christoph/flake-homelab
1
Fork 0
Code Activity

Compare commits

base: christoph:fdd52d91ae85ffad63baeae8b1d73e442e42f1ea
Branches Tags
christoph:main
...
compare: christoph:main
Branches Tags
christoph:main

71 Commits
fdd52d91ae ... main

Author SHA1 Message Date
Christoph Urlacher
6eae420d21 Remove obsolete nfs mounts 2025-07-08 17:42:11 +02:00
Christoph Urlacher
244e14af94 ServeNix: Remove obsolete services 2025-06-03 02:29:30 +02:00
Christoph Urlacher
1f8ff6f270 ServeNix: Update Immich 2025-05-24 16:40:15 +02:00
Christoph Urlacher
9555c20fc3 ServeNix: Disable NextCloud cronjob container 2025-05-24 16:40:15 +02:00
Christoph Urlacher
e82f958961 ThinkNix: Disable docker ipv6 2025-03-26 14:34:03 +01:00
Christoph Urlacher
7f41c82d5f ServeNix: Disable docker ipv6 2025-03-26 14:33:58 +01:00
Christoph Urlacher
f91dbcc046 Servenix: Update box service 2025-03-26 14:02:21 +01:00
Christoph Urlacher
70ead97dbc Servenix: Update docker ipv6 config 2025-03-10 17:20:16 +01:00
Christoph Urlacher
fb15b2c387 ThinkNix: Update docker ipv6 config 2025-03-10 16:57:39 +01:00
Christoph Urlacher
efcf7ed4a7 ServeNix: Update docker ipv6 config 2025-03-10 16:46:06 +01:00
Christoph Urlacher
a9219d324c ThinkNix: Update docker ipv6 config 2025-03-10 16:45:45 +01:00
Christoph Urlacher
fe73dc7da7 ThinkNix: Disable homepage 2025-03-10 16:40:19 +01:00
Christoph Urlacher
b51eac7c4b ThinkNix: Update ipv6 addr 2025-03-10 16:18:27 +01:00
Christoph Urlacher
537207da6d ServeNix: Update ipv6 addr 2025-03-10 16:18:21 +01:00
Christoph Urlacher
bc28bb8f26 ThinkNix: Enable IPv6 2025-03-10 14:46:59 +01:00
Christoph Urlacher
176b263803 ServeNix: Enable IPv6 2025-03-10 14:33:18 +01:00
Christoph Urlacher
e75c4cd83d ServeNix: Add formula11 service 2025-03-10 13:48:51 +01:00
Christoph Urlacher
7c6f0d5678 ServeNix: Disable old NFS mount 2025-03-10 13:48:45 +01:00
Christoph Urlacher
03f7dfc0a4 ThinkNix: Revert homepage privileges 2025-01-29 19:19:19 +01:00
Christoph Urlacher
43a3aefc59 ThinkNix: Make homepage run privileged (for docker socket access) 2025-01-29 19:18:31 +01:00
Christoph Urlacher
4ec1aca96b ThinkNix: Allow docker access via tcp socket 2025-01-29 19:18:20 +01:00
Christoph Urlacher
654a8ddb21 ThinkNix: Update kopia volumes 2025-01-29 19:18:10 +01:00
Christoph Urlacher
45f1ca6412 Move homepage ServeNix -> ThinkNix 2025-01-29 19:01:18 +01:00
Christoph Urlacher
175562d85e ServeNix: Disable NC cronjob container 2025-01-29 18:52:06 +01:00
Christoph Urlacher
833feda4f1 ThinkNix: Update wud image location 2025-01-29 17:58:14 +01:00
Christoph Urlacher
b1d1d71ed3 ServeNix: Update wud image location 2025-01-29 17:58:07 +01:00
Christoph Urlacher
261bfe95c9 ThinkNix: Add whats-up-docker 2025-01-29 17:49:11 +01:00
Christoph Urlacher
9c568262ca ServeNix: Replace portainer with portainer/agent (user thinknix as master) 2025-01-29 17:48:56 +01:00
Christoph Urlacher
370268b9e6 ServeNix: Update kopia volumes 2025-01-29 17:48:41 +01:00
Christoph Urlacher
e8100dafea Update kopia volumes 2024-09-23 00:55:06 +02:00
Christoph Urlacher
603c7e3c1d Add formula10 cache volume 
Will be used for the FastF1 cache in the future
 2024-09-23 00:46:18 +02:00
Christoph Urlacher
a60a495513 Disable obsolete services 2024-09-11 01:45:53 +02:00
Christoph Urlacher
0b7c394d01 Add library to unmanic 2024-08-21 10:09:13 +02:00
Christoph Urlacher
3febc830e0 Update nextcloud cron interval 2024-08-21 01:17:52 +02:00
Christoph Urlacher
fb18eb5877 Replace fileflows with unmanic 2024-08-21 01:17:45 +02:00
Christoph Urlacher
9d3ba741cd Add clips volume 2024-08-21 01:17:26 +02:00
Christoph Urlacher
3c9e3de1aa Disable uptime-kuma 2024-05-28 18:09:11 +02:00
Christoph Urlacher
c004f5b6d0 Disable airsignal 2024-05-28 09:44:02 +02:00
Christoph Urlacher
ee399dea48 Add music lib to jellyfin 2024-05-23 09:30:24 +02:00
Christoph Urlacher
9688404763 Update box 2024-05-23 09:30:18 +02:00
Christoph Urlacher
f00560ed47 Update volume scripts 2024-04-04 19:24:54 +02:00
Christoph Urlacher
f92ea4e3c3 Move wireguard to thinknix 2024-04-04 19:21:28 +02:00
Christoph Urlacher
7a82c2d3df Add volume restore script 2024-04-04 19:19:53 +02:00
Christoph Urlacher
bbeb1862d2 Add volume backup script 2024-04-04 19:18:51 +02:00
Christoph Urlacher
2379c61fa5 Add gitignore 2024-04-04 19:18:51 +02:00
Christoph Urlacher
80986e73be Update servenix dns 2024-04-04 19:18:51 +02:00
Christoph Urlacher
385374e15e Add ThinkNix config 2024-04-04 18:18:28 +02:00
Christoph Urlacher
1c1022f5c9 Add paperless + remove hass 2024-04-04 14:46:39 +02:00
Christoph Urlacher
be9bb6f96e Update nextcloud trusted domains 2024-04-04 14:46:32 +02:00
Christoph Urlacher
f0f26bd91f Add paperless service 2024-04-04 14:46:18 +02:00
Christoph Urlacher
efb02033ba Add paperless to kopia 2024-04-04 14:46:13 +02:00
Christoph Urlacher
370e479ee1 Set formula10 tz 2024-04-04 14:46:04 +02:00
Christoph Urlacher
a03901dbad Remove memos volume from kopia 2024-03-09 17:47:49 +01:00
Christoph Urlacher
4a75307017 Add formula10 service 2024-03-09 17:26:56 +01:00
Christoph Urlacher
91c1bf7d1f Update immich service 2024-03-09 17:26:49 +01:00
Christoph Urlacher
d73a0a3c46 Disable memos service 2024-03-09 17:26:45 +01:00
Christoph Urlacher
27e0a5f76e Expose homeassistant port for outside access 2024-03-09 17:26:35 +01:00
Christoph Urlacher
1232b67b67 Update download paths 2024-03-09 17:26:23 +01:00
Christoph Urlacher
19f38e2634 Add new vols to kopia 2023-12-28 10:52:22 +01:00
Christoph Urlacher
7ae9d39e7a Add homeassistant service 2023-12-27 22:58:20 +01:00
Christoph Urlacher
26e6616d8c Add ripgrep 2023-12-27 22:58:15 +01:00
Christoph Urlacher
c92eb7a1d7 Remove gitlab service 2023-12-27 22:58:05 +01:00
Christoph Urlacher
30213d9e7d Disable adguard extra DNS ports 2023-12-27 22:57:58 +01:00
Christoph Urlacher
217b6dfa27 Replace pihole with adguardhome 2023-12-03 19:46:54 +01:00
Christoph Urlacher
59e498d411 Mount all docker volumes to kopia 2023-12-03 18:34:56 +01:00
Christoph Urlacher
75c2a8a9a1 Add nextcloud cron runner 2023-12-03 17:25:55 +01:00
Christoph Urlacher
6864a93884 Update heidi service 2023-11-26 00:42:36 +01:00
Christoph Urlacher
214c7d1bac Attempt to fix docker-heidi stopping times 2023-11-25 19:08:07 +01:00
Christoph Urlacher
b42289045a Remove dind stuff from gitea-runner.nix 2023-11-22 10:25:24 +01:00
Christoph Urlacher
d75a47d583 Update gitea ssh config 2023-11-21 23:23:11 +01:00
Christoph Urlacher
6d6325fde8 Mount heidi sound volume 2023-11-21 21:23:30 +01:00
43 changed files with 1022 additions and 657 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
*.password
ServeNix/services/heidi.discord_token
volumes-backup/*.tar.gz

