From c6fad213b45f4ff0f57d628cea93efcfc4deef8d Mon Sep 17 00:00:00 2001 From: Lucy Hochkamp Date: Fri, 31 Jan 2025 18:40:25 +0100 Subject: [PATCH] meow --- hosts/ds9/containers.nix | 38 ++++++---- hosts/ds9/default.nix | 142 +++++++++++++++++++++----------------- hosts/theseus/default.nix | 2 +- 3 files changed, 105 insertions(+), 77 deletions(-) diff --git a/hosts/ds9/containers.nix b/hosts/ds9/containers.nix index 68c1dae5..1d19d2e1 100644 --- a/hosts/ds9/containers.nix +++ b/hosts/ds9/containers.nix @@ -125,19 +125,31 @@ in ]; }; # navidrome - virtualisation.oci-containers.containers.navidrome = { - user = "1000:100"; - image = "deluan/navidrome:latest"; + virtualisation.oci-containers.containers.lms = { + # don't tell mom + # user = "1000:100"; + image = "epoupon/lms:latest"; + cmd = ["/lms.conf"]; extraOptions = [ "--network=podman" ]; - volumes = [ - "navidrome-data:/data" - "/data/media/music:/music:ro" - ]; - environment = { - ND_SCANSCHEDULE = "1h"; - ND_SESSIONTIMEOUT = "900h"; - ND_BASEURL = "https://nd.hailsatan.eu"; - }; + volumes = + let + lmsConfig = pkgs.writeText "lms-config" '' + original-ip-header = "X-Forwarded-For"; + behind-reverse-proxy = true; + trusted-proxies = + ( + "10.88.0.1" + ); + authentication-backend = "http-headers"; + http-headers-login-field = "X-Webauth-User"; + ''; + in + [ + "lightweight-music-server-data:/var/lms:rw" + "${lmsConfig}:/lms.conf" + "/data/media/beets/music:/music:ro" + ]; + environment = { }; }; # changedetection @@ -176,7 +188,7 @@ in virtualisation.oci-containers.containers.jellyfin = { image = "jellyfin/jellyfin:latest"; user = "1000:100"; - extraOptions = [ "--network=podman" "--mount" "type=bind,source=/data/media,destination=/media,ro=true,relabel=private"]; + extraOptions = [ "--network=podman" "--mount" "type=bind,source=/data/media,destination=/media,ro=true,relabel=private" ]; volumes = [ "jellyfin-config:/config" "jellyfin-cache:/cache" diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix index ea488cff..8fb38dd8 100644 --- a/hosts/ds9/default.nix +++ b/hosts/ds9/default.nix @@ -120,6 +120,8 @@ in ZED_SCRUB_AFTER_RESILVER = true; }; + services.tailscaleAuth.enable = true; + services.tailscaleAuth.group = config.services.caddy.group; systemd.services.caddy.serviceConfig.EnvironmentFile = config.age.secrets.desec.path; services.caddy = { # ragon.services.caddy is enabled @@ -146,69 +148,83 @@ in } ''; virtualHosts."*.hailsatan.eu".extraConfig = '' - @immich host immich.hailsatan.eu - handle @immich { - reverse_proxy http://immich-server:3001 { - transport http { - resolvers 10.88.0.1 # podman dns - } - } - } - @nd host nd.hailsatan.eu - handle @nd { - reverse_proxy http://navidrome:4533 { - transport http { - resolvers 10.88.0.1 # podman dns - } - } - } - @cd host cd.hailsatan.eu - handle @cd { - reverse_proxy http://changedetection:5000 { - transport http { - resolvers 10.88.0.1 # podman dns - } - } - } - @grafana host grafana.hailsatan.eu - handle @grafana { - reverse_proxy http://grafana:3000 { - transport http { - resolvers 10.88.0.1 # podman dns - } - } - } - @node-red host node-red.hailsatan.eu - handle @node-red { - reverse_proxy http://node-red:1880 { - transport http { - resolvers 10.88.0.1 # podman dns - } - } - } - @bzzt-api host bzzt-api.hailsatan.eu - handle @bzzt-api { - reverse_proxy http://127.0.0.1:5001 - } - @bzzt-lcg host bzzt-lcg.hailsatan.eu - handle @bzzt-lcg { - reverse_proxy http://127.0.0.1:5003 - } - @bzzt host bzzt.hailsatan.eu - handle @bzzt { - reverse_proxy http://127.0.0.1:5002 - } - @jellyfin host j.hailsatan.eu - handle @jellyfin { - reverse_proxy http://jellyfin:8096 { - transport http { - resolvers 10.88.0.1 # podman dns - } - } - } - handle { - abort - } + @immich host immich.hailsatan.eu + handle @immich { + reverse_proxy http://immich-server:3001 { + transport http { + resolvers 10.88.0.1 # podman dns + } + } + } + @lms host lms.hailsatan.eu + handle @lms { + forward_auth unix//run/tailscale-nginx-auth/tailscale-nginx-auth.sock { + uri /auth + header_up Remote-Addr {remote_host} + header_up Remote-Port {remote_port} + header_up Original-URI {uri} + copy_headers { + Tailscale-User>X-Webauth-User + Tailscale-Name>X-Webauth-Name + Tailscale-Login>X-Webauth-Login + Tailscale-Tailnet>X-Webauth-Tailnet + Tailscale-Profile-Picture>X-Webauth-Profile-Picture + } + } + + reverse_proxy http://lms:5082 { + transport http { + resolvers 10.88.0.1 # podman dns + } + } + } + @cd host cd.hailsatan.eu + handle @cd { + reverse_proxy http://changedetection:5000 { + transport http { + resolvers 10.88.0.1 # podman dns + } + } + } + @grafana host grafana.hailsatan.eu + handle @grafana { + reverse_proxy http://grafana:3000 { + transport http { + resolvers 10.88.0.1 # podman dns + } + } + } + @node-red host node-red.hailsatan.eu + handle @node-red { + reverse_proxy http://node-red:1880 { + transport http { + resolvers 10.88.0.1 # podman dns + } + } + } + @bzzt-api host bzzt-api.hailsatan.eu + handle @bzzt-api { + reverse_proxy http://127.0.0.1:5001 + } + @bzzt-lcg host bzzt-lcg.hailsatan.eu + handle @bzzt-lcg { + reverse_proxy http://127.0.0.1:5003 + } + @bzzt host bzzt.hailsatan.eu + handle @bzzt { + reverse_proxy http://127.0.0.1:5002 + } + @jellyfin host j.hailsatan.eu + handle @jellyfin { + reverse_proxy http://jellyfin:8096 { + transport http { + resolvers 10.88.0.1 # podman dns + } + } + } + handle { + abort + } ''; }; diff --git a/hosts/theseus/default.nix b/hosts/theseus/default.nix index d8edf59c..0def73b6 100644 --- a/hosts/theseus/default.nix +++ b/hosts/theseus/default.nix @@ -306,7 +306,7 @@ location.extraConfig.before_backup = [ "notify-send -u low -a borgmatic borgmatic \"starting backup\" -t 10000" ]; location.extraConfig.after_backup = [ "notify-send -u low -a borgmatic borgmatic \"finished backup\" -t 10000" ]; location.extraConfig.on_error = [ "notify-send -u critical -a borgmatic borgmatic \"backup failed\"" ]; - location.extraConfig.ssh_command = "ssh -i /home/ragon/.ssh/id_ed25519"; + # location.extraConfig.ssh_command = "ssh -i /home/ragon/.ssh/id_ed25519"; location.extraConfig.one_file_system = true; retention = { keepHourly = 24;