opdavies/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Automated dev commit

Browse source
This commit is contained in:
Oliver Davies 2025-05-01 00:00:05 +01:00
parent 9528a4d435
commit 35497a3931
9 changed files with 349 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/nixedo/homelab.nix
View file

@ -22,6 +22,7 @@
immich.enable = true;
jellyfin.enable = true;
paperless.enable = true;
tubearchivist.enable = true;
uptime-kuma.enable = true;
vaultwarden = {

1
hosts/nixedo/modules/acme.nix
View file

@ -39,6 +39,7 @@
"tailwindcss-demo"
"talking-drupal-tailwindcss"
"tome"
"tubearchivist"
"uptime"
"vaultwarden"
"wp-tailwind"

3
hosts/nixedo/modules/containers/default.nix
View file

@ -1,5 +1,6 @@
{
imports = [
./pi-hole.nix
# ./pi-hole.nix
./tubearchivist.nix
];
}

313
hosts/nixedo/modules/containers/tubearchivist.nix Normal file
View file

@ -0,0 +1,313 @@
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = homelab.services.${service};
service = "tubearchivist";
homelab = config.features.homelab;
in
{
options.features.homelab.services.${service} = {
enable = mkEnableOption "Enable ${service}";
port = mkOption {
default = 8099;
type = types.port;
};
url = mkOption {
default = "${service}.${homelab.baseDomain}";
type = types.str;
};
};
config = mkIf cfg.enable {
virtualisation = {
oci-containers.backend = "podman";
podman.enable = true;
};
virtualisation.oci-containers.containers."archivist-es" = {
image = "bbilly1/tubearchivist-es";
environment = {
"ES_JAVA_OPTS" = "-Xms1g -Xmx1g";
"discovery.type" = "single-node";
"path.repo" = "/usr/share/elasticsearch/data/snapshot";
"xpack.security.enabled" = "true";
"cluster.routing.allocation.disk.watermark.flood_stage" = "98%";
"cluster.routing.allocation.disk.watermark.high" = "97%";
"cluster.routing.allocation.disk.watermark.low" = "95%";
};
environmentFiles = [
config.age.secrets.tubearchivist-env.path
];
volumes = [
"tubearchivist_es:/usr/share/elasticsearch/data:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=archivist-es"
"--network=tubearchivist_default"
];
};
systemd.services."podman-archivist-es" = {
serviceConfig = {
Restart = mkOverride 90 "always";
RestartMaxDelaySec = mkOverride 90 "1m";
RestartSec = mkOverride 90 "100ms";
RestartSteps = mkOverride 90 9;
};
after = [
"podman-network-tubearchivist_default.service"
"podman-volume-tubearchivist_es.service"
];
requires = [
"podman-network-tubearchivist_default.service"
"podman-volume-tubearchivist_es.service"
];
partOf = [
"podman-compose-tubearchivist-root.target"
];
wantedBy = [
"podman-compose-tubearchivist-root.target"
];
};
virtualisation.oci-containers.containers."archivist-redis" = {
image = "redis";
volumes = [
"tubearchivist_redis:/data:rw"
];
dependsOn = [
"archivist-es"
];
log-driver = "journald";
extraOptions = [
"--network-alias=archivist-redis"
"--network=tubearchivist_default"
];
};
systemd.services."podman-archivist-redis" = {
serviceConfig = {
Restart = mkOverride 90 "always";
RestartMaxDelaySec = mkOverride 90 "1m";
RestartSec = mkOverride 90 "100ms";
RestartSteps = mkOverride 90 9;
};
after = [
"podman-network-tubearchivist_default.service"
"podman-volume-tubearchivist_redis.service"
];
requires = [
"podman-network-tubearchivist_default.service"
"podman-volume-tubearchivist_redis.service"
];
partOf = [
"podman-compose-tubearchivist-root.target"
];
wantedBy = [
"podman-compose-tubearchivist-root.target"
];
};
virtualisation.oci-containers.containers."tubearchivist" = {
image = "bbilly1/tubearchivist";
environment = {
"ES_URL" = "http://archivist-es:9200";
"HOST_GID" = "1000";
"HOST_UID" = "1000";
"REDIS_CON" = "redis://archivist-redis:6379";
"TA_HOST" = "http://${cfg.url}";
"TZ" = "Europe/London";
};
environmentFiles = [
config.age.secrets.tubearchivist-env.path
];
volumes = [
"/mnt/media/${service}/cache:/cache:rw"
"/mnt/media/${service}/media:/youtube:rw"
];
ports = [
"${toString cfg.port}:8000/tcp"
];
dependsOn = [
"archivist-es"
"archivist-redis"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=[\"curl\", \"-f\", \"http://localhost:8000/health\"]"
"--health-interval=2m0s"
"--health-retries=3"
"--health-start-period=30s"
"--health-timeout=10s"
"--network-alias=tubearchivist"
"--network=tubearchivist_default"
];
};
systemd.services."podman-tubearchivist" = {
serviceConfig = {
Restart = mkOverride 90 "always";
RestartMaxDelaySec = mkOverride 90 "1m";
RestartSec = mkOverride 90 "100ms";
RestartSteps = mkOverride 90 9;
};
after = [
"podman-network-tubearchivist_default.service"
"podman-volume-tubearchivist_cache.service"
"podman-volume-tubearchivist_media.service"
];
requires = [
"podman-network-tubearchivist_default.service"
"podman-volume-tubearchivist_cache.service"
"podman-volume-tubearchivist_media.service"
];
partOf = [
"podman-compose-tubearchivist-root.target"
];
wantedBy = [
"podman-compose-tubearchivist-root.target"
];
};
systemd.services."podman-network-tubearchivist_default" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f tubearchivist_default";
};
script = ''
podman network inspect tubearchivist_default || podman network create tubearchivist_default
'';
partOf = [ "podman-compose-tubearchivist-root.target" ];
wantedBy = [ "podman-compose-tubearchivist-root.target" ];
};
systemd.services."podman-volume-tubearchivist_cache" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect tubearchivist_cache || podman volume create tubearchivist_cache
'';
partOf = [ "podman-compose-tubearchivist-root.target" ];
wantedBy = [ "podman-compose-tubearchivist-root.target" ];
};
systemd.services."podman-volume-tubearchivist_es" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect tubearchivist_es || podman volume create tubearchivist_es
'';
partOf = [ "podman-compose-tubearchivist-root.target" ];
wantedBy = [ "podman-compose-tubearchivist-root.target" ];
};
systemd.services."podman-volume-tubearchivist_media" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect tubearchivist_media || podman volume create tubearchivist_media
'';
partOf = [ "podman-compose-tubearchivist-root.target" ];
wantedBy = [ "podman-compose-tubearchivist-root.target" ];
};
systemd.services."podman-volume-tubearchivist_redis" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect tubearchivist_redis || podman volume create tubearchivist_redis
'';
partOf = [ "podman-compose-tubearchivist-root.target" ];
wantedBy = [ "podman-compose-tubearchivist-root.target" ];
};
systemd.targets."podman-compose-tubearchivist-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
services.nginx.virtualHosts."${cfg.url}" = {
forceSSL = true;
useACMEHost = homelab.baseDomain;
locations."/" = {
proxyPass = "http://localhost:${toString cfg.port}";
recommendedProxySettings = true;
extraConfig = ''
proxy_buffering off;
'';
};
};
};
}

