materus/nixos-config
1
0
Fork 0
mirror of https://github.com/materusPL/nixos-config synced 2025-11-04 06:20:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: materus:dd0283e65ab2b292bf2f3a44aa99b278ee9fe78e
Branches Tags
materus:master
materus:experimental
materus:inputs
...
compare: materus:448e1c58ae316f9fedbd137149523689fbb1cc48
Branches Tags
materus:master
materus:experimental
materus:inputs

2 Commits
dd0283e65a ... 448e1c58ae

Author SHA1 Message Date
materus
448e1c58ae
waffentrager: add maloja and multi-scrobbler, file restructure. valkyrie: reverse proxy (correct commit) 2024-09-12 11:56:18 +02:00
materus
e233dc9efa
waffentrager: add maloja and multi-scrobbler, file restructure. valkyrie: reverse proxy 2024-09-12 11:55:35 +02:00
15 changed files with 332 additions and 276 deletions
Show Stats Expand all files Collapse all files

5
configurations/host/valkyrie/default.nix
View File

@ -142,6 +142,11 @@
};
virtualisation.podman.autoPrune.enable = true;
virtualisation.podman.autoPrune.dates = "daily";
virtualisation.oci-containers.backend = "podman";
security.acme.acceptTerms = true;
security.acme.defaults.email = "materus+acme@podkos.pl";
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;

BIN
configurations/host/valkyrie/secrets/private/default.nix
View File

Binary file not shown.

