{ lib, pkgs, config, ... }: with lib; let cfg = config.c3moc; in { options.c3moc = { enable = mkEnableOption "enable c3moc services"; switchNfs = mkEnableOption "switch nfs config to c3moc one"; }; config = mkIf cfg.enable { fileSystems = { "/mnt/zbigdata/c3moc_dropfolder" = { device = "zbigdata/c3moc_dropfolder"; fsType = "zfs"; }; "/export/c3moc/media" = lib.mkIf cfg.switchNfs { device = "/mnt/zbigdata/media"; options = [ "bind" ]; }; "/export/c3moc/games" = lib.mkIf cfg.switchNfs { device = "/mnt/zbigdata/games"; options = [ "bind" ]; }; "/export/c3moc/dropfolder" = lib.mkIf cfg.switchNfs { device = "/mnt/zbigdata/c3moc_dropfolder"; options = [ "bind" ]; }; }; containers.c3moc = { autoStart = true; privateNetwork = true; hostAddress = "192.168.69.1"; hostAddress6 = "aa69::1"; localAddress = "192.168.69.10"; localAddress6 = "aa69::69"; bindMounts = { "/home/c3moc/media" = { hostPath = "/mnt/zbigdata/media"; isReadOnly = true; }; "/home/c3moc/games" = { hostPath = "/mnt/zbigdata/games"; isReadOnly = true; }; "/home/c3moc/dropfolder" = { hostPath = "/mnt/zbigdata/c3moc_dropfolder"; isReadOnly = false; }; }; config = { config, pkgs, ... }: { system.stateVersion = "24.05"; networking = { firewall = { enable = true; }; useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; users.groups.c3moc = {}; users.users.c3moc = { group = "c3moc"; password = "c3moc"; isNormalUser = true; home = "/home/c3moc"; }; # Jellyfin environment.systemPackages = with pkgs; [ jellyfin-ffmpeg ]; services.jellyfin = { enable = true; openFirewall = true; }; # FTP access services.vsftpd = { enable = true; writeEnable = true; anonymousUser = true; anonymousUserNoPassword = true; anonymousUserHome = "/home/c3moc"; anonymousUploadEnable = true; anonymousMkdirEnable = true; anonymousUmask = "000"; }; # SFTP access services.openssh = { enable = true; extraConfig = '' Match Group c3moc ChrootDirectory /home ForceCommand internal-sftp AllowTcpForwarding no ''; }; # CIFS access services.samba = { enable = true; openFirewall = true; extraConfig = '' workgroup = WORKGROUP server string = c3moc netbios name = c3moc security = user use sendfile = yes guest account = nobody map to guest = bad user ''; shares = { c3moc = { path = "/home/c3moc"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes"; "create mask" = "0777"; "directory mask" = "0777"; "force user" = "c3moc"; "force group" = "c3moc"; }; }; }; }; }; services.nfs.server.exports = mkIf cfg.switchNfs '' /export (ro,fsid=0,no_subtree_check) /export/c3moc (ro,nohide,insecure,no_subtree_check) /export/c3moc/games (ro,nohide,insecure,no_subtree_check) /export/c3moc/media (ro,nohide,insecure,no_subtree_check) /export/c3moc/dropfolder (rw,nohide,insecure,no_subtree_check) ''; networking.nat.forwardPorts = [ # FTP { destination = "192.168.69.10:20"; proto = "tcp"; sourcePort = 20; } { destination = "192.168.69.10:21"; proto = "tcp"; sourcePort = 21; } # SFTP { destination = "192.168.69.10:22"; proto = "tcp"; sourcePort = 22; } # SMB { destination = "192.168.69.10:137"; proto = "udp"; sourcePort = 137; } { destination = "192.168.69.10:138"; proto = "udp"; sourcePort = 138; } { destination = "192.168.69.10:139"; proto = "tcp"; sourcePort = 139; } { destination = "192.168.69.10:445"; proto = "tcp"; sourcePort = 445; } # FTP { destination = "aa69::69:20"; proto = "tcp"; sourcePort = 20; } { destination = "aa69::69:21"; proto = "tcp"; sourcePort = 21; } # SFTP { destination = "aa69::69:22"; proto = "tcp"; sourcePort = 22; } # SMB { destination = "aa69::69:137"; proto = "udp"; sourcePort = 137; } { destination = "aa69::69:138"; proto = "udp"; sourcePort = 138; } { destination = "aa69::69:139"; proto = "tcp"; sourcePort = 139; } { destination = "aa69::69:445"; proto = "tcp"; sourcePort = 445; } ]; # Monitoring Stuff services.prometheus.exporters.node = { enable = true; port = 9100; enabledCollectors = [ "logind" "systemd" ]; disabledCollectors = [ "textfile" ]; }; services.prometheus = { enable = true; scrapeConfigs = [ { job_name = "node"; static_configs = [{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }]; } ]; }; services.grafana = { enable = true; settings = { server = { # Listening Address http_addr = "127.0.0.1"; # and Port http_port = 3000; # Grafana needs to know on which domain and URL it's running domain = "gpn22.c3moc.lol"; root_url = "https://gpn22.c3moc.lol/stats/"; # Not needed if it is `https://your.domain/` serve_from_sub_path = true; }; "auth.anonymous" = { enabled = true; org_name = "Public"; }; }; }; # Nginx Stuff services.nginx = { virtualHosts."gpn22.c3moc.lol" = { serverName = "gpn22.c3moc.lol"; enableACME = true; forceSSL = true; locations = { "= /" = { extraConfig = '' return 302 https://$host/web/; ''; }; "/" = { extraConfig = '' proxy_pass http://192.168.69.10:8096; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_buffering off; ''; }; "= /web/" = { extraConfig = '' proxy_pass http://192.168.69.10:8096/web/index.html; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_buffering off; ''; }; "/socket" = { extraConfig = '' proxy_pass http://192.168.69.10:8096/socket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; ''; }; "/stats/" = { proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}"; proxyWebsockets = true; recommendedProxySettings = true; }; }; }; }; }; }