diff --git a/nixos/hosts/eidola/mounts.nix b/nixos/hosts/eidola/mounts.nix index 6a5b47e..91843a2 100644 --- a/nixos/hosts/eidola/mounts.nix +++ b/nixos/hosts/eidola/mounts.nix @@ -18,6 +18,8 @@ _: { "/var/cache/jellyfin" "/var/lib/navidrome" + + "/srv" ]; files = [ "/etc/machine-id" diff --git a/nixos/hosts/eidola/services/default.nix b/nixos/hosts/eidola/services/default.nix index 56638f5..896c1d7 100644 --- a/nixos/hosts/eidola/services/default.nix +++ b/nixos/hosts/eidola/services/default.nix @@ -3,5 +3,6 @@ ./jellyfin.nix ./samba.nix ./navidrome.nix + ./maloja.nix ]; } diff --git a/nixos/hosts/eidola/services/maloja.nix b/nixos/hosts/eidola/services/maloja.nix new file mode 100644 index 0000000..2e0aef0 --- /dev/null +++ b/nixos/hosts/eidola/services/maloja.nix @@ -0,0 +1,29 @@ +{config, ...}: let + dir = "/srv/maloja"; + configDir = "${dir}/config"; + stateDir = "${dir}/state"; + logsDir = "${dir}/logs"; + cacheDir = "${dir}/cache"; +in { + sops.secrets."svc-maloja-env" = {}; + + systemd.tmpfiles.rules = [ + "d ${configDir} 0750 root root - -" + "d ${stateDir} 0750 root root - -" + "d ${logsDir} 0750 root root - -" + "d ${cacheDir} 0750 root root - -" + ]; + + virtualisation.oci-containers.containers.maloja = { + image = "docker.io/krateng/maloja:latest"; + extraOptions = ["--rm"]; + environmentFiles = [config.sops.secrets."svc-maloja-env".path]; + volumes = [ + "${configDir}:/config/config" + "${stateDir}:/config/state" + "${logsDir}:/config/logs" + "${cacheDir}:/config/cache" + ]; + ports = ["42010:42010/tcp"]; + }; +} diff --git a/nixos/hosts/eidola/services/navidrome.nix b/nixos/hosts/eidola/services/navidrome.nix index 64997e7..f8c96de 100644 --- a/nixos/hosts/eidola/services/navidrome.nix +++ b/nixos/hosts/eidola/services/navidrome.nix @@ -12,10 +12,15 @@ _: { MusicFolder = "/terra/terrarium/Media/Music"; # TODO: hardcoding EnableInsightsCollector = false; - EnableExternalServices = false; + # EnableExternalServices = false; + + EnableTranscodingConfig = false; EnableSharing = true; + ListenBrainz.Enabled = true; + ListenBrainz.BaseURL = "https://fm.min.rip/apis/listenbrainz/1/"; + DefaultTheme = "Catppuccin Macchiato"; UIWelcomeMessage = "hiiii"; }; diff --git a/nixos/hosts/silver/services/default.nix b/nixos/hosts/silver/services/default.nix index e060fda..69af10d 100644 --- a/nixos/hosts/silver/services/default.nix +++ b/nixos/hosts/silver/services/default.nix @@ -13,6 +13,7 @@ ./shim-jellyfin.nix ./wireguard.nix ./shim-navidrome.nix + ./shim-maloja.nix ]; security.acme = { diff --git a/nixos/hosts/silver/services/shim-maloja.nix b/nixos/hosts/silver/services/shim-maloja.nix new file mode 100644 index 0000000..dbdaef5 --- /dev/null +++ b/nixos/hosts/silver/services/shim-maloja.nix @@ -0,0 +1,14 @@ +_: let + httpIntAddr = "10.13.1.1"; + httpIntPort = 42010; + dom = "fm.min.rip"; +in { + services.nginx.virtualHosts.