AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add *arr stack

Browse Source
This commit is contained in:
Dmitriy Kholkin 2022-04-04 14:53:16 +03:00
parent 590d3a44b1
commit f19f1c20c8
12 changed files with 357 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
machines/NixOS-CT/default.nix
View File

@ -12,6 +12,8 @@
roundcube roundcube
seafile seafile
vaultwarden vaultwarden
media-stack
]; ];
deviceSpecific.devInfo = { deviceSpecific.devInfo = {

20
profiles/servers/media-stack/bazarr.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }: {
virtualisation.oci-containers.containers.bazarr = {
autoStart = true;
environment = {
PUID = "1015";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "cr.hotio.dev/hotio/bazarr:release-1.0.3";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/bazarr/config:/config"
"/media/data:/data"
];
};
}

59
profiles/servers/media-stack/caddy.nix Normal file
View File

@ -0,0 +1,59 @@
{ config, lib, pkgs, ... }:
let
caddyconf = pkgs.writeText "Caddyfile" ''
{
auto_https off
http_port 8080
log {
output file /config/logs/access.log
}
}
jellyfin.ataraxiadev.com:8080 {
reverse_proxy jellyfin:8096
}
radarr.ataraxiadev.com:8080 {
reverse_proxy radarr:7878
}
qbit.ataraxiadev.com:8080 {
reverse_proxy qbittorrent:8080
}
prowlarr.ataraxiadev.com:8080 {
reverse_proxy prowlarr:9696
}
sonarr.ataraxiadev.com:8080 {
reverse_proxy sonarr-anime:8989
}
sonarrtv.ataraxiadev.com:8080 {
reverse_proxy sonarr-tv:8989
}
organizr.ataraxiadev.com:8080 {
reverse_proxy organizr:80
}
lidarr.ataraxiadev.com:8080 {
reverse_proxy lidarr:8686
}
bazarr.ataraxiadev.com:8080 {
reverse_proxy bazarr:6767
}
'';
in {
virtualisation.oci-containers.containers.media-caddy = {
autoStart = true;
environment = {
PUID = "1009";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
ports = [ "127.0.0.1:8100:8080" ];
image = "cr.hotio.dev/hotio/caddy:release-2.4.6";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/caddy/config:/config"
"${caddyconf}:/config/Caddyfile"
];
};
}

55
profiles/servers/media-stack/default.nix Normal file
View File

@ -0,0 +1,55 @@
{ config, pkgs, ... }:
with config.virtualisation.oci-containers; {
imports = [
./caddy.nix
./prowlarr.nix
./qbittorrent.nix
./jellyfin.nix
./radarr.nix
./lidarr.nix
./sonarr.nix
./organizr.nix
./bazarr.nix
];
secrets.xray-config = {
services = [ "${backend}-xray.service" ];
};
virtualisation.oci-containers.containers.xray = {
autoStart = true;
environment = {
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "teddysun/xray:1.5.4";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${config.secrets.xray-config.decrypted}:/etc/xray/config.json"
];
};
systemd.services.create-media-network = {
serviceConfig.Type = "oneshot";
wantedBy = [
"${backend}-jellyfin.service"
"${backend}-radarr.service"
"${backend}-media-caddy.service"
"${backend}-qbittorrent.service"
"${backend}-prowlarr.service"
"${backend}-xray.service"
"${backend}-sonarr-tv.service"
"${backend}-sonarr-anime.service"
"${backend}-organizr.service"
"${backend}-lidarr.service"
"${backend}-bazarr.service"
];
script = ''
${pkgs.docker}/bin/docker network inspect media || \
${pkgs.docker}/bin/docker network create -d bridge media
exit 0
'';
};
}

20
profiles/servers/media-stack/jellyfin.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }: {
virtualisation.oci-containers.containers.jellyfin = {
autoStart = true;
environment = {
PUID = "1010";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "cr.hotio.dev/hotio/jellyfin:release-10.7.7-1";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/jellyfin/config:/config"
"/media/data/media:/data/media"
];
};
}

20
profiles/servers/media-stack/lidarr.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }: {
virtualisation.oci-containers.containers.lidarr = {
autoStart = true;
environment = {
PUID = "1014";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "cr.hotio.dev/hotio/lidarr:release-0.8.1.2135";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/lidarr/config:/config"
"/media/data:/data"
];
};
}

19
profiles/servers/media-stack/organizr.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }: {
virtualisation.oci-containers.containers.organizr = {
autoStart = true;
environment = {
PUID = "1017";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "organizr/organizr";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/organizr/config:/config"
];
};
}

20
profiles/servers/media-stack/prowlarr.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }: {
virtualisation.oci-containers.containers.prowlarr = {
autoStart = true;
environment = {
PUID = "1016";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "cr.hotio.dev/hotio/prowlarr:testing-0.2.0.1448";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/prowlarr/config:/config"
"/media/data/torrents:/data/torrents"
];
};
}

20
profiles/servers/media-stack/qbittorrent.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }: {
virtualisation.oci-containers.containers.qbittorrent = {
autoStart = true;
environment = {
PUID = "1018";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "cr.hotio.dev/hotio/qbittorrent:release-4.4.1";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/qbittorrent/config:/config"
"/media/data/torrents:/data/torrents"
];
};
}

20
profiles/servers/media-stack/radarr.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }: {
virtualisation.oci-containers.containers.radarr = {
autoStart = true;
environment = {
PUID = "1011";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "cr.hotio.dev/hotio/radarr:release-4.0.5.5981";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/radarr/config:/config"
"/media/data:/data"
];
};
}

