diff --git a/modules/apps/arr/default.nix b/modules/apps/arr/default.nix index cedd01e..2687e2a 100644 --- a/modules/apps/arr/default.nix +++ b/modules/apps/arr/default.nix @@ -4,8 +4,6 @@ let cfg = config.homelab.apps.arr; networkName = "arrStack"; - proxyNet = config.homelab.apps.traefik.sharedNetworkName; - appNames = [ "bazarr" "lidarr" "prowlarr" "qbittorrent" "radarr" "sonarr" ]; inUse = builtins.any (app: cfg.${app}.enable) appNames; @@ -235,7 +233,6 @@ in { ]; extraOptions = [ "--network=${networkName}" - "--network=${proxyNet}" ]; environment = { PUID = toString config.users.users.bazarr.uid; @@ -253,7 +250,6 @@ in { ]; labels = { "traefik.enable" = "true"; - "traefik.docker.network" = proxyNet; "traefik.http.routers.bazarr.rule" = "Host(`bazarr.depeuter.dev`)"; "traefik.http.services.bazarr.loadbalancer.server.port" = toString port; }; @@ -271,7 +267,6 @@ in { ]; extraOptions = [ "--network=${networkName}" - "--network=${proxyNet}" ]; environment = { PUID = toString config.users.users.lidarr.uid; @@ -284,12 +279,6 @@ in { # TODO Fix path "/srv/lidarr-backup:/media/Backups" ]; - labels = { - "traefik.enable" = "true"; - "traefik.docker.network" = proxyNet; - "traefik.http.routers.lidarr.rule" = "Host(`lidarr.depeuter.dev`)"; - "traefik.http.services.lidarr.loadbalancer.server.port" = toString port; - }; }; prowlarr = let @@ -304,7 +293,6 @@ in { ]; extraOptions = [ "--network=${networkName}" - "--network=${proxyNet}" ]; environment = { PUID = toString config.users.users.prowlarr.uid; @@ -318,7 +306,6 @@ in { ]; labels = { "traefik.enable" = "true"; - "traefik.docker.network" = proxyNet; "traefik.http.routers.prowlarr.rule" = "Host(`prowlarr.depeuter.dev`)"; "traefik.http.services.prowlarr.loadbalancer.server.port" = toString port; }; @@ -337,7 +324,6 @@ in { ]; extraOptions = [ "--network=${networkName}" - "--network=${proxyNet}" ]; environment = { PUID = toString config.users.users.qbittorrent.uid; @@ -352,7 +338,6 @@ in { ]; labels = { "traefik.enable" = "true"; - "traefik.docker.network" = proxyNet; "traefik.http.routers.qbittorrent.rule" = "Host(`qb.depeuter.dev`)"; "traefik.http.services.qbittorrent.loadbalancer.server.port" = toString port; }; @@ -370,7 +355,6 @@ in { ]; extraOptions = [ "--network=${networkName}" - "--network=${proxyNet}" ]; environment = { PUID = toString config.users.users.radarr.uid; @@ -387,7 +371,6 @@ in { ]; labels = { "traefik.enable" = "true"; - "traefik.docker.network" = proxyNet; "traefik.http.routers.radarr.rule" = "Host(`radarr.depeuter.dev`)"; "traefik.http.services.radarr.loadbalancer.server.port" = toString port; }; @@ -405,7 +388,6 @@ in { ]; extraOptions = [ "--network=${networkName}" - "--network=${proxyNet}" ]; environment = { PUID = toString config.users.users.sonarr.uid; @@ -422,7 +404,6 @@ in { ]; labels = { "traefik.enable" = "true"; - "traefik.docker.network" = proxyNet; "traefik.http.routers.sonarr.rule" = "Host(`sonarr.depeuter.dev`)"; "traefik.http.services.sonarr.loadbalancer.server.port" = toString port; }; diff --git a/modules/apps/bind9/db.depeuter.dev b/modules/apps/bind9/db.depeuter.dev deleted file mode 100644 index fbd06c3..0000000 --- a/modules/apps/bind9/db.depeuter.dev +++ /dev/null @@ -1,16 +0,0 @@ -$TTL 604800 -@ IN SOA ns1.depeuter.dev. admin.depeuter.dev. ( - 5 ; Serial - 604800 ; Refresh - 86400 ; Retry - 2419200 ; Expire - 604800 ) ; Negative Cache TTL - -; name servers - NS records - IN NS ns1.depeuter.dev. -; IN NS ns2.depeuter.dev. - -ns1.depeuter.dev. IN A 192.168.0.91 -;ns1.depeuter.dev. IN A 192.158.0.X - -hugo.depeuter.dev. IN A 192.168.0.11 diff --git a/modules/apps/bind9/default.nix b/modules/apps/bind9/default.nix deleted file mode 100644 index a2346c1..0000000 --- a/modules/apps/bind9/default.