diff --git a/hosts/Production/default.nix b/hosts/Production/default.nix index 9bb565d..cd929ff 100644 --- a/hosts/Production/default.nix +++ b/hosts/Production/default.nix @@ -3,10 +3,7 @@ { config = { homelab = { - apps = { - calibre.enable = true; - traefik.enable = true; - }; + apps.changedetection.enable = true; virtualisation.guest.enable = true; }; diff --git a/modules/apps/arr/default.nix b/modules/apps/arr/default.nix index e2c0df5..5cff39c 100644 --- a/modules/apps/arr/default.nix +++ b/modules/apps/arr/default.nix @@ -243,7 +243,7 @@ in { port = 6767; in lib.mkIf cfg.bazarr.enable { hostname = "bazarr"; - image = "ghcr.io/hotio/bazarr:release-1.5.2"; + image = "ghcr.io/hotio/bazarr:release-1.4.4"; autoStart = true; ports = lib.mkIf cfg.bazarr.exposePorts [ "${toString port}:${toString port}/tcp" @@ -279,7 +279,7 @@ in { port = 9696; in lib.mkIf cfg.prowlarr.enable { hostname = "prowlarr"; - image = "ghcr.io/hotio/prowlarr:release-2.0.5.5160"; + image = "ghcr.io/hotio/prowlarr:release-1.23.1.4708"; autoStart = true; ports = lib.mkIf cfg.prowlarr.exposePorts [ "${toString port}:${toString port}/tcp" @@ -310,7 +310,7 @@ in { port = 10095; in lib.mkIf cfg.qbittorrent.enable { hostname = "qbittorrent"; - image = "ghcr.io/hotio/qbittorrent:release-5.1.2"; + image = "ghcr.io/hotio/qbittorrent:release-4.6.7"; autoStart = true; ports = lib.mkIf cfg.qbittorrent.exposePorts [ "${toString port}:${toString port}/tcp" @@ -343,7 +343,7 @@ in { port = 7878; in lib.mkIf cfg.radarr.enable { hostname = "radarr"; - image = "ghcr.io/hotio/radarr:testing-5.28.0.10205"; + image = "ghcr.io/hotio/radarr:release-5.9.1.9070"; autoStart = true; ports = lib.mkIf cfg.radarr.exposePorts [ "${toString port}:${toString port}/tcp" @@ -377,7 +377,7 @@ in { port = 8989; in lib.mkIf cfg.sonarr.enable { hostname = "sonarr"; - image = "ghcr.io/hotio/sonarr:release-4.0.15.2941"; + image = "ghcr.io/hotio/sonarr:release-4.0.9.2244"; autoStart = true; ports = lib.mkIf cfg.sonarr.exposePorts [ "${toString port}:${toString port}/tcp" diff --git a/modules/apps/calibre/default.nix b/modules/apps/calibre/default.nix index bddf5c8..aa00c89 100644 --- a/modules/apps/calibre/default.nix +++ b/modules/apps/calibre/default.nix @@ -11,7 +11,6 @@ let calibre-web-config = "/srv/calibre-web-config"; networkName = "calibre"; - proxyNet = config.homelab.apps.traefik.sharedNetworkName; in { options.homelab.apps.calibre = { enable = lib.mkEnableOption "Calibre (Desktop + Web)"; @@ -93,7 +92,7 @@ in { innerPort = 8080; in { hostname = "calibre"; - image = "lscr.io/linuxserver/calibre:v8.10.0-ls354"; + image = "lscr.io/linuxserver/calibre:8.5.0"; autoStart = true; ports = [ # Open ports if you don't use Traefik @@ -103,7 +102,6 @@ in { ]; extraOptions = [ "--network=${networkName}" - "--network=${proxyNet}" # syscalls are unkown to Docker #"--security-opt" "seccomp=unconfined" @@ -124,7 +122,6 @@ in { ]; labels = { "traefik.enable" = "true"; - "traefik.docker.network" = proxyNet; "traefik.http.routers.calibre.rule" = "Host(`calibre.depeuter.dev`)"; "traefik.http.services.calibre.loadbalancer.server.port" = toString innerPort; }; @@ -151,7 +148,7 @@ in { innerPort = 8083; in { hostname = "calibre-web"; - image = "lscr.io/linuxserver/calibre-web:0.6.25-ls346"; + image = "lscr.io/linuxserver/calibre-web:0.6.24"; autoStart = true; ports = [ # Open ports if you don't use Traefik @@ -159,7 +156,6 @@ in { ]; extraOptions = [ "--network=${networkName}" - "--network=${proxyNet}" ]; environment = { inherit PUID PGID; @@ -179,7 +175,6 @@ in { ]; labels = { "traefik.enable" = "true"; - "traefik.docker.network" = proxyNet; "traefik.http.routers.calibre-web.rule" = "Host(`books.depeuter.dev`)"; "traefik.http.services.calibre-web.loadbalancer.server.port" = toString innerPort; }; diff --git a/modules/apps/default.nix b/modules/apps/default.nix index 7c8b8f8..81c6a06 100644 --- a/modules/apps/default.nix +++ b/modules/apps/default.nix @@ -10,7 +10,6 @@ ./plex ./speedtest ./technitium-dns - ./traefik ./vaultwarden ]; } diff --git