move stuff to fridge

Author: buurro

hosts/blender/configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, inputs, ... }:
+{ pkgs, ... }:
 {
   imports = [
     ./hardware-configuration.nix
@@ -31,134 +31,6 @@
     dockerCompat = true;
   };
 
-  networking.vpn = {
-    enable = true;
-    wgConfigFile = "/var/lib/secrets/wg0.conf";
-    ip = "10.197.52.6/24";
-    portForwards = {
-      # note: this string becomes the service name
-      "portforward-transmission" = {
-        localPort = 9091;
-        namespacePort = 9091;
-      };
-    };
-    services = [
-      "transmission"
-    ];
-  };
-
-  services.k3s = {
-    enable = false;
-    role = "server";
-    extraFlags = toString [
-      "--disable=traefik"
-    ];
-  };
-
-  services.transmission = {
-    enable = true;
-    package = pkgs.transmission_4.overrideAttrs (finalAttrs: previousAttrs: {
-      version = "4.0.5";
-      src = pkgs.fetchFromGitHub {
-        owner = "transmission";
-        repo = "transmission";
-        rev = finalAttrs.version;
-        hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4=";
-        fetchSubmodules = true;
-      };
-    });
-    openRPCPort = true;
-    settings = {
-      download-dir = "/mnt/nas-fun/downloads/complete";
-      incomplete-dir = "/mnt/nas-fun/downloads/incomplete";
-      watch-dir = "/mnt/nas-fun/downloads/watch";
-      watch-dir-enabled = true;
-      speed-limit-up = 1000;
-      speed-limit-up-enabled = true;
-      alt-speed-up = 0;
-      alt-speed-down = 0;
-      peer-port = 51414;
-      download-queue-size = 20;
-      rpc-whitelist-enabled = false;
-      rpc-bind-address = "0.0.0.0";
-      rpc-host-whitelist-enabled = false;
-      ratio-limit-enabled = true;
-      ratio-limit = 3;
-    };
-  };
-  systemd.services.transmission = {
-    after = [ "mnt-nas\\x2dfun.mount" ];
-    requires = [ "mnt-nas\\x2dfun.mount" ];
-  };
-  services.nginx.virtualHosts."torrent.pine.marco.ooo" = {
-    forceSSL = true;
-    useACMEHost = "pine.marco.ooo";
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:9091";
-    };
-  };
-
-  security.acme.acceptTerms = true;
-  security.acme.defaults = {
-    email = inputs.self.users.marco.email;
-    # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
-    group = "nginx";
-    dnsProvider = "cloudflare";
-    credentialsFile = "/var/lib/secrets/cloudflare-blender-acme";
-    # dnsPropagationCheck = false;
-    # dnsResolver = "1.1.1.1:53";
-  };
-  security.acme.certs."pine.marco.ooo" = {
-    domain = "*.pine.marco.ooo";
-  };
-
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    clientMaxBodySize = "200m";
-  };
-
-  services.sonarr = {
-    enable = true;
-    user = "nas";
-    group = "users";
-  };
-  services.nginx.virtualHosts."sonarr.pine.marco.ooo" = {
-    forceSSL = true;
-    useACMEHost = "pine.marco.ooo";
-    locations."/" = {
-      proxyPass = "http://localhost:8989";
-      proxyWebsockets = true;
-    };
-  };
-
-  services.radarr = {
-    enable = true;
-    user = "nas";
-    group = "users";
-  };
-  services.nginx.virtualHosts."radarr.pine.marco.ooo" = {
-    forceSSL = true;
-    useACMEHost = "pine.marco.ooo";
-    locations."/" = {
-      proxyPass = "http://localhost:7878";
-      proxyWebsockets = true;
-    };
-  };
-
-  services.jellyseerr = {
-    enable = true;
-  };
-  services.nginx.virtualHosts."jellyseerr.pine.marco.ooo" = {
-    forceSSL = true;
-    useACMEHost = "pine.marco.ooo";
-    locations."/" = {
-      proxyPass = "http://localhost:${toString config.services.jellyseerr.port}";
-      proxyWebsockets = true;
-    };
-  };
-
   services.qemuGuest.enable = true;
 
