frumar: split out home-automation and media

2023-09-23 16:36:53 +02:00 · 2023-09-23 16:36:53 +02:00 · f251a891fb
parent a15ea5ff17
commit f251a891fb
4 changed files with 120 additions and 134 deletions
--- a/nixos/machines/frumar/default.nix
+++ b/nixos/machines/frumar/default.nix
@ -4,7 +4,8 @@
    ../../roles/server.nix
    ../../roles/homeserver.nix
    ./paperless.nix
-    ./torrent.nix
+    ./media.nix
+    ./home-automation.nix
  ];

  system.stateVersion = "15.09";
@ -31,30 +32,12 @@
        '';
      };
    };
-    virtualHosts."home-assistant.yori.cc" = {
-      onlySSL = true;
-      useACMEHost = "wildcard.yori.cc";
-      locations."/" = {
-        proxyPass = "http://[::1]:8123";
-        proxyWebsockets = true;
-      };
-    };
    virtualHosts."frumar.yori.cc" = {
      enableACME = lib.mkForce false;
      inherit (config.security.y-selfsigned) sslCertificate sslCertificateKey;
    };
  };
  boot.supportedFilesystems = [ "zfs" ];
-  services.yorick.torrent-vpn = {
-    enable = true;
-    name = "mullvad-nl4";
-    namespace = "torrent";
-  };
-  services.plex = {
-    enable = true;
-    openFirewall = true;
-  };
-  systemd.services.plex.after = [ "data-plexmedia.mount" ];
  services.iperf3 = {
    enable = true;
    openFirewall = true;
@ -128,7 +111,7 @@
    settings = {
      server.http_addr = "0.0.0.0";
      server.domain = "grafana.yori.cc";
-      server.rootUrl = "https://grafana.yori.cc/";
+      server.root_url = "https://grafana.yori.cc/";
      "auth.basic".enabled = false;
      "auth.google" = {
        enabled = true;
@ -137,67 +120,6 @@
      auth.disable_login_form = true;
    };
  };
-  services.zigbee2mqtt = {
-    enable = true;
-    settings.availability = true;
-    settings.device_options = {
-      retain = true;
-      legacy = false;
-    };
-    settings.serial.port = "/dev/ttyUSB0";
-  };
-  services.home-assistant = {
-    enable = true;
-    openFirewall = true;
-    extraComponents = [
-      "default_config"
-      "androidtv"
-      "esphome"
-      "met"
-      "unifi" "yeelight" "plex" "frontend"
-      "tado"
-      "automation" "device_automation"
-      "homewizard"
-      "github" "backup"
-      "mqtt"
-      "brother"
-      "spotify"
-      "yamaha_musiccast"
-      "ipp"
-      "homekit_controller"
-      #"unifiprotect"
-    ];
-    config = {
-      media_player = [
-        {
-          platform = "androidtv";
-          host = "192.168.2.181";
-          name = "shield";
-          device_class = "androidtv";
-        }
-      ];
-      mobile_app = {};
-      default_config = {};
-      system_log = {};
-      "map" = {};
-      
-      frontend.themes = "!include_dir_merge_named themes";
-      automation = "!include automations.yaml";
-      homeassistant = {
-        name = "Home";
-        latitude = "51.84";
-        longitude = "5.85";
-        elevation = "0";
-        unit_system = "metric";
-        time_zone = "Europe/Amsterdam";
-        country = "NL";
-      };
-      http = {
-        use_x_forwarded_for = true;
-        trusted_proxies = [ "::1" ];
-      };
-    };
-  };
  age.secrets = {
    grafana.file = ../../../secrets/grafana.env.age;
    frumar-mail-pass.file = ../../../secrets/frumar-mail-pass.age;
@ -208,41 +130,9 @@
    };
  };
  systemd.services.grafana.serviceConfig.EnvironmentFile = config.age.secrets.grafana.path;
-  services.zfs = {
-    autoScrub = {
-      enable = true;
-      interval = "*-*-01 02:00:00"; # monthly + 2 hours
-    };
-  };
-  services.samba = {
-    enable = false;
-    openFirewall = false;
-    shares.public = {
-      path = "/data/plexmedia";
-      browseable = "yes";
-      "guest ok" = "yes";
-      "hosts allow" = "192.168.178.0/255.255.255.0";
-      "writeable" = "yes";
-      "force user" = "nobody";
-      "force directory mode" = "2777";
-    };
-  };
-  services.samba-wsdd = {
+  services.zfs.autoScrub = {
    enable = true;
-    interface = "eno1";
-    hostname = "NAS";
-  };
-  services.sonarr = {
