diff --git a/README.md b/README.md index 2832245..14c3b17 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,22 @@ # Papzi homelab configurations +L'homelab è suddiviso in vari host configurati come container LXC su una macchina Proxmox 8.2. + +## IP + +La rete di casa è suddivisa in due parti, la prima gestita in DHCP ha IP fino al `.149` (compreso), mentre gli altri sono riservati per indirizzi statici. +Per comodità una volta assegnato un IP questo deve essere impostato su PiHole con dominio `.internal` per facilitare il routing. + +## Hosts + +### Caddy + +### Arr + +### Metrics + +### Deadbeef + ## How to ### Build diff --git a/flake.nix b/flake.nix index 84d0330..92b1278 100644 --- a/flake.nix +++ b/flake.nix @@ -36,15 +36,14 @@ }; outputs = - { - self, - nixpkgs, - nixos-hardware, - lix-module, - agenix, - colmena, - home-manager, - ... + { self + , nixpkgs + , nixos-hardware + , lix-module + , agenix + , colmena + , home-manager + , ... }@inputs: let system = "x86_64-linux"; @@ -79,6 +78,14 @@ ]; }; + caddy.deployment = { + targetHost = "192.168.1.150"; + tags = [ + "lxc" + "bacco" + ]; + }; + metrics.deployment = { targetHost = "192.168.1.152"; tags = [ diff --git a/hosts/caddy/default.nix b/hosts/caddy/default.nix new file mode 100644 index 0000000..812273a --- /dev/null +++ b/hosts/caddy/default.nix @@ -0,0 +1,69 @@ +{ config +, pkgs +, lib +, ... +}: +let + tailscaleMagicDNS = "neon-dory.ts.net"; +in +{ + + age.secrets = { + tailscale-authKey.file = ../../secrets/tailscale-authKey.age; + }; + + my = { + utils.commons.enable = true; + + services.media-mgr = { + proxy = { + enable = true; + domain = "tegola.pro"; + host = "arr.internal"; + }; + }; + + monitoring = { + prometheus = { + proxy = { + domain = "tegola.pro"; + host = "metrics.internal"; + }; + }; + }; + + networking = { + tailscale = { + enable = true; + magicDNSDomain = tailscaleMagicDNS; + authKeyFile = config.age.secrets.tailscale-authKey.path; + }; + + caddy.enable = true; + }; + + virtualisation = { + proxmox.enable = true; + }; + }; + + time.timeZone = "Europe/Rome"; + + # Extra packages + environment.systemPackages = with pkgs; [ ]; + + services = { + openssh.enable = true; + + prometheus.exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" ]; + }; + }; + }; + + networking.nameservers = [ "192.168.1.2" ]; + + system.stateVersion = "24.05"; +} diff --git a/hosts/default.nix b/hosts/default.nix index 8c359e3..9d34c03 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,10 +1,9 @@ -{ - nixpkgs, - nixos-hardware, - agenix, - home-manager, - lix-module, - ... +{ nixpkgs +, nixos-hardware +, agenix +, home-manager +, lix-module +, ... }: let agenixOverlay = final: prev: { agenix = agenix.packages.