Compare commits
2 Commits
main
...
mediaserve
Author | SHA1 | Date | |
---|---|---|---|
da93934674 | |||
6667342fee |
@ -47,6 +47,27 @@
|
||||
fileSystems."/mnt/d1".options = [ "x-systemd.mount-timeout=3m" ];
|
||||
fileSystems."/mnt/d2".options = [ "x-systemd.mount-timeout=3m" ];
|
||||
|
||||
## Network Shares
|
||||
custom.filesystems.autoserve = true;
|
||||
users.groups.plex.gid = config.ids.gids.plex;
|
||||
users.users.plex = {
|
||||
group = "plex";
|
||||
uid = config.ids.uids.plex;
|
||||
extraGroups = "mediaaccess";
|
||||
};
|
||||
|
||||
services.samba = {
|
||||
enable = true;
|
||||
|
||||
shares = {
|
||||
tv = { };
|
||||
films = { };
|
||||
};
|
||||
};
|
||||
system.activationScripts.smb = with pkgs; ''
|
||||
cat | ${samba}/bin/smbpasswd -a plex -s
|
||||
'';
|
||||
|
||||
## Backups
|
||||
### Git
|
||||
age.secrets."git/git_backups_ecdsa".file = ../../secrets/git/git_backups_ecdsa.age;
|
||||
@ -262,6 +283,7 @@
|
||||
## Firewall
|
||||
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
|
||||
80 # Caddy (restic.tywin.storage.ts.)
|
||||
445 # SMB
|
||||
14002 # Storj Dashboard (zfs.)
|
||||
14003 # Storj Dashboard (d0.)
|
||||
14004 # Storj Dashboard (d1.)
|
||||
|
@ -6,12 +6,14 @@
|
||||
./chia.nix
|
||||
./common/hostinfo.nix
|
||||
./desktop/awesome/default.nix
|
||||
./filesystems.nix
|
||||
./impermanence.nix
|
||||
./locations.nix
|
||||
./resilio.nix
|
||||
./services/downloads.nix
|
||||
./services/mastodon/default.nix
|
||||
./services/matrix.nix
|
||||
./services/plex.nix
|
||||
./services/version_tracker.nix
|
||||
./services/zigbee2mqtt.nix
|
||||
./storj.nix
|
||||
|
121
modules/filesystems.nix
Normal file
121
modules/filesystems.nix
Normal file
@ -0,0 +1,121 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.filesystems;
|
||||
in
|
||||
{
|
||||
options.custom.filesystems = {
|
||||
autoServe = lib.mkEnableOption "serve owned network shares";
|
||||
|
||||
fs = lib.mkOption {
|
||||
default = {
|
||||
films = {
|
||||
enable = false;
|
||||
path = "/media/films";
|
||||
};
|
||||
tv = {
|
||||
enable = false;
|
||||
path = "/media/tv";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
locs = lib.mkOption {
|
||||
readOnly = true;
|
||||
|
||||
default = {
|
||||
films = {
|
||||
localPath = "/data/media/films";
|
||||
remotePath = {
|
||||
type = "cifs";
|
||||
share = "films";
|
||||
user = "films";
|
||||
credentials = config.age.secrets."filesystems/films".path;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
films = {
|
||||
enable = lib.mkEnableOption "mounting films";
|
||||
host = lib.mkOption {
|
||||
default = "tywin.storage.ts.hillion.co.uk";
|
||||
};
|
||||
path = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/mnt/media/films";
|
||||
description = "Path at which to mount";
|
||||
};
|
||||
localPath = lib.mkOption {
|
||||
default = "/data/media/films";
|
||||
};
|
||||
remotePath = lib.mkOption {
|
||||
default = {
|
||||
type = "cifs";
|
||||
share = "films";
|
||||
credentials = config.age.secrets."filesystems/films".path;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
tv = {
|
||||
enable = lib.mkEnableOption "mounting tv";
|
||||
host = lib.mkOption {
|
||||
default = "tywin.storage.ts.hillion.co.uk";
|
||||
};
|
||||
localPath = lib.mkOption {