281
configurations/host/valkyrie/services/dcbot.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable dcbot";
options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable muse bot";
@ -10,269 +10,32 @@
cfg = config.valkyrieService.dcbot;
in
lib.mkIf cfg.enable {
sops.templates."muse.env".content = ''
CACHE_LIMIT=512MB
BOT_STATUS=online
BOT_ACTIVITY_TYPE=LISTENING
BOT_ACTIVITY=Coś
DISCORD_TOKEN=${config.sops.placeholder.discord-token}
YOUTUBE_API_KEY=${config.sops.placeholder.youtube-api}
SPOTIFY_CLIENT_ID=${config.sops.placeholder.spotify-client-id}
SPOTIFY_CLIENT_SECRET=${config.sops.placeholder.spotify-client-secret}
'';
systemd.tmpfiles.rules = [
"d /var/lib/dcbot 0776 dcbot dcbot -"
"d /var/lib/muse 0776 root root -"
];
users.groups.dcbot = { };
users.users.dcbot = {
group = "dcbot";
isSystemUser = true;
virtualisation.oci-containers.containers.dcbot = {
image = "ghcr.io/museofficial/muse:latest";
volumes = [
"/var/lib/muse:/data"
];
environmentFiles = [
config.sops.templates."muse.env".path
];
};
systemd.services.dcbot = {
description = "Make some noise!";
serviceConfig = {
User="dcbot";
Group="dcbot";
};
wantedBy = [ "multi-user.target" ];
path = [ pkgs.jdk ];
script = let
musicbot = let version = "0.4.3"; in (pkgs.fetchurl {
url = "https://github.com/jagrosh/MusicBot/releases/download/${version}/JMusicBot-${version}.jar";
sha256 = "sha256-7CHFc94Fe6ip7RY+XJR9gWpZPKM5JY7utHp8C3paU9s=";
});
in ''
cd /var/lib/dcbot
java -Dconfig=${config.sops.templates."dcbot.config.txt".path} -Xmx1G -Dnogui=true -Djava.util.concurrent.ForkJoinPool.common.parallelism=1 -jar ${musicbot}
'';
};
sops.templates."dcbot.config.txt".owner = "dcbot";
sops.templates."dcbot.config.txt".group = "dcbot";
sops.templates."dcbot.config.txt".content = ''
/////////////////////////////////////////////////////////
// Config for the JMusicBot //
/////////////////////////////////////////////////////////
// Any line starting with // is ignored //
// You MUST set the token and owner //
// All other items have defaults if you don't set them //
// Open in Notepad++ for best results //
/////////////////////////////////////////////////////////
// This sets the token for the bot to log in with
// This MUST be a bot token (user tokens will not work)
// If you don't know how to get a bot token, please see the guide here:
// https://github.com/jagrosh/MusicBot/wiki/Getting-a-Bot-Token
token = ${config.sops.placeholder.discord-token}
// This sets the owner of the bot
// This needs to be the owner's ID (a 17-18 digit number)
// https://github.com/jagrosh/MusicBot/wiki/Finding-Your-User-ID
owner = 141287334627901440
// This sets the prefix for the bot
// The prefix is used to control the commands
// If you use !!, the play command will be !!play
// If you do not set this, the prefix will be a mention of the bot (@Botname play)
prefix = "@mention"
// If you set this, it modifies the default game of the bot
// Set this to NONE to have no game
// Set this to DEFAULT to use the default game
// You can make the game "Playing X", "Listening to X", or "Watching X"
// where X is the title. If you don't include an action, it will use the
// default of "Playing"
game = "DEFAULT"
// If you set this, it will modify the default status of bot
// Valid values: ONLINE IDLE DND INVISIBLE
status = ONLINE
// If you set this to true, the bot will list the title of the song it is currently playing in its
// "Playing" status. Note that this will ONLY work if the bot is playing music on ONE guild;
// if the bot is playing on multiple guilds, this will not work.
songinstatus=true
// If you set this, the bot will also use this prefix in addition to
// the one provided above
altprefix = "-"
// If you set these, it will change the various emojis
success = "🎶"
warning = "💡"
error = "🚫"
loading = ""
searching = "🔎"
// If you set this, you change the word used to view the help.
// For example, if you set the prefix to !! and the help to cmds, you would type
// !!cmds to see the help text
help = help
// If you set this, the "nowplaying" command will show youtube thumbnails
// Note: If you set this to true, the nowplaying boxes will NOT refresh
// This is because refreshing the boxes causes the image to be reloaded
// every time it refreshes.
npimages = false
// If you set this, the bot will not leave a voice channel after it finishes a queue.
// Keep in mind that being connected to a voice channel uses additional bandwith,
