Configure transmission and gitea
This commit is contained in:
parent
66645843db
commit
2850d19f76
12
flake.nix
12
flake.nix
|
@ -12,21 +12,27 @@
|
||||||
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
|
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
|
||||||
let
|
let
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
overlay-unstable = final: prev: {
|
||||||
|
unstable = unstable.legacyPackages.${prev.system};
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
voyager = nixpkgs.lib.nixosSystem {
|
voyager = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
inherit system;
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
};
|
};
|
||||||
modules = [
|
modules = [
|
||||||
|
# Overlays-module makes "pkgs.unstable" available in configuration.nix
|
||||||
|
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||||
|
|
||||||
./hosts/voyager/configuration.nix
|
./hosts/voyager/configuration.nix
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
chapel = nixpkgs.lib.nixosSystem {
|
chapel = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
inherit system;
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
};
|
};
|
||||||
|
@ -36,7 +42,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
redshirt = nixpkgs.lib.nixosSystem {
|
redshirt = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
inherit system;
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
};
|
};
|
||||||
|
|
|
@ -16,8 +16,10 @@
|
||||||
./services/kanidm.nix
|
./services/kanidm.nix
|
||||||
./services/matrix
|
./services/matrix
|
||||||
./services/jellyfin.nix
|
./services/jellyfin.nix
|
||||||
|
./services/transmission.nix
|
||||||
./services/metrics
|
./services/metrics
|
||||||
./services/flame.nix
|
./services/flame.nix
|
||||||
|
./services/gitea.nix
|
||||||
./services/hedgedoc.nix
|
./services/hedgedoc.nix
|
||||||
./services/code-server.nix
|
./services/code-server.nix
|
||||||
# TODO:
|
# TODO:
|
||||||
|
@ -26,7 +28,7 @@
|
||||||
# x Monitoring server
|
# x Monitoring server
|
||||||
# x Podman
|
# x Podman
|
||||||
# x Flame
|
# x Flame
|
||||||
# - Transmission
|
# x Transmission
|
||||||
# x Jellyfin
|
# x Jellyfin
|
||||||
# x NFS imports
|
# x NFS imports
|
||||||
# x NFS exports
|
# x NFS exports
|
||||||
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.gitea;
|
||||||
|
in {
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.unstable.gitea;
|
||||||
|
appName = "felixalbs Gitea";
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
#passwordFile = "/var/gitea/passwdfile";
|
||||||
|
};
|
||||||
|
domain = "git.feal.no";
|
||||||
|
rootUrl = "https://git.feal.no";
|
||||||
|
httpPort = 3004;
|
||||||
|
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
server.LANDING_PAGE=''"/felixalb"'';
|
||||||
|
service.DISABLE_REGISTRATION = true;
|
||||||
|
session.COOKIE_SECURE = true;
|
||||||
|
|
||||||
|
packages.ENABLED = false;
|
||||||
|
|
||||||
|
oauth2_client = {
|
||||||
|
ENABLE_AUTO_REGISTRATION = true;
|
||||||
|
OPENID_CONNECT_SCOPES = "email profile openid";
|
||||||
|
UPDATE_AVATAR = true;
|
