From ae24ddfe1a285d3df1a469cc81f4ef56b2420591 Mon Sep 17 00:00:00 2001 From: pazpi Date: Wed, 8 Jan 2025 14:33:52 +0100 Subject: [PATCH] Use common module --- hosts/arr/default.nix | 15 ++++--------- hosts/caddy/default.nix | 20 ++++------------- hosts/metrics/default.nix | 39 ++++++++++++++-------------------- hosts/nextcloud/default.nix | 16 ++++---------- hosts/plex/default.nix | 15 ++++--------- hosts/portainer/default.nix | 15 ++++--------- hosts/vaultwarden/default.nix | 20 +++++------------ modules/services/media-mgr.nix | 33 ++++++++++++++++------------ modules/services/nextcloud.nix | 6 ++++-- 9 files changed, 64 insertions(+), 115 deletions(-) diff --git a/hosts/arr/default.nix b/hosts/arr/default.nix index 04c16f4..a1a061d 100644 --- a/hosts/arr/default.nix +++ b/hosts/arr/default.nix @@ -6,7 +6,10 @@ }: { my = { - utils.commons.enable = true; + utils = { + commons.enable = true; + lxc-standard.enable = true; + }; services.media-mgr = { programs.enable = true; @@ -17,18 +20,8 @@ }; }; - time.timeZone = "Europe/Rome"; - # Extra packages environment.systemPackages = with pkgs; [ ]; - services = { - openssh.enable = true; - }; - - networking = { - nameservers = [ "192.168.1.2" ]; - }; - system.stateVersion = "24.05"; } diff --git a/hosts/caddy/default.nix b/hosts/caddy/default.nix index 15db5c9..8efa4e0 100644 --- a/hosts/caddy/default.nix +++ b/hosts/caddy/default.nix @@ -23,7 +23,10 @@ in }; my = { - utils.commons.enable = true; + utils = { + commons.enable = true; + lxc-standard.enable = true; + }; services = { @@ -123,30 +126,15 @@ in }; }; - time.timeZone = "Europe/Rome"; - # Extra packages environment.systemPackages = with pkgs; [ ]; services = { - openssh.enable = true; - iperf3 = { enable = true; openFirewall = true; }; - prometheus.exporters = { - node = { - enable = true; - enabledCollectors = [ "systemd" ]; - }; - }; - }; - - networking = { - firewall.allowedTCPPorts = [ 9100 ]; - nameservers = [ "192.168.1.2" ]; }; system.stateVersion = "24.05"; diff --git a/hosts/metrics/default.nix b/hosts/metrics/default.nix index dedf455..28aaf69 100644 --- a/hosts/metrics/default.nix +++ b/hosts/metrics/default.nix @@ -6,6 +6,7 @@ }: let tailscaleMagicDNS = "neon-dory.ts.net"; + defaultNodePort = toString config.services.prometheus.exporters.node.port; in { @@ -18,7 +19,10 @@ in }; my = { - utils.commons.enable = true; + utils = { + commons.enable = true; + lxc-standard.enable = true; + }; services.media-mgr = { exportMetrics.enable = true; @@ -47,39 +51,28 @@ in }; }; - time.timeZone = "Europe/Rome"; - # Extra packages environment.systemPackages = with pkgs; [ ]; services = { - openssh.enable = true; - prometheus.scrapeConfigs = [ { job_name = "host-metrics"; static_configs = [ - { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; } - ]; - } - { - job_name = "host-caddy"; - static_configs = [ - { targets = [ "caddy.internal:${toString config.services.prometheus.exporters.node.port}" ]; } + { + targets = [ + "metrics.internal:${defaultNodePort}" + "caddy.internal:${defaultNodePort}" + "arr.internal:${defaultNodePort}" + "nextcloud.internal:${defaultNodePort}" + "vaultwarden.internal:${defaultNodePort}" + "plex.internal:${defaultNodePort}" + "portainer.internal:${defaultNodePort}" + ]; + } ]; } ]; - - prometheus.exporters = { - node = { - enable = true; - enabledCollectors = [ "systemd" ]; - }; - }; - }; - - networking = { - nameservers = [ "192.168.1.2" ]; }; system.stateVersion = "24.05"; diff --git a/hosts/nextcloud/default.nix b/hosts/nextcloud/default.nix index 608ae09..39effd1 100644 --- a/hosts/nextcloud/default.nix +++ b/hosts/nextcloud/default.nix @@ -16,7 +16,10 @@ }; my = { - utils.commons.enable = true; + utils = { + commons.enable = true; + lxc-standard.enable = true; + }; services.nextcloud = { enable = true; @@ -32,19 +35,8 @@ virtualisation.proxmox.enable = true; }; - time.timeZone = "Europe/Rome"; - # Extra packages environment.systemPackages = with pkgs; [ ]; - services = { - openssh.enable = true; - }; - - networking = { - firewall.allowedTCPPorts = [ 80 ]; - nameservers = [ "192.168.1.2" ]; - }; - system.stateVersion = "24.05"; } diff --git a/hosts/plex/default.nix b/hosts/plex/default.nix index 337ea60..85f7106 100644 --- a/hosts/plex/default.nix +++ b/hosts/plex/default.nix @@ -6,7 +6,10 @@ }: { my = { - utils.commons.enable = true; + utils = { + commons.enable = true; + lxc-standard.enable = true; + }; services.plex = { enable = true; @@ -22,18 +25,8 @@ virtualisation.proxmox.enable = true; }; - time.timeZone = "Europe/Rome"; - # Extra packages environment.systemPackages = with pkgs; [ ]; - services = { - openssh.enable = true; - }; - - networking = { - nameservers = [ "192.168.1.2" ]; - }; - system.stateVersion = "24.11"; } diff --git a/hosts/portainer/default.nix b/hosts/portainer/default.nix index 11ecc67..e827378 100644 --- a/hosts/portainer/default.nix +++ b/hosts/portainer/default.nix @@ -12,7 +12,10 @@ in age.secrets.watchtowerSecrets.file = ../../secrets/watchtower-secrets.age; my = { - utils.commons.enable = true; + utils = { + commons.enable = true; + lxc-standard.enable = true; + }; virtualisation = { proxmox.enable = true; portainer = { @@ -23,18 +26,8 @@ in }; }; - time.timeZone = "Europe/Rome"; - # Extra packages environment.systemPackages = with pkgs; [ ]; - services = { - openssh.enable = true; - }; - - networking = { - nameservers = [ "192.168.1.2" ]; - }; - system.stateVersion = "24.11"; } diff --git a/hosts/vaultwarden/default.nix b/hosts/vaultwarden/default.nix index b35e4b7..0b612c7 100644 --- a/hosts/vaultwarden/default.nix +++ b/hosts/vaultwarden/default.nix @@ -9,7 +9,11 @@ age.secrets.vaultwarden-admin-pwd.file = ../../secrets/vaultwarden-admin-pwd.age; my = { - utils.commons.enable = true; + utils = { + commons.enable = true; + lxc-standard.enable = true; + }; + services.vaultwarden = { enable = true; adminPasswordFile = config.age.secrets.vaultwarden-admin-pwd.path; @@ -18,22 +22,8 @@ virtualisation.proxmox.enable = true; }; - time.timeZone = "Europe/Rome"; - # Extra packages environment.systemPackages = with pkgs; [ ]; - services = { - openssh.enable = true; - }; - - networking = { - firewall.allowedTCPPorts = [ - 80 - 443 - ]; - nameservers = [ "192.168.1.2" ]; - }; - system.stateVersion = "24.11"; } diff --git a/modules/services/media-mgr.nix b/modules/services/media-mgr.nix index 5147daa..c0a252b 100644 --- a/modules/services/media-mgr.nix +++ b/modules/services/media-mgr.nix @@ -10,6 +10,12 @@ with lib; let cfg = config.my.services.media-mgr; + lidarrPort = toString 8686; + radarrPort = toString 7878; + sonarrPort = toString 8989; + readarrPort = toString 8787; + prowlarrPort = toString 9696; + containersDefinition = { flaresolverr = { @@ -112,7 +118,6 @@ in # Request management and media discovery tool for the Plex ecosystem jellyseerr = { enable = true; - port = 5055; openFirewall = true; }; @@ -134,31 +139,31 @@ in (lib.mkIf cfg.proxy.enable { services.caddy = with cfg.proxy; { virtualHosts."prowlarr.