This commit is contained in:
Daniel Flanagan 2024-09-06 16:36:53 -05:00
parent da602beac6
commit 639aad8c8a

View file

@ -204,43 +204,43 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
''; '';
}; };
} }
# { {
# services.headscale = { services.headscale = {
# enable = true; enable = false;
# address = "127.0.0.1"; address = "127.0.0.1";
# port = 7777; port = 7777;
# settings = { settings = {
# server_url = "https://tailscale.vpn.h.lyte.dev"; server_url = "https://tailscale.vpn.h.lyte.dev";
# db_type = "sqlite3"; db_type = "sqlite3";
# db_path = "/var/lib/headscale/db.sqlite"; db_path = "/var/lib/headscale/db.sqlite";
# derp.server = { derp.server = {
# enable = true; enable = true;
# region_id = 999; region_id = 999;
# stun_listen_addr = "0.0.0.0:3478"; stun_listen_addr = "0.0.0.0:3478";
# }; };
# dns_config = { dns_config = {
# magic_dns = true; magic_dns = true;
# base_domain = "vpn.h.lyte.dev"; base_domain = "vpn.h.lyte.dev";
# domains = [ domains = [
# "ts.vpn.h.lyte.dev" "ts.vpn.h.lyte.dev"
# ]; ];
# nameservers = [ nameservers = [
# "1.1.1.1" "1.1.1.1"
# # "192.168.0.1" # "192.168.0.1"
# ]; ];
# override_local_dns = true; override_local_dns = true;
# }; };
# }; };
# }; };
# services.caddy.virtualHosts."tailscale.vpn.h.lyte.dev" = { services.caddy.virtualHosts."tailscale.vpn.h.lyte.dev" = lib.mkIf config.services.headscale.enable {
# extraConfig = '' extraConfig = ''
# reverse_proxy http://localhost:${toString config.services.headscale.port} reverse_proxy http://localhost:${toString config.services.headscale.port}
# ''; '';
# }; };
# networking.firewall.allowedUDPPorts = [3478]; networking.firewall.allowedUDPPorts = lib.mkIf config.services.headscale.enable [3478];
# } }
{ {
services.soju = { services.soju = {
enable = true; enable = true;
@ -491,104 +491,145 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
"forgejo" "forgejo"
]; ];
}; };
services.postgresql = {
ensureDatabases = ["daniel"];
ensureUsers = [
{
name = "daniel";
ensureDBOwnership = true;
} }
# { ];
# services.jellyfin = { };
# enable = true; }
# openFirewall = false; {
# # uses port 8096 by default, configurable from admin UI systemd.tmpfiles.settings = {
# }; "10-jellyfin" = {
# services.caddy.virtualHosts."video.lyte.dev" = { "/storage/jellyfin" = {
# extraConfig = ''reverse_proxy :8096''; "d" = {
# }; mode = "0770";
# # NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general user = "jellyfin";
# # but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML group = "wheel";
# # stuff, too?) and get good transcoding performance };
};
"/storage/jellyfin/movies" = {
"d" = {
mode = "0770";
user = "jellyfin";
group = "wheel";
};
};
"/storage/jellyfin/tv" = {
"d" = {
mode = "0770";
user = "jellyfin";
group = "wheel";
};
};
"/storage/jellyfin/music" = {
"d" = {
mode = "0770";
user = "jellyfin";
group = "wheel";
};
};
};
};
services.jellyfin = {
enable = true;
openFirewall = false;
# uses port 8096 by default, configurable from admin UI
};
services.caddy.virtualHosts."video.lyte.dev" = {
extraConfig = ''reverse_proxy :8096'';
};
# NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general
# but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML
# stuff, too?) and get good transcoding performance
# # jellyfin hardware encoding # jellyfin hardware encoding
# # hardware.graphics = { # hardware.graphics = {
# # enable = true;
# # extraPackages = with pkgs; [
# # intel-media-driver
# # vaapiIntel
# # vaapiVdpau
# # libvdpau-va-gl
# # intel-compute-runtime
# # ];
# # };
# # nixpkgs.config.packageOverrides = pkgs: {
# # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# # };
# }
# {
# services.postgresql = {
# enable = true; # enable = true;
# ensureDatabases = [ # extraPackages = with pkgs; [
# "daniel" # intel-media-driver
# "plausible" # vaapiIntel
# "nextcloud" # vaapiVdpau
# # "atuin" # libvdpau-va-gl
# intel-compute-runtime
# ]; # ];
# ensureUsers = [
# {
# name = "daniel";
# ensureDBOwnership = true;
# }
# {
# name = "plausible";
# ensureDBOwnership = true;
# }
# {
# name = "nextcloud";
# ensureDBOwnership = true;
# }
# # {
# # name = "atuin";
# # ensureDBOwnership = true;
# # }
# ];
# dataDir = "/storage/postgres";
# enableTCPIP = true;
# package = pkgs.postgresql_15;
# # https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
# authentication = pkgs.lib.mkOverride 10 ''
# #type database user auth-method auth-options
# local all postgres peer map=superuser_map
# local all daniel peer map=superuser_map
# local sameuser all peer map=superuser_map
# # local plausible plausible peer
# # local nextcloud nextcloud peer
# # local atuin atuin peer
# # lan ipv4
# host all daniel 192.168.0.0/16 trust
# host all daniel 10.0.0.0/24 trust
# # tailnet ipv4
# host all daniel 100.64.0.0/10 trust
# '';
# identMap = ''
# # map system_user db_user
# superuser_map root postgres
# superuser_map postgres postgres
# superuser_map daniel postgres
# # Let other names login as themselves
# superuser_map /^(.*)$ \1
# '';
# }; # };
# nixpkgs.config.packageOverrides = pkgs: {
# services.postgresqlBackup = { # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# enable = true;
# backupAll = true;
# compression = "none"; # hoping for deduplication here?
# location = "/storage/postgres-backups";
# startAt = "*-*-* 03:00:00";
# }; # };
# } }
{
services.postgresql = {
enable = true;
ensureDatabases = [
"daniel"
"plausible"
"nextcloud"
"atuin"
];
ensureUsers = [
{
name = "daniel";
ensureDBOwnership = true;
}
{
name = "plausible";
ensureDBOwnership = true;
}
{
name = "nextcloud";
ensureDBOwnership = true;
}
{
name = "atuin";
ensureDBOwnership = true;
}
];
dataDir = "/storage/postgres";
enableTCPIP = true;
package = pkgs.postgresql_15;
# https://www.postgresql.org/docs/current/auth-pg-hba-conf.html
authentication = pkgs.lib.mkOverride 10 ''
#type database user auth-method auth-options
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
# local plausible plausible peer
# local nextcloud nextcloud peer
# local atuin atuin peer
# lan ipv4
host all daniel 192.168.0.0/16 trust
host all daniel 10.0.0.0/24 trust
# tailnet ipv4
host all daniel 100.64.0.0/10 trust
'';
identMap = ''
# map system_user db_user
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
services.postgresqlBackup = {
enable = true;
backupAll = true;
compression = "none"; # hoping for deduplication here?
location = "/storage/postgres-backups";
startAt = "*-*-* 03:00:00";
};
}
# { # {
# # friends # # friends
# users.users.ben = { # users.users.ben = {