${prev.system}.default; }; @@ -70,6 +69,17 @@ in # specialArgs = { }; }; + caddy = nixpkgs.lib.nixosSystem { + pkgs = pkgs "x86_64-linux"; + modules = [ + myModule + proxmoxModule + ./caddy + agenix.nixosModules.default + ]; + # specialArgs = { }; + }; + metrics = nixpkgs.lib.nixosSystem { pkgs = pkgs "x86_64-linux"; modules = [ diff --git a/hosts/metrics/default.nix b/hosts/metrics/default.nix index 53df9ba..0f13c82 100644 --- a/hosts/metrics/default.nix +++ b/hosts/metrics/default.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let tailscaleMagicDNS = "neon-dory.ts.net"; @@ -18,20 +17,20 @@ in services.media-mgr = { exportMetrics.enable = true; - proxy = { - enable = true; - domain = "tegola.pro"; - host = "arr.internal"; - }; + # proxy = { + # enable = true; + # domain = "tegola.pro"; + # host = "arr.internal"; + # }; }; monitoring = { prometheus = { enable = true; - proxy = { - domain = "tegola.pro"; - host = "metrics.internal"; - }; + # proxy = { + # domain = "tegola.pro"; + # host = "metrics.internal"; + # }; }; }; @@ -42,7 +41,7 @@ in authKeyFile = config.age.secrets.tailscale-authKey.path; }; - caddy.enable = true; + # caddy.enable = true; }; virtualisation = { @@ -60,11 +59,17 @@ in prometheus.scrapeConfigs = [ { - job_name = "metrics-host"; + job_name = "host-metrics"; static_configs = [ { targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; } ]; } + { + job_name = "host-caddy"; + static_configs = [ + { targets = [ "caddy.internal:${toString config.services.prometheus.exporters.node.port}" ]; } + ]; + } ]; prometheus.exporters = { @@ -75,7 +80,7 @@ in }; }; - networking.nameservers = [ "192.168.1.2" ]; + # networking.nameservers = [ "192.168.1.2" ]; system.stateVersion = "24.05"; } diff --git a/modules/services/media-mgr.nix b/modules/services/media-mgr.nix index 08ed7ea..7f8701d 100644 --- a/modules/services/media-mgr.nix +++ b/modules/services/media-mgr.nix @@ -11,52 +11,21 @@ let containersDefinition = { - jackett = { + flaresolverr = { enable = true; - image = "linuxserver/jackett"; + image = "ghcr.io/flaresolverr/flaresolverr:v3.3.21"; autoStart = true; - volumes = [ - "jackett_config:/config" - "jackett_data:/data" - ]; - }; - - radarr = { - enable = true; - image = "linuxserver/radarr"; - autoStart = true; - volumes = [ - "radarr_config:/config" - "radarr_data:/data" - ]; - }; - - sonarr = { - enable = true; - image = "linuxserver/sonarr"; - autoStart = true; - volumes = [ - "sonarr_config:/config" - "sonarr_data:/data" - ]; - }; - - prowlarr = { - enable = true; - image = "linuxserver/prowlarr"; - autoStart = true; - volumes = [ "prowlarr_config:/config" ]; + # volumes = [ + # "jackett_data:/data" + # ]; }; }; # Pod Definition podDefinition = { - name = "download"; + name = "media-manager-extra"; ports = [ - "7878:7878" # : Radarr - "8989:8989" # : Sonarr - "9117:9117" # : Jackett - "9696:9696" # : Prowlarr + "8191:8191" # : FlareSolverr ]; containers = containersDefinition; }; @@ -135,15 +104,15 @@ in }; - # my.virtualisation.podmanPods = { - # inherit podDefinition; - # }; + my.virtualisation.podmanPods = { + inherit podDefinition; + }; - # virtualisation.oci-containers.containers = - # let - # pod = config.helpers.processContainers podDefinition; - # in - # pod.containers; + virtualisation.oci-containers.containers = + let + pod = config.helpers.processContainers podDefinition; + in + pod.containers; }) @@ -228,6 +197,8 @@ in enable = true; url = "http://arr.internal:9696"; port = 9701; + user = "exportarr"; + group = "exportarr"; apiKeyFile = config.age.secrets.prowlarr-apiKey.path; }; exportarr-radarr = { @@ -242,18 +213,24 @@ in enable = true; url = "http://arr.internal:8989"; port = 9703; + user = "exportarr"; + group = "exportarr"; apiKeyFile = config.age.secrets.sonarr-apiKey.path; }; exportarr-lidarr = { enable = true; url = "http://arr.internal:8686"; port = 9704; + user = "exportarr"; + group = "exportarr"; apiKeyFile = config.age.secrets.lidarr-apiKey.path; }; exportarr-readarr = { enable = true; url = "http://arr.internal:8787"; port = 9705; + user = "exportarr"; + group = "exportarr"; apiKeyFile = config.age.secrets.readarr-apiKey.path; }; }; diff --git a/secrets.nix b/secrets.nix index 91ef8ed..2338a99 100644 --- a/secrets.nix +++ b/secrets.nix @@ -2,11 +2,8 @@ let keys = import ./ssh-keys.nix; secrets = with keys; { - tailscale-authKey = [ - machines.arr - machines.metrics - ]; - cloudflare-tegola-apiKey = [ machines.metrics ]; + tailscale-authKey = keys.tailscale-machine; + cloudflare-tegola-apiKey = [ machines.caddy ]; prowlarr-apiKey = [ machines.metrics ]; radarr-apiKey = [ machines.metrics ]; sonarr-apiKey = [ machines.metrics ]; @@ -15,8 +12,10 @@ let }; in builtins.listToAttrs ( - map (secretName: { - name = "secrets/${secretName}.age"; - value.publicKeys = secrets."${secretName}" ++ keys.infra-core; - }) (builtins.attrNames secrets) + map + (secretName: { + name = "secrets/${secretName}.age"; + value.publicKeys = secrets."${secretName}" ++ keys.infra-core; + }) + (builtins.attrNames secrets) ) diff --git a/secrets/cloudflare-tegola-apiKey.age b/secrets/cloudflare-tegola-apiKey.age index 7888692..f5e15c8 100644 Binary files a/secrets/cloudflare-tegola-apiKey.age and b/secrets/cloudflare-tegola-apiKey.age differ diff --git a/secrets/lidarr-apiKey.age b/secrets/lidarr-apiKey.age index b873796..4f7cf6a 100644 Binary files a/secrets/lidarr-apiKey.age and b/secrets/lidarr-apiKey.age differ diff --git a/secrets/prowlarr-apiKey.age b/secrets/prowlarr-apiKey.age index 1915b5a..02640fe 100644 Binary files a/secrets/prowlarr-apiKey.age and b/secrets/prowlarr-apiKey.age differ diff --git a/secrets/radarr-apiKey.age b/secrets/radarr-apiKey.age index f6bce17..8ff4999 100644 --- a/secrets/radarr-apiKey.age +++ b/secrets/radarr-apiKey.age @@ -1,12 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 xSWWeQ BJu3flcBLis/8Ai4IC1mSoJvJq2BE5WuhjTbDhveVA0 -H7fQDKisnuMGitFBqXLE6PqGqiuoDA844t75+M2YIdc --> ssh-ed25519 Si3UKw 