adding jeeves

2026-04-17 13:08:19 -04:00 · 2024-09-13 20:58:40 -04:00
parent ceaaa5dc2d
commit 1dff87b044
20 changed files with 852 additions and 16 deletions
--- a/systems/jeeves/docker/default.nix
+++ b/systems/jeeves/docker/default.nix
@@ -0,0 +1,11 @@
+{ lib, ... }:
+{
+  imports =
+    let
+      files = builtins.attrNames (builtins.readDir ./.);
+      nixFiles = builtins.filter (name: lib.hasSuffix ".nix" name && name != "default.nix") files;
+    in
+    map (file: ./. + "/${file}") nixFiles;
+
+  virtualisation.oci-containers.backend = "docker";
+}
--- a/systems/jeeves/docker/filebrowser.nix
+++ b/systems/jeeves/docker/filebrowser.nix
@@ -0,0 +1,15 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  virtualisation.oci-containers.containers.filebrowser = {
+    image = "hurlenko/filebrowser:latest";
+    extraOptions = [ "--network=web" ];
+    volumes = [
+      "/zfs:/data"
+      "${vars.media_docker_configs}/filebrowser:/config"
+    ];
+    autoStart = true;
+    user = "1000:users";
+  };
+}
--- a/systems/jeeves/docker/haproxy.cfg
+++ b/systems/jeeves/docker/haproxy.cfg
@@ -0,0 +1,68 @@
+global
+  log stdout format raw local0
+  # stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+  stats timeout 30s
+
+defaults
+  log global
+  mode http
+  retries 3
+  maxconn 2000
+  timeout connect 5s
+  timeout client 50s
+  timeout server 50s
+  timeout http-request 10s
+  timeout http-keep-alive 2s
+  timeout queue 5s
+  timeout tunnel 2m
+  timeout client-fin 1s
+  timeout server-fin 1s
+
+
+#Application Setup
+frontend ContentSwitching
+  bind *:80
+  bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
+  mode  http
+  # tmmworkshop.com
+  acl host_mirror   hdr(host) -i mirror.tmmworkshop.com
+  acl host_dndrules hdr(host) -i dndrules.tmmworkshop.com
+  acl host_grafana  hdr(host) -i grafana.tmmworkshop.com
+  acl host_filebrowser  hdr(host) -i filebrowser.tmmworkshop.com
+  acl host_uptime_kuma  hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
+  acl host_overseerr  hdr(host) -i overseerr.tmmworkshop.com
+
+  use_backend mirror_nodes   if host_mirror
+  use_backend dndrules_nodes if host_dndrules
+  use_backend grafana_nodes  if host_grafana
+  use_backend filebrowser_nodes  if host_filebrowser
+  use_backend uptime_kuma_nodes  if host_uptime_kuma
+  use_backend overseerr_nodes  if host_overseerr
+
+backend mirror_nodes
+  mode http
+  server server arch_mirror:80
+
+backend mirror_rsync
+  mode http
+  server server arch_mirror:873
+
+backend grafana_nodes
+  mode http
+  server server grafana:3000
+
+backend dndrules_nodes
+  mode http
+  server server dnd_file_server:80
+
+backend filebrowser_nodes
+  mode http
+  server server filebrowser:8080
+
+backend uptime_kuma_nodes
+  mode http
+  server server uptime_kuma:3001
+
+backend overseerr_nodes
+  mode http
+  server server overseerr:5055
--- a/systems/jeeves/docker/internal.nix
+++ b/systems/jeeves/docker/internal.nix
@@ -0,0 +1,145 @@
+{ config, ... }:
+let
+  vars = import ../vars.nix;
+in
+{
+  virtualisation.oci-containers.containers = {
+    qbit = {
+      image = "ghcr.io/linuxserver/qbittorrent:latest";
+      ports = [
+        "6881:6881"
+        "6881:6881/udp"
+        "8082:8082"
+        "29432:29432"
+      ];
+      volumes = [
+        "${vars.media_docker_configs}/qbit:/config"
+        "${vars.torrenting_qbit}:/data"
+      ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+        WEBUI_PORT = "8082";
+      };
+      autoStart = true;
+    };
+    qbitvpn = {
+      image = "binhex/arch-qbittorrentvpn:latest";
+      extraOptions = [ "--cap-add=NET_ADMIN" ];
+      ports = [
+        "6882:6881"
+        "6882:6881/udp"
+        "8081:8081"
+        "8118:8118"
+      ];
+      volumes = [
+        "${vars.media_docker_configs}/qbitvpn:/config"
+        "${vars.torrenting_qbitvpn}:/data"
+        "/etc/localtime:/etc/localtime:ro"
+      ];
+      environment = {
+        WEBUI_PORT = "8081";
+        PUID = "600";
+        PGID = "100";
+        VPN_ENABLED = "yes";
+        VPN_CLIENT = "openvpn";
+        STRICT_PORT_FORWARD = "yes";
+        ENABLE_PRIVOXY = "yes";
+        LAN_NETWORK = "192.168.90.0/24";
+        NAME_SERVERS = "1.1.1.1,1.0.0.1";
+        UMASK = "000";
+        DEBUG = "false";
+        DELUGE_DAEMON_LOG_LEVEL = "debug";
+        DELUGE_WEB_LOG_LEVEL = "debug";
+      };
+      # environmentFiles = [ config.sops.secrets."docker/qbit_vpn".path ];
+      autoStart = true;
+    };
+    bazarr = {
+      image = "ghcr.io/linuxserver/bazarr:latest";
+      ports = [ "6767:6767" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [
+        "${vars.media_docker_configs}/bazarr:/config"
