stuff

hosts/abacus/acme.nix

@@ -0,0 +1,6 @@
+{
+  security.acme = {
+    defaults.email = "lukas@wrz.one";
+    acceptTerms = true;
+  };
+}

hosts/abacus/fs.nix

@@ -0,0 +1,7 @@
+{config, ...}: {
+  fileSystems.${config.services.navidrome.settings.MusicFolder} = {
+    label = "music";
+    fsType = "ext4";
+    options = ["noatime"];
+  };
+}

hosts/abacus/hardware.nix

@@ -1,15 +1,5 @@
 {modulesPath, ...}: {
-  imports = [
-    "${modulesPath}/profiles/qemu-guest.nix"
-
-    ./backup.nix
-    ./microbin.nix
-    ./miniflux.nix
-    ./nginx.nix
-    ./static
-    ./syncthing.nix
-    ./vaultwarden.nix
-  ];
+  imports = ["${modulesPath}/profiles/qemu-guest.nix"];
 
   nixpkgs.hostPlatform = "aarch64-linux";
 
@@ -35,9 +25,4 @@
     };
     firewall.allowedTCPPorts = [80 443];
   };
-
-  security.acme = {
-    defaults.email = "lukas@wrz.one";
-    acceptTerms = true;
-  };
 }

hosts/abacus/microbin.nix

@@ -1,4 +1,8 @@
-{config, ...}: let
+{
+  config,
+  lib,
+  ...
+}: let
   inherit (config.networking) domain;
   virtualHostName = "bin.${domain}";
 in {
@@ -8,7 +12,7 @@ in {
     enable = true;
     passwordFile = config.age.secrets.microbin.path;
     settings = {
-      MICROBIN_BIND = "127.0.0.1";
+      MICROBIN_BIND = "localhost";
       MICROBIN_PORT = 8020;
 
       MICROBIN_READONLY = true;
@@ -31,6 +35,9 @@ in {
     enableACME = true;
     forceSSL = true;
 
-    locations."/".proxyPass = "http://${config.services.microbin.settings.MICROBIN_BIND}:${builtins.toString config.services.microbin.settings.MICROBIN_PORT}";
+    locations."/".proxyPass = "http://${lib.formatHostPort {
+      host = config.services.microbin.settings.MICROBIN_BIND;
+      port = config.services.microbin.settings.MICROBIN_PORT;
+    }}";
   };
 }

hosts/abacus/navidrome.nix

@@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.networking) domain;
+  virtualHostName = "navi.${domain}";
+in {
+  services.navidrome = {
+    enable = true;
+    settings = {
+      Address = "localhost";
+      Port = 8050;
+      MusicFolder = "/srv/music";
+    };
+  };
+
+  services.nginx.virtualHosts.${virtualHostName} = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/".proxyPass = "http://${lib.formatHostPort {
+      host = config.services.navidrome.settings.Address;
+      port = config.services.navidrome.settings.Port;
+    }}";
+  };
+}

hosts/abacus/static.nix

@@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.networking) domain;
+  parent = "/var/www";
+  sites = [
+    domain
+    "log.${domain}"
+  ];
+in
+  lib.mkMerge (map (
+      virtualHostName: let
+        root = "${parent}/${virtualHostName}";
+      in {
+        services.nginx.virtualHosts.${virtualHostName} = {
+          enableACME = true;
+          forceSSL = true;
+
+          inherit root;
+        };
+
+        systemd.tmpfiles.settings."10-static-sites".${root}.d = {
+          user = "lukas";
+          group = "users";
+          mode = "0755";
+        };
+      }
+    )
+    sites)

hosts/abacus/static/default.nix

@@ -1,12 +0,0 @@
-{
-  imports = [
-    ./log.nix
-    ./main.nix
-  ];
-
-  systemd.tmpfiles.settings."10-static-sites"."/var/www".d = {
-    user = "root";
-    group = "root";
-    mode = "0755";
-  };
-}

hosts/abacus/static/log.nix

@@ -1,18 +0,0 @@
-{config, ...}: let
-  inherit (config.networking) domain;
-  virtualHostName = "log.${domain}";
-  root = "/var/www/${virtualHostName}";
-in {
-  services.nginx.virtualHosts.${virtualHostName} = {
-    enableACME = true;
-    forceSSL = true;
-
-    inherit root;
-  };
-
-  systemd.tmpfiles.settings."10-static-sites".${root}.d = {
-    user = "lukas";
-    group = "users";
-    mode = "0755";
-  };
-}

