mx42/homelab
1
0
Fork 0
Code Issues 14 Packages Projects Releases Wiki Activity

feat: massive refactoring...

Browse Source
This commit is contained in:
Xavier Morel
2025-11-09 00:45:00 +01:00
parent f9446df46d
commit 3245b6b89f
77 changed files with 3233 additions and 582 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
containers/_cont.tmpl Normal file
View File

@@ -0,0 +1,28 @@
{ ... }:
let
db_pass = import ../config/_passwords.nix;
in
{
my-lxc.#name# = {
container = {
cores = 1;
memory = 512;
disk = "4G";
swap = 512;
};
db = {
enable = true;
password = db_pass.#name#;
};
system = {
port = 80; # open in firewall + expose on proxy
services.nginx.enable = true;
};
logging = {
enable = true;
metricsEnable = true;
};
private = true; # available only on private lan
auth = true; # auth overlay
};
}

44
containers/auth.nix Normal file
View File

@@ -0,0 +1,44 @@
{ ... }:
let
db_pass = import ../config/_passwords.nix;
in
{
my-lxc.auth = {
container = {
cores = 2;
memory = 1024;
disk = "8G";
swap = 1024;
};
system = {
port = 80;
additionalPorts = [
443
389
636
9000
9443
3389
6636
9300
9303
];
udpPorts = [
1812
];
importConfig = [
../config/auth-authentik.nix
];
};
logging = {
enable = true;
metricsEnable = true;
};
db = {
enable = true;
password = db_pass.auth;
};
private = false;
auth = false;
};
}

41
containers/db.nix Normal file
View File

@@ -0,0 +1,41 @@
{ ... }:
{
my-lxc.db = {
container = {
cores = 2;
memory = 2048;
disk = "16G";
swap = 512;
};
system = {
additionalPorts = [
9187
5432
];
importConfig = [
../config/db-postgres.nix
];
services.prometheus.exporters.postgres = {
enable = true;
listenAddress = "0.0.0.0";
port = 9187;
};
};
logging = {
enable = true;
metricsEnable = true;
prometheusPorts = [ 9187 ];
};
private = true;
auth = true;
otherDomains = [
{
subdomain = "db";
port = 5432;
private = true;
auth = false;
raw_tcp = true;
}
];
};
}

14
containers/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{ pkgs, ... }:
let
lib = pkgs.lib;
containersFiles = builtins.readDir ./.;
containers = lib.filter (v: v != null) (
(lib.mapAttrsToList (
name: type:
if type == "regular" && name != "default.nix" && lib.hasSuffix ".nix" name then ./${name} else null
))
containersFiles
);
in
containers

31
containers/dns.nix Normal file
View File

@@ -0,0 +1,31 @@
{
...
}:
{
my-lxc.dns = {
container = {
cores = 2;
memory = 1024;
disk = "4G";
swap = 512;
};
system = {
port = 80;
additionalPorts = [
53
];
udpPorts = [ 53 ];
importConfig = [
../config/dns-adguardhome.nix
../config/dns-unbound.nix
];
services.resolved.enable = false;
};
logging = {
enable = true;
metricsEnable = true;
};
private = true;
auth = true;
};
}

32
containers/finances.nix Normal file
View File

@@ -0,0 +1,32 @@
{
...
}:
let
db_pass = import ../config/_passwords.nix;
in
{
my-lxc.finances = {
container = {
cores = 1;
memory = 512;
disk = "4G";
swap = null;
};
system = {
port = 80;
importConfig = [
../config/finances-fireflyiii.nix
];
};
logging = {
enable = true;
metricsEnable = true;
};
db = {
enable = true;
password = db_pass.finances;
};
private = true;
auth = true;
};
}

23
containers/frigate.nix Normal file
View File

@@ -0,0 +1,23 @@
{ ... }:
{
my-lxc.frigate = {
container = {
cores = 4;
memory = 2048;
disk = "12G";
swap = 1024;
};
system = {
port = 80;
importConfig = [
../config/frigate-frigate.nix
];
};
logging = {
enable = true;
metricsEnable = true;
};
private = false;
auth = true;
};
}