101
ServeNix/configuration.nix
View File

@ -11,43 +11,32 @@
./hardware-configuration.nix
<home-manager/nixos>
# DNS (required for internet)
# ./services/adguard.nix # NOTE: Runs on ThinkNix
# ./services/pihole.nix
# My own stuff
# ./services/airsignal.nix
./services/heidi.nix
./services/formula10.nix
./services/formula11.nix
# General
./services/airsignal.nix
./services/authelia.nix
./services/gitea.nix
./services/gitea-runner.nix
./services/homepage.nix
# ./services/homeassistant.nix # Replaced by HAOS
# ./services/homepage.nix
./services/immich.nix
./services/jellyfin.nix
./services/kopia.nix
./services/memos.nix
./services/nextcloud.nix
./services/nginx-proxy-manager.nix
./services/pihole.nix
./services/paperless.nix
./services/portainer.nix
./services/uptime-kuma.nix
# ./services/uptime-kuma.nix
./services/whats-up-docker.nix
./services/wireguard-vps.nix
# Discord
./services/heidi.nix
# MultimediArr
./services/bazarr.nix
./services/fileflows.nix
./services/jellyfin.nix
./services/jellyseerr.nix
./services/jellystat.nix
./services/prowlarr.nix
./services/radarr.nix
./services/sonarr.nix
./services/sabnzbd.nix
# Box
./services/box-fileflows.nix
./services/box-hydra.nix
./services/box-metube.nix
./services/box-sabnzbd.nix
./services/box-stash.nix
# ./services/wireguard-vps.nix # NOTE: Runs on ThinkNix
];
# Bootloader.
@ -91,14 +80,32 @@
# Enable networking
networkmanager.enable = true;
enableIPv6 = true;
interfaces.ens18 = {
ipv4.addresses = [
{
address = "192.168.86.25";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fd00::19"; # 25 in hex
prefixLength = 120;
}
];
};
interfaces.ens18.ipv4.addresses = [{
address = "192.168.86.25";
prefixLength = 24;
}];
defaultGateway = "192.168.86.5";
defaultGateway6 = "fd00::5";
nameservers = [
"127.0.0.1"
# "127.0.0.1"
# "8.8.8.8"
"192.168.86.26"
"fd00::1a" # 26 in hex
];
};
@ -116,6 +123,11 @@
# crash the whole service.
check=$(${dockercli} network ls | grep ${network} || true)
if [ -z "$check" ]; then
# TODO: Disable IP masquerading to show individual containers in AdGuard/Pi-Hole
# - Disabling this prevents containers from having internet connection. DNS issue?
# ${dockercli} network create -o "com.docker.network.bridge.enable_ip_masquerade"="false" ${network}
# ${dockercli} network create --ipv6 --gateway="2000::1" --subnet="2000::/80" ${network}
${dockercli} network create ${network}
else
echo "${network} already exists in docker"
@ -171,6 +183,8 @@
nnn
busybox
glances
ffmpeg
ripgrep
docker-compose
];
@ -215,6 +229,27 @@
# enable = true;
# setSocketVariable = true;
# };
daemon.settings = {
# ipv6 = true; # TODO: Resulted in slowdowns for some services?
# fixed-cidr-v6 = "2001::/80";
dns = [
# TODO: Does this circumvent my DNS for each container?
# It might improve gitea actions though...
"8.8.8.8"
# "2001:4860:4860::8888"
# TODO: Might prevent containers from having DNS?
# "127.0.0.1"
# "192.168.86.25"
];
# Allow access via tcp socket (for homepage)
hosts = [
"tcp://0.0.0.0:2375"
"unix:///var/run/docker.sock"
];
};
};
oci-containers.backend = "docker";
};
@ -267,6 +302,8 @@
ntp.enable = true;
qemuGuest.enable = true;
# TODO: Might prevent containers from having working DNS
# resolved.fallbackDns = ["8.8.8.8"];
};
networking.firewall = {

