Configure transmission and gitea

This commit is contained in:
Felix Albrigtsen 2023-05-11 14:34:13 +02:00
parent 66645843db
commit 2850d19f76
6 changed files with 143 additions and 6 deletions

View File

@ -12,21 +12,27 @@
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs: outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
let let
system = "x86_64-linux"; system = "x86_64-linux";
overlay-unstable = final: prev: {
unstable = unstable.legacyPackages.${prev.system};
};
in in
{ {
nixosConfigurations = { nixosConfigurations = {
voyager = nixpkgs.lib.nixosSystem { voyager = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; inherit system;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
modules = [ modules = [
# Overlays-module makes "pkgs.unstable" available in configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/voyager/configuration.nix ./hosts/voyager/configuration.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
]; ];
}; };
chapel = nixpkgs.lib.nixosSystem { chapel = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; inherit system;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
@ -36,7 +42,7 @@
]; ];
}; };
redshirt = nixpkgs.lib.nixosSystem { redshirt = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; inherit system;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };

View File

@ -16,8 +16,10 @@
./services/kanidm.nix ./services/kanidm.nix
./services/matrix ./services/matrix
./services/jellyfin.nix ./services/jellyfin.nix
./services/transmission.nix
./services/metrics ./services/metrics
./services/flame.nix ./services/flame.nix
./services/gitea.nix
./services/hedgedoc.nix ./services/hedgedoc.nix
./services/code-server.nix ./services/code-server.nix
# TODO: # TODO:
@ -26,7 +28,7 @@
# x Monitoring server # x Monitoring server
# x Podman # x Podman
# x Flame # x Flame
# - Transmission # x Transmission
# x Jellyfin # x Jellyfin
# x NFS imports # x NFS imports
# x NFS exports # x NFS exports

View File

@ -0,0 +1,49 @@
{ config, pkgs, ... }:
let
cfg = config.services.gitea;
in {
services.gitea = {
enable = true;
package = pkgs.unstable.gitea;
appName = "felixalbs Gitea";
database = {
type = "postgres";
#passwordFile = "/var/gitea/passwdfile";
};
domain = "git.feal.no";
rootUrl = "https://git.feal.no";
httpPort = 3004;
settings = {
server.LANDING_PAGE=''"/felixalb"'';
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
packages.ENABLED = false;
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
OPENID_CONNECT_SCOPES = "email profile openid";
UPDATE_AVATAR = true;
ACCOUNT_LINKING = "auto";
USERNAME = "email";
};
log.LEVEL = "Info";
database.LOG_SQL = false;
ui = {
THEMES="gitea,arc-green,nord";
DEFAULT_THEME="nord";
};
};
# TODO:
# - dump (automatic backups)
# - configure mailer
};
networking.firewall.allowedTCPPorts = [ cfg.httpPort ];
}

View File

@ -4,10 +4,14 @@
enable = true; enable = true;
/* enableTCPIP = true; # Expose on the network */ /* enableTCPIP = true; # Expose on the network */
authentication = pkgs.lib.mkOverride 10 '' authentication = pkgs.lib.mkOverride 10 ''
local gitea all ident map=gitea-users
local all all trust local all all trust
host all all 127.0.0.1/32 trust host all all 127.0.0.1/32 trust
host all all ::1/128 trust host all all ::1/128 trust
''; '';
identMap = ''
gitea-users gitea gitea
'';
}; };
services.postgresqlBackup = { services.postgresqlBackup = {

View File

@ -0,0 +1,74 @@
{ config, pkgs, lib, ... }:
let
host = "127.0.1.2";
port = "5003";
uid = 778;
gid = 778;
in {
sops.secrets."transmission/vpncreds" = {
owner = "transmission";
group = "transmission";
};
users.users.transmission = {
inherit uid;
group = "transmission";
isSystemUser = true;
useDefaultShell = true;
description = "Transmission torrent service";
};
users.groups.transmission = {
inherit gid;
};
# Transmission+PIA: Torrent client, Integrated VPN, Web interface
virtualisation.oci-containers.containers.transmission = {
image = "haugene/transmission-openvpn";
ports = [ "${host}:${port}:9091" ];
volumes = [
"/var/lib/transmission/config:/config"
"/tank/media/transmission:/data"
];
environment = {
OPENVPN_PROVIDER = "PIA";
OPENVPN_CONFIG = "norway,sweden,de_frankfurt";
LOCAL_NETWORK = "192.168.10.0/24";
PUID = toString uid;
PGID = toString gid;
};
environmentFiles = [
# OPENVPN_USERNAME and password is set here
# and optionally TRANSMISSION_RPC_USERNAME and password
config.sops.secrets."transmission/vpncreds".path
];
extraOptions = [
"--cap-add=net_admin,net_raw,mknod"
"--device=/dev/net/tun"
];
};
services.nginx.virtualHosts."transmission.home.feal.no" = {
locations."/" = {
proxyPass = "http://${host}:${port}";
};
};
fileSystems = {
"/tank/media/transmission/jellyfin" = {
device = "/tank/media/jellyfin";
options = [ "bind" ];
};
"/tank/media/transmission/music" = {
device = "/tank/media/music";
options = [ "bind" ];
};
"/tank/media/transmission/inbox" = {
device = "/tank/inbox";
options = [ "bind" ];
};
"/tank/media/transmission/other" = {
device = "/tank/media/other";
options = [ "bind" ];
};
};
}