// so this option is not recommended if bandwidth is a concern.
stayinchannel = false
// This sets the maximum amount of seconds any track loaded can be. If not set or set
// to any number less than or equal to zero, there is no maximum time length. This time
// restriction applies to songs loaded from any source.
maxtime = 0
// This sets the maximum number of pages of songs that can be loaded from a YouTube
// playlist. Each page can contain up to 100 tracks. Playing a playlist with more
// pages than the maximum will stop loading after the provided number of pages.
// For example, if the max was set to 15 and a playlist contained 1850 tracks,
// only the first 1500 tracks (15 pages) would be loaded. By default, this is
// set to 10 pages (1000 tracks).
maxytplaylistpages = 10
// This sets the ratio of users that must vote to skip the currently playing song.
// Guild owners can define their own skip ratios, but this will be used if a guild
// has not defined their own skip ratio.
skipratio = 0.55
// This sets the amount of seconds the bot will stay alone on a voice channel until it
// automatically leaves the voice channel and clears the queue. If not set or set
// to any number less than or equal to zero, the bot won't leave when alone.
alonetimeuntilstop = 120
// This sets an alternative folder to be used as the Playlists folder
// This can be a relative or absolute path
playlistsfolder = "Playlists"
// By default, the bot will DM the owner if the bot is running and a new version of the bot
// becomes available. Set this to false to disable this feature.
updatealerts=false
// Changing this changes the lyrics provider
// Currently available providers: "A-Z Lyrics", "Genius", "MusicMatch", "LyricsFreak"
// At the time of writing, I would recommend sticking with A-Z Lyrics or MusicMatch,
// as Genius tends to have a lot of non-song results and you might get something
// completely unrelated to what you want.
// If you are interested in contributing a provider, please see
// https://github.com/jagrosh/JLyrics
lyrics.default = "A-Z Lyrics"
// These settings allow you to configure custom aliases for all commands.
// Multiple aliases may be given, separated by commas.
//
// Example 1: Giving command "play" the alias "p":
// play = [ p ]
//
// Example 2: Giving command "search" the aliases "yts" and "find":
// search = [ yts, find ]
aliases {
// General commands
settings = [ status ]
// Music commands
lyrics = []
nowplaying = [ np, current ]
play = []
playlists = [ pls ]
queue = [ list ]
remove = [ delete ]
scsearch = []
search = [ ytsearch ]
shuffle = []
skip = [ voteskip ]
// Admin commands
prefix = [ setprefix ]
setdj = []
setskip = [ setskippercent, skippercent, setskipratio ]
settc = []
setvc = []
// DJ Commands
forceremove = [ forcedelete, modremove, moddelete, modelete ]
forceskip = [ modskip ]
movetrack = [ move ]
pause = []
playnext = []
queuetype = []
repeat = []
skipto = [ jumpto ]
stop = [ leave ]
volume = [ vol ]
}
// This sets the logging verbosity.
// Available levels: off, error, warn, info, debug, trace, all
//
// It is recommended to leave this at info. Debug log levels might help with troubleshooting,
// but can contain sensitive data.
loglevel = info
// Transforms are used to modify specific play inputs and convert them to different kinds of inputs
// These are quite complicated to use, and have limited use-cases, but in theory allow for rough
// whitelists or blacklists, roundabout loading from some sources, and customization of how things are
// requested.
//
// These are NOT EASY to set up, so if you want to use these, you'll need to look through the code
// for how they work and what fields are needed. Also, it's possible this feature might get entirely
// removed in the future if I find a better way to do this.
transforms = {}
// If you set this to true, it will enable the eval command for the bot owner. This command
// allows the bot owner to run arbitrary code from the bot's account.
//
// WARNING:
// This command can be extremely dangerous. If you don't know what you're doing, you could
// cause horrific problems on your Discord server or on whatever computer this bot is running
// on. Never run this command unless you are completely positive what you are running.
//
// DO NOT ENABLE THIS IF YOU DON'T KNOW WHAT THIS DOES OR HOW TO USE IT
// IF SOMEONE ASKS YOU TO ENABLE THIS, THERE IS AN 11/10 CHANCE THEY ARE TRYING TO SCAM YOU
eval=false
evalengine="Nashorn"
'';
};
}
}

