Richie/dotfiles
1
0
Fork 0
mirror of https://github.com/RichieCahill/dotfiles.git synced 2026-04-17 13:08:19 -04:00
Code Issues Packages Projects Releases Wiki Activity

enabled firewall on jeeves

Browse Source
This commit is contained in:
Richie Cahill
2024-10-25 13:45:17 -04:00
parent 5eb99e11a3
commit 366f7f2a7b
10 changed files with 164 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
systems/jeeves/default.nix
View File

@@ -35,6 +35,7 @@ in
plex = { plex = {
enable = true; enable = true;
dataDir = vars.media_plex; dataDir = vars.media_plex;
openFirewall = true;
}; };
smartd.enable = true; smartd.enable = true;

6
systems/jeeves/docker/haproxy.cfg
View File

@@ -30,6 +30,7 @@ frontend ContentSwitching
acl host_filebrowser hdr(host) -i filebrowser.tmmworkshop.com acl host_filebrowser hdr(host) -i filebrowser.tmmworkshop.com
acl host_grafana hdr(host) -i grafana.tmmworkshop.com acl host_grafana hdr(host) -i grafana.tmmworkshop.com
acl host_mirror hdr(host) -i mirror.tmmworkshop.com acl host_mirror hdr(host) -i mirror.tmmworkshop.com
acl host_photoprism hdr(host) -i photoprism.tmmworkshop.com
acl host_uptime_kuma hdr(host) -i uptimekuma-jeeves.tmmworkshop.com acl host_uptime_kuma hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
use_backend audiobookshelf_nodes if host_audiobookshelf use_backend audiobookshelf_nodes if host_audiobookshelf
@@ -37,6 +38,7 @@ frontend ContentSwitching
use_backend filebrowser_nodes if host_filebrowser use_backend filebrowser_nodes if host_filebrowser
use_backend grafana_nodes if host_grafana use_backend grafana_nodes if host_grafana
use_backend mirror_nodes if host_mirror use_backend mirror_nodes if host_mirror
use_backend photoprism_nodes if host_photoprism
use_backend uptime_kuma_nodes if host_uptime_kuma use_backend uptime_kuma_nodes if host_uptime_kuma
backend mirror_nodes backend mirror_nodes
@@ -55,6 +57,10 @@ backend filebrowser_nodes
mode http mode http
server server filebrowser:8080 server server filebrowser:8080
backend photoprism_nodes
mode http
server server photoprism:2342
backend uptime_kuma_nodes backend uptime_kuma_nodes
mode http mode http
server server uptime_kuma:3001 server server uptime_kuma:3001

85
systems/jeeves/docker/internal.nix
View File

@@ -1,85 +0,0 @@
let
vars = import ../vars.nix;
in
{
virtualisation.oci-containers.containers = {
qbit = {
image = "ghcr.io/linuxserver/qbittorrent:latest";
ports = [
"6881:6881"
"6881:6881/udp"
"8082:8082"
"29432:29432"
];
volumes = [
"${vars.media_docker_configs}/qbit:/config"
"${vars.torrenting_qbit}:/data"
];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
WEBUI_PORT = "8082";
};
autoStart = true;
};
qbitvpn = {
image = "binhex/arch-qbittorrentvpn:latest";
extraOptions = [ "--cap-add=NET_ADMIN" ];
ports = [
"6882:6881"
"6882:6881/udp"
"8081:8081"
"8118:8118"
];
volumes = [
"${vars.media_docker_configs}/qbitvpn:/config"
"${vars.torrenting_qbitvpn}:/data"
"/etc/localtime:/etc/localtime:ro"
];
environment = {
WEBUI_PORT = "8081";
PUID = "600";
PGID = "100";
VPN_ENABLED = "yes";
VPN_CLIENT = "openvpn";
STRICT_PORT_FORWARD = "yes";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.90.0/24";
NAME_SERVERS = "1.1.1.1,1.0.0.1";
UMASK = "000";
DEBUG = "false";
DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug";
};
environmentFiles = ["${vars.storage_secrets}/docker/qbitvpn"];
autoStart = true;
};
prowlarr = {
image = "ghcr.io/linuxserver/prowlarr:latest";
ports = [ "9696:9696" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.media_docker_configs}/prowlarr:/config" ];
autoStart = true;
};
sonarr = {
image = "ghcr.io/linuxserver/sonarr:latest";
ports = [ "8989:8989" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.media_docker_configs}/sonarr:/config"
"${vars.storage_plex}/tv:/tv"
"${vars.torrenting_qbitvpn}:/data"
];
autoStart = true;
};
};
}