-    enable = true;
-    group = "plex";
-    user = "plex";
-    openFirewall = true;
-  };
-  services.radarr = {
-    enable = true;
-    group = "plex";
-    user = "plex";
-    openFirewall = true;
+    interval = "*-*-01 02:00:00"; # monthly + 2 hours
  };
  services.znapzend = {
    enable = true;
@ -270,9 +160,6 @@
      };
    };
  };
-  users.users.plex.packages = with pkgs; [
-    ffmpeg
-  ];
  users.users.yorick.packages = with pkgs; [
    borgbackup
    bup
@ -281,13 +168,10 @@
    magic-wormhole
    python3
    ranger
-    pyrosimple
-    rtorrent
    jq
    mcrcon
    jdk17_headless
    unzip
-    yscripts.absorb
  ];
  security.acme.certs."wildcard.yori.cc" = {
    domain = "*.yori.cc";
--- a/nixos/machines/frumar/home-automation.nix
+++ b/nixos/machines/frumar/home-automation.nix
@ -0,0 +1,71 @@
+{ config, pkgs, lib, ... }: {
+  services.nginx.virtualHosts."home-assistant.yori.cc" = {
+    onlySSL = true;
+    useACMEHost = "wildcard.yori.cc";
+    locations."/" = {
+      proxyPass = "http://[::1]:8123";
+      proxyWebsockets = true;
+    };
+  };
+  services.zigbee2mqtt = {
+    enable = true;
+    settings.availability = true;
+    settings.device_options = {
+      retain = true;
+      legacy = false;
+    };
+    settings.serial.port = "/dev/ttyUSB0";
+  };
+  services.home-assistant = {
+    enable = true;
+    openFirewall = true;
+    extraComponents = [
+      "default_config"
+      "androidtv"
+      "esphome"
+      "met"
+      "unifi" "yeelight" "plex" "frontend"
+      "tado"
+      "automation" "device_automation"
+      "homewizard"
+      "github" "backup"
+      "mqtt"
+      "brother"
+      "spotify"
+      "yamaha_musiccast"
+      "ipp"
+      "homekit_controller"
+      #"unifiprotect"
+    ];
+    config = {
+      media_player = [
+        {
+          platform = "androidtv";
+          host = "192.168.2.181";
+          name = "shield";
+          device_class = "androidtv";
+        }
+      ];
+      mobile_app = {};
+      default_config = {};
+      system_log = {};
+      "map" = {};
+      
+      frontend.themes = "!include_dir_merge_named themes";
+      automation = "!include automations.yaml";
+      homeassistant = {
+        name = "Home";
+        latitude = "51.84";
+        longitude = "5.85";
+        elevation = "0";
+        unit_system = "metric";
+        time_zone = "Europe/Amsterdam";
+        country = "NL";
+      };
+      http = {
+        use_x_forwarded_for = true;
+        trusted_proxies = [ "::1" ];
+      };
+    };
+  };
+}
--- a/nixos/machines/frumar/media.nix
+++ b/nixos/machines/frumar/media.nix
@ -0,0 +1,44 @@
+{ config, pkgs, lib, ... }: {
+  users.users.torrent = {
+    isSystemUser = true;
+    createHome = false;
+    group = "torrent";
+    home = "/torrent";
+  };
+  users.groups.torrent = {};
+  systemd.tmpfiles.rules = [
+    "d /torrent 770 torrent torrent"
+  ];
+  users.users.yorick.extraGroups = [ "torrent" ];
+
+  services.yorick.torrent-vpn = {
+    enable = true;
+    name = "mullvad-nl4";
+    namespace = "torrent";
+  };
+  services.plex = {
+    enable = true;
+    openFirewall = true;
+  };
+  systemd.services.plex.after = [ "data-plexmedia.mount" ];
+  services.sonarr = {
+    enable = true;
+    group = "plex";
+    user = "plex";
+    openFirewall = true;
+  };
+  services.radarr = {
+    enable = true;
+    group = "plex";
+    user = "plex";
+    openFirewall = true;
+  };
+  users.users.plex.packages = with pkgs; [
+    ffmpeg
+  ];
+  users.users.yorick.packages = with pkgs; [
+    pyrosimple
+    rtorrent
+    yscripts.absorb
+  ];
+}
--- a/nixos/machines/frumar/torrent.nix
+++ b/nixos/machines/frumar/torrent.nix
@ -1,13 +0,0 @@
-{ config, pkgs, lib, ... }: {
-  users.users.torrent = {
-    isSystemUser = true;
-    createHome = false;
-    group = "torrent";
-    home = "/torrent";
-  };
-  users.groups.torrent = {};
-  systemd.tmpfiles.rules = [
-    "d /torrent 770 torrent torrent"
-  ];
-  users.users.yorick.extraGroups = [ "torrent" ];
-}