1
hosts/nixedo/secrets.nix
View file

@ -2,5 +2,6 @@
age.secrets = {
cloudflare.file = ../../secrets/cloudflare.age;
cloudflared.file = ../../secrets/cloudflared-credentials.age;
tubearchivist-env.file = ../../secrets/tubearchivist-env.age;
};
}

5
hosts/nixedo/services/containers/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./tubearchivist.nix
];
}

2
hosts/t480/configuration.nix
View file

@ -66,7 +66,6 @@
};
environment.systemPackages = with pkgs; [
tailscale
abook
acpi
arandr
@ -98,6 +97,7 @@
shotwell
slack
sxiv
tailscale
ttyper
upload-to-files
xcape

5
secrets.nix
View file

@ -19,4 +19,9 @@ in
"secrets/cloudflared-credentials.age".publicKeys = [
hosts.nixedo
] ++ [ users.opdavies ];
"secrets/tubearchivist-env.age".publicKeys = [
hosts.nixedo
hosts.t480
] ++ [ users.opdavies ];
}

20
secrets/tubearchivist-env.age Normal file
View file

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-ed25519 IsVD3g JcpSuBgBp3nnPscb55121KL2XeCkBnwRwr57rFYE+nE
o0nLbL0tQWZIwOECYb+/zQsGo9/uoEpuaPqdxoZqY/Y
-> ssh-ed25519 IsVD3g fYyG89/0d3WO+aG9SaZ5+QMGrayd0y6EdnpjEx7mOTM
nbP/TlK5goWZe6ObIvqaRYTa7XPKprVoOeOZBPARON4
-> ssh-rsa +vTWQw
mrS2MJwu/XgQd0y+bE9pa4iCZk8m1l6WQrnLb7tOaPXiVBObh03k6y9uWsfVSgmh
gnXHBQIAGXtdJ6qabt5jLDQrDxMZw1jxAr5QONR8Y+zmcw3BTvKYmVQRfsRlOM0O
qC4VG7CXcq7tcOEHKi3VliyUZW3R1SzXVhr72VXsug2IbWsNp/plusiA8MmLR3Mf
0N6z8ye1ZKRFHs4Q9ShyLad5JcJtkjrNmhbhQdZlNUQfOf+jrTEFrgKII96pCWqI
2eqpUbA1ameSUXgRknaZjIYQBmJd5ejvClGV5cojlD+DdX0W85mRW/Xj1CinUsGk
QZ+RFQ9GWGLLV8Uba707nbS1yMlnc2afJyG8dWGaH9m2E/9NnsFxCIbcQTrK28Yu
yabdui1sXG8stVWGK4FqCTuxNLv/bWC37IcFQQai9wgZhziyO07QR1jQ2xiMXLBZ
cw3KT8y8yYROzhZCuKoW/FAIrlsQv3ePBv+YEpnLF++2Pa25d1jmJXryAooDpBLd
5gi/hKvBeDPwtgStS0BjPYRM37tQ0UlHkcCqq8v2xeTX7VZpqWrzUcGX4DXCgxxX
Qrj5eDdomUfFH5NE8LWWNfpAlP1SOkM3ebCoa9e1sfEdJUzubIbSuRL/VFTm0SJe
WaUbIuTPOo7Sda6ZgM7lPFylqJNC8bHI5Ch6AH7UWX0
--- GcN2m5Td0aMEWTrH6ZOyjplhvkHsHrCJfoyyfsbJHZo
ßýÂx¾üéÿñLÕú}÷va1„éé»Ô(tùäß1$„òC<C3B2>nÎ߇;ftO@]y½çcv‡úd
Äûã¬VQ †‰±X¢S;à.OÒÏס?Hº±ÉŠ©ÔJ˜áŸêÆD÷|ö¯'!w¥9ègüvâRâ½uÆN<C386>S¢Ãº