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, ... }: - -let - cfg = config.homelab.apps.bind9; -in { - options.homelab.apps.bind9.enable = lib.mkEnableOption "ISC BIND 9 (Docker)"; - - config = lib.mkIf cfg.enable { - homelab.virtualisation.containers.enable = true; - - environment.etc = { - "bind/named.conf" = { - source = ./named.conf; - mode = "0555"; - }; - "bind/named.conf.options" = { - source = ./named.conf.options; - mode = "0555"; - }; - "bind/named.conf.local" = { - source = ./named.conf.local; - mode = "0555"; - }; - "bind/zones/db.depeuter.dev" = { - source = ./db.depeuter.dev; - mode = "0555"; - }; - }; - - virtualisation.oci-containers.containers.bind9 = { - hostname = "bind9"; - #image = "internetsystemsconsortium/bind9:9.20"; # Current stable - image = "ubuntu/bind9"; # Current stable - autoStart = true; - ports = [ - "53:53/udp" - "53:53/tcp" - "953:953/tcp" - ]; - extraOptions = [ - ]; - environment = { - }; - volumes = [ - "/etc/bind:/etc/bind" # For configuration, your `named.conf` lives here - "bind9-cache:/var/cache/bind" - #"...:/var/lib/bind" # Secondary zones - "bind9-logs:/var/log" # Logfiles - ]; - labels = { - }; - }; - }; -} diff --git a/modules/apps/bind9/named.conf b/modules/apps/bind9/named.conf deleted file mode 100644 index d301bd7..0000000 --- a/modules/apps/bind9/named.conf +++ /dev/null @@ -1,2 +0,0 @@ -include "/etc/bind/named.conf.options"; -include "/etc/bind/named.conf.local"; diff --git a/modules/apps/bind9/named.conf.local b/modules/apps/bind9/named.conf.local deleted file mode 100644 index 442eca9..0000000 --- a/modules/apps/bind9/named.conf.local +++ /dev/null @@ -1,4 +0,0 @@ -zone "depeuter.dev" { - type primary; - file "/etc/bind/zones/db.depeuter.dev"; -}; diff --git a/modules/apps/bind9/named.conf.options b/modules/apps/bind9/named.conf.options deleted file mode 100644 index b05f4bf..0000000 --- a/modules/apps/bind9/named.conf.options +++ /dev/null @@ -1,35 +0,0 @@ -http local { - endpoints { "/dns-query"; }; -}; - -acl bogusnets { -}; - -acl trusted { - 192.168.0.0/16; -}; - -options { - directory "/var/cache/bind"; - - version "not currently available"; - - listen-on { any; }; - listen-on-v6 { any; }; - listen-on tls ephemeral { any; }; - listen-on-v6 tls ephemeral { any; }; - listen-on tls ephemeral http local { any; }; - listen-on-v6 tls ephemeral http local { any; }; - - recursion yes; - forwarders { - 9.9.9.9; - 149.112.112.112; - }; - forward only; - - allow-query { any; }; - allow-recursion { any; }; - allow-transfer { none; }; - blackhole { bogusnets; }; -}; diff --git a/modules/apps/calibre/default.nix b/modules/apps/calibre/default.nix index aa00c89..fc7cd57 100644 --- a/modules/apps/calibre/default.nix +++ b/modules/apps/calibre/default.nix @@ -6,28 +6,24 @@ let PUID = toString config.users.users.calibre.uid; PGID = toString config.users.groups.media.gid; - books = "/srv/books"; - calibre-config = "/srv/calibre-config"; - calibre-web-config = "/srv/calibre-web-config"; - networkName = "calibre"; in { options.homelab.apps.calibre = { - enable = lib.mkEnableOption "Calibre (Desktop + Web)"; - desktop.enable = lib.mkEnableOption "Calibre Desktop (KasmVNC)"; - web.enable = lib.mkEnableOption "Calibre Web"; + enable = lib.mkEnableOption "Calibre (Desktop + Web)"; + desktop = lib.mkEnableOption "Calibre Desktop (KasmVNC)"; + web = lib.mkEnableOption "Calibre Web"; }; config = lib.mkMerge [ { homelab.apps.calibre = lib.mkIf cfg.enable { - desktop.enable = true; - web.enable = true; + desktop = true; + web = true; }; } # Common - (lib.mkIf (cfg.desktop.enable || cfg.web.enable) { + (lib.mkIf (cfg.desktop || cfg.web) { homelab = { users.media.enable = true; virtualisation.containers.enable = true; @@ -41,7 +37,7 @@ in { shell = null; }; - fileSystems."${books}" = { + fileSystems."/srv/books" = { device = "192.168.0.11:/mnt/SMALL/MEDIA/BOOKS"; fsType = "nfs"; options = [ @@ -73,8 +69,8 @@ in { }) # Calibre desktop - (lib.mkIf cfg.desktop.enable { - fileSystems."${calibre-config}" = { + { + fileSystems."/srv/calibre-config" = { device = "192.168.0.11:/mnt/SMALL/CONFIG/CALIBRE"; fsType = "nfs"; options = [ @@ -88,15 +84,13 @@ in { ]; }; - virtualisation.oci-containers.containers.calibre = let - innerPort = 8080; - in { + virtualisation.oci-containers.containers.calibre = { hostname = "calibre"; - image = "lscr.io/linuxserver/calibre:8.5.0"; + image = "lscr.io/linuxserver/calibre:latest"; autoStart = true; ports = [ # Open ports if you don't use Traefik - "9480:${toString innerPort}" # Calibre desktop GUI + "9480:8080" # Calibre desktop GUI #"9481:8181" # Calibre desktop GUI HTTPS #"9581:8081" # Calibre webserver gui ]; @@ -116,21 +110,16 @@ in { #CLI_ARGS = ""; }; volumes = [ - "${calibre-config}:/config" + "/srv/calibre-config:/config" - "${books}:/media/books" + "/srv/books:/media/books" ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.calibre.rule" = "Host(`calibre.depeuter.dev`)"; - "traefik.http.services.calibre.loadbalancer.server.port" = toString innerPort; - }; }; - }) + } # Calibre Web - (lib.mkIf cfg.web.enable { - fileSystems."${calibre-web-config}" = { + { + fileSystems."/srv/calibre-web-config" = { device = "192.168.0.11:/mnt/SMALL/CONFIG/CALIBRE-WEB"; fsType = "nfs"; options = [ @@ -144,15 +133,13 @@ in { ]; }; - virtualisation.oci-containers.containers.calibre-web = let - innerPort = 8083; - in { + virtualisation.oci-containers.containers.calibre-web = { hostname = "calibre-web"; - image = "lscr.io/linuxserver/calibre-web:0.6.24"; + image = "lscr.io/linuxserver/calibre-web:latest"; autoStart = true; ports = [ # Open ports if you don't use Traefik - "8083:${toString innerPort}" # Web UI + "8083:8083" # Web UI ]; extraOptions = [ "--network=${networkName}" @@ -169,16 +156,11 @@ in { #OAUTHLIB_RELAX_TOKEN_SCOPE = "1"; }; volumes = [ - "${calibre-web-config}:/config" + "/srv/calibre-web-config:/config" - "${books}:/media/books" + "/srv/books:/media/books" ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.calibre-web.rule" = "Host(`books.depeuter.dev`)"; - "traefik.http.services.calibre-web.loadbalancer.server.port" = toString innerPort; - }; }; - }) + } ]; } diff --git a/modules/apps/default.nix b/modules/apps/default.nix index 81c6a06..2d487e8 100644 --- a/modules/apps/default.nix +++ b/modules/apps/default.nix @@ -1,7 +1,6 @@ { imports = [ ./arr - ./bind9 ./calibre ./changedetection ./freshrss diff --git a/modules/apps/traefik/default.nix b/modules/apps/traefik/default.nix deleted file mode 100644 index 7f6ce38..0000000 --- a/modules/apps/traefik/default.