mirror of
https://github.com/materusPL/nixos-config
synced 2026-07-02 12:46:42 +00:00
waffentrager: add maloja and multi-scrobbler, file restructure. valkyrie: reverse proxy
This commit is contained in:
@@ -7,4 +7,9 @@
|
||||
./secrets
|
||||
./services
|
||||
];
|
||||
|
||||
virtualisation.podman.autoPrune.enable = true;
|
||||
virtualisation.podman.autoPrune.dates = "daily";
|
||||
virtualisation.oci-containers.backend = "podman";
|
||||
|
||||
}
|
||||
|
||||
@@ -25,4 +25,14 @@
|
||||
sops.secrets."users/materus" = { neededForUsers = true; };
|
||||
sops.secrets.elements = { };
|
||||
sops.secrets.nextcloud-adminpass = { };
|
||||
sops.secrets.maloja = { };
|
||||
sops.secrets.maloja-api = { };
|
||||
sops.secrets.spotify-client-id = {};
|
||||
sops.secrets.spotify-client-secret = {};
|
||||
sops.secrets.lastfm-user= {};
|
||||
sops.secrets.lastfm-pass = {};
|
||||
sops.secrets.lastfm-api = {};
|
||||
sops.secrets.lastfm-secret = {};
|
||||
sops.secrets.lastfm-token = {};
|
||||
sops.secrets.listenbrainz-api = {};
|
||||
}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
|
||||
ireguard: ENC[AES256_GCM,data:wBeMFAZ1Dib84bIzQ3m0DiVpz92ZqvJiDz+IXV5rLtJ3OjpNFqbiTSVZnlU=,iv:mJqbXafDv0FqUlY1s69DXbcN7Sd+rxas7IPefFKsMNE=,tag:Ic94bnY0MULfow70KkBWmA==,type:str]
|
||||
nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
|
||||
jwt: ENC[AES256_GCM,data:1Qn7DaBZr8vEa8VZiv2BpwePPOBYRTdHEiDv0asUbvhCtfHvhG4mX5/plyRPlQok6FLEjEzKZTEdnvyyOtFEgA==,iv:kqfHkEr0jkKAro9gQup6CeopQnjfMGhEqbVL81wnDgc=,tag:gP/WACy5cOzzmQOh1v8wsQ==,type:str]
|
||||
lldap-database: ENC[AES256_GCM,data:rNLS4WwvqRd3TFWDXaf8UmDTRsHZNPPS,iv:URV4Oz4ik2vHb03+Zh7ND+AbozSmoXpxENpvad4yvRI=,tag:6TbuMCnHwtTaG5mMWVN/mQ==,type:str]
|
||||
@@ -8,6 +8,16 @@ ldap-master: ENC[AES256_GCM,data:jiinK8xzuKiTwB9k44okgj+sWWEgbeay,iv:Slvci3EBylI
|
||||
elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
|
||||
users:
|
||||
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
|
||||
maloja: ENC[AES256_GCM,data:V/WV0181zupKLiDtf5pinwYFFzL1hg+j,iv:KmGHapsD7thnmgkHwnTYFP/fvBS6dft9ZmmFN4AZEXs=,tag:uEmZaFkvBIQfu+3+0gQFlg==,type:str]
|
||||
maloja-api: ENC[AES256_GCM,data:8vLC1a5pL8ldS7LWXqA/HOqtnyYFQk7/oisGgOOYH7TtnpBL93I2O3mWQIGCZUwWqMWFLvbOxIAnpoS0Qmg=,iv:swziHFypoh1YZkyEpDhqH2BhqUrWi0J63CqzORyY4s4=,tag:B9kkYHqyWP0KGPMD4S1I1A==,type:str]
|
||||
spotify-client-id: ENC[AES256_GCM,data:2vC2E7rHBrZ2VHTGqYRJp1fWNWprDaYq4J6gJ7tTfF0=,iv:KQJgzUiD70N2vQeTO9r8ucC96xc9mSW9VlU2IGmKT7Y=,tag:kWR+1Hhb4yGK/AAqxMCd3A==,type:str]
|
||||
spotify-client-secret: ENC[AES256_GCM,data:MKHo36AF1hHiXERltKdeMiuMhiGyyH8E3TqQfTf1tqc=,iv:/dPWUqjDtxZUOLZRx2lrHuU5Sf2fch2Fvnl+20KZ5dk=,tag:ZgsbCFBNHXSUuHbdSlrm4w==,type:str]
|
||||
lastfm-user: ENC[AES256_GCM,data:o/FUjIiB9PcFTQ==,iv:UtovNmHISz9jUj+HFZPIduZj6h3ayjA5RyVlh11k8LM=,tag:bS3ReGR2BRcs3lcutt95UQ==,type:str]
|
||||
lastfm-pass: ENC[AES256_GCM,data:g90kxN+HkSqN+B9XFH6AvbD376bHFPVI,iv:ZRxKxdKXIgKOm7TKKPLR1yLzTBjuCWQk4tTJN5d/0N4=,tag:soIJI75WAhoiXwVYlxkmQA==,type:str]
|
||||
lastfm-api: ENC[AES256_GCM,data:UxGOqFEsjDb5zBXjm6G+66zlr5M0pk/NdTad3a5MBVE=,iv:3v9Lg0bjmlAhcSOjCW44CN7FezSdNG3KVVLrk1G9Ies=,tag:amgDr25PYiB+E7+D/fVEOw==,type:str]
|
||||
lastfm-secret: ENC[AES256_GCM,data:z+XqodyRm9qnZwYwdON/KwAQ3E6hSI+mA0Nby0PQVT4=,iv:sY3Eqr7ZCx5lwjZaRFSghx/3OjuWlDQHQywgt7LpoIo=,tag:f7j1PFanHfLdDK+ASusCMA==,type:str]
|
||||
