diff --git a/hm-modules/nushell/default.nix b/hm-modules/nushell/default.nix index 5ab2fbb6..04d42eda 100644 --- a/hm-modules/nushell/default.nix +++ b/hm-modules/nushell/default.nix @@ -64,8 +64,8 @@ in } $env.EDITOR = "hx" $env.VISUAL = "hx" - alias no = open - alias open = ^open + # alias no = open + # alias open = ^open alias l = ls -al alias ll = ls -l alias ga = git add diff --git a/hosts/ds9/containers.nix b/hosts/ds9/containers.nix index f67a7e0c..93ec129d 100644 --- a/hosts/ds9/containers.nix +++ b/hosts/ds9/containers.nix @@ -29,25 +29,25 @@ in fsType = "zfs"; }; # plex - networking.firewall = { - allowedTCPPorts = [ 32400 3005 8324 32469 ]; - allowedUDPPorts = [ 1900 5353 32410 32412 32413 32414 ]; - }; - virtualisation.oci-containers.containers.plex = { - image = "docker.io/plexinc/pms-docker"; - extraOptions = [ "--network=host" ]; - environment = { - TZ = "Europe/Berlin"; - PLEX_UID = "1000"; - PLEX_GID = "100"; - }; + # networking.firewall = { + # allowedTCPPorts = [ 32400 3005 8324 32469 ]; + # allowedUDPPorts = [ 1900 5353 32410 32412 32413 32414 ]; + # }; + # virtualisation.oci-containers.containers.plex = { + # image = "docker.io/plexinc/pms-docker"; + # extraOptions = [ "--network=host" ]; + # environment = { + # TZ = "Europe/Berlin"; + # PLEX_UID = "1000"; + # PLEX_GID = "100"; + # }; - volumes = [ - "/data/media:/data/media" - "plex-transcode:/transcode" - "plex-db:/config" - ]; - }; + # volumes = [ + # "/data/media:/data/media" + # "plex-transcode:/transcode" + # "plex-db:/config" + # ]; + # }; # postgres ragon.agenix.secrets.ds9PostgresEnv = { }; systemd.services."podman-db-network" = { @@ -125,32 +125,32 @@ in ]; }; # navidrome - virtualisation.oci-containers.containers.lms = { - # don't tell mom - # user = "1000:100"; - image = "epoupon/lms:latest"; - cmd = [ "/lms.conf" ]; - extraOptions = [ "--network=podman" ]; - volumes = - let - lmsConfig = pkgs.writeText "lms-config" '' - original-ip-header = "X-Forwarded-For"; - behind-reverse-proxy = true; - trusted-proxies = - ( - "10.88.0.1" - ); - authentication-backend = "http-headers"; - http-headers-login-field = "X-Webauth-User"; - ''; - in - [ - "lightweight-music-server-data:/var/lms:rw" - "${lmsConfig}:/lms.conf" - "/data/media/beets/music:/music:ro" - ]; - environment = { }; - }; + # virtualisation.oci-containers.containers.lms = { + # # don't tell mom + # # user = "1000:100"; + # image = "epoupon/lms:latest"; + # cmd = [ "/lms.conf" ]; + # extraOptions = [ "--network=podman" ]; + # volumes = + # let + # lmsConfig = pkgs.writeText "lms-config" '' + # original-ip-header = "X-Forwarded-For"; + # behind-reverse-proxy = true; + # trusted-proxies = + # ( + # "10.88.0.1" + # ); + # authentication-backend = "http-headers"; + # http-headers-login-field = "X-Webauth-User"; + # ''; + # in + # [ + # "lightweight-music-server-data:/var/lms:rw" + # "${lmsConfig}:/lms.conf" + # "/data/media/beets/music:/music:ro" + # ]; + # environment = { }; + # }; # changedetection systemd.services."podman-cd-network" = { @@ -196,6 +196,60 @@ in "jellyfin-cache:/cache" ]; }; + # archivebox + systemd.services."podman-archivebox-network" = { + script = '' + ${pkgs.podman}/bin/podman network create archivebox-net --internal --ipv6 --ignore + ''; + }; + virtualisation.oci-containers.containers.archivebox = { + image = "archivebox/archivebox:latest"; + environment = { + ALLOWED_HOSTS = "*"; # set this to the hostname(s) you're going to serve the site from! + CSRF_TRUSTED_ORIGINS = "https://archive.hailsatan.eu"; # you MUST