Compare commits
7 commits
dff14a180b
...
c73204ce61
| Author | SHA1 | Date | |
|---|---|---|---|
|
c73204ce61 | ||
|
|
bbb5d8b775 | ||
|
|
4f907ded92 | ||
|
|
7719637c95 | ||
|
|
13df49c3cc | ||
|
|
26dbd02cbe | ||
|
|
26534dc468 |
6 changed files with 233 additions and 4 deletions
|
|
@ -39,6 +39,7 @@
|
|||
|
||||
# Network & Bluetooth
|
||||
networking.networkmanager.enable = true;
|
||||
networking.firewall.checkReversePath = "loose"; # For wireguard
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
hardware.bluetooth.powerOnBoot = true;
|
||||
|
|
|
|||
|
|
@ -22,6 +22,15 @@ gitlab:
|
|||
OTP_KEY: ENC[AES256_GCM,data:BphY+ZO26N82iN1782ephpyqYwTt3UmCawX9/1kwvWEo5OebpUOOOQnR03I=,iv:EaHAW/sb1MGfN9ZFeB8t4xxVUtxb5jM7uL06/eGPxck=,tag:Qg+0oBsc0oB1T8NO2Znw5g==,type:str]
|
||||
DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str]
|
||||
JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str]
|
||||
musare:
|
||||
APP_SECRET: ENC[AES256_GCM,data:MTwZ7ziFaa6kCdbvNPyFCbNa/aY1kPO3CuLG0UC8S8Pd5QHepIHor3Ab9yw=,iv:8zalEGdQUmCoSZV8B/wmztPFi2upZZ11rU/okhkdk30=,tag:++8A7nyxsAvpqg1azwCWaA==,type:str]
|
||||
YOUTUBE_API_KEY: ENC[AES256_GCM,data:gyBGcdrTnpmnl+NtCO0qZdaUJJ4cGyrJng2us/1ERfmgJAds50eR,iv:0uAqORbl3hC7QYJfJaP/JnaYvHoToxwVKRwElFIhgRI=,tag:NuETLWclphy4dhVnKVh1jw==,type:str]
|
||||
SPOTIFY_CLIENT_ID: ENC[AES256_GCM,data:SecWkp5T77ciTs5gjjUznYbhkFaLNGkiXwiD3uvprEQ=,iv:+Tm9qgTHiklnNsYDCXFV2pm5mDLV2azM2Q1ZWeifnFk=,tag:wkj63YNBx9svSUWoPBCFpQ==,type:str]
|
||||
SPOTIFY_CLIENT_SECRET: ENC[AES256_GCM,data:QY6bXZSimSET8bQteZycUZOpC5lUgDXteBhFEYvtovI=,iv:3BtHH/pPFLqW+MHSgKVwJ/hViEeF4YOWRRFMT+YIibA=,tag:VKsuBBxV7y64vBMVl10PZQ==,type:str]
|
||||
MONGO_USER_USERNAME: ENC[AES256_GCM,data:XKk3rmNJ,iv:x853fsUKFZ5xEKTTFd+r8MQ4yZK1q0x9ocjmngBJ4Wo=,tag:v9xsFbImlrNQb/yAlIWM/w==,type:str]
|
||||
MONGO_USER_PASSWORD: ENC[AES256_GCM,data:QMocFYM0okz4/g0iPm3QoPGtxRc67A==,iv:xZJL5KVJAL0Gv9wkbyStrcJig1gKkHlQnJ8SIKVLeLs=,tag:HdXDA6z8YJzwEQPBt/0rCQ==,type:str]
|
||||
MONGO_ROOT_PASSWORD: ENC[AES256_GCM,data:KrrEa7NVF1J+znK+8aychgmBGgtLHw==,iv:BGsnTPXmQ3moqFRVATRbVDBLl/EFG5DqSwii/9eKdLg=,tag:0hR91iEZcox/xe7M4SmCBg==,type:str]
|
||||
REDIS_PASSWORD: ENC[AES256_GCM,data:8+iq5EiFJWyhvE/AV/qjb/61AHvFdQ==,iv:jv/XVunNDXRB5CjQVxtt+uL5V14p7ol7UuhJOSWcjEs=,tag:Ft/mWv2zmXjSToPogisqtw==,type:str]
|
||||
notesnook:
|
||||
API_SECRET: ENC[AES256_GCM,data:E2wikU7aAXzuZ1m1javW7SbkCxVSii1zLF2AjFCWbVpyRvVN9le764fU29A=,iv:9R/Hzwdr9shQNYxtSJB18CUiaGq/XfMY2mTlTL5aLHs=,tag:ediIkiZRNOK61xGUO8vKwA==,type:str]
|
||||
S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:Pmzvjon0RH2d78hiO0JEa8Lbad2a+mzX+zs=,iv:IyKuX3lWVqJuovkVNi/5eEZbRSL+jsOG5Kd09mEwr6w=,tag:Z2SfFsLpaPMDphhBp/1b0Q==,type:str]
|
||||
|
|
@ -49,6 +58,10 @@ stalwart-mail:
|
|||
ADMIN_SECRET: ENC[AES256_GCM,data:4ytiKxJ55Wm9p6M=,iv:dl1BCtxOu4o+2qC6ZlUw8cluoqDjp16/SN9bhGneRHs=,tag:qEgWrYHQJHDjR2PwK9y8UA==,type:str]
|
||||
shadowsocks:
|
||||