23
containers/grocy.nix Normal file
View File

@@ -0,0 +1,23 @@
{ ... }:
{
my-lxc.grocy = {
container = {
cores = 1;
memory = 512;
disk = "4G";
swap = 512;
};
system = {
port = 80;
importConfig = [
../config/grocy-grocy.nix
];
};
logging = {
enable = true;
metricsEnable = true;
};
private = false;
auth = true;
};
}

70
containers/matrix.nix Normal file
View File

@@ -0,0 +1,70 @@
{
...
}:
let
db_pass = import ../config/_passwords.nix;
in
{
my-lxc.matrix = {
container = {
cores = 2;
memory = 2048;
disk = "4G";
swap = 512;
};
system = {
additionalPorts = [
80
8008
8080
5173
];
importConfig = [
../config/matrix-synapse.nix
../config/matrix-mas.nix
../config/matrix-nginx.nix
];
};
db = {
enable = true;
password = db_pass.matrix;
additionalDB = [
"matrix_mas"
];
};
logging = {
enable = true;
metricsEnable = true;
};
private = false;
auth = false;
otherDomains = [
{
subdomain = "chat";
port = 80;
private = false;
auth = false;
}
{
subdomain = "matrix";
port = 8008;
private = false;
auth = false;
customRule = "Host(`matrix#DOMAIN#`) && !(PathPrefix(`/_matrix/client/*/login`) || PathPrefix(`/_matrix/client/*/logout`) || PathPrefix(`/_matrix/client/*/refresh`))";
}
{
subdomain = "matrix_auth";
port = 8080;
private = false;
auth = false;
customRule = "Host(`matrix#DOMAIN#`) && (PathPrefix(`/_matrix/client/*/login`) || PathPrefix(`/_matrix/client/*/logout`) || PathPrefix(`/_matrix/client/*/refresh`))";
}
{
subdomain = "matrix-admin";
port = 5173;
private = true;
auth = false;
}
];
};
}

53
containers/media.nix Normal file
View File

@@ -0,0 +1,53 @@
{ ... }:
let
db_pass = import ../config/_passwords.nix;
in
{
my-lxc.media = {
container = {
cores = 4;
memory = 4096;
disk = "12G";
swap = 1024;
};
db = {
enable = true;
password = db_pass.media;
};
system = {
port = 8096; # jellyfin default http
additionalPorts = [ 5055 ]; # jellyseerr default
services = {
jellyfin = {
enable = true;
openFirewall = true;
# TODO: Manual bind-mount in proxmox
dataDir = "/mnt/nas/app-data/jellyfin";
logDir = "/var/log/jellyfin";
user = "root";
group = "root";
};
jellyseerr = {
enable = true;
openFirewall = true;
# TODO: Same...
configDir = "/mnt/nas/app-data/jellyseerr";
};
};
};
logging = {
enable = true;
metricsEnable = true;
};
private = true;
auth = true;
otherDomains = [
{
subdomain = "flix";
port = 5055;
private = true;
auth = true;
}
];
};
}

23
containers/metrics.nix Normal file
View File

@@ -0,0 +1,23 @@
{ ... }:
{
my-lxc.metrics = {
container = {
cores = 1;
memory = 1024;
disk = "10G";
swap = 512;
};
system = {
additionalPorts = [ 9090 ];
importConfig = [
../config/metrics-prometheus.nix
];
};
logging = {
enable = true;
metricsEnable = true;
};
private = true;
auth = true; # unused anyway
};
}

