Use common module

2025-01-08 14:33:52 +01:00 · 2025-01-08 14:33:52 +01:00 · ae24ddfe1a
commit ae24ddfe1a
parent b48e25aa7d
9 changed files with 64 additions and 115 deletions
--- a/hosts/arr/default.nix
+++ b/hosts/arr/default.nix
@ -6,7 +6,10 @@
 }:
 {
  my = {
-    utils.commons.enable = true;
+    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };
    services.media-mgr = {
      programs.enable = true;
@ -17,18 +20,8 @@
    };
  };
  time.timeZone = "Europe/Rome";
  # Extra packages
  environment.systemPackages = with pkgs; [ ];
  services = {
    openssh.enable = true;
  };
  networking = {
    nameservers = [ "192.168.1.2" ];
  };
  system.stateVersion = "24.05";
 }
--- a/hosts/caddy/default.nix
+++ b/hosts/caddy/default.nix
@ -23,7 +23,10 @@ in
  };
  my = {
-    utils.commons.enable = true;
+    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };
    services = {
@ -123,30 +126,15 @@ in
    };
  };
  time.timeZone = "Europe/Rome";
  # Extra packages
  environment.systemPackages = with pkgs; [ ];
  services = {
    openssh.enable = true;
    iperf3 = {
      enable = true;
      openFirewall = true;
    };
    prometheus.exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
      };
    };
  };
  networking = {
    firewall.allowedTCPPorts = [ 9100 ];
    nameservers = [ "192.168.1.2" ];
  };
  system.stateVersion = "24.05";
--- a/hosts/metrics/default.nix
+++ b/hosts/metrics/default.nix
@ -6,6 +6,7 @@
 }:
 let
  tailscaleMagicDNS = "neon-dory.ts.net";
  defaultNodePort = toString config.services.prometheus.exporters.node.port;
 in
 {
@ -18,7 +19,10 @@ in
  };
  my = {
-    utils.commons.enable = true;
+    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };
    services.media-mgr = {
      exportMetrics.enable = true;
@ -47,39 +51,28 @@ in
    };
  };
  time.timeZone = "Europe/Rome";
  # Extra packages
  environment.systemPackages = with pkgs; [ ];
  services = {
    openssh.enable = true;
    prometheus.scrapeConfigs = [
      {
        job_name = "host-metrics";
        static_configs = [
-          { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
+          {
-        ];
+            targets = [
-      }
+              "metrics.internal:${defaultNodePort}"
-      {
+              "caddy.internal:${defaultNodePort}"
-        job_name = "host-caddy";
+              "arr.internal:${defaultNodePort}"
-        static_configs = [
+              "nextcloud.internal:${defaultNodePort}"
-          { targets = [ "caddy.internal:${toString config.services.prometheus.exporters.node.port}" ]; }
+              "vaultwarden.internal:${defaultNodePort}"
              "plex.internal:${defaultNodePort}"
              "portainer.internal:${defaultNodePort}"
            ];
          }
        ];
      }
    ];
    prometheus.exporters = {
      node = {
        enable = true;
        enabledCollectors = [ "systemd" ];
      };
    };
  };
  networking = {
    nameservers = [ "192.168.1.2" ];
  };
  system.stateVersion = "24.05";
--- a/hosts/nextcloud/default.nix
+++ b/hosts/nextcloud/default.nix
@ -16,7 +16,10 @@
  };
  my = {
-    utils.commons.enable = true;
+    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };
    services.nextcloud = {
      enable = true;
@ -32,19 +35,8 @@
    virtualisation.proxmox.enable = true;
  };
  time.timeZone = "Europe/Rome";
  # Extra packages
  environment.systemPackages = with pkgs; [ ];
  services = {
    openssh.enable = true;
  };
  networking = {
    firewall.allowedTCPPorts = [ 80 ];
    nameservers = [ "192.168.1.2" ];
  };
  system.stateVersion = "24.05";
 }
--- a/hosts/plex/default.nix
+++ b/hosts/plex/default.nix
@ -6,7 +6,10 @@
 }:
 {
  my = {
-    utils.commons.enable = true;
+    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };
    services.plex = {
      enable = true;
@ -22,18 +25,8 @@
    virtualisation.proxmox.enable = true;
  };
  time.timeZone = "Europe/Rome";
  # Extra packages
  environment.systemPackages = with pkgs; [ ];
  services = {
    openssh.enable = true;
  };
  networking = {
    nameservers = [ "192.168.1.2" ];
  };
  system.stateVersion = "24.11";
 }
--- a/hosts/portainer/default.nix
+++ b/hosts/portainer/default.nix
@ -12,7 +12,10 @@ in
  age.secrets.watchtowerSecrets.file = ../../secrets/watchtower-secrets.age;
  my = {
-    utils.commons.enable = true;
+    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };
    virtualisation = {
      proxmox.enable = true;
      portainer = {
@ -23,18 +26,8 @@ in
    };
  };
  time.timeZone = "Europe/Rome";
  # Extra packages
  environment.systemPackages = with pkgs; [ ];
  services = {
    openssh.enable = true;
  };
  networking = {
    nameservers = [ "192.168.1.2" ];
  };
  system.stateVersion = "24.11";
 }
--- a/hosts/vaultwarden/default.nix
+++ b/hosts/vaultwarden/default.nix
@ -9,7 +9,11 @@
  age.secrets.vaultwarden-admin-pwd.file = ../../secrets/vaultwarden-admin-pwd.age;
  my = {
