diff --git a/modules/apps/bind9/db.depeuter.dev b/modules/apps/bind9/db.depeuter.dev new file mode 100644 index 0000000..fbd06c3 --- /dev/null +++ b/modules/apps/bind9/db.depeuter.dev @@ -0,0 +1,16 @@ +$TTL 604800 +@ IN SOA ns1.depeuter.dev. admin.depeuter.dev. ( + 5 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL + +; name servers - NS records + IN NS ns1.depeuter.dev. +; IN NS ns2.depeuter.dev. + +ns1.depeuter.dev. IN A 192.168.0.91 +;ns1.depeuter.dev. IN A 192.158.0.X + +hugo.depeuter.dev. IN A 192.168.0.11 diff --git a/modules/apps/bind9/default.nix b/modules/apps/bind9/default.nix new file mode 100644 index 0000000..a2346c1 --- /dev/null +++ b/modules/apps/bind9/default.nix @@ -0,0 +1,54 @@ +{ config, lib, ... }: + +let + cfg = config.homelab.apps.bind9; +in { + options.homelab.apps.bind9.enable = lib.mkEnableOption "ISC BIND 9 (Docker)"; + + config = lib.mkIf cfg.enable { + homelab.virtualisation.containers.enable = true; + + environment.etc = { + "bind/named.conf" = { + source = ./named.conf; + mode = "0555"; + }; + "bind/named.conf.options" = { + source = ./named.conf.options; + mode = "0555"; + }; + "bind/named.conf.local" = { + source = ./named.conf.local; + mode = "0555"; + }; + "bind/zones/db.depeuter.dev" = { + source = ./db.depeuter.dev; + mode = "0555"; + }; + }; + + virtualisation.oci-containers.containers.bind9 = { + hostname = "bind9"; + #image = "internetsystemsconsortium/bind9:9.20"; # Current stable + image = "ubuntu/bind9"; # Current stable + autoStart = true; + ports = [ + "53:53/udp" + "53:53/tcp" + "953:953/tcp" + ]; + extraOptions = [ + ]; + environment = { + }; + volumes = [ + "/etc/bind:/etc/bind" # For configuration, your `named.conf` lives here + "bind9-cache:/var/cache/bind" + #"...:/var/lib/bind" # Secondary zones + "bind9-logs:/var/log" # Logfiles + ]; + labels = { + }; + }; + }; +} diff --git a/modules/apps/bind9/named.conf b/modules/apps/bind9/named.conf new file mode 100644 index 0000000..d301bd7 --- /dev/null +++ b/modules/apps/bind9/named.conf @@ -0,0 +1,2 @@ +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; diff --git a/modules/apps/bind9/named.conf.local b/modules/apps/bind9/named.conf.local new file mode 100644 index 0000000..442eca9 --- /dev/null +++ b/modules/apps/bind9/named.conf.local @@ -0,0 +1,4 @@ +zone "depeuter.dev" { + type primary; + file "/etc/bind/zones/db.depeuter.dev"; +}; diff --git a/modules/apps/bind9/named.conf.options b/modules/apps/bind9/named.conf.options new file mode 100644 index 0000000..b05f4bf --- /dev/null +++ b/modules/apps/bind9/named.conf.options @@ -0,0 +1,35 @@ +http local { + endpoints { "/dns-query"; }; +}; + +acl bogusnets { +}; + +acl trusted { + 192.168.0.0/16; +}; + +options { + directory "/var/cache/bind"; + + version "not currently available"; + + listen-on { any; }; + listen-on-v6 { any; }; + listen-on tls ephemeral { any; }; + listen-on-v6 tls ephemeral { any; }; + listen-on tls ephemeral http local { any; }; + listen-on-v6 tls ephemeral http local { any; }; + + recursion yes; + forwarders { + 9.9.9.9; + 149.112.112.112; + }; + forward only; + + allow-query { any; }; + allow-recursion { any; }; + allow-transfer { none; }; + blackhole { bogusnets; }; +}; diff --git a/modules/apps/calibre/default.nix b/modules/apps/calibre/default.nix index fc7cd57..aa00c89 100644 --- a/modules/apps/calibre/default.nix +++ b/modules/apps/calibre/default.nix @@ -6,24 +6,28 @@ let PUID = toString config.users.users.calibre.uid; PGID = toString config.users.groups.media.gid; + books = "/srv/books"; + calibre-config = "/srv/calibre-config"; + calibre-web-config = "/srv/calibre-web-config"; + networkName = "calibre"; in { options.homelab.apps.calibre = { - enable = lib.mkEnableOption "Calibre (Desktop + Web)"; - desktop = lib.mkEnableOption "Calibre Desktop (KasmVNC)"; - web = lib.mkEnableOption "Calibre Web"; + enable = lib.mkEnableOption "Calibre (Desktop + Web)"; + desktop.enable = lib.mkEnableOption "Calibre Desktop (KasmVNC)"; + web.enable = lib.mkEnableOption "Calibre Web"; }; config = lib.mkMerge [ { homelab.apps.calibre = lib.mkIf cfg.enable { - desktop = true; - web = true; + desktop.enable = true; + web.enable = true; }; } # Common - (lib.mkIf (cfg.desktop || cfg.web) { + (lib.mkIf (cfg.desktop.enable || cfg.web.enable) { homelab = { users.media.enable = true; virtualisation.containers.enable = true; @@ -37,7 +41,7 @@ in { shell = null; }; - fileSystems."/srv/books" = { + fileSystems."${books}" = { device = "192.168.0.11:/mnt/SMALL/MEDIA/BOOKS"; fsType = "nfs"; options = [ @@ -69,8 +73,8 @@ in { }) # Calibre desktop - { - fileSystems."/srv/calibre-config" = { + (lib.mkIf cfg.desktop.enable { + fileSystems."${calibre-config}" = { device = "192.168.0.11:/mnt/SMALL/CONFIG/CALIBRE"; fsType = "nfs"; options = [ @@ -84,13 +88,15 @@ in { ]; }; - virtualisation.oci-containers.containers.calibre = { + virtualisation.oci-containers.containers.calibre = let + innerPort = 8080; + in { hostname = "calibre"; - image = "lscr.io/linuxserver/calibre:latest"; + image = "lscr.io/linuxserver/calibre:8.5.0"; autoStart = true; ports = [ # Open ports if you don't use Traefik - "9480:8080" # Calibre desktop GUI + "9480:${toString innerPort}" # Calibre desktop GUI #"9481:8181" # Calibre desktop GUI HTTPS #"9581:8081" # Calibre webserver gui ]; @@ -110,16 +116,21 @@ in { #CLI_ARGS = ""; }; volumes = [ - "/srv/calibre-config:/config" + "${calibre-config}:/config" - "/srv/books:/media/books" + "${books}:/media/books" ]; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.calibre.rule" = "Host(`calibre.depeuter.dev`)"; + "traefik.http.services.calibre.loadbalancer.server.port" = toString innerPort; + }; }; - } + }) # Calibre Web - { - fileSystems."/srv/calibre-web-config" = { + (lib.mkIf cfg.web.enable { + fileSystems."${calibre-web-config}" = { device = "192.168.0.11:/mnt/SMALL/CONFIG/CALIBRE-WEB"; fsType = "nfs"; options = [ @@ -133,13 +144,15 @@ in { ]; }; - virtualisation.oci-containers.containers.calibre-web = { + virtualisation.oci-containers.containers.calibre-web = let + innerPort = 8083; + in { hostname = "calibre-web"; - image = "lscr.io/linuxserver/calibre-web:latest"; + image = "lscr.io/linuxserver/calibre-web:0.6.24"; autoStart = true; ports = [ # Open ports if you don't use Traefik - "8083:8083" # Web UI + "8083:${toString innerPort}" # Web UI ]; extraOptions = [ "--network=${networkName}" @@ -156,11 +169,16 @@ in { #OAUTHLIB_RELAX_TOKEN_SCOPE = "1"; }; volumes = [ - "/srv/calibre-web-config:/config" + "${calibre-web-config}:/config" - "/srv/books:/media/books" + "${books}:/media/books" ]; + labels = { + "traefik.enable" = "true"; + "traefik.http.routers.calibre-web.rule" = "Host(`books.depeuter.dev`)"; + "traefik.http.services.calibre-web.loadbalancer.server.port" = toString innerPort; + }; }; - } + }) ]; } diff --git a/modules/apps/default.nix b/modules/apps/default.nix index 2d487e8..81c6a06 100644 --- a/modules/apps/default.nix +++ b/modules/apps/default.nix @@ -1,6 +1,7 @@ { imports = [ ./arr + ./bind9 ./calibre ./changedetection ./freshrss