26
systems/jeeves/docker/photoprism.nix
View File

@@ -2,12 +2,8 @@ let
vars = import ../vars.nix; vars = import ../vars.nix;
in in
{ {
virtualisation.oci-containers.containers.photoprism = {
virtualisation.oci-containers.containers = {
photoprism = {
image = "photoprism/photoprism:latest"; image = "photoprism/photoprism:latest";
ports = [ "2342:2342" ];
volumes = [ volumes = [
"${vars.media_docker_configs}/photoprism:/photoprism/storage" "${vars.media_docker_configs}/photoprism:/photoprism/storage"
"${vars.storage_photos}/originals:/photoprism/originals" "${vars.storage_photos}/originals:/photoprism/originals"
@@ -41,10 +37,7 @@ in
PHOTOPRISM_AUTO_IMPORT= "-1"; PHOTOPRISM_AUTO_IMPORT= "-1";
PHOTOPRISM_DETECT_NSFW="false"; PHOTOPRISM_DETECT_NSFW="false";
PHOTOPRISM_UPLOAD_NSFW="true"; PHOTOPRISM_UPLOAD_NSFW="true";
PHOTOPRISM_DATABASE_DRIVER="mysql"; PHOTOPRISM_DATABASE_DRIVER="sqlite";
PHOTOPRISM_DATABASE_SERVER="photoprism_mariadb:3306";
PHOTOPRISM_DATABASE_NAME="photoprism";
PHOTOPRISM_DATABASE_USER="photoprism";
PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App"; PHOTOPRISM_SITE_CAPTION="AI-Powered Photos App";
PHOTOPRISM_SITE_DESCRIPTION=""; PHOTOPRISM_SITE_DESCRIPTION="";
PHOTOPRISM_SITE_AUTHOR=""; PHOTOPRISM_SITE_AUTHOR="";
@@ -57,20 +50,5 @@ in
dependsOn = [ "photoprism_mariadb" ]; dependsOn = [ "photoprism_mariadb" ];
extraOptions = [ "--network=web" ]; extraOptions = [ "--network=web" ];
}; };
photoprism_mariadb = {
image = "mariadb:11";
volumes = [ "${vars.media_database}/photoprism_mariadb:/var/lib/photoprism_mariadb" ];
environment = {
MARIADB_AUTO_UPGRADE = "1";
MARIADB_INITDB_SKIP_TZINFO = "1";
MARIADB_DATABASE = "photoprism";
MARIADB_USER = "photoprism";
};
environmentFiles = ["${vars.storage_secrets}/docker/photoprism"];
cmd = [ "--innodb-buffer-pool-size=512M" "--transaction-isolation=READ-COMMITTED" "--character-set-server=utf8mb4" "--collation-server=utf8mb4_unicode_ci" "--max-connections=512" "--innodb-rollback-on-timeout=OFF" "--innodb-lock-wait-timeout=120" ];
autoStart = true;
extraOptions = [ "--network=web" ];
};
};
} }

19
systems/jeeves/docker/prowlarr.nix Normal file
View File

@@ -0,0 +1,19 @@
let
vars = import ../vars.nix;
in
{
networking.firewall = {
allowedTCPPorts = [ 9696 ];
};
virtualisation.oci-containers.containers.prowlarr = {
image = "ghcr.io/linuxserver/prowlarr:latest";
ports = [ "9696:9696" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [ "${vars.media_docker_configs}/prowlarr:/config" ];
autoStart = true;
};
}