21
ServeNix/hardware-configuration.nix
View File

@ -47,25 +47,8 @@
fsType = "nfs";
};
"/media/TV-Usenet" = {
device = "192.168.86.20:/mnt/SG Exos Mirror 18TB/Usenet";
fsType = "nfs";
};
# WD Blue Stripe Shares
"/media/Stash-Video" = {
device = "192.168.86.20:/mnt/WD Blue Stripe 2T/Video";
fsType = "nfs";
};
"/media/Stash-Picture" = {
device = "192.168.86.20:/mnt/WD Blue Stripe 2T/Picture";
fsType = "nfs";
};
"/media/Stash-Usenet" = {
device = "192.168.86.20:/mnt/WD Blue Stripe 2T/Usenet";
"/media/TV-Music" = {
device = "192.168.86.20:/mnt/SG Exos Mirror 18TB/Music";
fsType = "nfs";
};
};

49
ServeNix/services/adguard.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.adguard = {
image = "adguard/adguardhome";
autoStart = true;
dependsOn = [];
ports = [
# DNS server
"53:53/tcp"
"53:53/udp"
# "853:853/tcp" # DNS over TLS
# "853:853/udp" # DNS over QUIC
# DHCP server
# "67:67/udp"
# "68:68/tcp"
# "68:68/udp"
# Admin panel + DNS over HTTPS
# "80:80/tcp"
# "443:443/tcp"
# "443:443/udp"
# "3100:3000/tcp" # Web interface
# DNSCrypt
# "5443:5443/tcp"
# "5443:5443/udp"
# "6060:6060/tcp" # Debugging
];
volumes = [
"adguard_config:/opt/adguardhome/conf"
"adguard_work:/opt/adguardhome/work"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
}

26
ServeNix/services/airsignal.nix
View File

@ -1,26 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.airsignal = {
image = "gitea.vps.chriphost.de/christoph/airsignal:latest";
autoStart = true;
dependsOn = [];
ports = [
"12776:12776"
"12776:12776/udp"
];
volumes = [];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
}

33
ServeNix/services/bazarr.nix
View File

@ -1,33 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.bazarr = {
image = "linuxserver/bazarr:latest";
autoStart = true;
dependsOn = [];
ports = [
# "6767:6767"
];
volumes = [
"bazarr_config:/config"
"/media/Show:/tv"
"/media/Movie:/movies"
];
environment = {
PUID = "3000";
PGID = "3000";
TZ = "Europe/Berlin";
};
extraOptions = [
"--net=behind-nginx"
];
};
}

42
ServeNix/services/box-fileflows.nix
View File

@ -1,42 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.box-fileflows = {
image = "revenz/fileflows:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "5000:5000"
];
volumes = [
"/media/Stash-Video:/media/Video"
"box-fileflows_temp:/temp"
"box-fileflows_logs:/app/Logs"
"box-fileflows_config:/app/Data"
"/var/run/docker.sock:/var/run/docker.sock:ro"
];
environment = {
TZ = "Europe/Berlin";
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraOptions = [
"--privileged" # Helps with CUDA issues
"--gpus=all"
"--net=behind-nginx"
];
};
}

36
ServeNix/services/box-metube.nix
View File

@ -1,36 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.box-metube = {
image = "ghcr.io/alexta69/metube";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "3366:8081"
];
volumes = [
"/media/Stash-Usenet/metube:/downloads"
];
environment = {
UID = "3001";
GID = "3001";
# NVIDIA_VISIBLE_DEVICES = "all";
# NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
}

35
ServeNix/services/box-sabnzbd.nix
View File

@ -1,35 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.box-sabnzbd = {
image = "linuxserver/sabnzbd:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "8080:8080"
];
volumes = [
"/media/Stash-Usenet:/downloads"
"box-sabnzbd_config:/config"
];
environment = {
PUID = "3001";
PGID = "3001";
TZ = "Europe/Berlin";
};
extraOptions = [
"--net=behind-nginx"
];
};
}

47
ServeNix/services/box-stash.nix
View File

@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.box-stash = {
image = "stashapp/stash:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "9999:9999"
];
volumes = [
"/media/Stash-Picture:/data/picture"
"/media/Stash-Video:/data/video"
"box-stash_config:/root/.stash"
"box-stash_metadata:/metadata"
"box-stash_generated:/generated"
"box-stash_blobs:/blobs"
"box-stash_cache:/cache"
];
environment = {
STASH_PORT = "9999";
STASH_CACHE = "/cache/";
STASH_GENERATED = "/generated/";
STASH_METADATA = "/metadata/";
STASH_STASH = "/data/";
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraOptions = [
"--privileged"
"--gpus=all"
"--net=behind-nginx"
];
};
}

43
ServeNix/services/fileflows.nix
View File

@ -1,43 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.fileflows = {
image = "revenz/fileflows:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "5000:5000"
];
volumes = [
"/media/Movie:/media/Movie"
"/media/Show:/media/Show"
"fileflows_temp:/temp"
"fileflows_logs:/app/Logs"
"fileflows_config:/app/Data"
"/var/run/docker.sock:/var/run/docker.sock:ro"
];
environment = {
TZ = "Europe/Berlin";
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraOptions = [
"--privileged" # Helps with CUDA issues
"--gpus=all"
"--net=behind-nginx"
];
};
}