View File

@ -10,6 +10,8 @@
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment] #ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
hedgedoc: hedgedoc:
env: ENC[AES256_GCM,data:okkj5V0veAwWwdmhjhsd4seAHiBOjdk7m80C3iVi78LNeHlNuGL2zdvKV5b4ClUR3awabotR/QwdvSvCUxZiFRpXwyeETxHPRRTtR4VDL1L4MifJ0LS27A5DAzAdjCjc799ckgDyBn5L3+T6P1136X0PnaXQT1KyRegizC1DFQ15/3fvlIe05tonDwDVAsPkV8ZEtmGuseB87yoFBxs=,iv:VKwB+AAq4kgOYwntHNXK+xdf0kk+sn39jAxJhLFiqdw=,tag:6bDyl7c23uAWMzVrJ5/YYQ==,type:str] env: ENC[AES256_GCM,data:okkj5V0veAwWwdmhjhsd4seAHiBOjdk7m80C3iVi78LNeHlNuGL2zdvKV5b4ClUR3awabotR/QwdvSvCUxZiFRpXwyeETxHPRRTtR4VDL1L4MifJ0LS27A5DAzAdjCjc799ckgDyBn5L3+T6P1136X0PnaXQT1KyRegizC1DFQ15/3fvlIe05tonDwDVAsPkV8ZEtmGuseB87yoFBxs=,iv:VKwB+AAq4kgOYwntHNXK+xdf0kk+sn39jAxJhLFiqdw=,tag:6bDyl7c23uAWMzVrJ5/YYQ==,type:str]
transmission:
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
matrix: matrix:
synapse: synapse:
registrationsecret: ENC[AES256_GCM,data:lrj4itbDdfwSJYlvgYbWy2bcgNj69DJA2gzLUiN2AINRfoprsZI7kbNvJO0E2FVPWrfcB6HSHqomgIi6G+77NoyPOSTzzI6aHMvt4Ups6/KpQFpR2QV3VykzADoagWs=,iv:GiuT4lAD8/ZPgTVwXUaHmjSvzHqnGPzAuwxFBlzU8O0=,tag:79tuTluST8E6gigm9Z7nEQ==,type:str] registrationsecret: ENC[AES256_GCM,data:lrj4itbDdfwSJYlvgYbWy2bcgNj69DJA2gzLUiN2AINRfoprsZI7kbNvJO0E2FVPWrfcB6HSHqomgIi6G+77NoyPOSTzzI6aHMvt4Ups6/KpQFpR2QV3VykzADoagWs=,iv:GiuT4lAD8/ZPgTVwXUaHmjSvzHqnGPzAuwxFBlzU8O0=,tag:79tuTluST8E6gigm9Z7nEQ==,type:str]
@ -37,8 +39,8 @@ sops:
THFRNjZXc0RsS0xKK1BkeEU1UzA4MW8KgOIQyL6A9u+Ii8zYkHJDWVAG/EEc61Qh THFRNjZXc0RsS0xKK1BkeEU1UzA4MW8KgOIQyL6A9u+Ii8zYkHJDWVAG/EEc61Qh
u+VFyGB7esTG56G19u1aCHB/NUxG5HYMG/DEqH/SyCyKUvHrXjEF4g== u+VFyGB7esTG56G19u1aCHB/NUxG5HYMG/DEqH/SyCyKUvHrXjEF4g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-09T21:06:32Z" lastmodified: "2023-05-11T22:37:33Z"
mac: ENC[AES256_GCM,data:C/vZmn+jVNaakJxv6XjtMaXDO0CLhTEG8ZSpFBkobd8IKRnsn3OwNySQN0RvIzYL3kaDaS2twEOKN2h3eTcDbX6nNa3m4Eagv7fwXw8yTY2T6pVBni9qudZzlzPpxXSmR7sZYqtay05NdwgSEuu8qIP+S4ECtiSo0JHMdyP1YpQ=,iv:iJsKgA/YjYQ9gVO8ET70+0SdjMTIkbzh2yIkgiFQ+4Y=,tag:ytHaCBJxO1J60lfRQBKplw==,type:str] mac: ENC[AES256_GCM,data:05Q2/Don1WbgncRQhS1XXJ/l+sH+YJQSUkDPJip798OiFwp/5/C19dS8Z9vXPtCp/96iisfsxfSY3OK/AhaXhhKKze1GQ5oqJnfp8ECE4N70SVy302eRF0rAR8XQQOGiur+JUP4KWYs4rNPAlMJYcppeSu3TeO+yGw+O7CGZuBs=,iv:k1Ab086i4Rur0bt8J5HY35rUax9LXpTnuw+TUoQCrI8=,tag:k9ar+YV2cIHRKdJj2dqdgA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3