nix-config/hosts/stream/default.nix

{ zentralwerk, config, lib, pkgs, ... }:
let
  authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
in
{
  networking.hostName = "stream";
  c3d2.hq.statistics.enable = true;
  deployment = {
    persistedShares = [ "/etc" "/home" "/var" ];
    storage = "big";
    mem = 4096;
    networks = lib.mkForce [ "pub" "serv" ];
  };

  systemd.network = {
    enable = true;

    # On the serv network I have a static IPv4 and only a route to the
    # rest of the network so that I am reachable by
    # public-access-proxy.

    networks."30-serv" = {
      networkConfig.IPv6AcceptRA = false;
      # try harder disabling global ipv6
      networkConfig.LinkLocalAddressing = "no";
      addresses = [ {
        addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";
      } ];
      gateway = lib.mkForce [];
      routes = [ {
        routeConfig = {
          Destination = "172.20.0.0/14";
          Gateway = config.c3d2.hosts.serv-gw.ip4;
        };
      } ];
    };

    # On the pub network I am a normal client.
    networks."30-pub" = {
      networkConfig.DHCP = "ipv4";
      gateway = lib.mkForce [];
      networkConfig.IPv6AcceptRA = true;
    };
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.peerflix.enable = true;
  systemd.services.peerflix.serviceConfig = {
    Restart = "always";
    RestartSec = 60;
  };
  services.jackett.enable = true;

  services.nginx = {
    enable = true;
    virtualHosts."stream.hq.c3d2.de" = {
      default = true;
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:9000";
        extraConfig = ''
          auth_basic "Stream";
          auth_basic_user_file ${authFile};
        '';
      };
    };
    virtualHosts."torrents.hq.c3d2.de" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:9117";
        extraConfig = ''
          auth_basic "Torrents";
          auth_basic_user_file ${authFile};
        '';
      };
    };
  };

  system.stateVersion = "22.05";
}
stream: skyflakify 2022-11-26 00:37:22 +01:00			`{ zentralwerk, config, lib, pkgs, ... }:`
stream: init 2021-09-10 22:59:40 +02:00			`let`
			`authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";`
			`in`
			`{`
stream: set hostName 2021-09-10 23:02:57 +02:00			`networking.hostName = "stream";`
stream: init 2021-09-10 22:59:40 +02:00			`c3d2.hq.statistics.enable = true;`
stream: skyflakify 2022-11-26 00:37:22 +01:00			`deployment = {`
			`persistedShares = [ "/etc" "/home" "/var" ];`
			`storage = "big";`
stream: increase deployment.mem from 2G to 4G OOMs happened? 2022-12-12 01:46:24 +01:00			`mem = 4096;`
stream: skyflakify 2022-11-26 00:37:22 +01:00			`networks = lib.mkForce [ "pub" "serv" ];`
stream: microvmify 2022-06-28 03:26:08 +02:00			`};`

stream: init 2021-09-10 22:59:40 +02:00			`systemd.network = {`
			`enable = true;`

stream: doc 2022-06-28 03:30:58 +02:00			`# On the serv network I have a static IPv4 and only a route to the`
			`# rest of the network so that I am reachable by`
			`# public-access-proxy.`

stream: skyflakify 2022-11-26 00:37:22 +01:00			`networks."30-serv" = {`
stream: init 2021-09-10 22:59:40 +02:00			`networkConfig.IPv6AcceptRA = false;`
stream: microvmify 2022-06-28 03:26:08 +02:00			`# try harder disabling global ipv6`
			`networkConfig.LinkLocalAddressing = "no";`
stream: init 2021-09-10 22:59:40 +02:00			`addresses = [ {`
Refactor host registry 2022-01-16 13:26:37 +01:00			`addressConfig.Address = "${config.c3d2.hosts.stream.ip4}/${toString zentralwerk.lib.config.site.net.serv.subnet4Len}";`
stream: init 2021-09-10 22:59:40 +02:00			`} ];`
stream: skyflakify 2022-11-26 00:37:22 +01:00			`gateway = lib.mkForce [];`
stream: init 2021-09-10 22:59:40 +02:00			`routes = [ {`
			`routeConfig = {`
			`Destination = "172.20.0.0/14";`
Refactor host registry 2022-01-16 13:26:37 +01:00			`Gateway = config.c3d2.hosts.serv-gw.ip4;`
stream: init 2021-09-10 22:59:40 +02:00			`};`
			`} ];`
			`};`

stream: doc 2022-06-28 03:30:58 +02:00			`# On the pub network I am a normal client.`
stream: skyflakify 2022-11-26 00:37:22 +01:00			`networks."30-pub" = {`
stream: init 2021-09-10 22:59:40 +02:00			`networkConfig.DHCP = "ipv4";`
stream: fix pub network 2022-11-27 17:23:47 +01:00			`gateway = lib.mkForce [];`
stream: microvmify 2022-06-28 03:26:08 +02:00			`networkConfig.IPv6AcceptRA = true;`
stream: init 2021-09-10 22:59:40 +02:00			`};`
			`};`
			`networking.firewall.allowedTCPPorts = [ 80 443 ];`

			`services.peerflix.enable = true;`
stream: add service Restart to peerflix 2022-01-30 03:50:43 +01:00			`systemd.services.peerflix.serviceConfig = {`
			`Restart = "always";`
			`RestartSec = 60;`
			`};`
stream: enable jackett 2021-11-07 03:38:41 +01:00			`services.jackett.enable = true;`
stream: init 2021-09-10 22:59:40 +02:00
			`services.nginx = {`
			`enable = true;`
			`virtualHosts."stream.hq.c3d2.de" = {`
			`default = true;`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:9000";`
			`extraConfig = ''`
			`auth_basic "Stream";`
			`auth_basic_user_file ${authFile};`
			`'';`
			`};`
			`};`
stream: enable jackett 2021-11-07 03:38:41 +01:00			`virtualHosts."torrents.hq.c3d2.de" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:9117";`
			`extraConfig = ''`
			`auth_basic "Torrents";`
			`auth_basic_user_file ${authFile};`
			`'';`
			`};`
			`};`
stream: init 2021-09-10 22:59:40 +02:00			`};`
stream: microvmify 2022-06-28 03:26:08 +02:00
			`system.stateVersion = "22.05";`
stream: init 2021-09-10 22:59:40 +02:00			`}`