+        "${vars.storage_plex}/movies:/movies"
+        "${vars.storage_plex}/tv:/tv"
+      ];
+      autoStart = true;
+    };
+    prowlarr = {
+      image = "ghcr.io/linuxserver/prowlarr:latest";
+      ports = [ "9696:9696" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [ "${vars.media_docker_configs}/prowlarr:/config" ];
+      autoStart = true;
+    };
+    radarr = {
+      image = "ghcr.io/linuxserver/radarr:latest";
+      ports = [ "7878:7878" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [
+        "${vars.media_docker_configs}/radarr:/config"
+        "${vars.storage_plex}/movies:/movies"
+        "${vars.torrenting_qbitvpn}:/data"
+      ];
+      autoStart = true;
+    };
+    sonarr = {
+      image = "ghcr.io/linuxserver/sonarr:latest";
+      ports = [ "8989:8989" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [
+        "${vars.media_docker_configs}/sonarr:/config"
+        "${vars.storage_plex}/tv:/tv"
+        "${vars.torrenting_qbitvpn}:/data"
+      ];
+      autoStart = true;
+    };
+    overseerr = {
+      image = "ghcr.io/linuxserver/overseerr";
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+      };
+      volumes = [ "${vars.media_docker_configs}/overseerr:/config" ];
+      dependsOn = [
+        "radarr"
+        "sonarr"
+      ];
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+    whisper = {
+      image = "ghcr.io/linuxserver/faster-whisper:latest";
+      ports = [ "10300:10300" ];
+      environment = {
+        PUID = "600";
+        PGID = "100";
+        TZ = "America/New_York";
+        WHISPER_MODEL = "tiny-int8";
+        WHISPER_LANG = "en";
+        WHISPER_BEAM = "1";
+      };
+      volumes = [ "${vars.media_docker_configs}/whisper:/config" ];
+      autoStart = true;
+    };
+  };
+}
--- a/systems/jeeves/docker/postgresql.nix
+++ b/systems/jeeves/docker/postgresql.nix
@@ -0,0 +1,33 @@
+{ config, ... }:
+let
+  vars = import ../vars.nix;
+in
+{
+  users = {
+    users.postgres = {
+      isSystemUser = true;
+      group = "postgres";
+      uid = 999;
+    };
+    groups.postgres = {
+      gid = 999;
+    };
+  };
+
+  virtualisation.oci-containers.containers = {
+    postgres = {
+      image = "postgres:16";
+      ports = [ "5432:5432" ];
+      volumes = [ "${vars.media_database}/postgres:/var/lib/postgresql/data" ];
+      environment = {
+        POSTGRES_USER = "admin";
+        POSTGRES_DB = "archive";
+        POSTGRES_INITDB_ARGS = "--auth-host=scram-sha-256";
+      };
+      # environmentFiles = [ config.sops.secrets."docker/postgres".path ];
+      autoStart = true;
+      user = "postgres:postgres";
+    };
+  };
+
+}
--- a/systems/jeeves/docker/uptime_kuma.nix
+++ b/systems/jeeves/docker/uptime_kuma.nix
@@ -0,0 +1,16 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  virtualisation.oci-containers.containers = {
+    uptime_kuma = {
+      image = "louislam/uptime-kuma:latest";
+      volumes = [
+        "${vars.media_docker_configs}/uptime_kuma:/app/data"
+        "/var/run/docker.sock:/var/run/docker.sock"
+      ];
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+  };
+}
--- a/systems/jeeves/docker/web.nix
+++ b/systems/jeeves/docker/web.nix
@@ -0,0 +1,57 @@
+{ config, ... }:
+let
+  vars = import ../vars.nix;
+in
+{
+  virtualisation.oci-containers.containers = {
+    grafana = {
+      image = "grafana/grafana-enterprise:latest";
+      volumes = [ "${vars.media_docker_configs}/grafana:/var/lib/grafana" ];
+      user = "600:600";
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+    dnd_file_server = {
+      image = "ubuntu/apache2:latest";
+      volumes = [
+        "${../../../users/richie/global/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
+        "${vars.storage_main}/Table_Top/:/data"
+      ];
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+    haproxy = {
+      image = "haproxy:latest";
+      user = "600:600";
+      environment = {
+        TZ = "Etc/EST";
+      };
+      volumes = [
+        # "${config.sops.secrets."docker/haproxy_cert".path}:/etc/ssl/certs/cloudflare.pem"
+        "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
+      ];
+      dependsOn = [
+        "arch_mirror"
+        "dnd_file_server"
+        "filebrowser"
+        "grafana"
+        "overseerr"
+        "uptime_kuma"
+      ];
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+    cloud_flare_tunnel = {
+      image = "cloudflare/cloudflared:latest";
+      user = "600:600";
+      cmd = [
+        "tunnel"
+        "run"
+      ];
+      # environmentFiles = [ config.sops.secrets."docker/cloud_flare_tunnel".path ];
+      dependsOn = [ "haproxy" ];
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+  };
+}