8
configurations/host/waffentrager/default.nix
View File

@ -7,4 +7,12 @@
./secrets
./services
];
virtualisation.podman.autoPrune.enable = true;
virtualisation.podman.autoPrune.dates = "daily";
virtualisation.podman.defaultNetwork.settings = {
default_subnet = "10.88.0.0/16";
};
virtualisation.oci-containers.backend = "podman";
}

10
configurations/host/waffentrager/secrets/default.nix
View File

@ -25,4 +25,14 @@
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.elements = { };
sops.secrets.nextcloud-adminpass = { };
sops.secrets.maloja = { };
sops.secrets.maloja-api = { };
sops.secrets.spotify-client-id = {};
sops.secrets.spotify-client-secret = {};
sops.secrets.lastfm-user= {};
sops.secrets.lastfm-pass = {};
sops.secrets.lastfm-api = {};
sops.secrets.lastfm-secret = {};
sops.secrets.lastfm-token = {};
sops.secrets.listenbrainz-api = {};
}

16
configurations/host/waffentrager/secrets/secrets.yaml
View File

@ -1,4 +1,4 @@
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
ireguard: ENC[AES256_GCM,data:wBeMFAZ1Dib84bIzQ3m0DiVpz92ZqvJiDz+IXV5rLtJ3OjpNFqbiTSVZnlU=,iv:mJqbXafDv0FqUlY1s69DXbcN7Sd+rxas7IPefFKsMNE=,tag:Ic94bnY0MULfow70KkBWmA==,type:str]
nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
jwt: ENC[AES256_GCM,data:1Qn7DaBZr8vEa8VZiv2BpwePPOBYRTdHEiDv0asUbvhCtfHvhG4mX5/plyRPlQok6FLEjEzKZTEdnvyyOtFEgA==,iv:kqfHkEr0jkKAro9gQup6CeopQnjfMGhEqbVL81wnDgc=,tag:gP/WACy5cOzzmQOh1v8wsQ==,type:str]
lldap-database: ENC[AES256_GCM,data:rNLS4WwvqRd3TFWDXaf8UmDTRsHZNPPS,iv:URV4Oz4ik2vHb03+Zh7ND+AbozSmoXpxENpvad4yvRI=,tag:6TbuMCnHwtTaG5mMWVN/mQ==,type:str]
@ -8,6 +8,16 @@ ldap-master: ENC[AES256_GCM,data:jiinK8xzuKiTwB9k44okgj+sWWEgbeay,iv:Slvci3EBylI
elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
users:
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
maloja: ENC[AES256_GCM,data:V/WV0181zupKLiDtf5pinwYFFzL1hg+j,iv:KmGHapsD7thnmgkHwnTYFP/fvBS6dft9ZmmFN4AZEXs=,tag:uEmZaFkvBIQfu+3+0gQFlg==,type:str]
maloja-api: ENC[AES256_GCM,data:8vLC1a5pL8ldS7LWXqA/HOqtnyYFQk7/oisGgOOYH7TtnpBL93I2O3mWQIGCZUwWqMWFLvbOxIAnpoS0Qmg=,iv:swziHFypoh1YZkyEpDhqH2BhqUrWi0J63CqzORyY4s4=,tag:B9kkYHqyWP0KGPMD4S1I1A==,type:str]
spotify-client-id: ENC[AES256_GCM,data:2vC2E7rHBrZ2VHTGqYRJp1fWNWprDaYq4J6gJ7tTfF0=,iv:KQJgzUiD70N2vQeTO9r8ucC96xc9mSW9VlU2IGmKT7Y=,tag:kWR+1Hhb4yGK/AAqxMCd3A==,type:str]
spotify-client-secret: ENC[AES256_GCM,data:MKHo36AF1hHiXERltKdeMiuMhiGyyH8E3TqQfTf1tqc=,iv:/dPWUqjDtxZUOLZRx2lrHuU5Sf2fch2Fvnl+20KZ5dk=,tag:ZgsbCFBNHXSUuHbdSlrm4w==,type:str]
lastfm-user: ENC[AES256_GCM,data:o/FUjIiB9PcFTQ==,iv:UtovNmHISz9jUj+HFZPIduZj6h3ayjA5RyVlh11k8LM=,tag:bS3ReGR2BRcs3lcutt95UQ==,type:str]
lastfm-pass: ENC[AES256_GCM,data:g90kxN+HkSqN+B9XFH6AvbD376bHFPVI,iv:ZRxKxdKXIgKOm7TKKPLR1yLzTBjuCWQk4tTJN5d/0N4=,tag:soIJI75WAhoiXwVYlxkmQA==,type:str]
lastfm-api: ENC[AES256_GCM,data:UxGOqFEsjDb5zBXjm6G+66zlr5M0pk/NdTad3a5MBVE=,iv:3v9Lg0bjmlAhcSOjCW44CN7FezSdNG3KVVLrk1G9Ies=,tag:amgDr25PYiB+E7+D/fVEOw==,type:str]
lastfm-secret: ENC[AES256_GCM,data:z+XqodyRm9qnZwYwdON/KwAQ3E6hSI+mA0Nby0PQVT4=,iv:sY3Eqr7ZCx5lwjZaRFSghx/3OjuWlDQHQywgt7LpoIo=,tag:f7j1PFanHfLdDK+ASusCMA==,type:str]
lastfm-token: ENC[AES256_GCM,data:X877lDOXtou5OF0KbkvuJ4rhJ+3IY5XnyXlqq4LuSb8=,iv:f8t36ut6zlHvBuKGmJabyc9nHViQvUcqNvCVy0YIeB8=,tag:0h9Jm1h2cxegUXXk6UTz9Q==,type:str]
listenbrainz-api: ENC[AES256_GCM,data:eh03MPc5kn7CUDXXnEJTx4DXv9BpyabyRL+ENDFJw+kS66tV,iv:gerOaZ3gqM7ccLursFuCJrW1HcSjlTGk0wOLM8x4/2A=,tag:ZqxYNlgdqV0zRUUHm7VK3Q==,type:str]
sops:
kms: []
gcp_kms: []
@ -23,8 +33,8 @@ sops:
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-21T22:14:08Z"
mac: ENC[AES256_GCM,data:DKI+SljQTH+5T7wtIfYRzNK+W5qQoxQ7E/6b9S7cptAsccdZhupWmVzHlwUlk5MFm92r0Qy3A6B/qV8Dashf6ABmjfnDuysvPoI5O45xE0Qs3TEyPKAbPV07FVi6lDHInEOznNAr6vhEN1Bhveg+ByyVeo+C5C5b+U7Qvx5KESM=,iv:B6xX7/u1ZHOPbEheFSpDeaRey3SP9bZMnDARc5xvzRM=,tag:nux6gkIfodj/4JedkBXWkQ==,type:str]
lastmodified: "2024-09-10T12:55:49Z"
mac: ENC[AES256_GCM,data:/YXB4vQxd5+ZZrkqKFVYIcNJF4j8PricarHyi0ESi4HXr00Efnat+NnoM74Sy/ukrKIJOKBKVVWmmEW8uFCK4H+kJrMkdagALhsjMkeMSB23cmP8nLbCus5QPhX3bSpkZwYNuspmEYN1cQCHvaLC5Eus+YIi92L+KqHsWJS71iM=,iv:OIwGUDG63wbaxCaLpkior76Ckyql2c4was4PXEc1miY=,tag:lwM1QRCEc6zX9a+yv0mN8A==,type:str]
pgp:
- created_at: "2024-03-21T18:15:00Z"
enc: |-