31
ServeNix/services/formula10.nix Normal file
View File

@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.formula10 = {
image = "gitea.vps.chriphost.de/christoph/formula10:latest";
autoStart = true;
dependsOn = [];
ports = [
"55555:5000"
];
volumes = [
"formula10_data:/app/instance"
"formula10_cache:/cache"
];
environment = {
TZ = "Europe/Berlin";
};
extraOptions = [
"--init" # Make an init process take up PID 1, to make python receive the SIGTERM
"--net=behind-nginx"
];
};
}

65
ServeNix/services/formula11.nix Normal file
View File

@ -0,0 +1,65 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.formula11_pocketbase = {
image = "gitea.vps.chriphost.de/christoph/pocketbase:0.25.0";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
"8090:8080"
];
volumes = [
"formula11_pb_data:/pb/pb_data"
];
environment = {};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.formula11 = {
image = "gitea.vps.chriphost.de/christoph/formula11:latest";
autoStart = true;
dependsOn = [
"formula11_pocketbase"
];
ports = [
# "8080:8090"
"5173:3000"
];
volumes = [];
environment = {
# PB_PROTOCOL="http";
# PB_HOST="formula11_pocketbase";
# PB_PORT="8000";
# PB_PROTOCOL="https";
# PB_URL="f11pb.vps.chriphost.de";
PUBLIC_PBURL="https://f11pb.vps.chriphost.de";
# Required by SvelteKit to prevent cross-site POST errors
ORIGIN="https://f11.vps.chriphost.de";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
}

23
ServeNix/services/gitea-runner.nix
View File

@ -5,29 +5,16 @@
...
}: {
virtualisation.oci-containers.containers.gitea-runner = {
# Question: For gitea/act_runner dind set config.yaml/docker_host to "unix:///var/run/user/1000/docker.sock"?
image = "gitea/act_runner:latest";
# image = "vegardit/gitea-act-runner:dind-latest";
image = "gitea/act_runner:latest"; # NOTE: vegardit has other runner images
autoStart = true;
dependsOn = [
# "pihole"
];
dependsOn = [];
ports = [];
volumes = [
"gitea-runner_data:/data"
"gitea-runner_config:/config" # Managed by env variables for vegardit image
# For rootless-dind
# "gitea-runner_rootless-docker-auth:/home/rootless/.docker"
# Cache dind pulled images
# "gitea-runner_overlay2:/var/lib/docker/overlay2"
# "gitea-runner_image:/var/lib/docker/image"
"/var/run/docker.sock:/var/run/docker.sock" # Disable for dind
];
@ -42,12 +29,6 @@
# NOTE: This token is invalid, when re-registering is needed it has to be refreshed
GITEA_RUNNER_REGISTRATION_TOKEN = "Mq6wr0dPthqDij3iaryP8s5VYZA5kPfOQbHA6wm6";
# These are for the specific vegardit/gitea-act-runner image
# GITEA_RUNNER_LOG_LEVEL = "debug";
# GITEA_INSTANCE_INSECURE = "true";
# GITEA_RUNNER_JOB_CONTAINER_NETWORK = "host"; # "host" for dind, "behind-nginx" otherwise
# GITEA_RUNNER_JOB_CONTAINER_PRIVILEGED = "true"; # Enable for dind
};
extraOptions = [

2
ServeNix/services/gitea.nix
View File

@ -39,7 +39,7 @@
"3000:3000"
# NOTE: Set .git/config url to ssh://christoph@gitea.local.chriphost.de:222/christoph/<repo>.git
"222:22" # Gitea SSH
"222:222" # Gitea SSH
];
volumes = [

37
ServeNix/services/gitlab.nix
View File

@ -1,37 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.gitlab = {
image = "gitlab/gitlab-ce";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "80:80"
# "443:443"
"2222:22" # SSH
];
volumes = [
"gitlab_config:/etc/gitlab"
"gitlab_logs:/var/log/gitlab"
"gitlab_data:/var/opt/gitlab"
];
environment = {
GITLAB_OMNIBUS_CONFIG = "external_url 'https://gitlab.local.chriphost.de:443'; gitlab_rails['gitlab_shell_ssh_port'] = 2222;";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
"--shm-size=256m"
];
};
}

8
ServeNix/services/heidi.nix
View File

@ -12,13 +12,19 @@
ports = [];
volumes = [];
volumes = [
"heidi_config:/config"
"/home/christoph/heidi-sounds:/sounds:ro"
];
environment = {
DISCORD_TOKEN = (builtins.readFile ./heidi.discord_token);
DOCKER = "True";
};
extraOptions = [
"--init" # Make an init process take up PID 1, to make python receive the SIGTERM
"--net=behind-nginx"
];
};

14
ServeNix/services/box-hydra.nix → ServeNix/services/homeassistant.nix
View File

@ -4,21 +4,18 @@
pkgs,
...
}: {
virtualisation.oci-containers.containers.box-hydra = {
image = "linuxserver/nzbhydra2:latest";
virtualisation.oci-containers.containers.homeassistant = {
image = "lscr.io/linuxserver/homeassistant:latest";
autoStart = true;
dependsOn = [
# "pihole"
# "sabnzbd"
];
dependsOn = [];
ports = [
# "5076:5076"
"8123:8123" # WebUI
];
volumes = [
"box-hydra_config:/config"
"homeassistant_config:/config"
];
environment = {
@ -29,6 +26,7 @@
extraOptions = [
"--net=behind-nginx"
"--device=/dev/ttyUSB0:/dev/ttyUSB0" # Sonoff Zigbee Stick
];
};
}

4
ServeNix/services/immich.nix
View File

@ -5,7 +5,7 @@
...
}: {
virtualisation.oci-containers.containers.immich-database = {
image = "postgres:15";
image = "ghcr.io/immich-app/postgres:15-vectorchord0.3.0-pgvectors0.2.0";
autoStart = true;
dependsOn = [];
@ -85,8 +85,6 @@
MACHINE_LEARNING_WORKERS = "1";
MACHINE_LEARNING_WORKER_TIMEOUT = "120";
DISABLE_MACHINE_LEARNING = "false";
DISABLE_TYPESENSE = "false";
};
extraOptions = [