set this to the server's URL for admin login and the REST API to work + PUBLIC_INDEX = "True"; # set to False to prevent anonymous users from viewing snapshot list + PUBLIC_SNAPSHOTS = "True"; # set to False to prevent anonymous users from viewing snapshot content + PUBLIC_ADD_VIEW = "False"; # set to True to allow anonymous users to submit new URLs to archive + SEARCH_BACKEND_ENGINE = "sonic"; # tells ArchiveBox to use sonic container below for fast full-text search + SEARCH_BACKEND_HOST_NAME = "archivebox_sonic"; + SEARCH_BACKEND_PASSWORD = "SomeSecretPassword"; + }; + extraOptions = [ "--network=archivebox-net" "--network=podman"]; + volumes = [ + "/data/media/archivebox:/data" + ]; + }; + virtualisation.oci-containers.containers.archivebox_scheduler = { + image = "archivebox/archivebox:latest"; + cmd = ["schedule" "--foreground" "--update" "--every=day"]; + environment = { + TIMEOUT = "120"; + ALLOWED_HOSTS = "*"; # set this to the hostname(s) you're going to serve the site from! + CSRF_TRUSTED_ORIGINS = "https://archive.hailsatan.eu"; # you MUST set this to the server's URL for admin login and the REST API to work + PUBLIC_INDEX = "True"; # set to False to prevent anonymous users from viewing snapshot list + PUBLIC_SNAPSHOTS = "True"; # set to False to prevent anonymous users from viewing snapshot content + PUBLIC_ADD_VIEW = "False"; # set to True to allow anonymous users to submit new URLs to archive + SEARCH_BACKEND_ENGINE = "sonic"; # tells ArchiveBox to use sonic container below for fast full-text search + SEARCH_BACKEND_HOST_NAME = "archivebox_sonic"; + SEARCH_BACKEND_PASSWORD = "SomeSecretPassword"; + }; + extraOptions = [ "--network=archivebox-net" "--network=podman"]; + volumes = [ + "/data/media/archivebox:/data" + ]; + }; + virtualisation.oci-containers.containers.archivebox_sonic = { + image = "archivebox/sonic:latest"; + environment = { + SEARCH_BACKEND_PASSWORD = "SomeSecretPassword"; + }; + extraOptions = [ "--network=archivebox-net"]; + volumes = [ + "archivebox-sonic:/data" + ]; + }; + + diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix index ac7486dc..b901194f 100644 --- a/hosts/ds9/default.nix +++ b/hosts/ds9/default.nix @@ -156,28 +156,6 @@ in } } } - @lms host lms.hailsatan.eu - handle @lms { - forward_auth unix//run/tailscale-nginx-auth/tailscale-nginx-auth.sock { - uri /auth - header_up Remote-Addr {remote_host} - header_up Remote-Port {remote_port} - header_up Original-URI {uri} - copy_headers { - Tailscale-User>X-Webauth-User - Tailscale-Name>X-Webauth-Name - Tailscale-Login>X-Webauth-Login - Tailscale-Tailnet>X-Webauth-Tailnet - Tailscale-Profile-Picture>X-Webauth-Profile-Picture - } - } - - reverse_proxy http://lms:5082 { - transport http { - resolvers 10.88.0.1 # podman dns - } - } - } @cd host cd.hailsatan.eu handle @cd { reverse_proxy http://changedetection:5000 { @@ -214,6 +192,14 @@ in handle @bzzt { reverse_proxy http://127.0.0.1:5002 } + @archivebox host archivebox.hailsatan.eu + handle @archivebox { + reverse_proxy http://archivebox:8000 { + transport http { + resolvers 10.88.0.1 # podman dns + } + } + } @jellyfin host j.hailsatan.eu handle @jellyfin { reverse_proxy http://jellyfin:8096 { diff --git a/hosts/theseus/default.nix b/hosts/theseus/default.nix index 0def73b6..5f7c5467 100644 --- a/hosts/theseus/default.nix +++ b/hosts/theseus/default.nix @@ -21,6 +21,11 @@ ''; + + users.extraGroups.plugdev = { }; + services.udev.packages = [ pkgs.openocd pkgs.probe-rs-tools ]; + + hardware.keyboard.zsa.enable = true; xdg.portal = {