-    utils.commons.enable = true;
+    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };
    services.vaultwarden = {
      enable = true;
      adminPasswordFile = config.age.secrets.vaultwarden-admin-pwd.path;
@ -18,22 +22,8 @@
    virtualisation.proxmox.enable = true;
  };
  time.timeZone = "Europe/Rome";
  # Extra packages
  environment.systemPackages = with pkgs; [ ];
  services = {
    openssh.enable = true;
  };
  networking = {
    firewall.allowedTCPPorts = [
      80
      443
    ];
    nameservers = [ "192.168.1.2" ];
  };
  system.stateVersion = "24.11";
 }
--- a/modules/services/media-mgr.nix
+++ b/modules/services/media-mgr.nix
@ -10,6 +10,12 @@ with lib;
 let
  cfg = config.my.services.media-mgr;
  lidarrPort = toString 8686;
  radarrPort = toString 7878;
  sonarrPort = toString 8989;
  readarrPort = toString 8787;
  prowlarrPort = toString 9696;
  containersDefinition = {
    flaresolverr = {
@ -112,7 +118,6 @@ in
        # Request management and media discovery tool for the Plex ecosystem
        jellyseerr = {
          enable = true;
          port = 5055;
          openFirewall = true;
        };
@ -134,31 +139,31 @@ in
    (lib.mkIf cfg.proxy.enable {
      services.caddy = with cfg.proxy; {
        virtualHosts."prowlarr.${domain}".extraConfig = ''
-          reverse_proxy http://${host}:9696
+          reverse_proxy http://${host}:${prowlarrPort}
          import cloudflare_${domain}
        '';
        virtualHosts."radarr.${domain}".extraConfig = ''
-          reverse_proxy http://${host}:7878
+          reverse_proxy http://${host}:${radarrPort}
          import cloudflare_${domain}
        '';
        virtualHosts."sonarr.${domain}".extraConfig = ''
-          reverse_proxy http://${host}:8989
+          reverse_proxy http://${host}:${sonarrPort}
          import cloudflare_${domain}
        '';
        virtualHosts."lidarr.${domain}".extraConfig = ''
-          reverse_proxy http://${host}:8686
+          reverse_proxy http://${host}:${lidarrPort}
          import cloudflare_${domain}
        '';
        virtualHosts."readarr.${domain}".extraConfig = ''
-          reverse_proxy http://${host}:8787
+          reverse_proxy http://${host}:${readarrPort}
          import cloudflare_${domain}
        '';
        virtualHosts."bazarr.${domain}".extraConfig = ''
-          reverse_proxy http://${host}:6767
+          reverse_proxy http://${host}:${toString config.services.bazarr.listenPort}
          import cloudflare_${domain}
        '';
        virtualHosts."jellyseerr.${domain}".extraConfig = ''
-          reverse_proxy http://${host}:5055
+          reverse_proxy http://${host}:${toString config.services.jellyseerr.port}
          import cloudflare_${domain}
        '';
      };
@ -240,7 +245,7 @@ in
      services.prometheus.exporters = {
        exportarr-prowlarr = {
          enable = true;
-          url = "http://arr.internal:9696";
+          url = "http://${host}:${prowlarrPort}";
          port = 9701;
          user = "exportarr";
          group = "exportarr";
@ -248,7 +253,7 @@ in
        };
        exportarr-radarr = {
          enable = true;
-          url = "http://arr.internal:7878";
+          url = "http://${host}:${radarrPort}";
          port = 9702;
          user = "exportarr";
          group = "exportarr";
@ -256,7 +261,7 @@ in
        };
        exportarr-sonarr = {
          enable = true;
-          url = "http://arr.internal:8989";
+          url = "http://${host}:${sonarrPort}";
          port = 9703;
          user = "exportarr";
          group = "exportarr";
@ -264,7 +269,7 @@ in
        };
        exportarr-lidarr = {
          enable = true;
-          url = "http://arr.internal:8686";
+          url = "http://${host}:${lidarrPort}";
          port = 9704;
          user = "exportarr";
          group = "exportarr";
@ -272,7 +277,7 @@ in
        };
        exportarr-readarr = {
          enable = true;
-          url = "http://arr.internal:8787";
+          url = "http://${host}:${readarrPort}";
          port = 9705;
          user = "exportarr";
          group = "exportarr";
@ -280,7 +285,7 @@ in
        };
        exportarr-bazarr = {
          enable = true;
-          url = "http://arr.internal:6767";
+          url = "http://${host}:${toString config.services.bazarr.listenPort}";
          port = 9706;
          user = "exportarr";
          group = "exportarr";
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@ -143,7 +143,6 @@ in
          settings = {
            host = [
              ''127\.0\.0\.1''
              "::1"
            ];
            storage.wopi."@allow" = true;
          };
@ -159,7 +158,10 @@ in
      };
-      networking.firewall.allowedTCPPorts = [ 9980 ];
+      networking.firewall.allowedTCPPorts = [
        80
        config.services.collabora-online.port
      ];
      environment.systemPackages = with pkgs; [
        exiftool