var/lib/murmur/murmurd.env"; + password = "$MURMURD_PASSWORD"; + }; +} diff --git a/modules/retired/navidrome/default.nix b/modules/retired/navidrome/default.nix new file mode 100644 index 0000000..d98117b --- /dev/null +++ b/modules/retired/navidrome/default.nix @@ -0,0 +1,31 @@ +{ lib, ... }: +let + directory = "/opt/navidrome"; +in +{ + systemd.tmpfiles.rules = + map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory); + + virtualisation.oci-containers.containers.navidrome = { + image = "deluan/navidrome:latest"; + autoStart = true; + ports = [ + "4533:4533" + ]; + volumes = [ + "${directory}/data:/data" + "/lagoon/media/music:/music:ro" + ]; + environment = { + ND_SCANSCHEDULE = "1h"; + ND_LOGLEVEL = "info"; + ND_SESSIONTIMEOUT = "24h"; + ND_ENABLEUSEREDITING = "false"; + }; + }; + + services.caddy.virtualHosts."radioactive.brownbread.net".extraConfig = '' + encode zstd gzip + reverse_proxy http://localhost:4533 + ''; +} diff --git a/modules/retired/pihole/default.nix b/modules/retired/pihole/default.nix new file mode 100644 index 0000000..034c91b --- /dev/null +++ b/modules/retired/pihole/default.nix @@ -0,0 +1,52 @@ +{ inputs, config, lib, ... }: +let + # TODO: Think about changing this to config.networking.interface... + # Will have to pull the first value in the list, which might be messy but it + # will definitely make it more producible across machines. + ip = "10.0.0.203"; + interface = "eno1"; + directory = "/opt/pihole"; +in +{ + systemd.tmpfiles.rules = + map (x: "d ${x} 0755 share share - -") (lib.lists.singleton directory); + + virtualisation.oci-containers.containers.pihole = { + image = "pihole/pihole:latest"; + autoStart = true; + ports = [ + "53:53/udp" + "53:53/tcp" + "80:80/tcp" + ]; + volumes = [ + "${directory}/etc:/etc/pihole" + "${directory}/etc-dnsmasq.d:/etc/dnsmasq.d" + ]; + environment = { + TZ = "America/Detroit"; + FTLCONF_LOCAL_IPV4 = ip; + INTERFACE = interface; + }; + extraOptions = [ "--network=host" ]; + }; + + age.secrets.piholeAdminPass = { + file = "${inputs.self}/secrets/piholeAdminPass.age"; + mode = "770"; + owner = "share"; + group = "share"; + }; + + systemd.services.podman-pihole.postStart = + let + password = config.age.secrets.piholeAdminPass.path; + in '' + podman exec -it pihole pihole -a -p "$(tr -d '\n' < ${password})" + ''; + + networking.firewall = { + allowedTCPPorts = [ 53 80 ]; + allowedUDPPorts = [ 53 ]; + }; +} diff --git a/modules/retired/stirling-pdf/default.nix b/modules/retired/stirling-pdf/default.nix new file mode 100644 index 0000000..904fd6d --- /dev/null +++ b/modules/retired/stirling-pdf/default.nix @@ -0,0 +1,23 @@ +{ ... }: +let + directories = [ + "/opt/stirling" + ]; +in +{ + systemd.tmpfiles.rules = map (x: "d ${x} 0755 share share - -") directories; + virtualisation.oci-containers.containers.pdf-tools = { + image = "frooodle/s-pdf:latest"; + autoStart = true; + ports = [ + "8060:8080" + ]; + volumes = [ + "/opt/stirling/training-data:/usr/share/tesseract-ocr/4.00/tessdata" + "/opt/stirling/configs:/configs" + ]; + environment = { + DOCKER_ENABLE_SECURITY = "false"; + }; + }; +} diff --git a/modules/retired/xonotic/default.nix b/modules/retired/xonotic/default.nix new file mode 100644 index 0000000..7ae5442 --- /dev/null +++ b/modules/retired/xonotic/default.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: +{ + services.xonotic = { + enable = true; + package = pkgs.xonotic-dedicated; + openFirewall = true; + settings = { + hostname = "tdback's Xonotic Server"; + net_address = "0.0.0.0"; + port = 26000; + sv_motd = "GLHF! Please report any issues to @tdback on irc.libera.chat"; + + # Specify bots and player count. + maxplayers = 8; + minplayers = 4; + minplayers_per_team = 2; + + # Configure mutators. + g_instagib = 0; + g_grappling_hook = 1; + g_jetpack = 0; + g_vampire = 0; + }; + }; +} -- cgit v1.2.3