1
ServeNix/services/jellyfin.nix
View File

@ -19,6 +19,7 @@
volumes = [
"/media/Show:/data/tvshows"
"/media/Movie:/data/movies"
"/media/TV-Music:/data/music"
"jellyfin_config:/config"
];

34
ServeNix/services/jellyseerr.nix
View File

@ -1,34 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.jellyseerr = {
image = "fallenbagel/jellyseerr:latest";
autoStart = true;
dependsOn = [
# "pihole"
# "sonarr"
# "radarr"
# "jellyfin"
];
ports = [
"5055:5055"
];
volumes = [
"jellyseerr_config:/app/config"
];
environment = {
TZ = "Europe/Berlin";
};
extraOptions = [
"--net=behind-nginx"
];
};
}

78
ServeNix/services/jellystat.nix
View File

@ -1,78 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.jellystat-db = {
image = "postgres:15.2";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "5432:5432"
];
volumes = [
"jellystat-db_data:/var/lib/postgresql/data"
];
environment = {
POSTGRES_DB = "jfstat";
POSTGRES_USER = "postgres";
POSTGRES_PASSWORD = "jellystat-db";
# PUID = "1000";
# PGID = "1000";
# TZ = "Europe/Berlin";
# NVIDIA_VISIBLE_DEVICES = "all";
# NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.jellystat = {
image = "cyfershepard/jellystat";
autoStart = true;
dependsOn = [
# "pihole"
"jellystat-db"
];
ports = [
# "3000:3000"
];
volumes = [
"jellystat_data:/app/backend/backup-data"
];
environment = {
POSTGRES_USER = "postgres";
POSTGRES_PASSWORD = "jellystat-db";
POSTGRES_IP = "jellystat-db";
POSTGRES_PORT = "5432";
JWT_SECRET = "MyUnsecretJwtKey";
# PUID = "1000";
# PGID = "1000";
# TZ = "Europe/Berlin";
# NVIDIA_VISIBLE_DEVICES = "all";
# NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
}

33
ServeNix/services/kopia.nix
View File

@ -20,12 +20,37 @@
"kopia_logs:/app/logs"
"kopia_temp:/tmp"
# Repository, where snapshots are stored (incrementally)
"/media/synology-syncthing:/repository"
"nextcloud_data:/data/nextcloud:ro"
"immich_data:/data/immich:ro"
"gitea_data:/data/gitea:ro"
"memos_data:/data/memos:ro"
# Folders that are backed up
# "adguard_config:/data/adguard_config:ro" # ThinkNix
# "adguard_work:/data/adguard_work:ro" # ThinkNix
"authelia_config:/data/authelia_config:ro"
"formula10_cache:/data/formula10_cache:ro"
"formula10_data:/data/formula10_data:ro"
"gitea-db_data:/data/gitea-db_data:ro"
"gitea-runner_config:/data/gitea-runner_config:ro"
"gitea-runner_data:/data/gitea-runner_data:ro"
"gitea_data:/data/gitea_data:ro"
"heidi_config:/data/heidi_config:ro"
# "homeassistant_config:/data/homeassistant_config:ro" # ThinkNix
# "homepage_config:/data/homepage_config:ro"
"immich-database_data:/data/immich-database_data:ro"
"immich_config:/data/immich_config:ro"
"immich_data:/data/immich_data:ro"
"immich_machine-learning:/data/immich_machine-learning:ro"
"jellyfin_config:/data/jellyfin_config:ro"
"nextcloud-db_data:/data/nextcloud-db_data:ro"
"nextcloud_data:/data/nextcloud_data:ro"
"nginx_config:/data/nginx_config:ro"
"nginx_letsencrypt:/data/nginx_letsencrypt:ro"
"nginx_snippets:/data/nginx_snippets:ro"
"paperless-postgres_data:/data/paperless-postgres_data:ro"
"paperless_data:/data/paperless_data:ro"
# "portainer_config:/data/portainer_config:ro"
# "uptime-kuma_config:/data/uptime-kuma_config:ro" # Disabled
# "wireguard_vps_config:/data/wireguard_vps_config:ro"
];
environment = {

27
ServeNix/services/memos.nix
View File

@ -1,27 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.memos = {
image = "ghcr.io/usememos/memos:latest";
autoStart = true;
dependsOn = [];
ports = [
"5230:5230"
];
volumes = [
"memos_data:/var/opt/memos"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
}

32
ServeNix/services/nextcloud.nix
View File

@ -66,6 +66,12 @@
volumes = [
"nextcloud_data:/var/www/html"
# Paperless media
# "/media/paperless-consume:/media/paperless-consume"
# "/media/paperless-export:/media/paperless-export"
# "/media/paperless-media:/media/paperless-media"
"/home/christoph/nextcloud:/flow-scripts"
# "/var/run/docker.sock:/var/run/docker.sock:ro" # For AiO
];
@ -74,11 +80,11 @@
# Allow uploads larger than 1GB
APACHE_BODY_LIMIT = "0";
NEXTCLOUD_TRUSTED_DOMAINS = "nextcloud.local.chriphost.de local.chriphost.de nextcloud.vps.chriphost.de vps.chriphost.de";
NEXTCLOUD_TRUSTED_DOMAINS = "https://nextcloud.local.chriphost.de https://local.chriphost.de https://nextcloud.vps.chriphost.de https://vps.chriphost.de";
# Proxy
APACHE_DISABLE_REWRITE_IP = "1";
TRUSTED_PROXIES = "192.168.86.25 212.227.233.241";
TRUSTED_PROXIES = "192.168.86.25 212.227.233.241 172.19.0.1";
OVERWRITEPROTOCOL = "https";
# DB
@ -95,4 +101,26 @@
"--net=behind-nginx"
];
};
systemd.services.nextcloud-cron = {
enable = true;
description = "Nextcloud Cron Job";
serviceConfig = {
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data nextcloud /usr/local/bin/php -f /var/www/html/cron.php";
};
};
systemd.timers.nextcloud-cron = {
enable = true;
description = "Nextcloud Cron Job";
timerConfig = {
OnBootSec = "5min";
OnUnitActiveSec = "5min";
Unit = "nextcloud-cron.service";
};
wantedBy = ["timers.target"];
};
}

