fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add navidrome host

Browse source
This commit is contained in:
yuri 2023-11-26 00:19:00 +01:00
commit 87f7e0c35f
7 changed files with 100 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

33
config/hosts/navidrome/configuration.nix Normal file
View file

@ -0,0 +1,33 @@
{ ... }:
{
boot.loader.grub = {
enable = true;
device = "/dev/vda";
};
networking = {
hostName = "navidrome";
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
};
fileSystems = {
"/mnt/music" = {
device = "//10.202.40.5/music-ro";
fsType = "cifs";
options = [
"username=navidrome"
"credentials=/secrets/navidrome-samba-credentials.secret"
"iocharset=utf8"
"vers=3.1.1"
"uid=navidrome"
"gid=navidrome"
"_netdev"
];
};
};
system.stateVersion = "23.05";
}

7
config/hosts/navidrome/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }: {
imports = [
./configuration.nix
./navidrome.nix
./nginx.nix
];
}

9
config/hosts/navidrome/navidrome.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }: {
services.navidrome = {
enable = true;
settings = {
Address = "unix:/run/navidrome/navidrome.socket";
MusicFolder = "/mnt/music";
};
};
}

24
config/hosts/navidrome/nginx.nix Normal file
View file

@ -0,0 +1,24 @@
{ ... }: {
services.nginx = {
enable = true;
user = "navidrome";
virtualHosts."navidrome.grzb.de" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations."/" = {
proxyPass = "http://unix:/run/navidrome/navidrome.socket";
};
};
};
}

13
config/hosts/navidrome/secrets.nix Normal file
View file

@ -0,0 +1,13 @@
{ keyCommandEnv, ... }:
{
deployment.keys = {
"navidrome-samba-credentials.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "navidrome/samba-credentials" ];
destDir = "/secrets";
user = "root";
group = "root";
permissions = "0640";
uploadAt = "pre-activation";
};
};
}

12
config/hosts/web-public-1/virtualHosts/acme-challenge.nix
View file

@ -1,12 +1,18 @@
{ ... }: { ... }:
let
acmeDomainMap = {
"paperless.grzb.de" = "paperless.wg.grzb.de";
"navidrome.grzb.de" = "navidrome.wg.grzb.de";
};
in
{ {
services.nginx.virtualHosts."paperless.grzb.de" = { services.nginx.virtualHosts = (builtins.mapAttrs (domain: target: {
listen = [{ listen = [{
addr = "0.0.0.0"; addr = "0.0.0.0";
port = 80; port = 80;
}]; }];
locations."^~ /.well-known/acme-challenge/" = { locations."^~ /.well-known/acme-challenge/" = {
proxyPass = "http://paperless.wg.grzb.de:80"; proxyPass = "http://${target}:80";
}; };
}; }) acmeDomainMap);
} }

5
hosts.nix
View file

@ -69,6 +69,11 @@ in
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
}; };
navidrome = {
hostNixpkgs = nixpkgs-unstable;
site = "wg";
environment = "proxmox";
};
netbox = { netbox = {
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";