39
profiles/servers/media-stack/sonarr.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, lib, pkgs, ... }: {
virtualisation.oci-containers.containers.sonarr-anime = {
autoStart = true;
environment = {
PUID = "1012";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "cr.hotio.dev/hotio/sonarr:release-3.0.7.1477";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/sonarr-anime/config:/config"
"/media/data:/data"
];
};
virtualisation.oci-containers.containers.sonarr-tv = {
autoStart = true;
environment = {
PUID = "1013";
PGID = "1005";
UMASK = "002";
TZ = "Europe/Moscow";
};
extraOptions = [
"--network=media"
];
image = "cr.hotio.dev/hotio/sonarr:release-3.0.7.1477";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/media/configs/sonarr-tv/config:/config"
"/media/data:/data"
];
};
}

77
profiles/servers/nginx.nix
View File

@ -1,7 +1,10 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }: {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging
defaults.server = "https://acme-v02.api.letsencrypt.org/directory"; # production
defaults.email = "ataraxiadev@ataraxiadev.com"; defaults.email = "ataraxiadev@ataraxiadev.com";
defaults.renewInterval = "weekly";
certs = { certs = {
"ataraxiadev.com" = { "ataraxiadev.com" = {
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
@ -18,6 +21,15 @@
"code.ataraxiadev.com" "code.ataraxiadev.com"
"file.ataraxiadev.com" "file.ataraxiadev.com"
"webmail.ataraxiadev.com" "webmail.ataraxiadev.com"
"jellyfin.ataraxiadev.com"
"radarr.ataraxiadev.com"
"qbit.ataraxiadev.com"
"prowlarr.ataraxiadev.com"
"sonarr.ataraxiadev.com"
"sonarrtv.ataraxiadev.com"
"organizr.ataraxiadev.com"
"lidarr.ataraxiadev.com"
"bazarr.ataraxiadev.com"
]; ];
}; };
}; };
@ -30,6 +42,11 @@
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
clientMaxBodySize = "250m"; clientMaxBodySize = "250m";
commonHttpConfig = ''
proxy_hide_header X-Frame-Options;
proxy_hide_header content-security-policy;
add_header X-Frame-Options "ALLOW-FROM https://organizr.ataraxiadev.com";
'';
virtualHosts = let virtualHosts = let
default = { default = {
useACMEHost = "ataraxiadev.com"; useACMEHost = "ataraxiadev.com";
@ -49,7 +66,7 @@
hardened = { hardened = {
extraConfig = '' extraConfig = ''
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "SAMEORIGIN"; # add_header X-Frame-Options "SAMEORIGIN";
add_header X-Robots-Tag "none"; add_header X-Robots-Tag "none";
add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Content-Type-Options "nosniff"; add_header X-Content-Type-Options "nosniff";
@ -97,42 +114,74 @@
"startpage.ataraxiadev.com" = { "startpage.ataraxiadev.com" = {
locations."/" = { locations."/" = {
root = "/srv/http/startpage.ataraxiadev.com/"; root = "/srv/http/startpage.ataraxiadev.com/";
extraConfig = '' # extraConfig = ''
add_header X-XSS-Protection "1; mode=block"; # add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag "none"; # add_header X-Robots-Tag "none";
add_header Referrer-Policy "strict-origin-when-cross-origin"; # add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-Content-Type-Options "nosniff"; # add_header X-Content-Type-Options "nosniff";
''; # '';
}; };
} // default; } // default;
"vw.ataraxiadev.com" = { "vw.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "http://localhost:8812"; proxyPass = "http://localhost:8812";
} // proxySettings // hardened; } // proxySettings;
locations."/notifications/hub" = { locations."/notifications/hub" = {
proxyPass = "http://localhost:3012"; proxyPass = "http://localhost:3012";
proxyWebsockets = true; proxyWebsockets = true;
} // proxySettings // hardened; } // proxySettings;
locations."/notifications/hub/negotiate" = { locations."/notifications/hub/negotiate" = {
proxyPass = "http://localhost:8812"; proxyPass = "http://localhost:8812";
} // proxySettings // hardened; } // proxySettings;
} // default; } // default;
"code.ataraxiadev.com" = { "code.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "http://localhost:6000"; proxyPass = "http://localhost:6000";
} // proxySettings // hardened; } // proxySettings;
} // default; } // default;
"file.ataraxiadev.com" = { "file.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "http://localhost:8088/"; proxyPass = "http://localhost:8088";
} // proxySettings // hardened; } // proxySettings;
} // default; } // default;
"webmail.ataraxiadev.com" = { "webmail.ataraxiadev.com" = {
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
client_max_body_size 30M; client_max_body_size 30M;
''; '';
} // hardened; } // proxySettings;
} // default;
"media-stack" = {
serverAliases = [
"jellyfin.ataraxiadev.com"
"radarr.ataraxiadev.com"
"qbit.ataraxiadev.com"
"prowlarr.ataraxiadev.com"
"sonarr.ataraxiadev.com"
"sonarrtv.ataraxiadev.com"
"organizr.ataraxiadev.com"
"lidarr.ataraxiadev.com"
"bazarr.ataraxiadev.com"
];
locations."/" = {
proxyPass = "http://localhost:8100";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
send_timeout 15m;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 15m;
'';
};
} // default; } // default;
}; };
}; };