diff --git a/config/hosts/athame/nixos.nix b/config/hosts/athame/nixos.nix index cff8e474..1e786317 100644 --- a/config/hosts/athame/nixos.nix +++ b/config/hosts/athame/nixos.nix @@ -10,6 +10,7 @@ with lib; users.kat.server services.asterisk services.fail2ban + services.filehost services.gitea services.grafana services.logrotate @@ -28,10 +29,10 @@ with lib; services.syncplay services.taskserver services.vaultwarden + services.website services.weechat services.xmpp services.znc - ./nixos/virtualhosts.nix ]; # File Systems and Swap diff --git a/config/hosts/athame/nixos/virtualhosts.nix b/config/hosts/athame/nixos/virtualhosts.nix deleted file mode 100644 index d2d0a118..00000000 --- a/config/hosts/athame/nixos/virtualhosts.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - common = { - enableACME = true; - forceSSL = true; - }; -in -{ - services.nginx.virtualHosts = { - "kittywit.ch" = { root = pkgs.kat-website; } // common; - "athame.kittywit.ch" = { root = "/var/www/athame"; } // common; - "files.kittywit.ch" = { root = "/var/www/files"; } // common; - }; - - deploy.tf.dns.records.kittywitch_files = { - tld = "kittywit.ch."; - domain = "files"; - cname.target = "athame.kittywit.ch."; - }; -} diff --git a/config/hosts/beltane/nixos.nix b/config/hosts/beltane/nixos.nix index 62b5ac48..b4820d6d 100644 --- a/config/hosts/beltane/nixos.nix +++ b/config/hosts/beltane/nixos.nix @@ -9,16 +9,16 @@ with lib; profiles.hardware.rm-310 profiles.gui users.kat.guiFull + services.jellyfin services.kattv-ingest services.promtail services.netdata + services.nfs services.nginx services.node-exporter + services.transmission services.tvheadend services.zfs - ./nixos/jellyfin.nix - ./nixos/virtualhosts.nix - ./nixos/transmission.nix ]; # File Systems and Swap diff --git a/config/hosts/beltane/nixos/jellyfin.nix b/config/hosts/beltane/nixos/jellyfin.nix deleted file mode 100644 index 0b0c777c..00000000 --- a/config/hosts/beltane/nixos/jellyfin.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - kw.fw.public.tcp.ranges = [{ - from = 32768; - to = 60999; - }]; - - kw.fw.private.tcp.ranges = [{ - from = 32768; - to = 60999; - }]; - - services.jellyfin.enable = true; -} diff --git a/config/hosts/beltane/nixos/virtualhosts.nix b/config/hosts/beltane/nixos/virtualhosts.nix deleted file mode 100644 index 52525c81..00000000 --- a/config/hosts/beltane/nixos/virtualhosts.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ config, lib, ... }: - -with lib; - -{ - services.nginx = { - virtualHosts = { - "beltane.net.kittywit.ch" = { - useACMEHost = "beltane.net.kittywit.ch"; - forceSSL = true; - locations = { - "/jellyfin/".proxyPass = "http://127.0.0.1:8096/jellyfin/"; - "/jellyfin/socket" = { - proxyPass = "http://127.0.0.1:8096/jellyfin/"; - extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - "/tvheadend/".proxyPass = "http://127.0.0.1:9981"; - "/" = { - root = "/mnt/zraw/media/"; - extraConfig = "autoindex on;"; - }; - "/transmission" = { - proxyPass = "http://[::1]:9091"; - extraConfig = "proxy_pass_header X-Transmission-Session-Id;"; - }; - }; - }; - "192.168.1.223" = { - locations = { - "/jellyfin/".proxyPass = "http://127.0.0.1:8096/jellyfin/"; - "/jellyfin/socket" = { - proxyPass = "http://127.0.0.1:8096/jellyfin/"; - extraConfig = '' - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - - "/share/" = { - alias = "/mnt/zraw/media/"; - extraConfig = "autoindex on;"; - }; - }; - }; - "100.103.111.44" = { - locations."/share/" = { - alias = "/mnt/zraw/media/"; - extraConfig = "autoindex on;"; - }; - }; - }; - appendConfig = '' - rtmp { - server { - listen [::]:1935 ipv6only=off; - application stream { - live on; - - allow publish all; - allow play all; - } - } - } - ''; - }; - - kw.fw = { - private.tcp.ports = singleton 1935; - public.tcp.ports = singleton 1935; - }; -} diff --git a/config/hosts/samhain/nixos.nix b/config/hosts/samhain/nixos.nix index 3485bf32..d9d8d248 100644 --- a/config/hosts/samhain/nixos.nix +++ b/config/hosts/samhain/nixos.nix @@ -20,7 +20,6 @@ in { services.promtail services.restic services.zfs - ./nixos/virtualhosts.nix ]; # File Systems and Swap diff --git a/config/hosts/samhain/nixos/virtualhosts.nix b/config/hosts/samhain/nixos/virtualhosts.nix deleted file mode 100644 index 692042ae..00000000 --- a/config/hosts/samhain/nixos/virtualhosts.