34
containers/monitoring.nix Normal file
View File

@@ -0,0 +1,34 @@
{ ... }:
let
db_pass = import ../config/_passwords.nix;
in
{
my-lxc.monitoring = {
container = {
cores = 2;
memory = 1024;
disk = "10G";
swap = 512;
};
system = {
port = 3000; # grafana
additionalPorts = [
3100 # loki
];
importConfig = [
../config/monitoring-grafana.nix
../config/monitoring-loki.nix
];
};
db = {
enable = true;
password = db_pass.monitoring;
};
logging = {
enable = true;
metricsEnable = true;
};
private = true;
auth = true;
};
}

46
containers/music.nix Normal file
View File

@@ -0,0 +1,46 @@
{ nixpkgs, system, ... }:
let
pkgs = nixpkgs.legacyPackages.${system};
in
{
my-lxc.music = {
container = {
cores = 2;
memory = 2048;
disk = "6G";
swap = 512;
};
system = {
port = 8095;
additionalPorts = [
8097
];
services.music-assistant = {
enable = true;
providers = [
"builtin"
"builtin_player"
"chromecast"
"deezer"
"dlna"
"filesystem_local"
"filesystem_smb"
"hass_players"
"jellyfin"
"player_group"
"ytmusic"
];
};
packages = with pkgs; [
cifs-utils
util-linux
];
};
logging = {
enable = true;
metricsEnable = true;
};
private = true;
auth = false;
};
}

23
containers/power.nix Normal file
View File

@@ -0,0 +1,23 @@
{ ... }:
{
# TODO: Manual bind-mount /dev/bus/usb/{bus}/{device} # check with lsusb
my-lxc.power = {
container = {
cores = 1;
memory = 512;
disk = "4G";
swap = 512;
};
system = {
importConfig = [
../config/power-ups.nix
];
};
logging = {
enable = true;
metricsEnable = true;
};
private = true;
auth = true;
};
}

33
containers/proxy.nix Normal file
View File

@@ -0,0 +1,33 @@
{ ... }:
{
my-lxc.proxy = {
container = {
cores = 2;
memory = 512;
disk = "5G";
swap = 512;
};
system = {
port = 8080;
additionalPorts = [
80
443
8082
];
udpPorts = [ 443 ];
importConfig = [
../config/proxy-traefik.nix
];
};
logging = {
enable = true;
metricsEnable = true;
alloyConfig = {
# probably move to default-journal...
"logs-traefik" = ../config/alloy/proxy-traefik.alloy.nix;
};
};
private = true;
auth = true;
};
}

30
containers/vault.nix Normal file
View File

@@ -0,0 +1,30 @@
{ ... }:
let
db_pass = import ../config/_passwords.nix;
in
{
my-lxc.vault = {
container = {
cores = 1;
memory = 512;
disk = "4G";
swap = 512;
};
db = {
enable = true;
password = db_pass.vault;
};
system = {
port = 8000;
importConfig = [
../config/vault-vaultwarden.nix
];
};
logging = {
enable = true;
metricsEnable = true;
};
private = false;
auth = false;
};
}

65
containers/yarrr.nix Normal file
View File

@@ -0,0 +1,65 @@
{ ... }:
let
db_pass = import ../config/_passwords.nix;
in
{
my-lxc.yarrr = {
container = {
enable = false;
cores = 4;
memory = 2048;
disk = "8G";
swap = 512;
protection = false;
};
db = {
enable = true;
password = db_pass.yarrr;
additionalDB = [
"yarrr_radarr"
"yarrr_sonarr"
"yarrr_readarr"
"yarrr_lidarr"
];
};
system = {
importConfig = [
../config/yarrr-arr.nix
];
};
logging = {
enable = true;
metricsEnable = true;
prometheusPorts = [
9708
];
};
otherDomains = [
{
subdomain = "bazarr";
port = 6767;
}
{
subdomain = "lidarr";
port = 8686;
auth = false;
}
{
subdomain = "radarr";
port = 7878;
}
{
subdomain = "readarr";
port = 8787;
}
{
subdomain = "sonarr";
port = 8989;
}
{
subdomain = "prowlarr";
port = 9696;
}
];
};
}