diff --git a/bert/configuration.nix b/bert/configuration.nix index c475e2a..c541597 100644 --- a/bert/configuration.nix +++ b/bert/configuration.nix @@ -8,6 +8,7 @@ ./services/http/index.nix ./services/monitoring.nix ./services/forgejo.nix + ./services/navidrome.nix ]; # Bootloader @@ -35,8 +36,11 @@ boot.initrd.luks.devices."luks-48836129-1aa0-45c7-9fd1-6b053fa620b1".device = "/dev/disk/by-uuid/48836129-1aa0-45c7-9fd1-6b053fa620b1"; networking.hostName = "bert"; - # Enable networking - networking.networkmanager.enable = true; + fileSystems."/mnt/bigbird-public" = { + device = "//bigbird/public"; + fsType = "cifs"; + options = [ "guest" ]; + }; time.timeZone = "America/Chicago"; i18n.defaultLocale = "en_US.UTF-8"; diff --git a/bert/services/http/0hats.com.nix b/bert/services/http/0hats.com.nix new file mode 100644 index 0000000..809af75 --- /dev/null +++ b/bert/services/http/0hats.com.nix @@ -0,0 +1,20 @@ + +{ + services.caddy.virtualHosts."0hats.com" = { + serverAliases = ["www.0hats.com"]; + extraConfig = '' + encode zstd gzip + file_server + root * /srv/www/0hats.com + + handle_errors { + respond "{err.status_code} {err.status_text}" + } + ''; + }; + systemd.tmpfiles.settings."10-0hats-com" = { + "/srv/www/0hats.com" = { + d = {}; + }; + }; +} diff --git a/bert/services/http/files.chandlerswift.com.nix b/bert/services/http/files.chandlerswift.com.nix index 74c5e0c..7aead1e 100644 --- a/bert/services/http/files.chandlerswift.com.nix +++ b/bert/services/http/files.chandlerswift.com.nix @@ -4,6 +4,10 @@ encode zstd gzip file_server root * /srv/www/files.chandlerswift.com + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-files-chandlerswift-com" = { "/srv/www/files.chandlerswift.com" = { diff --git a/bert/services/http/harborpaperco.com.nix b/bert/services/http/harborpaperco.com.nix index 705b0b1..071f053 100644 --- a/bert/services/http/harborpaperco.com.nix +++ b/bert/services/http/harborpaperco.com.nix @@ -6,14 +6,18 @@ encode zstd gzip file_server root * /srv/www/harborpaperco.com + + handle_errors { + respond "{err.status_code} {err.status_text}" + } + ''; + }; + services.caddy.virtualHosts."pureserendipityweddings.com" = { + serverAliases = ["www.pureserendipityweddings.com"]; + extraConfig = '' + redir https://harborpaperco.com ''; }; - # services.caddy.virtualHosts."pureserendipityweddings.com" = { - # serverAliases = ["www.pureserendipityweddings.com"]; - # extraConfig = '' - # redir https://harborpaperco.com - # ''; - # }; systemd.tmpfiles.settings."10-harborpaperco-com" = { "/srv/www/harborpaperco.com" = { d = {}; diff --git a/bert/services/http/home.chandlerswift.com.nix b/bert/services/http/home.chandlerswift.com.nix index eef8812..1c11558 100644 --- a/bert/services/http/home.chandlerswift.com.nix +++ b/bert/services/http/home.chandlerswift.com.nix @@ -6,6 +6,20 @@ root * /srv/www/home.chandlerswift.com reverse_proxy /grafana/* localhost:3000 # hide .git # ??? + + file_server /sheets/* { + browse ${./caddy-browse-template.html} + + # TOOD: is there a better way to strip the prefix here? This shouldn't be + # vulnerable to a directory traversal attack (and it doesn't really + # matter anyway; everything in there is public somewhere or another!) but + # it sorta feels wrong to do this without a `/sheets` suffix. + root /mnt/bigbird-public + } + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-home-chandlerswift-com" = { "/srv/www/home.chandlerswift.com" = { diff --git a/bert/services/http/index.nix b/bert/services/http/index.nix index 4420666..f85f0e7 100644 --- a/bert/services/http/index.nix +++ b/bert/services/http/index.nix @@ -1,11 +1,13 @@ { imports = [ + ./0hats.com.nix ./files.chandlerswift.com.nix ./git.chandlerswift.com.nix ./harborpaperco.com.nix ./home.chandlerswift.com.nix ./katherineandchandler.com.nix ./maps.chandlerswift.com.nix + ./music.chandlerswift.com.nix ./stjohnscccc.org.nix ./swiftgang.net.nix ]; diff --git a/bert/services/http/katherineandchandler.com.nix b/bert/services/http/katherineandchandler.com.nix index 352cf32..2aa308d 100644 --- a/bert/services/http/katherineandchandler.com.nix +++ b/bert/services/http/katherineandchandler.com.nix @@ -5,6 +5,10 @@ file_server root * /srv/www/katherineandchandler.com # hide .git # ??? + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-katherineandchandler-com" = { "/srv/www/katherineandchandler.com" = { diff --git a/bert/services/http/maps.chandlerswift.com.nix b/bert/services/http/maps.chandlerswift.com.nix index fb21cb8..101820b 100644 --- a/bert/services/http/maps.chandlerswift.com.nix +++ b/bert/services/http/maps.chandlerswift.com.nix @@ -5,6 +5,10 @@ file_server root * /srv/www/maps.chandlerswift.com # hide .git # ??? + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-maps-chandlerswift-com" = { "/srv/www/maps.chandlerswift.com" = { diff --git a/bert/services/http/music.chandlerswift.com.nix b/bert/services/http/music.chandlerswift.com.nix new file mode 100644 index 0000000..c43cd35 --- /dev/null +++ b/bert/services/http/music.chandlerswift.com.nix @@ -0,0 +1,5 @@ +{config, ...}: { + services.caddy.virtualHosts."music.chandlerswift.com".extraConfig = '' + reverse_proxy localhost:${toString config.services.navidrome.settings.Port} + ''; +} diff --git a/bert/services/http/swiftgang.net.nix b/bert/services/http/swiftgang.net.nix index 82bee79..1de094e 100644 --- a/bert/services/http/swiftgang.net.nix +++ b/bert/services/http/swiftgang.net.nix @@ -4,6 +4,10 @@ encode zstd gzip file_server root * /srv/www/swiftgang.net + + handle_errors { + respond "{err.status_code} {err.status_text}" + } ''; systemd.tmpfiles.settings."10-swiftgang-net" = { "/srv/www/swiftgang.net" = { diff --git a/bert/services/navidrome.nix b/bert/services/navidrome.nix new file mode 100644 index 0000000..42d86a6 --- /dev/null +++ b/bert/services/navidrome.nix @@ -0,0 +1,10 @@ +{ + services.navidrome = { + enable = true; + settings = { + MusicFolder = "/mnt/bigbird-public/media/music"; + ScanSchedule = "@every 12h"; + EnableSharing = true; + }; + }; +} diff --git a/bigbird/README.md b/bigbird/README.md new file mode 100644 index 0000000..0ccdd49 --- /dev/null +++ b/bigbird/README.md @@ -0,0 +1,9 @@ +# `bigbird`: ODROID HC4 NAS + +## SD card notes +Many SD cards I attempted would boot fine but then fail to reset on reboot. +Some preliminary research suggests that this may be a kernel issue, but I'm not +entirely sure at this point. For now, I took the easy way out: Just keep trying +SD cards until one works! Thankfully, it seems to be reliable that an SD card +works either 100% or 0% of the time. Currently using a 32GB Microcenter cheapo, +in place of the nicer 128GB ones I was planning on instead. diff --git a/bigbird/configuration.nix b/bigbird/configuration.nix index f50cdc4..e60b61e 100644 --- a/bigbird/configuration.nix +++ b/bigbird/configuration.nix @@ -21,6 +21,8 @@ boot.zfs.forceImportRoot = false; boot.zfs.extraPools = [ "nas" ]; + services.zfs.autoScrub.enable = true; # Current scan takes ~12h, runs monthly (I spend 2% of the time doing scans? lol) + networking.hostId = "66abd088"; # `openssl rand -hex 4` time.timeZone = "America/Chicago"; diff --git a/oscar/configuration.nix b/oscar/configuration.nix index 10eea01..f34c211 100644 --- a/oscar/configuration.nix +++ b/oscar/configuration.nix @@ -16,6 +16,7 @@ "steam" "steam-original" "steam-run" + "steam-unwrapped" ]; # https://discourse.nixos.org/t/github-strategies-for-configuration-nix/1983/14