a/modules/apps/jellyfin/default.nix b/modules/apps/jellyfin/default.nix index 011f56b..5b4081a 100644 --- a/modules/apps/jellyfin/default.nix +++ b/modules/apps/jellyfin/default.nix @@ -4,7 +4,6 @@ let cfg = config.homelab.apps.jellyfin; networkName = "jellyfin"; - inherit (config.homelab.fileSystems) media; UID = 3008; GID = config.users.groups.media.gid; @@ -13,11 +12,6 @@ in { config = lib.mkIf cfg.enable { homelab = { - fileSystems.media.video = { - enable = true; - permissions = [ "read" ]; - }; - users = { apps.enable = true; media.enable = true; @@ -38,6 +32,18 @@ in { ]; }; + "/srv/video" = { + device = "192.168.0.11:/mnt/SMALL/MEDIA/VIDEO"; + fsType = "nfs"; + options = [ + "ro" + "nfsvers=4.2" + "async" "soft" + "timeo=100" "retry=50" "actimeo=1800" "lookupcache=all" + "nosuid" "tcp" + ]; + }; + "/srv/homevideo" = { device = "192.168.0.11:/mnt/BIG/MEDIA/HOMEVIDEO/ARCHIVE"; fsType = "nfs"; @@ -95,7 +101,7 @@ in { virtualisation.oci-containers.containers = { jellyfin = { hostname = "jellyfin"; - image = "jellyfin/jellyfin:10.10.7"; + image = "jellyfin/jellyfin:10.10.0"; user = "${toString UID}:${toString GID}"; autoStart = true; ports = [ @@ -111,7 +117,7 @@ in { "cache:/cache" "/srv/audio:/media/audio" - "${media.video.hostPath}:/media/video" + "/srv/video:/media/video" "/srv/homevideo:/media/homevideo" "/srv/photo:/media/photo" ]; @@ -138,7 +144,7 @@ in { feishinPort = "9180"; in { hostname = "feishin"; - image = "ghcr.io/jeffvli/feishin:0.19.0"; + image = "ghcr.io/jeffvli/feishin:0.7.1"; autoStart = true; ports = [ "${feishinPort}:9180/tcp" # Web player (HTTP) diff --git a/modules/apps/penpot/default.nix b/modules/apps/penpot/default.nix deleted file mode 100644 index 0ec01cd..0000000 --- a/modules/apps/penpot/default.nix +++ /dev/null @@ -1,220 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.homelab.apps.penpot; - - networkName = "penpot"; - UID = config.users.users.apps.uid; - GID = config.users.groups.apps.gid; - - version = "2.5.4"; - - srvPath = "/srv/penpot"; - assetsPath = "/opt/data/assets"; - - PENPOT_FLAGS = "enable-smtp enable-prepl-server disable-secure-session-cookies disable-onboarding disable-registration"; - # Max body size (30MiB); Used for plain requests, should never be - # greater than multi-part size - PENPOT_HTTP_SERVER_MAX_BODY_SIZE = "31457280"; - # Max multipart body size (350MiB) - PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE = "367001600"; - - dbName = "penpot"; - dbUser = "penpot"; - dbPass = "penpot"; - - docker = config.virtualisation.oci-containers.containers; -in { - options.homelab.apps.penpot.enable = lib.mkEnableOption "Penpot using Docker"; - - config = lib.mkIf cfg.enable { - homelab = { - users.apps.enable = true; - virtualisation.containers.enable = true; - }; - - fileSystems."${srvPath}" = { - device = "192.168.0.11:/mnt/SMALL/CONFIG/PENPOT"; - fsType = "nfs"; - options = [ - "rw" - "nfsvers=4.2" - "sync" "hard" "timeo=600" - "retrans=2" - "_netdev" - "nosuid" "tcp" - ]; - }; - - # Make sure the Docker network exists. - systemd.services."docker-${networkName}-create-network" = lib.mkIf cfg.enable { - description = "Create Docker network for ${networkName}"; - requiredBy = [ - "docker-penpot-frontend.service" - "docker-penpot-backend.service" - "docker-penpot-exporter.service" - "docker-penpot-postgres.service" - "docker-penpot-redis.service" - ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - script = '' - if ! ${pkgs.docker}/bin/docker network ls | grep -q ${networkName}; then - ${pkgs.docker}/bin/docker network create ${networkName} - fi - ''; - }; - - virtualisation.oci-containers.containers = let - frontendPort = 8080; - redisUri = "redis://${docker.penpot-redis.hostname}/0"; - in { - penpot-frontend = { - hostname = "penpot-frontend"; - image = "penpotapp/frontend:${version}"; - # user = "${toString UID}:${toString GID}"; - user = "0:${toString GID}"; - ports = [ - # "9001:${toString frontendPort}/tcp" - ]; - extraOptions = [ - "--network=${networkName}" - ]; - environment = { - inherit