87
ServeNix/services/paperless.nix Normal file
View File

@ -0,0 +1,87 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.paperless-redis = {
image = "docker.io/library/redis:7";
autoStart = true;
dependsOn = [];
ports = [];
volumes = [
"paperless-redis_data:/data"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.paperless-postgres = {
image = "docker.io/library/postgres:15";
autoStart = true;
dependsOn = [];
ports = [];
volumes = [
"paperless-postgres_data:/var/lib/postgresql/data"
];
environment = {
POSTGRES_DB = "paperless";
POSTGRES_USER = "paperless";
POSTGRES_PASSWORD = "paperless";
};
extraOptions = [
"--net=behind-nginx"
];
};
virtualisation.oci-containers.containers.paperless = {
image = "ghcr.io/paperless-ngx/paperless-ngx:latest";
autoStart = true;
dependsOn = [
"paperless-redis"
"paperless-postgres"
];
ports = [
"8000:8000"
];
volumes = [
"paperless_data:/usr/src/paperless/data"
"/media/paperless-media:/usr/src/paperless/media"
"/media/paperless-export:/usr/src/paperless/export"
"/media/paperless-consume:/usr/src/paperless/consume"
];
environment = {
PAPERLESS_REDIS = "redis://paperless-redis:6379";
PAPERLESS_DBHOST = "paperless-postgres";
# PAPERLESS_ADMIN_USER = "root";
# PAPERLESS_ADMIN_PASSWORD = "admin";
PAPERLESS_URL = "https://*.chriphost.de";
# PAPERLESS_CSRF_TRUSTED_ORIGINS = "[https://paperless.local.chriphost.de,https://paperless.vps.chriphost.de]";
# PAPERLESS_ALLOWED_HOSTS = "[https://paperless.local.chriphost.de,https://paperless.vps.chriphost.de]";
# PAPERLESS_CORS_ALLOWED_HOSTS = "[https://paperless.local.chriphost.de,https://paperless.vps.chriphost.de]";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};
}

37
ServeNix/services/portainer.nix
View File

@ -4,27 +4,50 @@
pkgs,
...
}: {
virtualisation.oci-containers.containers.portainer = {
image = "portainer/portainer-ce:latest";
# virtualisation.oci-containers.containers.portainer = {
# image = "portainer/portainer-ce:latest";
# autoStart = true;
# dependsOn = [];
# ports = [
# # "8000:8000"
# # "9443:9443"
# ];
# volumes = [
# "portainer_config:/data"
# "/var/run/docker.sock:/var/run/docker.sock"
# ];
# environment = {};
# extraOptions = [
# "--net=behind-nginx"
# ];
# };
virtualisation.oci-containers.containers.portainer-agent = {
image = "portainer/agent:latest";
autoStart = true;
dependsOn = [];
ports = [
# "8000:8000"
# "9443:9443"
"9001:9001"
];
volumes = [
"portainer_config:/data"
"/var/run/docker.sock:/var/run/docker.sock"
"/var/lib/docker/volumes:/var/lib/docker/volumes"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
# This container needs to be accessible from another machine inside the LAN
# "--net=behind-nginx"
];
};
}

38
ServeNix/services/radarr.nix
View File

@ -1,38 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.radarr = {
image = "linuxserver/radarr:latest";
autoStart = true;
dependsOn = [
# "pihole"
# "sabnzbd"
# "prowlarr"
];
ports = [
# "7878:7878"
];
volumes = [
"/media/TV-Usenet:/downloads"
"/media/Movie:/movies"
"radarr_config:/config"
];
environment = {
PUID = "3000";
PGID = "3000";
TZ = "Europe/Berlin";
};
extraOptions = [
"--net=behind-nginx"
];
};
}

35
ServeNix/services/sabnzbd.nix
View File

@ -1,35 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.sabnzbd = {
image = "linuxserver/sabnzbd:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "8080:8080"
];
volumes = [
"/media/TV-Usenet:/downloads"
"sabnzbd_config:/config"
];
environment = {
PUID = "3000";
PGID = "3000";
TZ = "Europe/Berlin";
};
extraOptions = [
"--net=behind-nginx"
];
};
}

38
ServeNix/services/sonarr.nix
View File

@ -1,38 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.sonarr = {
image = "linuxserver/sonarr:latest";
autoStart = true;
dependsOn = [
# "pihole"
# "sabnzbd"
# "prowlarr"
];
ports = [
# "8989:8989"
];
volumes = [
"/media/TV-Usenet:/downloads"
"/media/Show:/tv"
"sonarr_config:/config"
];
environment = {
PUID = "3000";
PGID = "3000";
TZ = "Europe/Berlin";
};
extraOptions = [
"--net=behind-nginx"
];
};
}

2
ServeNix/services/whats-up-docker.nix
View File

@ -5,7 +5,7 @@
...
}: {
virtualisation.oci-containers.containers.whats-up-docker = {
image = "fmartinou/whats-up-docker:latest";
image = "getwud/wud:latest";
autoStart = true;
dependsOn = [