lastfm-token: ENC[AES256_GCM,data:X877lDOXtou5OF0KbkvuJ4rhJ+3IY5XnyXlqq4LuSb8=,iv:f8t36ut6zlHvBuKGmJabyc9nHViQvUcqNvCVy0YIeB8=,tag:0h9Jm1h2cxegUXXk6UTz9Q==,type:str]
|
||||
listenbrainz-api: ENC[AES256_GCM,data:eh03MPc5kn7CUDXXnEJTx4DXv9BpyabyRL+ENDFJw+kS66tV,iv:gerOaZ3gqM7ccLursFuCJrW1HcSjlTGk0wOLM8x4/2A=,tag:ZqxYNlgdqV0zRUUHm7VK3Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@@ -23,8 +33,8 @@ sops:
|
||||
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
|
||||
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-21T22:14:08Z"
|
||||
mac: ENC[AES256_GCM,data:DKI+SljQTH+5T7wtIfYRzNK+W5qQoxQ7E/6b9S7cptAsccdZhupWmVzHlwUlk5MFm92r0Qy3A6B/qV8Dashf6ABmjfnDuysvPoI5O45xE0Qs3TEyPKAbPV07FVi6lDHInEOznNAr6vhEN1Bhveg+ByyVeo+C5C5b+U7Qvx5KESM=,iv:B6xX7/u1ZHOPbEheFSpDeaRey3SP9bZMnDARc5xvzRM=,tag:nux6gkIfodj/4JedkBXWkQ==,type:str]
|
||||
lastmodified: "2024-09-10T12:55:49Z"
|
||||
mac: ENC[AES256_GCM,data:/YXB4vQxd5+ZZrkqKFVYIcNJF4j8PricarHyi0ESi4HXr00Efnat+NnoM74Sy/ukrKIJOKBKVVWmmEW8uFCK4H+kJrMkdagALhsjMkeMSB23cmP8nLbCus5QPhX3bSpkZwYNuspmEYN1cQCHvaLC5Eus+YIi92L+KqHsWJS71iM=,iv:OIwGUDG63wbaxCaLpkior76Ckyql2c4was4PXEc1miY=,tag:lwM1QRCEc6zX9a+yv0mN8A==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-03-21T18:15:00Z"
|
||||
enc: |-
|
||||
|
||||
@@ -2,16 +2,17 @@
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./elements.nix
|
||||
./postgresql.nix
|
||||
./mount-acme.nix
|
||||
./gitea.nix
|
||||
./nginx.nix
|
||||
./nextcloud.nix
|
||||
./samba.nix
|
||||
./syncthing.nix
|
||||
./jellyfin.nix
|
||||
./storage/elements.nix
|
||||
./storage/mount-acme.nix
|
||||
./storage/gitea.nix
|
||||
./storage/nextcloud.nix
|
||||
./storage/samba.nix
|
||||
./storage/syncthing.nix
|
||||
./multimedia/jellyfin.nix
|
||||
./multimedia/scrobbling.nix
|
||||
./monitoring.nix
|
||||
./nginx.nix
|
||||
./postgresql.nix
|
||||
./auth
|
||||
];
|
||||
waffentragerService.elements.enable = true;
|
||||
@@ -22,6 +23,8 @@
|
||||
waffentragerService.nextcloud.enable = true;
|
||||
waffentragerService.samba.enable = true;
|
||||
waffentragerService.jellyfin.enable = true;
|
||||
waffentragerService.scrobbling.enable = true;
|
||||
|
||||
waffentragerService.syncthing.enable = true;
|
||||
waffentragerService.monitoring.enable = true;
|
||||
}
|
||||
@@ -0,0 +1,120 @@
|
||||
{ config, pkgs, lib, materusArg, ... }:
|
||||
{
|
||||
options.waffentragerService.scrobbling.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable scrobbling";
|
||||
|
||||
|
||||
|
||||
|
||||
config =
|
||||
let
|
||||
cfg = config.waffentragerService.scrobbling;
|
||||
in
|
||||
|
||||
|
||||
#### MALOJA
|
||||
lib.mkIf cfg.enable {
|
||||
sops.templates."maloja.env".content = ''
|
||||
MALOJA_DATA_DIRECTORY=/data
|
||||
MALOJA_DIRECTORY_CONFIG=/data/config
|
||||
MALOJA_DIRECTORY_STATE=/data/state
|
||||
MALOJA_DIRECTORY_CACHE=/data/cache
|
||||
MALOJA_NAME="Melody"
|
||||
MALOJA_LASTFM_USERNAME=${config.sops.placeholder.lastfm-user}
|
||||
MALOJA_LASTFM_PASSWORD=${config.sops.placeholder.lastfm-pass}
|
||||
MALOJA_LASTFM_API_KEY=${config.sops.placeholder.lastfm-api}
|
||||
MALOJA_LASTFM_API_SECRET=${config.sops.placeholder.lastfm-secret}
|
||||
MALOJA_LASTFM_API_SK=${config.sops.placeholder.lastfm-token}
|
||||
MALOJA_SKIP_SETUP=yes
|
||||
MALOJA_FORCE_PASSWORD=${config.sops.placeholder.maloja}
|
||||