password: ENC[AES256_GCM,data:IdAvKXKckwvZUetkYSFTIPxd8nrwm13Ngc3KVDSmiW3AE4Rhmjk2VHjdUyQ=,iv:LVeQcL7XIEQyMTsXpXIROGte2+Z9+7FpemfiwhA0Pw0=,tag:qt+8jgN5UqwMeCV+D3stEQ==,type:str]
|
||||
umami:
|
||||
APP_SECRET: ENC[AES256_GCM,data:+WnBbgVY+YzMJ8yBeFUEhkqYfs7wamuC/VmgnSybOXnd/H6A+zgimBggFsU=,iv:9tWnwH1ZvvfaHbzhIkrsynnOywD0xkuQKkvYlnrxOy8=,tag:mld2+vqLCesDtSYbN8lECg==,type:str]
|
||||
DB_USER: ENC[AES256_GCM,data:ue5HslI=,iv:kXJSHpbQ4HV9k4ZiouXoOjop7YdnJkhAy3OUh+6s90Y=,tag:KGNNA9gz30bo2nVLAkh4JQ==,type:str]
|
||||
DB_PASS: ENC[AES256_GCM,data:KyVnQAWcLcttImqsyecIIYordN9LR0zg,iv:nTy7COxvg3nVpsMf9g7x+gwKLaonaxC53rIeeCIGqdk=,tag:XbX7qyjQn+6snnTbtLInLQ==,type:str]
|
||||
webdav:
|
||||
USER_PASSWORD: ENC[AES256_GCM,data:aULehVsCkGpsryQ=,iv:OD6ADWh62tvykGXP9Lmy4f9Iz9QuzyKMnGXGAvOv55s=,tag:ff47alP5Og7XaADzvZEMGA==,type:str]
|
||||
wireguard:
|
||||
|
|
@ -78,8 +91,8 @@ sops:
|
|||
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
||||
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-05T13:47:17Z"
|
||||
mac: ENC[AES256_GCM,data:Lku06chnlLsqvvd5ud/ovY/ymGknyIxcPirvQ2lrc/+7jMa6cGu3Q9piVv/gx6jMhQIuYnNjS5AKoNvNfXRgrpakzET5aNzLtWkaUplNQCAy+yuKkIdmGoMZ+J+l4SyMydKERpZmN+pLWAld8U+CFRaWGoCLHHQ8i60u4Gti7DY=,iv:DVcjFoncW0vPhBEA042DAWxJLnSCfwsJeYQcmhsWrbI=,tag:dL6L5CfrB4ZVMytkGfPSYA==,type:str]
|
||||
lastmodified: "2024-11-07T22:25:47Z"
|
||||
mac: ENC[AES256_GCM,data:6LynPNzengBoVm5fPtxHuUxbvMy7Vaf6Qd/ikUcu8/Af3oPhxeBTwN0aOje+oqAVuYFsNLCsf1GGCkZ+U1mK+Fr777vSsl/+T5iG7hcjTht+Gtq2sK93qiGB6rdYrHzuJ6G3hHR1Xl/OGW7TsYj9+2PJvV/Hr18qElr3VDBDJD0=,iv:EQe5Q4FDn9Di4L76eIw/wU+44iCeTS7lrJlPfZvLOdM=,tag:sEYyV4+jN8yEKPfYgrSemg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
|
|
|
|||
|
|
@ -2,10 +2,11 @@
|
|||
imports = [
|
||||
./authelia
|
||||
./garage
|
||||
./musare
|
||||
./outline
|
||||
./penpot
|
||||
./shadowsocks
|
||||
./stalwart-mail
|
||||
./umami
|
||||
./uptime-kuma
|
||||
./webdav
|
||||
./wireguard
|
||||
|
|
|
|||
158
services/musare/default.nix
Normal file
158
services/musare/default.nix
Normal file
|
|
@ -0,0 +1,158 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
musare = pkgs.fetchFromGitHub {
|
||||
owner = "Musare";
|
||||
repo = "Musare";
|
||||
rev = "v3.11.0";
|
||||
hash = "sha256-RN9H7atiNOr4wqgzfwE/8hUMJ4zpgMBu3dXA37c/lH0=";
|
||||
};
|
||||
musare-backend =
|
||||
pkgs.buildNpmPackage {
|
||||
pname = "musare-backend";
|
||||
version = "4.7.0";
|
||||
nodejs = pkgs.nodejs_18;
|
||||
|
||||
src =
|
||||
musare
|
||||
+ "/backend";
|
||||
|
||||
npmDepsHash = "sha256-cxvK2Zp0iOA9qPg8NaCEcOsxmaU1/l/dvnfwUEq2BuE=";
|
||||
dontNpmBuild = true;
|
||||
}
|
||||
+ "/lib/node_modules/musare-backend";
|
||||
musare-frontend =
|
||||
pkgs.buildNpmPackage {
|
||||
pname = "musare-frontend";
|
||||
version = "4.7.0";
|
||||
|
||||
src =
|
||||
musare
|
||||
+ "/frontend";
|
||||
|
||||
npmDepsHash = "sha256-R1vxio66W/8WN6pFRbwuOv0Z4/V4cnwBqhXlRygj7Js=";
|
||||
npmBuildScript = "prod";