318
ThinkNix/configuration.nix Normal file
View File

@ -0,0 +1,318 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
<home-manager/nixos>
# DNS (required for internet)
./services/adguard.nix
# ./services/pihole.nix
# General
# ./services/kopia.nix
# ./services/homepage.nix
./services/nginx-proxy-manager.nix
./services/portainer.nix
./services/whats-up-docker.nix
./services/wireguard.nix
];
# Bootloader.
boot = {
loader.grub.enable = true;
loader.grub.device = "/dev/sda";
loader.grub.useOSProber = true;
# NOTE: I think this needs a separate EFI partition?
# loader.systemd-boot = {
# enable = true;
# configurationLimit = 5;
# editor = false;
# # canTouchEfiVariables = true;
# # efiSysMountPoint = "/boot";
# };
};
# hardware = {
# opengl = {
# enable = true;
# driSupport = true;
# driSupport32Bit = true;
# };
# nvidia = {
# modesetting.enable = true;
# powerManagement.enable = false; # Experimental option, maybe this is the reason fileflows fails after some time?
# open = false;
# nvidiaSettings = false;
# };
# };
networking = {
hostName = "thinknix"; # Define your hostname.
# wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# proxy.default = "http://user:password@proxy:port/";
# proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networkmanager.enable = true;
interfaces.ens18 = {
ipv4.addresses = [
{
address = "192.168.86.26";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "fd00::1a"; # 26 in hex
prefixLength = 120;
}
];
};
defaultGateway = "192.168.86.5";
defaultGateway6 = "fd00::5";
nameservers = [
"127.0.0.1"
"::1"
# "192.168.86.25"
# "8.8.8.8"
];
};
systemd.services.init-behind-nginx-docker-network = {
description = "Create a docker network bridge for all services behind nginx-proxy-manager.";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = let
dockercli = "${config.virtualisation.docker.package}/bin/docker";
network = "behind-nginx";
in ''
# Put a true at the end to prevent getting non-zero return code, which will
# crash the whole service.
check=$(${dockercli} network ls | grep ${network} || true)
if [ -z "$check" ]; then
# TODO: Disable IP masquerading to show individual containers in AdGuard/Pi-Hole
# - Disabling this prevents containers from having internet connection. DNS issue?
# ${dockercli} network create -o "com.docker.network.bridge.enable_ip_masquerade"="false" ${network}
# ${dockercli} network create --ipv6 --gateway="2000::1" --subnet="2000::/80" ${network}
${dockercli} network create ${network}
else
echo "${network} already exists in docker"
fi
'';
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure console keymap
console.keyMap = "us-acentos";
# Define a user account. Don't forget to set a password with passwd.
users.users.christoph = {
isNormalUser = true;
description = "Christoph";
extraGroups = ["networkmanager" "wheel" "docker"];
shell = pkgs.fish;
packages = with pkgs; [];
};
users.users.git = {
uid = 500;
group = "git";
isNormalUser = false;
isSystemUser = true;
description = "Gitea User";
extraGroups = ["docker"];
shell = pkgs.fish;
};
home-manager.users.christoph = {pkgs, ...}: {
home.packages = with pkgs; [
lazygit
keychain
alejandra
nnn
busybox
glances
ripgrep
docker-compose
];
programs = {
fish = {
enable = true;
};
git = {
enable = true;
userEmail = "christoph.urlacher@protonmail.com";
userName = "Christoph Urlacher";
};
keychain = {
enable = true;
enableFishIntegration = true;
agents = ["ssh"];
keys = ["id_ed25519"];
};
starship = {
enable = true;
enableFishIntegration = true;
};
yt-dlp = {
enable = true;
};
};
home.stateVersion = "23.05";
};
virtualisation = {
docker = {
enable = true;
autoPrune.enable = true;
# enableNvidia = true;
# rootless = {
# enable = true;
# setSocketVariable = true;
# };
daemon.settings = {
# ipv6 = true;
# fixed-cidr-v6 = "2001::/80";
dns = [
# TODO: Does this circumvent my DNS for each container?
# It might improve gitea actions though...
"8.8.8.8"
# "2001:4860:4860::8888"
# TODO: Might prevent containers from having DNS?
# "127.0.0.1"
# "192.168.86.25"
];
};
};
oci-containers.backend = "docker";
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
helix
git
];
programs = {
firejail.enable = true;
fish.enable = true;
git.enable = true;
neovim.enable = true;
# fuse.userAllowOther = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
services = {
# Configure keymap in X11
xserver = {
layout = "us";
xkbVariant = "altgr-intl";
# videoDrivers = ["nvidia"];
};
# Trims the journal if it gets too large
journald.extraConfig = ''
SystemMaxUse=50M
'';
# Enable the OpenSSH daemon.
openssh.enable = true;
ntp.enable = true;
qemuGuest.enable = true;
# TODO: Might prevent containers from having working DNS
# resolved.fallbackDns = ["8.8.8.8"];
};
networking.firewall = {
# Open ports in the firewall.
allowedTCPPorts = [
# PiHole requires these ports, as it's running in --net=host mode
53
80
# 3000 # Gitea runner needs to reach local gitea instance
];
allowedUDPPorts = [
# PiHole requires these ports, as it's running in --net=host mode
53
67 # PiHole DHCP
# 3000 # Gitea runner needs to reach local gitea instance
];
# Or disable the firewall altogether.
enable = true;
trustedInterfaces = [
"docker0"
];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

33
ThinkNix/hardware-configuration.nix Normal file
View File

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2d1b1f62-f008-4562-906e-5a63d854b18b";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.br-962bf00415f9.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

15
ServeNix/services/prowlarr.nix → ThinkNix/services/0_TEMPLATE.nix
View File

@ -4,29 +4,28 @@
pkgs,
...
}: {
virtualisation.oci-containers.containers.prowlarr = {
image = "linuxserver/prowlarr:latest";
virtualisation.oci-containers.containers.NAME = {
image = "";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "9696:9696"
];
ports = [];
volumes = [
"prowlarr_config:/config"
];
volumes = [];
environment = {
PUID = "1000";
PGID = "1000";
TZ = "Europe/Berlin";
# NVIDIA_VISIBLE_DEVICES = "all";
# NVIDIA_DRIVER_CAPABILITIES = "all";
};
extraOptions = [
# "--gpus=all"
"--net=behind-nginx"
];
};

49
ThinkNix/services/adguard.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.adguard = {
image = "adguard/adguardhome";
autoStart = true;
dependsOn = [];
ports = [
# DNS server
"53:53/tcp"
"53:53/udp"
# "853:853/tcp" # DNS over TLS
# "853:853/udp" # DNS over QUIC
# DHCP server
# "67:67/udp"
# "68:68/tcp"
# "68:68/udp"
# Admin panel + DNS over HTTPS
# "80:80/tcp"
# "443:443/tcp"
# "443:443/udp"
# "3100:3000/tcp" # Web interface
# DNSCrypt
# "5443:5443/tcp"
# "5443:5443/udp"
# "6060:6060/tcp" # Debugging
];
volumes = [
"adguard_config:/opt/adguardhome/conf"
"adguard_work:/opt/adguardhome/work"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
}