|
||||
default = "/data/media/tv";
|
||||
};
|
||||
path = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "/mnt/media/tv";
|
||||
description = "Path at which to mount";
|
||||
};
|
||||
remotePath = lib.mkOption {
|
||||
default = {
|
||||
type = "cifs";
|
||||
share = "tv";
|
||||
credentials = config.age.secrets."filesystems/tv".path;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
age.secrets = {
|
||||
"filesystems/plex" = lib.mkIf (cfg.tv.enable || cfg.films.enable) { file = ../secrets/filesystems/plex.age; };
|
||||
};
|
||||
fileSystems = {
|
||||
"${cfg.films.path}" = lib.mkIf cfg.films.enable (if cfg.films.host == config.networking.fqdn then {
|
||||
device = cfg.films.localPath;
|
||||
options = [ "bind" ];
|
||||
} else {
|
||||
device = "//${cfg.films.host}/${cfg.films.remotePath.share}";
|
||||
fsType = "cifs";
|
||||
options = [
|
||||
"x-systemd.automount"
|
||||
"noauto"
|
||||
"x-systemd.idle-timeout=60"
|
||||
"x-systemd.device-timeout=5s"
|
||||
"x-systemd.mount-timeout=5s"
|
||||
"credentials=${cfg.films.remotePath.credentials}"
|
||||
];
|
||||
});
|
||||
"${cfg.tv.path}" = lib.mkIf cfg.tv.enable (if cfg.tv.host == config.networking.fqdn then {
|
||||
device = cfg.tv.localPath;
|
||||
options = [ "bind" ];
|
||||
} else {
|
||||
device = "//${cfg.tv.host}/${cfg.tv.remotePath.share}";
|
||||
fsType = "cifs";
|
||||
options = [
|
||||
"x-systemd.automount"
|
||||
"noauto"
|
||||
"x-systemd.idle-timeout=60"
|
||||
"x-systemd.device-timeout=5s"
|
||||
"x-systemd.mount-timeout=5s"
|
||||
"credentials=${cfg.tv.remotePath.credentials}"
|
||||
];
|
||||
});
|
||||
};
|
||||
};
|
||||
}
|
@ -16,14 +16,18 @@ in
|
||||
downloads = "tywin.storage.ts.hillion.co.uk";
|
||||
mastodon = "vm.strangervm.ts.hillion.co.uk";
|
||||
matrix = "vm.strangervm.ts.hillion.co.uk";
|
||||
plex = "gendry.jakehillion-terminals.ts.hillion.co.uk";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.autoServe {
|
||||
custom.services.downloads.enable = cfg.locations.services.downloads == config.networking.fqdn;
|
||||
custom.services.mastodon.enable = cfg.locations.services.mastodon == config.networking.fqdn;
|
||||
custom.services.matrix.enable = cfg.locations.services.matrix == config.networking.fqdn;
|
||||
custom.services = {
|
||||
mastodon.enable = cfg.locations.services.mastodon == config.networking.fqdn;
|
||||
matrix.enable = cfg.locations.services.matrix == config.networking.fqdn;
|
||||
plex.enable = cfg.locations.services.plex == config.networking.fqdn;
|
||||
downloads.enable = cfg.locations.services.downloads == config.networking.fqdn;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
17
modules/services/plex.nix
Normal file
17
modules/services/plex.nix
Normal file
@ -0,0 +1,17 @@
|
||||
{ config, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom.services.plex;
|
||||
in
|
||||
{
|
||||
options.custom.services.plex = {
|
||||
enable = lib.mkEnableOption "plex";
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
custom.filesystems = {
|
||||
tv.enable = true;
|
||||
films.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
@ -1,6 +1,23 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.custom;
|
||||
lazyUsers = { };
|
||||
in
|
||||
{
|
||||
options.custom = {
|
||||