|
||||
}
|
||||
+ "/lib/node_modules/musare-frontend/build";
|
||||
in {
|
||||
services.caddy.virtualHosts."music.gasdev.fr".extraConfig = ''
|
||||
root * ${musare-frontend}
|
||||
file_server
|
||||
|
||||
@websockets {
|
||||
path /backend/*
|
||||
}
|
||||
|
||||
reverse_proxy @websockets localhost:32483
|
||||
|
||||
handle_path /backend/* {
|
||||
reverse_proxy localhost:32483
|
||||
}
|
||||
'';
|
||||
|
||||
sops.secrets."musare/APP_SECRET".owner = "root";
|
||||
sops.secrets."musare/YOUTUBE_API_KEY".owner = "root";
|
||||
sops.secrets."musare/SPOTIFY_CLIENT_ID".owner = "root";
|
||||
sops.secrets."musare/SPOTIFY_CLIENT_SECRET".owner = "root";
|
||||
sops.secrets."musare/MONGO_USER_USERNAME".owner = "root";
|
||||
sops.secrets."musare/MONGO_USER_PASSWORD".owner = "root";
|
||||
sops.secrets."musare/MONGO_ROOT_PASSWORD".owner = "root";
|
||||
sops.secrets."musare/REDIS_PASSWORD".owner = "root";
|
||||
|
||||
sops.templates."musare/.env" = {
|
||||
content = ''
|
||||
MONGO_USER_USERNAME=${config.sops.placeholder."musare/MONGO_USER_USERNAME"}
|
||||
MONGO_USER_PASSWORD=${config.sops.placeholder."musare/MONGO_USER_PASSWORD"}
|
||||
MONGO_ROOT_PASSWORD=${config.sops.placeholder."musare/MONGO_ROOT_PASSWORD"}
|
||||
MONGO_INITDB_ROOT_PASSWORD=${config.sops.placeholder."musare/MONGO_ROOT_PASSWORD"}
|
||||
MONGO_INITDB_ROOT_USERNAME=admin
|
||||
MONGO_INITDB_DATABASE=musare
|
||||
REDIS_PASSWORD=meh_not_important
|
||||
'';
|
||||
owner = "root";
|
||||
};
|
||||
sops.templates."musare/config.json" = {
|
||||
content = ''
|
||||
{
|
||||
"configVersion": 12,
|
||||
"migration": false,
|
||||
"secret": "${config.sops.placeholder."musare/APP_SECRET"}",
|
||||
"port": 8080,
|
||||
"url": {
|
||||
"host": "music.gasdev.fr",
|
||||
"secure": true
|
||||
},
|
||||
"apis": {
|
||||
"youtube": {
|
||||
"key": "${config.sops.placeholder."musare/YOUTUBE_API_KEY"}"
|
||||
},
|
||||
"spotify": {
|
||||
"clientId": "${config.sops.placeholder."musare/SPOTIFY_CLIENT_ID"}",
|
||||
"clientSecret": "${config.sops.placeholder."musare/SPOTIFY_CLIENT_SECRET"}"
|
||||
}
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
musare-backend = {
|
||||
image = "localhost/musare:backend";
|
||||
imageFile = pkgs.dockerTools.buildImage {
|
||||
name = "musare";
|
||||
tag = "backend";
|
||||
copyToRoot = pkgs.buildEnv {
|
||||
name = "musare-backend-env";
|
||||
paths = with pkgs; [
|
||||
nodejs_18
|
||||
curl
|
||||
bash
|
||||
];
|
||||
};
|
||||
config = {
|
||||
Cmd = ["node" "--es-module-specifier-resolution=node" "/opt/app/index.js"];
|
||||
};
|
||||
};
|
||||
autoStart = true;
|
||||
volumes = [
|
||||
"${musare-backend}:/opt/app/"
|
||||
"${config.sops.templates."musare/config.json".path}:/opt/app/config.json"
|
||||
];
|
||||
ports = [
|
||||
"32483:8080"
|
||||
];
|
||||
workdir = "/opt/app";
|
||||
environment = {
|
||||
NODE_TLS_REJECT_UNAUTHORIZED = "0";
|
||||
};
|
||||