   fileSystems."/mnt/nas-fun" = {

hosts/fridge/configuration.nix

@@ -1,11 +1,130 @@
-{ ... }: {
+{ pkgs, config, inputs, ... }: {
   imports = [
     ./disk-config.nix
     ./hardware-config.nix
+    ../../modules/nixos/network-stuff.nix
   ];
 
   networking.hostName = "fridge";
 
+  networking.firewall = {
+    allowedTCPPorts = [
+      80
+      443
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    iftop
+  ];
+
+  networking.vpn = {
+    enable = true;
+    wgConfigFile = "/mnt/persist/var/lib/secrets/wg0.conf";
+    ip = "10.197.52.11/24";
+    portForwards = {
+      # note: this string becomes the service name
+      "portforward-transmission" = {
+        localPort = 9091;
+        namespacePort = 9091;
+      };
+    };
+    services = [
+      "transmission"
+    ];
+  };
+
+  users.users."nas" = {
+    uid = 1024;
+    isSystemUser = true;
+    group = "users";
+  };
+
+  services.transmission = {
+    enable = true;
+
+    package = pkgs.transmission_4.overrideAttrs (finalAttrs: previousAttrs: {
+      version = "4.0.5";
+      src = pkgs.fetchFromGitHub {
+        owner = "transmission";
+        repo = "transmission";
+        rev = finalAttrs.version;
+        hash = "sha256-gd1LGAhMuSyC/19wxkoE2mqVozjGPfupIPGojKY0Hn4=";
+        fetchSubmodules = true;
+      };
+    });
+
+    home = "/mnt/persist/var/lib/transmission";
+
+    settings = {
+      download-dir = "/mnt/nas-fun/downloads/complete";
+      incomplete-dir = "/mnt/nas-fun/downloads/incomplete";
+      watch-dir = "/mnt/nas-fun/downloads/watch";
+      watch-dir-enabled = true;
+      speed-limit-up = 1000;
+      speed-limit-up-enabled = true;
+      alt-speed-up = 0;
+      alt-speed-down = 0;
+      peer-port = 51414;
+      download-queue-size = 20;
+      rpc-whitelist-enabled = false;
+      rpc-bind-address = "0.0.0.0";
+      rpc-host-whitelist-enabled = false;
+      ratio-limit-enabled = true;
+      ratio-limit = 3;
+    };
+  };
+
+  systemd.services.transmission = {
+    after = [ "mnt-nas\\x2dfun.mount" ];
+    requires = [ "mnt-nas\\x2dfun.mount" ];
+  };
+
+  services.sonarr = {
+    enable = true;
+    dataDir = "/mnt/persist/var/lib/sonarr/.config/NzbDrone";
+    user = "nas";
+    group = "users";
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    clientMaxBodySize = "200m";
+    virtualHosts = {
+      "sonarr.risaro.la" = {
+        forceSSL = true;
+        useACMEHost = "risaro.la";
+        locations."/" = {
+          proxyPass = "http://localhost:${toString config.services.sonarr.settings.server.port}";
+          proxyWebsockets = true;
+        };
+      };
+      "torrent.risaro.la" = {
+        forceSSL = true;
+        useACMEHost = "risaro.la";
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString config.services.transmission.settings.rpc-port}";
+        };
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = inputs.self.users.marco.email;
+      # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+      group = "nginx";
+      dnsProvider = "cloudflare";
+      credentialsFile = "/mnt/persist/var/lib/secrets/cloudflare-fridge-acme";
+    };
+    certs."risaro.la" = {
+      domain = "*.risaro.la";
+    };
+  };
+
   services.qemuGuest.enable = true;
 
   services.openssh.hostKeys = [