1
ServeNix/services/homepage.nix → ThinkNix/services/homepage.nix
View File

@ -26,6 +26,7 @@
extraOptions = [
"--net=behind-nginx"
# "--privileged"
];
};
}

96
ThinkNix/services/kopia.nix Normal file
View File

@ -0,0 +1,96 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.kopia = {
image = "kopia/kopia:latest";
autoStart = true;
dependsOn = [];
ports = [
# "51515:51515"
];
volumes = [
"kopia_config:/app/config"
"kopia_cache:/app/cache"
"kopia_logs:/app/logs"
"kopia_temp:/tmp"
# Repository, where snapshots are stored (incrementally)
"/media/synology-syncthing:/repository"
# Folders that are backed up
"adguard_config:/data/adguard_config:ro"
"adguard_work:/data/adguard_work:ro"
"authelia_config:/data/authelia_config:ro"
"bazarr_config:/data/bazarr_config:ro"
"box-fileflows_config:/data/box-fileflows_config:ro"
"box-hydra_config:/data/box-hydra_config:ro"
"box-sabnzbd_config:/data/box-sabnzbd_config:ro"
"box-stash_blobs:/data/box-stash_blobs:ro"
"box-stash_config:/data/box-stash_config:ro"
"box-stash_generated:/data/box-stash_generated:ro"
"box-stash_metadata:/data/box-stash_metadata:ro"
"fileflows_config:/data/fileflows_config:ro"
"formula10_data:/data/formula10_data:ro"
"gitea-db_data:/data/gitea-db_data:ro"
"gitea-runner_config:/data/gitea-runner_config:ro"
"gitea-runner_data:/data/gitea-runner_data:ro"
"gitea_data:/data/gitea_data:ro"
"heidi_config:/data/heidi_config:ro"
"homeassistant_config:/data/homeassistant_config:ro"
"homepage_config:/data/homepage_config:ro"
"immich-database_data:/data/immich-database_data:ro"
"immich_config:/data/immich_config:ro"
"immich_data:/data/immich_data:ro"
"immich_machine-learning:/data/immich_machine-learning:ro"
"jellyfin_config:/data/jellyfin_config:ro"
"jellyseerr_config:/data/jellyseerr_config:ro"
"jellystat-db_data:/data/jellystat-db_data:ro"
"jellystat_data:/data/jellystat_data:ro"
"nextcloud-db_data:/data/nextcloud-db_data:ro"
"nextcloud_data:/data/nextcloud_data:ro"
"nginx_config:/data/nginx_config:ro"
"nginx_letsencrypt:/data/nginx_letsencrypt:ro"
"nginx_snippets:/data/nginx_snippets:ro"
"paperless-postgres_data:/data/paperless-postgres_data:ro"
"paperless_data:/data/paperless_data:ro"
"portainer_config:/data/portainer_config:ro"
"prowlarr_config:/data/prowlarr_config:ro"
"radarr_config:/data/radarr_config:ro"
"sabnzbd_config:/data/sabnzbd_config:ro"
"sonarr_config:/data/sonarr_config:ro"
"uptime-kuma_config:/data/uptime-kuma_config:ro"
"wireguard_vps_config:/data/wireguard_vps_config:ro"
];
environment = {
TZ = "Europe/Berlin";
USER = "christoph";
KOPIA_PASSWORD = (builtins.readFile ./kopia.password);
};
entrypoint = "/bin/kopia";
cmd = [
"server"
"start"
"--disable-csrf-token-checks"
"--insecure"
"--address=0.0.0.0:51515"
"--server-username=christoph"
"--server-password=kopia"
];
extraOptions = [
"--privileged"
"--device=/dev/fuse:/dev/fuse:rwm"
"--cap-add=SYS_ADMIN"
"--net=behind-nginx"
];
};
}

36
ThinkNix/services/nginx-proxy-manager.nix Normal file
View File

@ -0,0 +1,36 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.nginx-proxy-manager = {
image = "jc21/nginx-proxy-manager:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
"80:80"
# "81:81" # Web interface
"443:443"
];
volumes = [
"nginx_config:/data"
"nginx_snippets:/snippets"
"nginx_letsencrypt:/etc/letsencrypt"
];
environment = {
DISABLE_IPV6 = "true";
};
extraOptions = [
# "--net=host"
"--net=behind-nginx"
];
};
}

30
ThinkNix/services/portainer.nix Normal file
View File

@ -0,0 +1,30 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.portainer = {
image = "portainer/portainer-ce:latest";
autoStart = true;
dependsOn = [];
ports = [
# "8000:8000"
# "9443:9443"
];
volumes = [
"portainer_config:/data"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
}

29
ThinkNix/services/whats-up-docker.nix Normal file
View File

@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}: {
virtualisation.oci-containers.containers.whats-up-docker = {
image = "getwud/wud:latest";
autoStart = true;
dependsOn = [
# "pihole"
];
ports = [
# "3001:3000"
];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {};
extraOptions = [
"--net=behind-nginx"
];
};
}

2
ServeNix/services/wireguard-vps.nix → ThinkNix/services/wireguard.nix
View File

@ -4,7 +4,7 @@
pkgs,
...
}: {
virtualisation.oci-containers.containers.wireguard-vps = {
virtualisation.oci-containers.containers.wireguard = {
image = "linuxserver/wireguard:latest";
autoStart = true;

5
volumes-backup/backup.sh Executable file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env bash
VOLUME_NAME="wireguard_vps_config"
sudo docker run --rm -v /home/christoph/HomeLab/volumes-backup:/backup -v "$VOLUME_NAME":/data:ro debian:stretch-slim bash -c "cd /data && /bin/tar -czvf /backup/$VOLUME_NAME.tar.gz ."

5
volumes-backup/restore.sh Executable file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env bash
VOLUME_NAME="wireguard_vps_config"
sudo docker run --rm -v /home/christoph/HomeLab/volumes-backup:/backup -v "$VOLUME_NAME":/data debian:stretch-slim bash -c "cd /data && /bin/tar -xzvf /backup/$VOLUME_NAME.tar.gz"