21
configurations/host/waffentrager/services/default.nix
View File

@ -2,16 +2,17 @@
{
imports =
[
./elements.nix
./postgresql.nix
./mount-acme.nix
./gitea.nix
./nginx.nix
./nextcloud.nix
./samba.nix
./syncthing.nix
./jellyfin.nix
./storage/elements.nix
./storage/mount-acme.nix
./storage/gitea.nix
./storage/nextcloud.nix
./storage/samba.nix
./storage/syncthing.nix
./multimedia/jellyfin.nix
./multimedia/scrobbling.nix
./monitoring.nix
./nginx.nix
./postgresql.nix
./auth
];
waffentragerService.elements.enable = true;
@ -22,6 +23,8 @@
waffentragerService.nextcloud.enable = true;
waffentragerService.samba.enable = true;
waffentragerService.jellyfin.enable = true;
waffentragerService.scrobbling.enable = true;
waffentragerService.syncthing.enable = true;
waffentragerService.monitoring.enable = true;
}

0
configurations/host/waffentrager/services/jellyfin.nix → configurations/host/waffentrager/services/multimedia/jellyfin.nix
View File

240
configurations/host/waffentrager/services/multimedia/scrobbling.nix Normal file
View File

@ -0,0 +1,240 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.waffentragerService.scrobbling.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable scrobbling";
config =
let
cfg = config.waffentragerService.scrobbling;
in
#### MALOJA --------------------------------------------------------------------
lib.mkIf cfg.enable {
sops.templates."maloja.env".content = ''
MALOJA_DATA_DIRECTORY=/data
MALOJA_DIRECTORY_STATE=/data/state
MALOJA_DIRECTORY_CACHE=/data/cache
MALOJA_SKIP_SETUP=yes
MALOJA_FORCE_PASSWORD=${config.sops.placeholder.maloja}
MALOJA_SPOTIFY_API_ID=${config.sops.placeholder.spotify-client-id}
MALOJA_SPOTIFY_API_SECRET=${config.sops.placeholder.spotify-client-secret}
MALOJA_NAME=Melody
MALOJA_WEEK_OFFSET=1
PUID=${builtins.toString config.users.users.scrobbler.uid}
PGID=${builtins.toString config.users.groups.scrobbler.gid}
TC=Europe/Warsaw
TIMEZONE=Europe/Warsaw
'';
services.nginx.virtualHosts = {
"melody.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
http3 = true;
locations."/" = {
proxyPass = "http://127.0.0.1:42010";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
virtualisation.oci-containers.containers.maloja =
{
image = "krateng/maloja:latest";
ports = [
"42010:42010"
];
volumes = [
"${config.waffentragerService.elements.malojaDir}:/data"
];
environmentFiles = [
config.sops.templates."maloja.env".path
];
};
systemd.services."${config.virtualisation.oci-containers.backend}-maloja" =
let
malojaCfg = pkgs.writeText "settings.ini" ''[MALOJA]
directory_config = /data
lastfm_api_key = False
audiodb_api_key = False
spotify_api_id = False
spotify_api_secret = False
delimiters_feat = ["ft.","ft","feat.","feat","featuring","Ft.","Ft","Feat.","Feat","Featuring"]
delimiters_informal = ["vs.","vs","&","with"]
delimiters_formal = ["; ",";"]
metadata_providers = ["spotify","deezer","lastfm","audiodb","musicbrainz"]
'';
in
{
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
preStart = ''cp --update=none ${malojaCfg} ${config.waffentragerService.elements.malojaDir}/settings.ini'';
};
#### MULTI SCROBBLER --------------------------------------------------------------------
users.groups.scrobbler = { gid = 3000; };
users.users.scrobbler = {
group = "scrobbler";
uid = 3000;
isSystemUser = true;
};
sops.templates."multi-scrobbler.env".content = ''
TC=Europe/Warsaw
CONFIG_DIR=/config
PUID=${builtins.toString config.users.users.scrobbler.uid}
PGID=${builtins.toString config.users.groups.scrobbler.gid}
'';
sops.templates."multi-scrobbler.json".owner = "scrobbler";
sops.templates."multi-scrobbler.json".group = "scrobbler";
sops.templates."multi-scrobbler.json".content = builtins.toJSON {
baseUrl = "https://scrobbler.materus.pl";
disableWeb = false;
debugMode = false;
sources = [
{
name = "materus-spotify";
enable = true;
clients = [ "maloja" ];
data = {
clientId = "${config.sops.placeholder.spotify-client-id}";
clientSecret = "${config.sops.placeholder.spotify-client-secret}";
redirectUri = "https://scrobbler.materus.pl/callback";
interval = 30;
};
type = "spotify";
}
{
name = "materus-jellyfin";
enable = true;
clients = [ "maloja" ];
data = {
users = [
"materus"
];
servers = [
"waffentrager"
];
};
options = {
logPayload = false;
logFilterFailure = "warn";
};
type = "jellyfin";
}
];
clients = [
{
name = "maloja";
enable = true;
data = {
url = "https://melody.materus.pl/";
apiKey = "${config.sops.placeholder.maloja-api}";
};
type = "maloja";
}
{
name = "materus-brainz";
enable = true;
configureAs = "client";
data = {
token = "${config.sops.placeholder.listenbrainz-api}";
username = "materus";
};
type = "listenbrainz";
}
{
name = "materus-lastfm";
enable = true;
configureAs = "client";
data = {
apiKey = "${config.sops.placeholder.lastfm-api}";
secret = "${config.sops.placeholder.lastfm-secret}";
redirectUri = "https://scrobbler.materus.pl/lastfm/callback";
};
type = "lastfm";
}
];
};
services.nginx.virtualHosts = {
"scrobbler.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
http3 = true;
locations."/" = {
proxyPass = "http://127.0.0.1:42011";
extraConfig = ''
allow ${materusArg.ip-masks.wireguard.private};
allow 192.168.100.0/24;
deny all;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
systemd.services."${config.virtualisation.oci-containers.backend}-multi-scrobbler" =
{
preStart = ''cp -f ${config.sops.templates."multi-scrobbler.json".path} ${config.waffentragerService.elements.malojaDir}/multi-scrobbler/config.json'';
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
virtualisation.oci-containers.containers.multi-scrobbler = {
image = "foxxmd/multi-scrobbler:latest";
ports = [
"127.0.0.1:42011:9078"
];
volumes = [
"${config.waffentragerService.elements.malojaDir}/multi-scrobbler:/config"
];
environmentFiles = [
config.sops.templates."multi-scrobbler.env".path
];
};
};
}