environmentFiles = [
|
||||
config.sops.templates."musare/.env".path
|
||||
];
|
||||
dependsOn = ["mongo" "redis"];
|
||||
};
|
||||
mongo = {
|
||||
image = "docker.io/mongo:latest";
|
||||
autoStart = true;
|
||||
volumes = [
|
||||
"${musare}/tools/docker/setup-mongo.sh:/docker-entrypoint-initdb.d/setup-mongo.sh"
|
||||
"musare-mongodb:/data/db"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.sops.templates."musare/.env".path
|
||||
];
|
||||
};
|
||||
redis = {
|
||||
image = "docker.io/redis:7";
|
||||
autoStart = true;
|
||||
cmd = ["--notify-keyspace-events" "Ex" "--requirepass" "meh_not_important" "--appendonly" "yes"];
|
||||
volumes = [
|
||||
"musare-redis:/data"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.sops.templates."musare/.env".path
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
52
services/umami/default.nix
Normal file
52
services/umami/default.nix
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
{config, ...}: {
|
||||
services.caddy.virtualHosts."analytics.gasdev.fr".extraConfig = ''
|
||||
reverse_proxy http://127.0.0.1:4341
|
||||
'';
|
||||
|
||||
sops.secrets."umami/APP_SECRET".owner = "root";
|
||||
sops.secrets."umami/DB_USER".owner = "root";
|
||||
sops.secrets."umami/DB_PASS".owner = "root";
|
||||
|
||||
sops.templates."umami.env" = {
|
||||
content = ''
|
||||
APP_SECRET=${config.sops.placeholder."umami/APP_SECRET"}
|
||||
DATABASE_URL=postgresql://${config.sops.placeholder."umami/DB_USER"}:${config.sops.placeholder."umami/DB_PASS"}@umami-db:5432/umami
|
||||
'';
|
||||
owner = "root";
|
||||
};
|
||||
sops.templates."umami-db.env" = {
|
||||
content = ''
|
||||
POSTGRES_USER=${config.sops.placeholder."umami/DB_USER"}
|
||||
POSTGRES_PASSWORD=${config.sops.placeholder."umami/DB_PASS"}
|
||||
'';
|
||||
owner = "root";
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
umami = {
|
||||
image = "ghcr.io/umami-software/umami:postgresql-latest";
|
||||
autoStart = true;
|
||||
ports = ["4341:3000"];
|
||||
dependsOn = ["umami-db"];
|
||||
environment = {
|
||||
DATABASE_TYPE = "postgresql";
|
||||
};
|
||||
environmentFiles = [
|
||||
config.sops.templates."umami.env".path
|
||||
];
|
||||
};
|
||||
umami-db = {
|
||||
image = "docker.io/postgres:15-alpine";
|
||||
autoStart = true;
|
||||
environment = {
|
||||
POSTGRES_DB = "umami";
|
||||
};
|
||||
environmentFiles = [
|
||||
config.sops.templates."umami-db.env".path
|
||||
];
|
||||
volumes = [
|
||||
"umami-db-data:/var/lib/postgresql/data"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -8,7 +8,11 @@
|
|||
image = "docker.io/louislam/uptime-kuma:1";
|
||||
autoStart = true;
|
||||
ports = ["127.0.0.1:3001:3001"];
|
||||
volumes = ["uptime-kuma:/app/data"];
|
||||
volumes = [
|
||||
"uptime-kuma:/app/data"
|
||||
# For container monitoring
|
||||
"/var/run/podman/podman.sock:/var/run/podman/podman.sock"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue