Jordan Holt
328a50c365
All checks were successful
Check flake / build-amd64-linux (push) Successful in 3m14s
196 lines
4.1 KiB
Nix
196 lines
4.1 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
../server.nix
|
|
];
|
|
|
|
nixpkgs.hostPlatform = "x86_64-linux";
|
|
|
|
boot = {
|
|
loader.systemd-boot.enable = true;
|
|
loader.efi.canTouchEfiVariables = true;
|
|
zfs.extraPools = [ "library" ];
|
|
};
|
|
|
|
networking = {
|
|
hostId = "d24ae953";
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
22 # SSH
|
|
];
|
|
};
|
|
};
|
|
|
|
services.zfs = {
|
|
autoScrub = {
|
|
enable = true;
|
|
pools = [ "library" ];
|
|
};
|
|
autoSnapshot = {
|
|
enable = true;
|
|
flags = "-k -p --utc";
|
|
frequent = 0;
|
|
hourly = 0;
|
|
daily = 7;
|
|
monthly = 1;
|
|
};
|
|
};
|
|
|
|
services.nfs.server = {
|
|
enable = true;
|
|
};
|
|
|
|
services.grafana = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
domain = "library.mesh.vimium.net";
|
|
http_addr = "0.0.0.0";
|
|
http_port = 3000;
|
|
};
|
|
};
|
|
};
|
|
|
|
services.prometheus = {
|
|
enable = true;
|
|
port = 9001;
|
|
exporters = {
|
|
node = {
|
|
enable = true;
|
|
enabledCollectors = [ "systemd" ];
|
|
port = 9002;
|
|
};
|
|
zfs = {
|
|
enable = true;
|
|
port = 9003;
|
|
};
|
|
};
|
|
scrapeConfigs = [
|
|
{
|
|
job_name = "node";
|
|
static_configs = [{
|
|
targets = [
|
|
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
|
|
"127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}"
|
|
];
|
|
}];
|
|
}
|
|
];
|
|
};
|
|
|
|
systemd.services.vps1-tunnel = {
|
|
enable = true;
|
|
description = "vps1.mesh.vimium.net SSH tunnel";
|
|
after = [
|
|
"network-online.target"
|
|
"jellyfin.service"
|
|
];
|
|
wants = [ "network-online.target" ];
|
|
serviceConfig = {
|
|
Type="simple";
|
|
ExecStart=pkgs.lib.mkForce ''
|
|
${pkgs.openssh}/bin/ssh \
|
|
-NT \
|
|
-o ExitOnForwardFailure=yes \
|
|
-o ServerAliveInterval=60 \
|
|
-o TCPKeepAlive=no \
|
|
-i %h/.ssh/id_jellyfin \
|
|
-R localhost:8000:localhost:8000 \
|
|
jellyfin@vps1.mesh.vimium.net
|
|
'';
|
|
Restart="always";
|
|
RestartSec=20;
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
|
|
services.nginx = let
|
|
proxyConfig = ''
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header Range $http_range;
|
|
proxy_set_header If-Range $http_if_range;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
'';
|
|
in {
|
|
enable = true;
|
|
package = pkgs.openresty;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedTlsSettings = true;
|
|
clientMaxBodySize = "2G";
|
|
virtualHosts = {
|
|
"library.mesh.vimium.net" = {
|
|
locations."/" = {
|
|
root = "/mnt/library";
|
|
extraConfig = ''
|
|
autoindex on;
|
|
'';
|
|
};
|
|
};
|
|
"jellyfin.vimium.com" = {
|
|
default = true;
|
|
listen = [
|
|
{
|
|
addr = "127.0.0.1";
|
|
port = 8000;
|
|
}
|
|
];
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:8096";
|
|
extraConfig = proxyConfig;
|
|
};
|
|
locations."/metrics" = {
|
|
return = "404";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
hardware.graphics = {
|
|
enable = true;
|
|
extraPackages = with pkgs; [
|
|
vaapiVdpau
|
|
];
|
|
};
|
|
users.users.jellyfin.extraGroups = [ "video" "render" ];
|
|
services.jellyfin = {
|
|
enable = true;
|
|
package = pkgs.unstable.jellyfin;
|
|
cacheDir = "/var/cache/jellyfin";
|
|
dataDir = "/var/lib/jellyfin";
|
|
};
|
|
|
|
modules = {
|
|
podman.enable = true;
|
|
programs = {
|
|
gpg.enable = true;
|
|
};
|
|
shell = {
|
|
zsh.enable = true;
|
|
};
|
|
services = {
|
|
borgmatic = {
|
|
enable = true;
|
|
directories = [
|
|
config.services.jellyfin.dataDir
|
|
"/home/jordan"
|
|
];
|
|
repoPath = "ssh://b61758r4@b61758r4.repo.borgbase.com/./repo";
|
|
};
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "22.11";
|
|
}
|
|
|