users = lib.mkOption {
|
||||
description = "Create a user with the correct group and a consistent uid.";
|
||||
type = with lib.types; listOf str;
|
||||
default = [ ];
|
||||
};
|
||||
groups = lib.mkOption {
|
||||
description = "Create a group with a consistent gid.";
|
||||
type = with lib.types; listOf str;
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
ids.uids = {
|
||||
## Defined System Users (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix)
|
||||
@ -15,5 +32,22 @@
|
||||
## Consistent Groups
|
||||
mediaaccess = 1200;
|
||||
};
|
||||
|
||||
users.groups = builtins.listToAttrs (builtins.map
|
||||
(g: {
|
||||
name = g;
|
||||
value = {
|
||||
gid = config.ids.gids.${u};
|
||||
};
|
||||
})
|
||||
cfg.groups);
|
||||
users.users = builtins.listToAttrs (builtins.map
|
||||
(u: {
|
||||
name = u;
|
||||
value = {
|
||||
uid = config.ids.gids.${u};
|
||||
} // (if builtins.hasAttr u lazyUsers then lazyUsers.${u} else { group = "users"; });
|
||||
})
|
||||
cfg.users);
|
||||
};
|
||||
}
|
||||
|
@ -35,9 +35,6 @@ in
|
||||
virtualHosts."homeassistant.hillion.co.uk".extraConfig = ''
|
||||
reverse_proxy http://homeassistant.homeassistant.ts.hillion.co.uk:8123
|
||||
'';
|
||||
virtualHosts."emby.hillion.co.uk".extraConfig = ''
|
||||
reverse_proxy http://plex.mediaserver.ts.hillion.co.uk:8096
|
||||
'';
|
||||
virtualHosts."matrix.hillion.co.uk".extraConfig = ''
|
||||
reverse_proxy http://${locations.services.matrix}:8008
|
||||
'';
|
||||
|
22
secrets/filesystems/plex.age
Normal file
22
secrets/filesystems/plex.age
Normal file
@ -0,0 +1,22 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-rsa GxPFJQ
|
||||
JVp8o+VPHTFP6CNhqCVQfMSMYckL84genQq+JqL93wbjMkA5Gr9k6hPNdxNClwkH
|
||||
XP8uevqyYOAF97h0BszK3bsw3h7tmVXZo/GoB4wgS0sTNcNY6YqMqVnGt91O1WFC
|
||||
BXw/0QR9YiomZKrius0LEHSYXLQJQrdYfih4vdDDdRr29CfaIvb96QuDx61kS4kc
|
||||
wTucUkYR7Q1WXXv8+5uB5+IuyAkynC5PIL7bpNpOcufqnBF048Q4PsyW/bo164FZ
|
||||
QDkdIANun1jOwvadLJJ6gVh/2YxKzSieugWrwhI9Gc6Xt03yslhTsUmfJqwI9sqE
|
||||
0pi5cgtcs4vCa3/ypopN+w
|
||||
-> ssh-rsa K9mW1w
|
||||
s5HBnZPfQWvrVS3QyMRzFRbl8xBCGNTz7xumuODqieexT9qzVkHyTO2rd0vyR+AV
|
||||
4S1cPD87cu1KSEZJgeta7uNeRFg4EkWRkSv0df3C9JUlWw5Hl1m6AauTKsdUKO/B
|
||||
p++ew8z9b2nnfB81a0C3BT4UyTsBjPauU4d5hLQO8XH6HhJPJdz4qCz/vhjmOFth
|
||||
HMeDOkiPy2K3vvWpsg6R5da9Xwg+rMiXbrRjXgBTqQWvEkfNvB4v79hcl1yOkTEC
|
||||
A+71jwQlLNIxcXnFNuckY/xXmRLxeDBGx2WWDH/e6PkyMNQalzIvzRLBTGLPV8vG
|
||||
hHyFmHgt6gjr3Mu5KUC2VQ
|
||||
-> ssh-ed25519 O0LMHg U9RQSq7gs8QCKLC5VbOC+CoeLfPys4wwvZ3jYdnpIno
|
||||
4pduSmqb5l9fCQYDRnPY0TYunkmyd1/a0C3HNMnvHR4
|
||||
-> --grease :=~[ ,q,V$>Of Lm?
|
||||
2WQFp5zXpu2z5y2J405q5Mlu1IZoulv/dCqB4Cs7hZt57vAuLtWLvFev13RW4oxR
|
||||
rB3elGCCiGc7kA
|
||||
--- k1yLTDRntg//5MfBXrvdEm4EM6zYv1DaJey8HS0THmg
|
||||
ßpkŻ$Oś–×=–»il¶*Pp¬JűS3]bwËgݨ3ł—Rí’–<03>Ţç«y¤Ž!6*ĄVüęŰMéź<C3A9>;.°ĄY
|
@ -97,4 +97,8 @@ in
|
||||
|
||||
# Deluge Secrets
|
||||
"deluge/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||
|
||||
# Filesystem Secrets
|
||||
"filesystems/films.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.terminals.jakehillion.gendry ];
|
||||
"filesystems/tv.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.terminals.jakehillion.gendry ];
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user