PENPOT_FLAGS; - inherit PENPOT_HTTP_SERVER_MAX_BODY_SIZE; - inherit PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE; - }; - volumes = [ - "${srvPath}:${assetsPath}" - ]; - dependsOn = [ - docker.penpot-backend.hostname - docker.penpot-exporter.hostname - ]; - labels = { - "traefik.enable" = "true"; - "traefik.http.routers.penpot.rule" = "Host(`penpot.depeuter.dev`)"; - "traefik.http.services.penpot.loadbalancer.server.port" = toString frontendPort; - "traefik.tls.options.default.minVersion" = "VersionTLS13"; - }; - autoStart = true; - }; - penpot-backend = { - hostname = "penpot-backend"; - image = "penpotapp/backend:latest"; - # user = "${toString UID}:${toString GID}"; - user = "0:${toString GID}"; - extraOptions = [ - "--network=${networkName}" - ]; - environmentFiles = [ - /home/admin/.penpot.secret - ]; - environment = { - inherit PENPOT_FLAGS; - inherit PENPOT_HTTP_SERVER_MAX_BODY_SIZE; - inherit PENPOT_HTTP_SERVER_MAX_MULTIPART_BODY_SIZE; - - PENPOT_PUBLIC_URI = "https://penpot.depeuter.dev"; - - ## Database connection parameters. Don't touch them unless you are using custom - ## postgresql connection parameters. - - PENPOT_DATABASE_URI = "postgresql://${docker.penpot-postgres.hostname}/${dbName}"; - PENPOT_DATABASE_USERNAME = dbUser; - PENPOT_DATABASE_PASSWORD = dbPass; - - ## Redis is used for the websockets notifications. Don't touch unless the redis - ## container has different parameters or different name. - - PENPOT_REDIS_URI = redisUri; - - ## Default configuration for assets storage: using filesystem based with all files - ## stored in a docker volume. - - PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs"; - PENPOT_STORAGE_ASSETS_FS_DIRECTORY = assetsPath; - - ## Telemetry. When enabled, a periodical process will send anonymous data about this - ## instance. Telemetry data will enable us to learn how the application is used, - ## based on real scenarios. If you want to help us, please leave it enabled. You can - ## audit what data we send with the code available on github. - - PENPOT_TELEMETRY_ENABLED = "false"; - PENPOT_TELEMETRY_REFERER = "compose"; - - # PENPOT_SMTP_HOST = "smtp.gmail.com"; - # PENPOT_SMTP_PORT = "465"; - # PENPOT_SMTP_USERNAME: "kmtl.hugo@gmail.com"; - # PENPOT_SMTP_PASSWORD: - # PENPOT_SMTP_TLS: true - }; - volumes = [ - "${srvPath}:${assetsPath}" - ]; - dependsOn = [ - docker.penpot-postgres.hostname - docker.penpot-redis.hostname - ]; - autoStart = true; - }; - penpot-exporter = { - hostname = "penpot-exporter"; - image = "penpotapp/exporter:latest"; - extraOptions = [ - "--network=${networkName}" - ]; - environment = { - # Don't touch it; this uses an internal docker network to - # communicate with the frontend. - PENPOT_PUBLIC_URI = "http://${docker.penpot-frontend.hostname}:${toString frontendPort}"; - - ## Redis is used for the websockets notifications. - PENPOT_REDIS_URI = redisUri; - }; - dependsOn = [ - docker.penpot-redis.hostname - ]; - autoStart = true; - }; - penpot-postgres = { - hostname = "penpot-postgres"; - image = "postgres:15"; - extraOptions = [ - "--network=${networkName}" - "--health-cmd='pg_isready -U ${dbUser}'" - "--health-interval=2s" - "--health-retries=5" - "--health-timeout=10s" - "--health-start-period=2s" - ]; - environment = { - POSTGRES_INITDB_ARGS = "--data-checksums"; - POSTGRES_DB = dbName; - POSTGRES_USER = dbUser; - POSTGRES_PASSWORD = dbPass; - }; - volumes = [ - "penpot_postgres_v15:/var/lib/postgresql/data" - ]; - autoStart = true; - }; - penpot-redis = { - hostname = "penpot-redis"; - image = "redis:7.2"; - extraOptions = [ - "--network=${networkName}" - "--health-cmd='redis-cli ping | grep PONG'" - "--health-interval=1s" - "--health-retries=5" - "--health-timeout=3s" - "--health-start-period=3s" - ]; - autoStart = true; - }; - }; - }; -} diff --git a/modules/services/actions/default.nix b/modules/services/actions/default.nix index ea6b025..338b963 100644 --- a/modules/services/actions/default.nix +++ b/modules/services/actions/default.nix @@ -44,6 +44,6 @@ in { ]; }; }; + }; } -