From 8d48aa19f45d621d0ce234c81d3c930cb5b05eb5 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Thu, 4 May 2023 01:04:59 +0300 Subject: 2023-05-04 --- modules/nixos/default.nix | 1 + modules/nixos/jackett.nix | 33 +++++++++++++++++++++++++++++++++ modules/nixos/nsd.nix | 1 + modules/nixos/openssh.nix | 2 -- modules/nixos/unbound.nix | 1 + 5 files changed, 36 insertions(+), 2 deletions(-) create mode 100644 modules/nixos/jackett.nix (limited to 'modules/nixos') diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 3c4192d..3c6e61b 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -22,6 +22,7 @@ _: { ./grafana.nix ./hydra.nix ./ipfs.nix + ./jackett.nix ./k3s.nix ./kde.nix ./libvirtd.nix diff --git a/modules/nixos/jackett.nix b/modules/nixos/jackett.nix new file mode 100644 index 0000000..f8e45ba --- /dev/null +++ b/modules/nixos/jackett.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.jackett; +in { + options.nixfiles.modules.jackett = { + enable = mkEnableOption "Jackett"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "jackett.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + ark.directories = ["/var/lib/jackett"]; + + nixfiles.modules.nginx = { + enable = true; + upstreams.jackett.servers."127.0.0.1:9117" = {}; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://jackett"; + extraConfig = nginxInternalOnly; + }; + }; + + services.jackett.enable = true; + }; +} diff --git a/modules/nixos/nsd.nix b/modules/nixos/nsd.nix index 3659a7a..255c787 100644 --- a/modules/nixos/nsd.nix +++ b/modules/nixos/nsd.nix @@ -118,6 +118,7 @@ in { vaultwarden = manwe; flood = yavanna; + jackett = yavanna; lidarr = yavanna; }; } diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix index 164f5bb..22e4b51 100644 --- a/modules/nixos/openssh.nix +++ b/modules/nixos/openssh.nix @@ -17,8 +17,6 @@ in { }; config = mkIf cfg.server.enable { - # authorized_keys is not added here because it only contains my SSH keys and - # all non-declarative ones are located in the home directory. ark.files = [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index d24b79e..7805b02 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -133,6 +133,7 @@ in { localControlSocketPath = "/run/unbound/unbound.socket"; }; + # TODO Switch to https://github.com/letsencrypt/unbound_exporter. prometheus.exporters.unbound = { enable = true; listenAddress = mkDefault this.wireguard.ipv4.address; -- cgit 1.4.1