MALOJA_SPOTIFY_API_ID=${config.sops.placeholder.spotify-client-id}
|
||||
MALOJA_SPOTIFY_API_SECRET=${config.sops.placeholder.spotify-client-secret}
|
||||
'';
|
||||
|
||||
virtualisation.oci-containers.containers.maloja = {
|
||||
image = "krateng/maloja:latest";
|
||||
ports = [
|
||||
"42010:42010"
|
||||
];
|
||||
volumes = [
|
||||
"${config.waffentragerService.elements.malojaDir}:/data"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.sops.templates."maloja.env".path
|
||||
];
|
||||
};
|
||||
systemd.services."${config.virtualisation.oci-containers.backend}-maloja" = {
|
||||
requires = [ "elements-mount.service" ];
|
||||
after = [ "elements-mount.service" ];
|
||||
};
|
||||
|
||||
#### MULTI SCROBBLER
|
||||
sops.templates."multi-scrobbler.env".content = ''
|
||||
BASE_URL="https://melody.materus.pl/multi-scrobbler"
|
||||
TC=Europe/Warsaw
|
||||
|
||||
JELLYFIN_SERVER="https://noot.materus.pl/"
|
||||
SPOTIFY_CLIENT_ID=${config.sops.placeholder.spotify-client-id}
|
||||
SPOTIFY_CLIENT_SECRET=${config.sops.placeholder.spotify-client-secret}
|
||||
MALOJA_URL="https://melody.materus.pl"
|
||||
MALOJA_API_KEY="${config.sops.placeholder.maloja-api}"
|
||||
LASTFM_API_KEY=${config.sops.placeholder.lastfm-api}
|
||||
LASTFM_SECRET=${config.sops.placeholder.lastfm-secret}
|
||||
'';
|
||||
virtualisation.oci-containers.containers.multi-scrobbler = {
|
||||
image = "foxxmd/multi-scrobbler:latest";
|
||||
ports = [
|
||||
"42011:9078"
|
||||
];
|
||||
volumes = [
|
||||
"${config.waffentragerService.elements.malojaDir}/multi-scrobbler:/data"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.sops.templates."multi-scrobbler.env".path
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
|
||||
#### Proxy
|
||||
services.nginx.virtualHosts = {
|
||||
"melody.materus.pl" = {
|
||||
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
|
||||
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
|
||||
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
|
||||
addSSL = true;
|
||||
http2 = false;
|
||||
http3 = true;
|
||||
# Maloja
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:42010";
|
||||
extraConfig = ''
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/multi-scrobbler" = {
|
||||
proxyPass = "http://127.0.0.1:42011";
|
||||
extraConfig = ''
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
}
|
||||
+6
@@ -7,6 +7,8 @@
|
||||
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
|
||||
options.waffentragerService.elements.lldapDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/lldap"; };
|
||||
options.waffentragerService.elements.jellyfinDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/jellyfin"; };
|
||||
options.waffentragerService.elements.malojaDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/maloja"; };
|
||||
|
||||
config =
|
||||
let
|
||||
cfg = config.waffentragerService.elements;
|
||||
@@ -35,8 +37,12 @@
|
||||
'' + lib.optionalString config.waffentragerService.jellyfin.enable ''
|
||||
mkdir -p ${cfg.jellyfinDir}
|
||||
chown -R materus:nextcloud ${cfg.jellyfinDir}
|
||||
'' + lib.optionalString config.waffentragerService.scrobbling.enable ''
|
||||
mkdir -p ${cfg.malojaDir}/multi-scrobbler
|
||||
chown -R ${cfg.malojaDir}
|
||||
''
|
||||
|
||||
|
||||
;
|
||||
preStop = ''
|
||||
umount ${cfg.path}
|
||||
Reference in New Issue
Block a user