From 87f7e0c35fd9975ab4a3fe1bdfcf048e4fca9760 Mon Sep 17 00:00:00 2001
From: yuri <yuri@nekover.se>
Date: Sun, 26 Nov 2023 00:19:00 +0100
Subject: [PATCH] Add navidrome host

---
 config/hosts/navidrome/configuration.nix      | 33 +++++++++++++++++++
 config/hosts/navidrome/default.nix            |  7 ++++
 config/hosts/navidrome/navidrome.nix          |  9 +++++
 config/hosts/navidrome/nginx.nix              | 24 ++++++++++++++
 config/hosts/navidrome/secrets.nix            | 13 ++++++++
 .../virtualHosts/acme-challenge.nix           | 12 +++++--
 hosts.nix                                     |  5 +++
 7 files changed, 100 insertions(+), 3 deletions(-)
 create mode 100644 config/hosts/navidrome/configuration.nix
 create mode 100644 config/hosts/navidrome/default.nix
 create mode 100644 config/hosts/navidrome/navidrome.nix
 create mode 100644 config/hosts/navidrome/nginx.nix
 create mode 100644 config/hosts/navidrome/secrets.nix

diff --git a/config/hosts/navidrome/configuration.nix b/config/hosts/navidrome/configuration.nix
new file mode 100644
index 0000000..581a631
--- /dev/null
+++ b/config/hosts/navidrome/configuration.nix
@@ -0,0 +1,33 @@
+{ ... }:
+{
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/vda";
+  };
+
+  networking = {
+    hostName = "navidrome";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+    };
+  };
+
+  fileSystems = {
+    "/mnt/music" = {
+      device = "//10.202.40.5/music-ro";
+      fsType = "cifs";
+      options = [ 
+        "username=navidrome" 
+        "credentials=/secrets/navidrome-samba-credentials.secret"
+        "iocharset=utf8"
+        "vers=3.1.1"
+        "uid=navidrome"
+        "gid=navidrome"
+        "_netdev"
+      ];
+    };
+  };
+
+  system.stateVersion = "23.05";
+}
diff --git a/config/hosts/navidrome/default.nix b/config/hosts/navidrome/default.nix
new file mode 100644
index 0000000..00d4a90
--- /dev/null
+++ b/config/hosts/navidrome/default.nix
@@ -0,0 +1,7 @@
+{ ... }: {
+  imports = [
+    ./configuration.nix
+    ./navidrome.nix
+    ./nginx.nix
+  ];
+}
diff --git a/config/hosts/navidrome/navidrome.nix b/config/hosts/navidrome/navidrome.nix
new file mode 100644
index 0000000..74e3a1d
--- /dev/null
+++ b/config/hosts/navidrome/navidrome.nix
@@ -0,0 +1,9 @@
+{ ... }: {
+  services.navidrome = {
+    enable = true;
+    settings = {
+      Address = "unix:/run/navidrome/navidrome.socket";
+      MusicFolder = "/mnt/music";
+    };
+  };
+}
diff --git a/config/hosts/navidrome/nginx.nix b/config/hosts/navidrome/nginx.nix
new file mode 100644
index 0000000..eef60dd
--- /dev/null
+++ b/config/hosts/navidrome/nginx.nix
@@ -0,0 +1,24 @@
+{ ... }: {
+  services.nginx = {
+    enable = true;
+    user = "navidrome";
+    virtualHosts."navidrome.grzb.de" = {
+      forceSSL = true;
+      enableACME = true;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = 80;
+        }
+        {
+          addr = "0.0.0.0";
+          port = 443;
+          ssl = true;
+        }
+      ];
+      locations."/" = {
+        proxyPass = "http://unix:/run/navidrome/navidrome.socket";
+      };
+    };
+  };
+}
diff --git a/config/hosts/navidrome/secrets.nix b/config/hosts/navidrome/secrets.nix
new file mode 100644
index 0000000..a11e957
--- /dev/null
+++ b/config/hosts/navidrome/secrets.nix
@@ -0,0 +1,13 @@
+{ keyCommandEnv, ... }:
+{
+  deployment.keys = {
+    "navidrome-samba-credentials.secret" = {
+      keyCommand = keyCommandEnv ++ [ "pass" "navidrome/samba-credentials" ];
+      destDir = "/secrets";
+      user = "root";
+      group = "root";
+      permissions = "0640";
+      uploadAt = "pre-activation";
+    };
+  };
+}
diff --git a/config/hosts/web-public-1/virtualHosts/acme-challenge.nix b/config/hosts/web-public-1/virtualHosts/acme-challenge.nix
index fd1e474..c9b7e61 100644
--- a/config/hosts/web-public-1/virtualHosts/acme-challenge.nix
+++ b/config/hosts/web-public-1/virtualHosts/acme-challenge.nix
@@ -1,12 +1,18 @@
 { ... }:
+let
+  acmeDomainMap = {
+    "paperless.grzb.de" = "paperless.wg.grzb.de";
+    "navidrome.grzb.de" = "navidrome.wg.grzb.de";
+  };
+in
 {
-  services.nginx.virtualHosts."paperless.grzb.de" = {
+  services.nginx.virtualHosts = (builtins.mapAttrs (domain: target: {
     listen = [{ 
       addr = "0.0.0.0";
       port = 80;
     }];
     locations."^~ /.well-known/acme-challenge/" = {
-      proxyPass = "http://paperless.wg.grzb.de:80";
+      proxyPass = "http://${target}:80";
     };
-  };
+  }) acmeDomainMap);
 }
diff --git a/hosts.nix b/hosts.nix
index 194cc45..afdbc03 100644
--- a/hosts.nix
+++ b/hosts.nix
@@ -69,6 +69,11 @@ in
       site = "vs";
       environment = "proxmox";
     };
+    navidrome = {
+      hostNixpkgs = nixpkgs-unstable;
+      site = "wg";
+      environment = "proxmox";
+    };
     netbox = {
       site = "vs";
       environment = "proxmox";