diff --git a/flake.nix b/flake.nix index 48c91de..44d63c2 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,7 @@ Binnenpost.modules = [ ./hosts/Binnenpost ]; Production.modules = [ ./hosts/Production ]; ProductionGPU.modules = [ ./hosts/ProductionGPU ]; + ProductionArr.modules = [ ./hosts/ProductionArr ]; ACE.modules = [ ./hosts/ACE ]; Template.modules = [ ./hosts/Template ]; diff --git a/hosts/Development/default.nix b/hosts/Development/default.nix index da995f8..b2237b7 100644 --- a/hosts/Development/default.nix +++ b/hosts/Development/default.nix @@ -4,9 +4,9 @@ config = { homelab = { apps = { - arr = { - qbittorrent.enable = true; - }; + bind9.enable = true; + traefik.enable = true; + plex.enable = true; }; virtualisation.guest.enable = true; }; diff --git a/hosts/ProductionArr/default.nix b/hosts/ProductionArr/default.nix new file mode 100644 index 0000000..ff4f4c2 --- /dev/null +++ b/hosts/ProductionArr/default.nix @@ -0,0 +1,48 @@ +{ config, pkgs, lib, system, ... }: + +{ + config = { + homelab = { + apps = { + arr.enable = true; + traefik.enable = true; + }; + virtualisation.guest.enable = true; + }; + + networking = { + hostId = "aaaa2300"; + domain = "roxanne.depeuter.dev"; + + useDHCP = false; + + enableIPv6 = true; + + defaultGateway = { + address = "192.168.0.1"; + interface = "ens18"; + }; + + # Open ports in the firewall. + firewall = { + enable = true; + }; + + interfaces.ens18 = { + ipv4.addresses = [ + { + address = "192.168.0.33"; + prefixLength = 24; + } + ]; + }; + + nameservers = [ + "1.1.1.1" # Cloudflare + "1.0.0.1" # Cloudflare + ]; + }; + + system.stateVersion = "24.05"; + }; +} diff --git a/modules/apps/arr/default.nix b/modules/apps/arr/default.nix index cedd01e..5cff39c 100644 --- a/modules/apps/arr/default.nix +++ b/modules/apps/arr/default.nix @@ -6,7 +6,7 @@ let networkName = "arrStack"; proxyNet = config.homelab.apps.traefik.sharedNetworkName; - appNames = [ "bazarr" "lidarr" "prowlarr" "qbittorrent" "radarr" "sonarr" ]; + appNames = [ "bazarr" "prowlarr" "qbittorrent" "radarr" "sonarr" ]; inUse = builtins.any (app: cfg.${app}.enable) appNames; PGID = toString config.users.groups.media.gid; @@ -14,13 +14,53 @@ let in { options.homelab.apps.arr = { enable = lib.mkEnableOption "Arr Stack using Docker"; + exposePorts = lib.mkOption { + type = lib.types.bool; + description = "Expose all app ports"; + # Only expose ports by default if Traefik is not in use. + default = ! config.homelab.apps.traefik.enable; + }; - bazarr.enable = lib.mkEnableOption "Bazarr using Docker"; - lidarr.enable = lib.mkEnableOption "Lidarr using Docker"; - prowlarr.enable = lib.mkEnableOption "Prowlarr using Docker"; - qbittorrent.enable = lib.mkEnableOption "qBittorrent using Docker"; - radarr.enable = lib.mkEnableOption "Radarr using Docker"; - sonarr.enable = lib.mkEnableOption "Sonarr using Docker"; + bazarr = { + enable = lib.mkEnableOption "Bazarr using Docker"; + exposePorts = lib.mkOption { + type = lib.types.bool; + description = "Expose Bazarr port"; + default = cfg.exposePorts; + }; + }; + prowlarr = { + enable = lib.mkEnableOption "Prowlarr using Docker"; + exposePorts = lib.mkOption { + type = lib.types.bool; + description = "Expose Prowlarr port"; + default = cfg.exposePorts; + }; + }; + qbittorrent = { + enable = lib.mkEnableOption "qBittorrent using Docker"; + exposePorts = lib.mkOption { + type = lib.types.bool; + description = "Expose qBittorrent port"; + default = cfg.exposePorts; + }; + }; + radarr = { + enable = lib.mkEnableOption "Radarr using Docker"; + exposePorts = lib.mkOption { + type = lib.types.bool; + description = "Expose Radarr port"; + default = cfg.exposePorts; + }; + }; + sonarr = { + enable = lib.mkEnableOption "Sonarr using Docker"; + exposePorts = lib.mkOption { + type = lib.types.bool; + description = "Expose Sonarr port"; + default = cfg.exposePorts; + }; + }; }; config = { @@ -33,7 +73,6 @@ in { # "Master switch": Enable all apps. apps.arr = lib.mkIf cfg.enable { bazarr.enable = true; - lidarr.enable = true; prowlarr.enable = true; qbittorrent.enable = true; radarr.enable = true; @@ -63,20 +102,6 @@ in { ]; }; - "/srv/lidarr-backup" = lib.mkIf cfg.lidarr.enable { - device = "192.168.0.11:/mnt/BIG/BACKUP/LIDARR"; - fsType = "nfs"; - options = [ - "rw" - "auto" - "nfsvers=4.2" - "rsize=1048576" "wsize=1048576" - "hard" - "timeo=600" "retrans=2" - "_netdev" "nosuid" "tcp" - ]; - }; - "/srv/prowlarr-backup" = lib.mkIf cfg.prowlarr.enable { device = "192.168.0.11:/mnt/BIG/BACKUP/PROWLARR"; fsType = "nfs"; @@ -153,7 +178,6 @@ in { description = "Create Docker network for ${networkName}"; requiredBy = [ "docker-bazarr.service" - "docker-lidarr.service" "docker-prowlarr.service" "docker-qbittorrent.service" "docker-radarr.service" @@ -179,13 +203,6 @@ in { home = "/var/empty"; shell = null; }; - lidarr = lib.mkIf cfg.lidarr.enable { - uid = lib.mkForce 3002; - isSystemUser = true; - group = config.users.groups.media.name; - home = "/var/empty"; - shell = null; - }; prowlarr = lib.mkIf cfg.prowlarr.enable { uid = lib.mkForce 3004; isSystemUser = true; @@ -228,10 +245,9 @@ in { hostname = "bazarr"; image = "ghcr.io/hotio/bazarr:release-1.4.4"; autoStart = true; - ports = [ - # Open ports if you don't use Traefik - # "${toString port}:${toString port}/tcp" - # "${toString port}:${toString port}/udp" + ports = lib.mkIf cfg.bazarr.exposePorts [ + "${toString port}:${toString port}/tcp" + "${toString port}:${toString port}/udp" ]; extraOptions = [ "--network=${networkName}" @@ -259,48 +275,14 @@ in { }; }; - lidarr = let - port = 8686; - in lib.mkIf cfg.lidarr.enable { - hostname = "lidarr"; - image = "ghcr.io/hotio/lidarr:release-2.5.3.4341"; - autoStart = true; - ports = [ - # Open ports if you don't use Traefik - # "${toString port}:${toString port}/tcp" - ]; - extraOptions = [ - "--network=${networkName}" - "--network=${proxyNet}" - ]; - environment = { - PUID = toString config.users.users.lidarr.uid; - inherit PGID UMASK; - TZ = config.time.timeZone; - }; - volumes = [ - "lidarr-config:/config" - - # TODO Fix path - "/srv/lidarr-backup:/media/Backups" - ]; - labels = { - "traefik.enable" = "true"; - "traefik.docker.network" = proxyNet; - "traefik.http.routers.lidarr.rule" = "Host(`lidarr.depeuter.dev`)"; - "traefik.http.services.lidarr.loadbalancer.server.port" = toString port; - }; - }; - prowlarr = let port = 9696; in lib.mkIf cfg.prowlarr.enable { hostname = "prowlarr"; image = "ghcr.io/hotio/prowlarr:release-1.23.1.4708"; autoStart = true; - ports = [ - # Open ports if you don't use Traefik - # "${toString port}:${toString port}/tcp" + ports = lib.mkIf cfg.prowlarr.exposePorts [ + "${toString port}:${toString port}/tcp" ]; extraOptions = [ "--network=${networkName}" @@ -330,10 +312,9 @@ in { hostname = "qbittorrent"; image = "ghcr.io/hotio/qbittorrent:release-4.6.7"; autoStart = true; - ports = [ - # Open ports if you don't use Traefik - # "${toString port}:${toString port}/tcp" - # "${toString port}:${toString port}/udp" + ports = lib.mkIf cfg.qbittorrent.exposePorts [ + "${toString port}:${toString port}/tcp" + "${toString port}:${toString port}/udp" ]; extraOptions = [ "--network=${networkName}" @@ -364,9 +345,8 @@ in { hostname = "radarr"; image = "ghcr.io/hotio/radarr:release-5.9.1.9070"; autoStart = true; - ports = [ - # Open ports if you don't use Traefik - # "${toString port}:${toString port}/tcp" + ports = lib.mkIf cfg.radarr.exposePorts [ + "${toString port}:${toString port}/tcp" ]; extraOptions = [ "--network=${networkName}" @@ -399,9 +379,8 @@ in { hostname = "sonarr"; image = "ghcr.io/hotio/sonarr:release-4.0.9.2244"; autoStart = true; - ports = [ - # Open ports if you don't use Traefik - # "${toString port}:${toString port}/tcp" + ports = lib.mkIf cfg.sonarr.exposePorts [ + "${toString port}:${toString port}/tcp" ]; extraOptions = [ "--network=${networkName}" diff --git a/modules/apps/bind9/db.depeuter.dev b/modules/apps/bind9/db.depeuter.dev index fbd06c3..72f3825 100644 --- a/modules/apps/bind9/db.depeuter.dev +++ b/modules/apps/bind9/db.depeuter.dev @@ -1,16 +1,45 @@ $TTL 604800 -@ IN SOA ns1.depeuter.dev. admin.depeuter.dev. ( - 5 ; Serial - 604800 ; Refresh - 86400 ; Retry - 2419200 ; Expire - 604800 ) ; Negative Cache TTL +@ IN SOA ns1 admin ( + 15 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Negative Cache TTL -; name servers - NS records - IN NS ns1.depeuter.dev. -; IN NS ns2.depeuter.dev. +; Name servers - NS records + IN NS ns1 +; IN NS ns2 -ns1.depeuter.dev. IN A 192.168.0.91 -;ns1.depeuter.dev. IN A 192.158.0.X +ns1 IN A 192.168.0.91 +;ns2 IN A 192.158.0.X -hugo.depeuter.dev. IN A 192.168.0.11 +; Hostnames +hugo.kmtl IN A 192.168.0.11 + +ingress.kmtl IN A 192.168.0.10 +ingress.kmtl IN AAAA fe80::be24:11ff:fed6:842a + +; Core services +cloud IN A 192.168.0.10 +git IN A 78.23.37.117 +home IN A 192.168.0.10 +jelly IN CNAME ingress.kmtl +vault IN A 192.168.0.10 + +; Production VM +books IN A 192.168.0.31 +calibre IN A 192.168.0.31 + +; Production VM - Arr +bazarr IN A 192.168.0.33 +prowlarr IN A 192.168.0.33 +qb IN A 192.168.0.33 +radarr IN A 192.168.0.33 +sonarr IN A 192.168.0.33 + +; Development VM +plex IN A 192.168.0.91 + +; Catchalls +*.production IN A 192.168.0.31 +*.development IN A 192.168.0.91