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, ... }: - -with lib; - -{ - kw.fw.private.tcp.ports = singleton 1935; - kw.fw.public.tcp.ports = singleton 1935; - - services.nginx.appendConfig = '' - rtmp { - server { - listen [::]:1935 ipv6only=off; - application kattv { - live on; - - allow publish all; - allow play all; - } - } - } - ''; -} diff --git a/config/modules/nixos/yggdrasil.nix b/config/modules/nixos/yggdrasil.nix index a7479c4b..b0c6b01b 100644 --- a/config/modules/nixos/yggdrasil.nix +++ b/config/modules/nixos/yggdrasil.nix @@ -9,19 +9,22 @@ This module: with lib; { - config = { - deploy.tf.dns.records."ygg_${config.networking.hostName}" = - mkIf (config.network.yggdrasil.enable) { + config = mkIf (config.network.yggdrasil.enable) { + deploy.tf.dns.records."ygg_${config.networking.hostName}" = { tld = config.kw.dns.tld; domain = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}"; aaaa.address = config.network.yggdrasil.address; }; security.acme.certs."${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}" = - mkIf (config.services.nginx.enable && config.network.yggdrasil.enable) { + mkIf (config.services.nginx.enable) { domain = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}"; dnsProvider = "rfc2136"; credentialsFile = config.secrets.files.dns_creds.path; group = "nginx"; }; + services.nginx.virtualHosts."${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}" = mkIf (config.services.nginx.enable) { + useACMEHost = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}"; + forceSSL = true; + }; }; } diff --git a/config/services/filehost/default.nix b/config/services/filehost/default.nix new file mode 100644 index 00000000..540dccc9 --- /dev/null +++ b/config/services/filehost/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +{ + services.nginx.virtualHosts = { + "files.kittywit.ch" = { + root = "/var/www/files"; + enableACME = true; + forceSSL = true; + }; + }; + + deploy.tf.dns.records.kittywitch_files = { + tld = "kittywit.ch."; + domain = "files"; + cname.target = "athame.kittywit.ch."; + }; +} diff --git a/config/services/jellyfin/default.nix b/config/services/jellyfin/default.nix new file mode 100644 index 00000000..6fff46ce --- /dev/null +++ b/config/services/jellyfin/default.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +{ + services.nginx.virtualHosts = { + "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations = { + "/jellyfin/".proxyPass = "http://[::1]:8096/jellyfin/"; + "/jellyfin/socket" = { + proxyPass = "http://[::1]:8096/jellyfin/"; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; + }; + ${config.kw.dns.ipv4}.locations = { + "/jellyfin/".proxyPass = "http://[::1]:8096/jellyfin/"; + "/jellyfin/socket" = { + proxyPass = "http://[::1]:8096/jellyfin/"; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; + }; + }; + + kw.fw = { + public.tcp.ranges = [{ + from = 32768; + to = 60999; + }]; + private.tcp.ranges = [{ + from = 32768; + to = 60999; + }]; + }; + + services.jellyfin.enable = true; +} diff --git a/config/services/kattv-ingest/default.nix b/config/services/kattv-ingest/default.nix index 55cc5357..99e3c7a1 100644 --- a/config/services/kattv-ingest/default.nix +++ b/config/services/kattv-ingest/default.nix @@ -3,9 +3,27 @@ with lib; { - kw.fw.public.tcp.ports = [ 4953 1935 ]; + services.nginx.appendConfig = '' + rtmp { + server { + listen [::]:1935 ipv6only=off; + application stream { + live on; + + allow publish all; + allow play all; + } + } + } + ''; + + kw.fw = { + private.tcp.ports = singleton 1935; + public.tcp.ports = [ 4953 1935 ]; + }; systemd.sockets.kattv = { + wantedBy = [ "sockets.target" ]; listenStreams = [ "0.0.0.0:4953" ]; socketConfig = { Accept = true; @@ -17,7 +35,6 @@ with lib; systemd.services."kattv@" = { environment = pkgs.kat-tv-ingest.env; script = "exec ${pkgs.gst_all_1.gstreamer.dev}/bin/gst-launch-1.0 -e --no-position ${pkgs.lib.gst.pipelineShellString pkgs.kat-tv-ingest.pipeline}"; - wantedBy = [ "multi-user.target" ]; after = [ "nginx.service" ]; description = "RTMP stream of kat cam"; serviceConfig = { diff --git a/config/services/kattv/default.nix b/config/services/kattv/default.nix index b58928b7..2d84d5ae 100644 --- a/config/services/kattv/default.nix +++ b/config/services/kattv/default.nix @@ -1,7 +1,6 @@ { config, pkgs, lib, ... }: { - services.udev.extraRules = '' KERNEL=="video[0-9]*", SUBSYSTEM=="video4linux", SUBSYSTEMS=="usb", ATTR{index}=="0", ATTRS{idVendor}=="045e", ATTRS{idProduct}=="0779", SYMLINK+="videomew", TAG+="systemd" ''; diff --git a/config/services/netdata/default.nix b/config/services/netdata/default.nix index 3a693e77..3d404b3f 100644 --- a/config/services/netdata/default.nix +++ b/config/services/netdata/default.nix @@ -9,8 +9,6 @@ enable = true; virtualHosts = { "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}" = { - useACMEHost = "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}"; - forceSSL = true; locations = { "/netdata" = { proxyPass = "http://[::1]:19999/"; }; }; }; }; diff --git a/config/services/nfs/default.nix b/config/services/nfs/default.nix new file mode 100644 index 00000000..4c2931b1 --- /dev/null +++ b/config/services/nfs/default.nix @@ -0,0 +1,22 @@ +{ config, ... }: + +{ + kw.fw = { + private.tcp.ports = [ 111 2049 ]; + public.tcp.ports = [ 111 2049 ]; + }; + + services.nfs.server.enable = true; + services.nfs.server.exports = "/mnt/zraw/media 192.168.1.0/24(rw) 200::/7(rw) 2a00:23c7:c597:7400::/56(rw)"; + + services.nginx.virtualHosts = { + "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations."/" = { + alias = "/mnt/zraw/media/"; + extraConfig = "autoindex on;"; + }; + ${config.kw.dns.ipv4}.locations."/" = { + alias = "/mnt/zraw/media/"; + extraConfig = "autoindex on;"; + }; + }; +} diff --git a/config/hosts/beltane/nixos/transmission.nix b/config/services/transmission/default.nix similarity index 70% rename from config/hosts/beltane/nixos/transmission.nix rename to config/services/transmission/default.nix index 337c1577..ef39be6e 100644 --- a/config/hosts/beltane/nixos/transmission.nix +++ b/config/services/transmission/default.nix @@ -1,6 +1,17 @@ { config, pkgs, ... }: { + services.nginx.virtualHosts = { + "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations."/transmission" = { + proxyPass = "http://[::1]:9091"; + extraConfig = "proxy_pass_header X-Transmission-Session-Id;"; + }; + ${config.kw.dns.ipv4}.locations."/transmission" = { + proxyPass = "http://[::1]:9091"; + extraConfig = "proxy_pass_header X-Transmission-Session-Id;"; + }; + }; + services.transmission = let transmission-done-script = pkgs.writeScriptBin "script" '' diff --git a/config/services/tvheadend/default.nix b/config/services/tvheadend/default.nix index 328bb38d..c154eb1f 100644 --- a/config/services/tvheadend/default.nix +++ b/config/services/tvheadend/default.nix @@ -9,11 +9,22 @@ tcp.ports = [ 9981 9982 ]; }; + services.nginx.virtualHosts = { + "${config.networking.hostName}.${config.kw.dns.ygg_prefix}.${config.kw.dns.domain}".locations."/tvheadend" = { + proxyPass = "http://[::1]:9091"; + extraConfig = "proxy_pass_header X-Transmission-Session-Id;"; + }; + ${config.kw.dns.ipv4}.locations."/tvheadend" = { + proxyPass = "http://[::1]:9091"; + extraConfig = "proxy_pass_header X-Transmission-Session-Id;"; + }; + }; + systemd.services.tvheadend-kat = { - description = "Tvheadend TV streaming server"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - script = '' + description = "Tvheadend TV streaming server"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + script = '' ${pkgs.tvheadend}/bin/tvheadend \ --http_root /tvheadend \ --http_port 9981 \ @@ -23,15 +34,15 @@ -p ${config.users.users.tvheadend.home}/tvheadend.pid \ -u tvheadend \ -g video - ''; - serviceConfig = { - Type = "forking"; - PIDFile = "${config.users.users.tvheadend.home}/tvheadend.pid"; - Restart = "always"; - RestartSec = 5; - User = "tvheadend"; - Group = "video"; - ExecStop = "${pkgs.coreutils}/bin/rm ${config.users.users.tvheadend.home}/tvheadend.pid"; - }; + ''; + serviceConfig = { + Type = "forking"; + PIDFile = "${config.users.users.tvheadend.home}/tvheadend.pid"; + Restart = "always"; + RestartSec = 5; + User = "tvheadend"; + Group = "video"; + ExecStop = "${pkgs.coreutils}/bin/rm ${config.users.users.tvheadend.home}/tvheadend.pid"; }; + }; } diff --git a/config/services/website/default.nix b/config/services/website/default.nix new file mode 100644 index 00000000..d25685bc --- /dev/null +++ b/config/services/website/default.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + services.nginx.virtualHosts = { + "${config.kw.dns.domain}" = { + root = pkgs.kat-website; + enableACME = true; + forceSSL = true; + }; + }; +}