27
configurations/host/waffentrager/services/elements.nix → configurations/host/waffentrager/services/storage/elements.nix
View File

@ -7,6 +7,8 @@
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
options.waffentragerService.elements.lldapDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/lldap"; };
options.waffentragerService.elements.jellyfinDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/jellyfin"; };
options.waffentragerService.elements.malojaDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/maloja"; };
config =
let
cfg = config.waffentragerService.elements;
@ -23,7 +25,22 @@
mkdir -p ${cfg.path}
cryptsetup luksOpen /dev/disk/by-uuid/${cfg.uuid} elements -d ${config.sops.secrets.elements.path}
mount /dev/mapper/elements ${cfg.path}
'' + lib.optionalString config.waffentragerService.postgresql.enable ''
''
;
preStop = ''
umount ${cfg.path}
cryptsetup luksClose elements
'';
};
systemd.services.elements-dirmake = {
description = "Create dirs in elements drive";
path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = lib.optionalString config.waffentragerService.postgresql.enable ''
mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version}
chown -R postgres:postgres ${cfg.postgresqlDir}
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
@ -35,13 +52,13 @@
'' + lib.optionalString config.waffentragerService.jellyfin.enable ''
mkdir -p ${cfg.jellyfinDir}
chown -R materus:nextcloud ${cfg.jellyfinDir}
'' + lib.optionalString config.waffentragerService.scrobbling.enable ''
mkdir -p ${cfg.malojaDir}/multi-scrobbler
chown -R scrobbler:scrobbler ${cfg.malojaDir}
''
;
preStop = ''
umount ${cfg.path}
cryptsetup luksClose elements
'';
};
};

0
configurations/host/waffentrager/services/gitea.nix → configurations/host/waffentrager/services/storage/gitea.nix
View File

0
configurations/host/waffentrager/services/mount-acme.nix → configurations/host/waffentrager/services/storage/mount-acme.nix
View File

0
configurations/host/waffentrager/services/nextcloud.nix → configurations/host/waffentrager/services/storage/nextcloud.nix
View File

0
configurations/host/waffentrager/services/samba.nix → configurations/host/waffentrager/services/storage/samba.nix
View File

0
configurations/host/waffentrager/services/syncthing.nix → configurations/host/waffentrager/services/storage/syncthing.nix
View File