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.homelab.apps.traefik; - - port = 8080; -in { - options.homelab.apps.traefik = { - enable = lib.mkEnableOption "Traefik Reverse Proxy"; - sharedNetworkName = lib.mkOption { - type = lib.types.str; - default = "traefik"; - description = "The name of the shared network to connect the container to."; - }; - }; - - config = lib.mkIf cfg.enable { - homelab.virtualisation.containers.enable = true; - - # Make sure the Docker network exists. - systemd.services."docker-${cfg.sharedNetworkName}-create-network" = { - description = "Create Docker network for ${cfg.sharedNetworkName}"; - requiredBy = [ - "docker-traefik.service" - ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - if ! ${pkgs.docker}/bin/docker network ls | grep -q ${cfg.sharedNetworkName}; then - ${pkgs.docker}/bin/docker network create ${cfg.sharedNetworkName} - fi - ''; - }; - - virtualisation.oci-containers.containers.traefik = { - hostname = "traefik"; - image = "traefik:v3.4.3"; - autoStart = true; - ports = [ - "80:80/tcp" - "443:443/tcp" - "${toString port}:${toString port}/tcp" # Web UI (enabled by --api.insecure=true) - ]; - extraOptions = [ - "--network=${cfg.sharedNetworkName}" - ]; - environmentFiles = [ - /home/admin/.cloudflare.secret - ]; - cmd = [ - "--api.insecure=true" - - # Add Docker provider - "--providers.docker=true" - "--providers.docker.exposedByDefault=false" - - # Add web entrypoint - "--entrypoints.web.address=:80/tcp" - "--entrypoints.web.http.redirections.entrypoint.to=websecure" - "--entrypoints.web.http.redirections.entrypoint.scheme=https" - - # Add websecure entrypoint - "--entrypoints.websecure.address=:443/tcp" - "--entrypoints.websecure.http.tls=true" - "--entrypoints.websecure.http.tls.certResolver=letsencrypt" - "--entrypoints.websecure.http.tls.domains[0].main=depeuter.dev" - "--entrypoints.websecure.http.tls.domains[0].sans=*.depeuter.dev" - "--entrypoints.websecure.http.tls.domains[1].sans=*.${config.networking.hostName}.depeuter.dev" - - # Certificates - "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" - "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" - "--certificatesresolvers.letsencrypt.acme.email=tibo.depeuter@telenet.be" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" - ]; - volumes = [ - "letsencryp:/letsencrypt" - - "/var/run/docker.sock:/var/run/docker.sock:ro" - ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.traefik.rule" = "Host(`traefik.${config.networking.hostName}.depeuter.dev`)"; - "traefik.http.services.traefik.loadbalancer.server.port" = toString port; - }; - }; - }; -} diff --git a/modules/apps/vaultwarden/default.nix b/modules/apps/vaultwarden/default.nix index 4510299..a2f8d0a 100644 --- a/modules/apps/vaultwarden/default.nix +++ b/modules/apps/vaultwarden/default.nix @@ -54,7 +54,7 @@ in { dbHostname = "vaultwarden-db"; dbPort = 5432; in { - vaultwardenDb = { + vaultwarden-db = { hostname = dbHostname; image = "postgres:15.8-alpine"; autoStart = true; @@ -77,7 +77,7 @@ in { dataDir = "/data"; in { hostname = "vaultwarden"; - image = "vaultwarden/server:1.34.3-alpine"; + image = "vaultwarden/server:1.33.2-alpine"; autoStart = true; ports = [ "${toString cfg.port}:80/tcp" @@ -86,7 +86,7 @@ in { "--network=${networkName}" ]; dependsOn = [ - "vaultwardenDb" + dbHostname ]; volumes = [ "vaultwarden:${dataDir}"