29
systems/jeeves/docker/qbit.nix Normal file
View File

@@ -0,0 +1,29 @@
let
vars = import ../vars.nix;
in
{
networking.firewall = {
allowedTCPPorts = [ 6881 8082 29432 ];
allowedUDPPorts = [ 6881 ];
};
virtualisation.oci-containers.containers.qbit = {
image = "ghcr.io/linuxserver/qbittorrent:latest";
ports = [
"6881:6881"
"6881:6881/udp"
"8082:8082"
"29432:29432"
];
volumes = [
"${vars.media_docker_configs}/qbit:/config"
"${vars.torrenting_qbit}:/data"
];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
WEBUI_PORT = "8082";
};
autoStart = true;
};
}

41
systems/jeeves/docker/qbitvpn.nix Normal file
View File

@@ -0,0 +1,41 @@
let
vars = import ../vars.nix;
in
{
networking.firewall = {
allowedTCPPorts = [ 6882 8081 8118 ];
allowedUDPPorts = [ 6882 ];
};
virtualisation.oci-containers.containers.qbitvpn = {
image = "binhex/arch-qbittorrentvpn:latest";
extraOptions = [ "--cap-add=NET_ADMIN" ];
ports = [
"6882:6881"
"6882:6881/udp"
"8081:8081"
"8118:8118"
];
volumes = [
"${vars.media_docker_configs}/qbitvpn:/config"
"${vars.torrenting_qbitvpn}:/data"
"/etc/localtime:/etc/localtime:ro"
];
environment = {
WEBUI_PORT = "8081";
PUID = "600";
PGID = "100";
VPN_ENABLED = "yes";
VPN_CLIENT = "openvpn";
STRICT_PORT_FORWARD = "yes";
ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.90.0/24";
NAME_SERVERS = "1.1.1.1,1.0.0.1";
UMASK = "000";
DEBUG = "false";
DELUGE_DAEMON_LOG_LEVEL = "debug";
DELUGE_WEB_LOG_LEVEL = "debug";
};
environmentFiles = ["${vars.storage_secrets}/docker/qbitvpn"];
autoStart = true;
};
}

21
systems/jeeves/docker/sonarr.nix Normal file
View File

@@ -0,0 +1,21 @@
let
vars = import ../vars.nix;
in
{
networking.firewall.allowedTCPPorts = [ 9696 8989 ];
virtualisation.oci-containers.containers.sonarr = {
image = "ghcr.io/linuxserver/sonarr:latest";
ports = [ "8989:8989" ];
environment = {
PUID = "600";
PGID = "100";
TZ = "America/New_York";
};
volumes = [
"${vars.media_docker_configs}/sonarr:/config"
"${vars.storage_plex}/tv:/tv"
"${vars.torrenting_qbitvpn}:/data"
];
autoStart = true;
};
}

1
systems/jeeves/docker/web.nix
View File

@@ -5,7 +5,6 @@ in
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
audiobookshelf = { audiobookshelf = {
image = "ghcr.io/advplyr/audiobookshelf:latest"; image = "ghcr.io/advplyr/audiobookshelf:latest";
ports = [ "13378:80" ];
volumes = [ volumes = [
"${vars.media_docker_configs}/audiobookshelf:/config" "${vars.media_docker_configs}/audiobookshelf:/config"
"${vars.media_docker_configs}/audiobookshelf:/metadata" "${vars.media_docker_configs}/audiobookshelf:/metadata"

2
systems/jeeves/networking.nix
View File

@@ -2,7 +2,7 @@
networking = { networking = {
hostName = "jeeves"; hostName = "jeeves";
hostId = "0e15ce35"; hostId = "0e15ce35";
firewall.enable = false; firewall.enable = true;
useNetworkd = true; useNetworkd = true;
}; };