${domain}".extraConfig = '' - reverse_proxy http://${host}:9696 + reverse_proxy http://${host}:${prowlarrPort} import cloudflare_${domain} ''; virtualHosts."radarr.${domain}".extraConfig = '' - reverse_proxy http://${host}:7878 + reverse_proxy http://${host}:${radarrPort} import cloudflare_${domain} ''; virtualHosts."sonarr.${domain}".extraConfig = '' - reverse_proxy http://${host}:8989 + reverse_proxy http://${host}:${sonarrPort} import cloudflare_${domain} ''; virtualHosts."lidarr.${domain}".extraConfig = '' - reverse_proxy http://${host}:8686 + reverse_proxy http://${host}:${lidarrPort} import cloudflare_${domain} ''; virtualHosts."readarr.${domain}".extraConfig = '' - reverse_proxy http://${host}:8787 + reverse_proxy http://${host}:${readarrPort} import cloudflare_${domain} ''; virtualHosts."bazarr.${domain}".extraConfig = '' - reverse_proxy http://${host}:6767 + reverse_proxy http://${host}:${toString config.services.bazarr.listenPort} import cloudflare_${domain} ''; virtualHosts."jellyseerr.${domain}".extraConfig = '' - reverse_proxy http://${host}:5055 + reverse_proxy http://${host}:${toString config.services.jellyseerr.port} import cloudflare_${domain} ''; }; @@ -240,7 +245,7 @@ in services.prometheus.exporters = { exportarr-prowlarr = { enable = true; - url = "http://arr.internal:9696"; + url = "http://${host}:${prowlarrPort}"; port = 9701; user = "exportarr"; group = "exportarr"; @@ -248,7 +253,7 @@ in }; exportarr-radarr = { enable = true; - url = "http://arr.internal:7878"; + url = "http://${host}:${radarrPort}"; port = 9702; user = "exportarr"; group = "exportarr"; @@ -256,7 +261,7 @@ in }; exportarr-sonarr = { enable = true; - url = "http://arr.internal:8989"; + url = "http://${host}:${sonarrPort}"; port = 9703; user = "exportarr"; group = "exportarr"; @@ -264,7 +269,7 @@ in }; exportarr-lidarr = { enable = true; - url = "http://arr.internal:8686"; + url = "http://${host}:${lidarrPort}"; port = 9704; user = "exportarr"; group = "exportarr"; @@ -272,7 +277,7 @@ in }; exportarr-readarr = { enable = true; - url = "http://arr.internal:8787"; + url = "http://${host}:${readarrPort}"; port = 9705; user = "exportarr"; group = "exportarr"; @@ -280,7 +285,7 @@ in }; exportarr-bazarr = { enable = true; - url = "http://arr.internal:6767"; + url = "http://${host}:${toString config.services.bazarr.listenPort}"; port = 9706; user = "exportarr"; group = "exportarr"; diff --git a/modules/services/nextcloud.nix b/modules/services/nextcloud.nix index 36ad653..f7fb43d 100644 --- a/modules/services/nextcloud.nix +++ b/modules/services/nextcloud.nix @@ -143,7 +143,6 @@ in settings = { host = [ ''127\.0\.0\.1'' - "::1" ]; storage.wopi."@allow" = true; }; @@ -159,7 +158,10 @@ in }; - networking.firewall.allowedTCPPorts = [ 9980 ]; + networking.firewall.allowedTCPPorts = [ + 80 + config.services.collabora-online.port + ]; environment.systemPackages = with pkgs; [ exiftool