${dom} = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = "http://${httpIntAddr}:${toString httpIntPort}"; + }; + }; +} diff --git a/nixos/hosts/silver/services/shim-navidrome.nix b/nixos/hosts/silver/services/shim-navidrome.nix index 55547e9..4b13034 100644 --- a/nixos/hosts/silver/services/shim-navidrome.nix +++ b/nixos/hosts/silver/services/shim-navidrome.nix @@ -9,6 +9,7 @@ in { locations."/" = { proxyPass = "http://${httpIntAddr}:${toString httpIntPort}"; + proxyWebsockets = true; }; }; } diff --git a/secrets/eidola/default.yaml b/secrets/eidola/default.yaml index 0ef8f4d..3c58f0c 100644 --- a/secrets/eidola/default.yaml +++ b/secrets/eidola/default.yaml @@ -4,6 +4,7 @@ nebula-key: ENC[AES256_GCM,data:YnGtqqWXbwkMYFJAKcBXmbRE+lsW9DwRnsseocTAVVIAqw84 terra-key: ENC[AES256_GCM,data:pQRlvltiRr83ndfSjX/I8n1WekS9jY2K1QyLTTcYn14TRupRVgvX47rsus1QA9QAbpT/9f0ZYld3aCrR5J0rxg==,iv:mkiu/+uLKOHG9gDjv72T7JGz6/3oaimDawAOqGs3Koo=,tag:c9Ubj3i5rDj5vaLBRpAUkQ==,type:str] wireguard-key: ENC[AES256_GCM,data:aM76YT/0gbfw87x3ThrwFMuf9DxC0IJ5aCeEFDtL+JWPGsZk3XtrN+kxW6w=,iv:ssh+sGPxMU55ubNZlWcWh+3fXvhjhJ6cNJhPZJVXEyw=,tag:2PdoFb2CyeTkV0EKfcpZiQ==,type:str] wireguard-psk: ENC[AES256_GCM,data:fEDfzuZVvEC8/HHbV4k0fSZHucRk3PLc/jaf/wl5Np+4OB1SiK6VnSyoW2o=,iv:2QnunJjHxt8V/DBG2KAuzwGQsJnmrspj6x01ufiJteY=,tag:teEVG+TuRg+QsY4jMg2DzQ==,type:str] +svc-maloja-env: ENC[AES256_GCM,data:xSxDUpzP9SphPVvuXV3HagWwDhdPAnQilP4LMlKc+Nxh7nuO1vSGAFUOh/RETcNgi9Csf2300BewaEHWRf6qXPFvp/c4najv4DUbpnjicFvooMfI0KcsDZI8x+fU0zhfmtZrMyLZ/st1TSd8ezryG6PKqVS3DX3DGYb6165v/myWDGQnn5RJkZttR+cXRQz1QZg/JgYewRrvlL84NCwymY74IuZKgsbipHUzX4oHA+YXrKkDQol5Em1h15M8Q7D+sG2n/3yruU9YXTUeMwbOsoKStxBnkdh9Mh0DxYmxrDChFlYq8H4hWAqXGgwl+c/C3uzbjC/xHsJs,iv:ZdHuzEtKi4Jb1+3Z76GxIwh1nDo5P5XDcoJzFnwsDqA=,tag:o+ZKwgTylE+dWgWwFJ3k4g==,type:str] sops: age: - recipient: age1yubikey1qg5k0y844v5e79uwax3r00u7zdljwnjlrmwvdr3st9m5a3ra5098qy0sjdj @@ -34,7 +35,7 @@ sops: eWRoSXlMamNjTHVaenpMR3dEOXNuWDAKSmbC+fGeKYcKy0eQdWPVVMpyBVYtogur A0fYIBLXi+HMN+/7LXFb80vSnXN3v42KGQ/tzsWJo0ed3Q16wJ4eUA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-05-09T23:52:41Z" - mac: ENC[AES256_GCM,data:38RF2ZBEN8bnldWusQNhpju9zPd/sWRG8LgNesarcuqyqHVJCbjOo3Wm2arXCmnQAFlcmrLCbyheD/bpNhgbVEP2JscrqsH1PFTAAi+iLUK6AT4VZ1q/cdhRVVnHlR+wtehxufJ1sEAp3LNBbDKeSKTk8jorEfEz8NdE0uPvvjg=,iv:u9F0nEKYO/0E51f4z46GNvgK8E7QwoVI+xn7do5sGRc=,tag:Ovv85eGJi037y9hh1KqzEg==,type:str] + lastmodified: "2025-05-14T05:49:08Z" + mac: ENC[AES256_GCM,data:1xtfOswfQGA1MdTNq0i1gamyC9G6FabJ7ek/i9UgdWFxfJEtnomje3mJ0WvLJiZAMsit155x0517lhPosJlXnxoJRi84/fKTz3+92MiEbRUySKTFg8ZUBmgvekeiMp7oYsOG8B5Ltyj/kYTsf1l9/Ej571ZMeHlosHqNKTbjDH0=,iv:VqhdbpdzqcjTAIocGbC/zaRf31UJx2dlSNZ3qmzAFQA=,tag:yBLeiz+vxvfaITmqwOeL9w==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2