ciapa
/
infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
infrastructure/hosts/phoenix.lewd.wtf/c3moc.nix

327 lines
8.7 KiB
Nix
Raw Normal View History

Implement c3moc config
2024-05-20 13:53:55 +00:00
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.c3moc;
in {
options.c3moc = {
enable = mkEnableOption "enable c3moc services";
switchNfs = mkEnableOption "switch nfs config to c3moc one";
};
config = mkIf cfg.enable {
fileSystems = {
"/mnt/zbigdata/c3moc_dropfolder" = {
device = "zbigdata/c3moc_dropfolder";
fsType = "zfs";
};
"/export/c3moc/media" = lib.mkIf cfg.switchNfs {
device = "/mnt/zbigdata/media";
options = [ "bind" ];
};
Finish up first gen of c3moc config
2024-06-08 09:19:02 +00:00
"/export/c3moc/games" = lib.mkIf cfg.switchNfs {
device = "/mnt/zbigdata/games";
options = [ "bind" ];
};
Implement c3moc config
2024-05-20 13:53:55 +00:00
"/export/c3moc/dropfolder" = lib.mkIf cfg.switchNfs {
device = "/mnt/zbigdata/c3moc_dropfolder";
options = [ "bind" ];
};
};
containers.c3moc = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.69.1";
Finish up first gen of c3moc config
2024-06-08 09:19:02 +00:00
hostAddress6 = "aa69::1";
Implement c3moc config
2024-05-20 13:53:55 +00:00
localAddress = "192.168.69.10";
Finish up first gen of c3moc config
2024-06-08 09:19:02 +00:00
localAddress6 = "aa69::69";
Implement c3moc config
2024-05-20 13:53:55 +00:00
bindMounts = {
"/home/c3moc/media" = {
hostPath = "/mnt/zbigdata/media";
isReadOnly = true;
};
Finish up first gen of c3moc config
2024-06-08 09:19:02 +00:00
"/home/c3moc/games" = {
hostPath = "/mnt/zbigdata/games";
isReadOnly = true;
};
Implement c3moc config
2024-05-20 13:53:55 +00:00
"/home/c3moc/dropfolder" = {
hostPath = "/mnt/zbigdata/c3moc_dropfolder";
isReadOnly = false;
};
};
config = { config, pkgs, ... }: {
system.stateVersion = "24.05";
networking = {
firewall = {
enable = true;
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
users.groups.c3moc = {};
users.users.c3moc = {
group = "c3moc";
password = "c3moc";
isNormalUser = true;
home = "/home/c3moc";
};
# Jellyfin
environment.systemPackages = with pkgs; [
jellyfin-ffmpeg
];
services.jellyfin = {
enable = true;
openFirewall = true;
};
# FTP access
services.vsftpd = {
enable = true;
writeEnable = true;
anonymousUser = true;
anonymousUserNoPassword = true;
anonymousUserHome = "/home/c3moc";
anonymousUploadEnable = true;
anonymousMkdirEnable = true;
anonymousUmask = "000";
};
# SFTP access
services.openssh = {
enable = true;
extraConfig = ''
Match Group c3moc
ChrootDirectory /home
ForceCommand internal-sftp
AllowTcpForwarding no
'';
};
# CIFS access
services.samba = {
enable = true;
openFirewall = true;
extraConfig = ''
workgroup = WORKGROUP
server string = c3moc
netbios name = c3moc
security = user
use sendfile = yes
guest account = nobody
map to guest = bad user
'';
shares = {
c3moc = {
path = "/home/c3moc";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0777";
"directory mask" = "0777";
"force user" = "c3moc";
"force group" = "c3moc";
};
};
};
};
};
services.nfs.server.exports = mkIf cfg.switchNfs ''
/export (ro,fsid=0,no_subtree_check)
/export/c3moc (ro,nohide,insecure,no_subtree_check)
Finish up first gen of c3moc config
2024-06-08 09:19:02 +00:00
/export/c3moc/games (ro,nohide,insecure,no_subtree_check)
/export/c3moc/media (ro,nohide,insecure,no_subtree_check)
Implement c3moc config
2024-05-20 13:53:55 +00:00
/export/c3moc/dropfolder (rw,nohide,insecure,no_subtree_check)
'';
networking.nat.forwardPorts = [
# FTP
{
destination = "192.168.69.10:20";
proto = "tcp";
sourcePort = 20;
}
{
destination = "192.168.69.10:21";
proto = "tcp";
sourcePort = 21;
}
# SFTP
{
destination = "192.168.69.10:22";
proto = "tcp";
sourcePort = 22;
}
# SMB
{
destination = "192.168.69.10:137";
proto = "udp";
sourcePort = 137;
}
{
destination = "192.168.69.10:138";
proto = "udp";
sourcePort = 138;
}
{
destination = "192.168.69.10:139";
proto = "tcp";
sourcePort = 139;
}
{
destination = "192.168.69.10:445";
proto = "tcp";
sourcePort = 445;
}
Finish up first gen of c3moc config
2024-06-08 09:19:02 +00:00
# FTP
{
destination = "aa69::69:20";
proto = "tcp";
sourcePort = 20;
}
{
destination = "aa69::69:21";
proto = "tcp";
sourcePort = 21;
}
# SFTP
{
destination = "aa69::69:22";
proto = "tcp";
sourcePort = 22;
}
# SMB
{
destination = "aa69::69:137";
proto = "udp";
sourcePort = 137;
}
{
destination = "aa69::69:138";
proto = "udp";
sourcePort = 138;
}
{
destination = "aa69::69:139";
proto = "tcp";
sourcePort = 139;
}
{
destination = "aa69::69:445";
proto = "tcp";
sourcePort = 445;
}
Implement c3moc config
2024-05-20 13:53:55 +00:00
];
Finish up first gen of c3moc config
2024-06-08 09:19:02 +00:00
# Monitoring Stuff
services.prometheus.exporters.node = {
enable = true;
port = 9100;
enabledCollectors = [
"logind"
"systemd"
];
disabledCollectors = [
"textfile"
];
};
services.prometheus = {
enable = true;
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
];
};
services.grafana = {
enable = true;
settings = {
server = {
# Listening Address
http_addr = "127.0.0.1";
# and Port
http_port = 3000;
# Grafana needs to know on which domain and URL it's running
domain = "gpn22.c3moc.lol";
root_url = "https://gpn22.c3moc.lol/stats/"; # Not needed if it is `https://your.domain/`
serve_from_sub_path = true;
};
"auth.anonymous" = {
enabled = true;
org_name = "Public";
};
};
};
Implement c3moc config
2024-05-20 13:53:55 +00:00
# Nginx Stuff
services.nginx = {
virtualHosts."gpn22.c3moc.lol" = {
serverName = "gpn22.c3moc.lol";
enableACME = true;
forceSSL = true;
locations = {
"= /" = {
extraConfig = ''
return 302 https://$host/web/;
'';
};
"/" = {
extraConfig = ''
proxy_pass http://192.168.69.10:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_buffering off;
'';
};
"= /web/" = {
extraConfig = ''
proxy_pass http://192.168.69.10:8096/web/index.html;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_buffering off;
'';
};
"/socket" = {
extraConfig = ''
proxy_pass http://192.168.69.10:8096/socket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
};
Finish up first gen of c3moc config
2024-06-08 09:19:02 +00:00
"/stats/" = {
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
Implement c3moc config
2024-05-20 13:53:55 +00:00
};
};
};
};
}