||||||
|
ACCOUNT_LINKING = "auto";
|
||||||
|
USERNAME = "email";
|
||||||
|
};
|
||||||
|
|
||||||
|
log.LEVEL = "Info";
|
||||||
|
|
||||||
|
database.LOG_SQL = false;
|
||||||
|
|
||||||
|
ui = {
|
||||||
|
THEMES="gitea,arc-green,nord";
|
||||||
|
DEFAULT_THEME="nord";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO:
|
||||||
|
# - dump (automatic backups)
|
||||||
|
# - configure mailer
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ cfg.httpPort ];
|
||||||
|
}
|
|
@ -4,10 +4,14 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
/* enableTCPIP = true; # Expose on the network */
|
/* enableTCPIP = true; # Expose on the network */
|
||||||
authentication = pkgs.lib.mkOverride 10 ''
|
authentication = pkgs.lib.mkOverride 10 ''
|
||||||
|
local gitea all ident map=gitea-users
|
||||||
local all all trust
|
local all all trust
|
||||||
host all all 127.0.0.1/32 trust
|
host all all 127.0.0.1/32 trust
|
||||||
host all all ::1/128 trust
|
host all all ::1/128 trust
|
||||||
'';
|
'';
|
||||||
|
identMap = ''
|
||||||
|
gitea-users gitea gitea
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresqlBackup = {
|
services.postgresqlBackup = {
|
||||||
|
|
|
@ -0,0 +1,74 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
host = "127.0.1.2";
|
||||||
|
port = "5003";
|
||||||
|
uid = 778;
|
||||||
|
gid = 778;
|
||||||
|
in {
|
||||||
|
sops.secrets."transmission/vpncreds" = {
|
||||||
|
owner = "transmission";
|
||||||
|
group = "transmission";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.transmission = {
|
||||||
|
inherit uid;
|
||||||
|
group = "transmission";
|
||||||
|
isSystemUser = true;
|
||||||
|
useDefaultShell = true;
|
||||||
|
description = "Transmission torrent service";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.transmission = {
|
||||||
|
inherit gid;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Transmission+PIA: Torrent client, Integrated VPN, Web interface
|
||||||
|
virtualisation.oci-containers.containers.transmission = {
|
||||||
|
image = "haugene/transmission-openvpn";
|
||||||
|
ports = [ "${host}:${port}:9091" ];
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/transmission/config:/config"
|
||||||
|
"/tank/media/transmission:/data"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
OPENVPN_PROVIDER = "PIA";
|
||||||
|
OPENVPN_CONFIG = "norway,sweden,de_frankfurt";
|
||||||
|
LOCAL_NETWORK = "192.168.10.0/24";
|
||||||
|
PUID = toString uid;
|
||||||
|
PGID = toString gid;
|
||||||
|
};
|
||||||
|
environmentFiles = [
|
||||||
|
# OPENVPN_USERNAME and password is set here
|
||||||
|
# and optionally TRANSMISSION_RPC_USERNAME and password
|
||||||
|
config.sops.secrets."transmission/vpncreds".path
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--cap-add=net_admin,net_raw,mknod"
|
||||||
|
"--device=/dev/net/tun"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."transmission.home.feal.no" = {
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${host}:${port}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems = {
|
||||||
|
