nixfiles/hosts/hetzner-arm/containers/storage/default.nix

132 lines
3.7 KiB
Nix
Raw Normal View History

{
2023-09-18 03:56:58 +01:00
self,
hostPath,
tree,
lib,
inputs,
pkgs,
...
}: let
2023-09-18 03:56:58 +01:00
inherit (lib.attrsets) attrValues;
containerAddresses = import "${hostPath}/data/containerAddresses.nix";
hostIP = containerAddresses.host;
containerIP = containerAddresses.containers.storage;
2023-09-02 16:10:12 +01:00
# 32GB
clientMaxBodySize = "${toString (8192 * 4)}M";
2023-09-18 03:56:58 +01:00
ports = import ./data/ports.nix;
in {
containers.storage = {
autoStart = true;
privateNetwork = true;
hostAddress = hostIP;
localAddress = containerIP;
bindMounts = {
"/dev/fuse" = {
hostPath = "/dev/fuse";
isReadOnly = false;
};
};
# Allow rclone mount in container
allowedDevices = [
{
modifier = "rwm";
node = "/dev/fuse";
}
{
modifier = "rwm";
node = "/dev/mapper/control";
}
];
specialArgs = {
inherit inputs;
inherit tree;
2023-09-18 03:56:58 +01:00
inherit self;
inherit hostPath;
};
config = {...}: {
nixpkgs.pkgs = pkgs;
imports = with tree;
[
presets.nixos.containerBase
2023-09-14 19:44:27 +01:00
./secrets.nix
]
++ (with hosts.hetzner-arm.containers.storage.profiles; [
2023-09-18 03:56:58 +01:00
rcloneConfigs
rcloneServe
rcloneSync
users
]);
environment.systemPackages = with pkgs; [
rclone
fuse
fuse3
];
networking.firewall = {
enable = true;
2023-09-18 03:56:58 +01:00
allowedTCPPorts = attrValues ports;
};
home-manager.users.root.home.stateVersion = "23.05";
system.stateVersion = "23.05";
};
};
services.nginx.virtualHosts."storage-webdav.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/Main/".proxyPass = "http://${containerIP}:${toString ports.webdav_main}";
"/Media/".proxyPass = "http://${containerIP}:${toString ports.webdav_media}";
"/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.webdav_music_ro}";
"/Public/".proxyPass = "http://${containerIP}:${toString ports.webdav_public}";
"/Uploads/".proxyPass = "http://${containerIP}:${toString ports.webdav_uploads}";
};
2023-09-02 16:10:12 +01:00
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
'';
};
services.nginx.virtualHosts."storage-http.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/Music/".proxyPass = "http://${containerIP}:${toString ports.http_music}";
"/Public/".proxyPass = "http://${containerIP}:${toString ports.http_public}";
"/Uploads/".proxyPass = "http://${containerIP}:${toString ports.http_uploads_public}";
};
2023-09-02 16:10:12 +01:00
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
'';
};
services.nginx.virtualHosts."storage-restic.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/Music/".proxyPass = "http://${containerIP}:${toString ports.restic_music}";
"/Vault/".proxyPass = "http://${containerIP}:${toString ports.restic_vault}";
"/Social/".proxyPass = "http://${containerIP}:${toString ports.restic_social}";
"/Quassel/".proxyPass = "http://${containerIP}:${toString ports.restic_quassel}";
"/PostgreSQL/".proxyPass = "http://${containerIP}:${toString ports.restic_postgresql}";
"/Mail/".proxyPass = "http://${containerIP}:${toString ports.restic_mail}";
"/Forgejo/".proxyPass = "http://${containerIP}:${toString ports.restic_forgejo}";
"/CalDAV/".proxyPass = "http://${containerIP}:${toString ports.restic_caldav}";
2023-10-27 17:44:32 +01:00
"/Owncast/".proxyPass = "http://${containerIP}:${toString ports.restic_owncast}";
"/Jellyfin/".proxyPass = "http://${containerIP}:${toString ports.restic_jellyfin}";
};
2023-09-02 16:10:12 +01:00
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
'';
};
}