8wDKIo88PCXm1+lXX5LkFblN64OKF1l/yxzGX2g9aRQ -nXdSmcWijyH/P9ZfkfDpJDADV722b9ZE/ib2NPkIIgM --> ssh-ed25519 3UG3uw 55QOO9ISxtcBgP08ZnvKQ8/LdDU/wEtUflykwUHUXhE -QaXR29k1jQ4qTZEbuET1iLVdp5xzLZQU5wCERSLyAOg --> ssh-ed25519 JEhtoQ wcrBBJV6GFQu3bX4PB3JaCH/zWlIQEATrr3Y2Wb+hgk -YYZVClBk7KjdIXGj5aY50Uiw3eDoFOsE+Pb69c7U/z4 ---- C+snFDF8ihxangd1g9HS5ISHSrEkqUqrO6McAKgGC3c -n飋4gx#v -"4ւwOҽvM"bce \ No newline at end of file +-> ssh-ed25519 xSWWeQ osQUlwq9RbGSOMeT0CrMrPc873VsQlCPEMIGZWtlXms +JYh0ZOqBorChzHW0EWNXp23XW9LWCcraCrTbAUQ9ZFE +-> ssh-ed25519 Si3UKw evD92WSnq4AUr6yNpickNW8f8Jq4wwbaosPE4C5uVSU +4dhLWbjn5mv7wnZPXNiM8sJQzmgJG6U9O69TfBMq3K0 +-> ssh-ed25519 3UG3uw gIR5hsyjAkAc7pJFUaMB8Y1wiorFfU2kIatoAdDghD8 +ysVDexwf3ZpXaqOGqdEM1swE53tCNhf6nK6PhrM0xXA +-> ssh-ed25519 JEhtoQ t5H6VaOuBBo1lwpOhf/CBRm+Ko1+LnQmcXUViUzzDTQ +RYmdYN323UQYtEMqaT5edYukUvnnwMXDNsGkv6QkUmE +--- MS+fNLA+DRxLSgpJciC37I1niuVcb9bvOjhOjY5jsZ8 +j$IkYrݿ:}t&0:ֱُ֜C%RI \ No newline at end of file diff --git a/secrets/readarr-apiKey.age b/secrets/readarr-apiKey.age index 2162521..6198b11 100644 --- a/secrets/readarr-apiKey.age +++ b/secrets/readarr-apiKey.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 xSWWeQ NASyXumDFN12xV+kCqRuJJeUKYPMeRuycSJvAiH9/xI -ILiqV1vCYl+CJQQUEcM0a1b2ne1bEmm2c6Q2AYxpO2w --> ssh-ed25519 Si3UKw HlSnOktOG6W/ZVyqI1UMdk7pxpe+sNclAze/lR03aXU -9MT6At2lR6/Zb3hHiWGNbRrN+EiZ79IJ/XhK5W54dMU --> ssh-ed25519 3UG3uw lHTvFsN00Cj0eoGucE9RcZvZ6Od7EOlIzbT1Yfc9tig -do3zYm1FboG12QtF/2KN9iOxWK83TowJTNcYWAVc9cc --> ssh-ed25519 JEhtoQ 8xzv06CE8Dtuzq9Ivirbx+WbYL01XoZKLmf1NIROmks -BYGHnnKMo/k9PrOMPGHvHksPTce5I9uIC3jS7e/Qff8 ---- SoO3M/eHTHaTW3OwzIyWn5B8WBIPZ8xelWxkLjOxyNM ->`aOl00g?te`S6s1@3u) \ No newline at end of file +-> ssh-ed25519 xSWWeQ RI4jxDgN4+uFqa+lHlgk78VdS1cHyxCJTHNeuu+3Lxo +fbv3NihABbrmSLNkC5/zNAaIWW7cOxzrsLNynat/JL0 +-> ssh-ed25519 Si3UKw PiSQZUk4oZJxUAhhZ375zlU/RD3v256jzJfBkkfLUxA +uyGDZ+vSiHIg/GF99nPqRrlOUdEUFOc8iLUw9haUiNQ +-> ssh-ed25519 3UG3uw enlt9XUtJDhpYMDUnmhHc5paWWrTGfSgnJIWvlnOExA +3nXzjJHlhUrt35WWm7c7vUCPVEne34lmsggiamKo6BI +-> ssh-ed25519 JEhtoQ 00jccXMXMOX6Z3jw74bn7MUqmpFtmFEIL8UdLmhWlAc +KVGgCb+3eOm088Ru3apqm4unqfyWCCFTwHJv3vac2EU +--- eWDxUZAIvC2rYVZWKnShOQy9ZK9/kTahsNIZFxCn9es +WZf0EfWWD@kOro3TVoP(pk^C%$J󻢻w9 \ No newline at end of file diff --git a/secrets/sonarr-apiKey.age b/secrets/sonarr-apiKey.age index 6f20e5d..e4bfd13 100644 --- a/secrets/sonarr-apiKey.age +++ b/secrets/sonarr-apiKey.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 xSWWeQ uLHoKxMTVjvyjMNLyG8MyhMEUQ3rw1nY2no4erJBDX0 -NPqgmdLgKc+SeWGW5RRO6HbO1AE55s8BuKEsHjZq5Do --> ssh-ed25519 Si3UKw P9pMnSKrJhKr+rZkde9wO3GX4GS7yNX2cVUOYd/JMHg -+BALAaGYeJwo1VG4kzsbuYERi4JwrR640TK7p5VEq+g --> ssh-ed25519 3UG3uw TmIgCfN66iEstmFhIdqOL4rtfM5ZC4SutX6jWLRpxgE -3IobYkFLp9/c1Cta3esmob7EioATUqDan3O34DgLiTo --> ssh-ed25519 JEhtoQ utDyShWrKbTS54kbYTtNQFuMFfDURYvjmjlDtevOeTI -cqLiVeH1D45q8WGwHDEUIu+VSmdVBBA6U8TVe4TOtXU ---- nG5QAE6zNkan8ISAjM8YWne9LPeE9n5d/oqPyafyC9A -8nam6>gζ'{yW%lWJwD/M 4Tͽ @ \ No newline at end of file +-> ssh-ed25519 xSWWeQ SmgOrIZIEkpYmtdE21RkKww0qY78QwcJoU2vrdZ7RVQ +xKmvo127yM9kQfFoipC7NDj6JkZo9vyJs5N1sQ7Szek +-> ssh-ed25519 Si3UKw zoEEt3+X0iIlkLzhPnqFZq4u4fU6srR4SluQLO9Y3T4 +E0zYd1pcytVBmRezMwhBXzYLv+fvLs9SIJqnzChDp4M +-> ssh-ed25519 3UG3uw QQjKuxvT0Sca8keACNbHPBfSh1EAyO8ZBdcgkhZyizU +D8XeaeitLD70fcWo1xNZsd7u+e8WVMXmtIxyYMgu3xk +-> ssh-ed25519 JEhtoQ hMKJ71f7Xk0fh2ama/+SUeyPrY5OMAf/hdHkb3sOpUo +SaSrqD/Fel6wu4KQXyuAZA1zEiYkodxNsILxb9M69DE +--- bgC5YtjAfz49d7GrGleT1QDNJDFHpH+YoyCC97Gul7M + @ H8~f#}zCȘǍo-|:yO;nq+16^ \ No newline at end of file diff --git a/secrets/tailscale-authKey.age b/secrets/tailscale-authKey.age index 2228a61..802ea3f 100644 --- a/secrets/tailscale-authKey.age +++ b/secrets/tailscale-authKey.age @@ -1,14 +1,14 @@ age-encryption.org/v1 --> ssh-ed25519 1nWE1Q J7LFA/+OWjALgurxCaCsrNIsiCz6Y/GBnAO8xznDdgI -Z8/shqTX6tepqfrktQLxTn1XYzph0cnhf8bmr53Pl2o --> ssh-ed25519 xSWWeQ zTbGFK9uT1UmRByKdhsDikj9isQg08k4cxM3+HGXZWE -eWrkdsYiCw6Lk9UMEs0+yby7ZheJmIx04vL7I+8q+LA --> ssh-ed25519 Si3UKw Jl+O+cygmKLA9IAyNBg9qr0d4H5f9ygnTBI6M/uoZxw -ZaJAhdhn/7Tm/xIw1w0yI5D/4j2e/8K6x7Phlis9AOc --> ssh-ed25519 3UG3uw boXDEDh2enEx2a/6DczJ/4b6XvaGs2b6rhrkzK5L9Uc -9qPpJ2cr+/7Br8xVROFCbj8F6vkEPkmCNMWi5JbnbBw --> ssh-ed25519 JEhtoQ 1d7BDdYIJe0IxDLUrZ+Um/R0cusQQzIMy2RWnb+lSCw -Q8eWTIwkw85KvnKinh4YoKQ/PpHLa4ELrdFGMKsGWSo ---- 9Lam+CKmN6dyxPwwJqDjJW7tL/zGTQhkomsKFZohqsI -|֨a.{m'd>|hԚ\޽%w -:dxW.vlLjSf[Iw gd(]PRd}% \ No newline at end of file +-> ssh-ed25519 BFt3Fg Lvsryegz6tZoK0xHJtKcGOwCxowPmtgN1GFP41TveXY +Ze9LLPZd9MHXSP4uhVOgwxsiG+ly1PxGLnz+YYQqFsk +-> ssh-ed25519 xSWWeQ Y8AKOq6yfUQIirYnzA642qYrsMti08F+YJVGeWe/ZCk +Z7oddgzRGeeVpQgp8u/XqTrvHi+e7hcV5dWBk+nIbI0 +-> ssh-ed25519 Si3UKw eu853w/oZ56Xde+PI4Zfq7JBMzdSgoy9WIXnMTes8D0 +8s5MokfSqpYCiiRckWkuHRqUxqpkRPsYNTJaz2RR/yQ +-> ssh-ed25519 3UG3uw A7Dx9d5EVjBieB1kXGF6GIX5m/vEP1VUsSUkGjEg3nE +eHl+og2VBh4MNo6aOWaU3VGqig2XQxi+UhLdSX/f6tg +-> ssh-ed25519 JEhtoQ I2aDrigMNdzuNGqIagnHW5L/6fvpMz/2EC8L5gHs1HI +2O7ZiXEVFSJ7ous94Nk23gF8Y4B6rIDxPH+tZ2Vbta0 +--- DvMRu0m59h7lYnevgpEchnxpRxza7WVHgpwiPKUMf/I +!#ԁ"pl` S8tvfa$$R M^F]Z;d/j,ZoԪ$a +R \ No newline at end of file diff --git a/ssh-keys.nix b/ssh-keys.nix index 3897f40..2fff240 100644 --- a/ssh-keys.nix +++ b/ssh-keys.nix @@ -8,6 +8,7 @@ rec { # The key are found executing `ssh-keyscan ` machines = { arr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjAFjbSGaeWnImPFBEQ/PeGz7hgpLhUYgZg5Hb/JJ42"; + caddy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfgwx+fiwkMAhzdS3WhoeoIGowKgwem8HB/NCyF60Ff"; metrics = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFRY4bpw1gCJAWMtBTSm2/09gcniFkSyCKCKPyGHVbr"; }; @@ -17,8 +18,14 @@ rec { krzo ]; + tailscale-machine = [ + machines.caddy + machines.metrics + ]; + infra-machine = [ machines.arr + machines.caddy machines.metrics ];