"/tank/media/transmission/jellyfin" = {
|
||||||
|
device = "/tank/media/jellyfin";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
|
"/tank/media/transmission/music" = {
|
||||||
|
device = "/tank/media/music";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
|
"/tank/media/transmission/inbox" = {
|
||||||
|
device = "/tank/inbox";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
|
"/tank/media/transmission/other" = {
|
||||||
|
device = "/tank/media/other";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -10,6 +10,8 @@
|
||||||
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
|
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
|
||||||
hedgedoc:
|
hedgedoc:
|
||||||
env: ENC[AES256_GCM,data:okkj5V0veAwWwdmhjhsd4seAHiBOjdk7m80C3iVi78LNeHlNuGL2zdvKV5b4ClUR3awabotR/QwdvSvCUxZiFRpXwyeETxHPRRTtR4VDL1L4MifJ0LS27A5DAzAdjCjc799ckgDyBn5L3+T6P1136X0PnaXQT1KyRegizC1DFQ15/3fvlIe05tonDwDVAsPkV8ZEtmGuseB87yoFBxs=,iv:VKwB+AAq4kgOYwntHNXK+xdf0kk+sn39jAxJhLFiqdw=,tag:6bDyl7c23uAWMzVrJ5/YYQ==,type:str]
|
env: ENC[AES256_GCM,data:okkj5V0veAwWwdmhjhsd4seAHiBOjdk7m80C3iVi78LNeHlNuGL2zdvKV5b4ClUR3awabotR/QwdvSvCUxZiFRpXwyeETxHPRRTtR4VDL1L4MifJ0LS27A5DAzAdjCjc799ckgDyBn5L3+T6P1136X0PnaXQT1KyRegizC1DFQ15/3fvlIe05tonDwDVAsPkV8ZEtmGuseB87yoFBxs=,iv:VKwB+AAq4kgOYwntHNXK+xdf0kk+sn39jAxJhLFiqdw=,tag:6bDyl7c23uAWMzVrJ5/YYQ==,type:str]
|
||||||
|
transmission:
|
||||||
|
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
|
||||||
matrix:
|
matrix:
|
||||||
synapse:
|
synapse:
|
||||||
registrationsecret: ENC[AES256_GCM,data:lrj4itbDdfwSJYlvgYbWy2bcgNj69DJA2gzLUiN2AINRfoprsZI7kbNvJO0E2FVPWrfcB6HSHqomgIi6G+77NoyPOSTzzI6aHMvt4Ups6/KpQFpR2QV3VykzADoagWs=,iv:GiuT4lAD8/ZPgTVwXUaHmjSvzHqnGPzAuwxFBlzU8O0=,tag:79tuTluST8E6gigm9Z7nEQ==,type:str]
|
registrationsecret: ENC[AES256_GCM,data:lrj4itbDdfwSJYlvgYbWy2bcgNj69DJA2gzLUiN2AINRfoprsZI7kbNvJO0E2FVPWrfcB6HSHqomgIi6G+77NoyPOSTzzI6aHMvt4Ups6/KpQFpR2QV3VykzADoagWs=,iv:GiuT4lAD8/ZPgTVwXUaHmjSvzHqnGPzAuwxFBlzU8O0=,tag:79tuTluST8E6gigm9Z7nEQ==,type:str]
|
||||||
|
@ -37,8 +39,8 @@ sops:
|
||||||
THFRNjZXc0RsS0xKK1BkeEU1UzA4MW8KgOIQyL6A9u+Ii8zYkHJDWVAG/EEc61Qh
|
THFRNjZXc0RsS0xKK1BkeEU1UzA4MW8KgOIQyL6A9u+Ii8zYkHJDWVAG/EEc61Qh
|
||||||
u+VFyGB7esTG56G19u1aCHB/NUxG5HYMG/DEqH/SyCyKUvHrXjEF4g==
|
u+VFyGB7esTG56G19u1aCHB/NUxG5HYMG/DEqH/SyCyKUvHrXjEF4g==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-05-09T21:06:32Z"
|
lastmodified: "2023-05-11T22:37:33Z"
|
||||||
mac: ENC[AES256_GCM,data:C/vZmn+jVNaakJxv6XjtMaXDO0CLhTEG8ZSpFBkobd8IKRnsn3OwNySQN0RvIzYL3kaDaS2twEOKN2h3eTcDbX6nNa3m4Eagv7fwXw8yTY2T6pVBni9qudZzlzPpxXSmR7sZYqtay05NdwgSEuu8qIP+S4ECtiSo0JHMdyP1YpQ=,iv:iJsKgA/YjYQ9gVO8ET70+0SdjMTIkbzh2yIkgiFQ+4Y=,tag:ytHaCBJxO1J60lfRQBKplw==,type:str]
|
mac: ENC[AES256_GCM,data:05Q2/Don1WbgncRQhS1XXJ/l+sH+YJQSUkDPJip798OiFwp/5/C19dS8Z9vXPtCp/96iisfsxfSY3OK/AhaXhhKKze1GQ5oqJnfp8ECE4N70SVy302eRF0rAR8XQQOGiur+JUP4KWYs4rNPAlMJYcppeSu3TeO+yGw+O7CGZuBs=,iv:k1Ab086i4Rur0bt8J5HY35rUax9LXpTnuw+TUoQCrI8=,tag:k9ar+YV2cIHRKdJj2dqdgA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.7.3
|
||||||
|
|
Loading…
Reference in New Issue