hosts/abacus/static/main.nix

@@ -1,18 +0,0 @@
-{config, ...}: let
-  inherit (config.networking) domain;
-  virtualHostName = domain;
-  root = "/var/www/${virtualHostName}";
-in {
-  services.nginx.virtualHosts.${virtualHostName} = {
-    enableACME = true;
-    forceSSL = true;
-
-    inherit root;
-  };
-
-  systemd.tmpfiles.settings."10-static-sites".${root}.d = {
-    user = "lukas";
-    group = "users";
-    mode = "0755";
-  };
-}

hosts/abacus/vaultwarden.nix

@@ -1,4 +1,8 @@
-{config, ...}: let
+{
+  config,
+  lib,
+  ...
+}: let
   inherit (config.networking) domain;
   virtualHostName = "vault.${domain}";
   backupDir = "/srv/backup/vaultwarden";
@@ -20,7 +24,7 @@ in {
 
       ENABLE_WEBSOCKET = true;
 
-      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_ADDRESS = "localhost";
       ROCKET_PORT = 8000;
     };
 
@@ -34,7 +38,10 @@ in {
     forceSSL = true;
 
     locations."/" = {
-      proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${builtins.toString config.services.vaultwarden.config.ROCKET_PORT}";
+      proxyPass = "http://${lib.formatHostPort {
+        host = config.services.vaultwarden.config.ROCKET_ADDRESS;
+        port = config.services.vaultwarden.config.ROCKET_PORT;
+      }}";
       proxyWebsockets = true;
     };
   };

hosts/vessel/audiocomp.nix

@@ -0,0 +1,52 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}: let
+  audiocomp = pkgs.writeShellApplication {
+    name = "audiocomp";
+    runtimeInputs = [
+      pkgs.parallel
+      pkgs.rsync
+    ];
+    text = let
+      remoteDir = inputs.self.nixosConfigurations.abacus.config.services.navidrome.settings.MusicFolder;
+      enc = pkgs.writeShellApplication {
+        name = "enc";
+        runtimeInputs = [
+          pkgs.opusTools
+        ];
+        text = ''
+          src="$1"
+          dst=''${src%.flac}.opus
+          dst=/srv/compmusic/''${dst#./}
+
+          if [[ -f "$dst" ]]; then
+            exit
+          fi
+
+          mkdir --parents -- "$(dirname -- "$dst")"
+          exec opusenc --quiet --bitrate 96.000 -- {} "$dst"
+        '';
+      };
+    in ''
+      cd /srv/music
+      find . -name '*.flac' -print0 | parallel --null -- '${lib.getExe enc} {}'
+
+      rsync --verbose --verbose --archive --update --delete --mkpath --exclude lost+found \
+        --rsh 'ssh -i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \
+        -- /srv/compmusic/ root@wrz.one:${remoteDir}
+    '';
+  };
+in {
+  # systemd.services.audiocomp = {
+  #   description = "Compress and sync music";
+  #   serviceConfig = {
+  #     Type = "oneshot";
+  #     User = "root";
+  #     Group = "root";
+  #     ExecStart = lib.getExe audiocomp;
+  #   };
+  # };
+}

hosts/vessel/backup.nix

@@ -6,8 +6,9 @@
   ...
 }: let
   backups = {
-    storage = "/srv/storage";
+    music = "/srv/music";
     safe = "/srv/safe";
+    storage = "/srv/storage";
     sync = config.services.syncthing.dataDir;
   };
 in {
@@ -33,7 +34,7 @@ in {
           Group = "root";
         };
         script = ''
-          ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} /srv/backup/${backupName}/
+          ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath -- ${backups.${backupName}}/ /srv/backup/${backupName}/
         '';
       };
     }

hosts/vessel/hardware.nix

@@ -9,12 +9,6 @@
     inputs.hardware.nixosModules.common-cpu-intel
     inputs.hardware.nixosModules.common-gpu-intel
     inputs.hardware.nixosModules.common-pc-ssd
-
-    ./backup.nix
-    ./blocky.nix
-    ./fs.nix
-    ./storage.nix
-    ./syncthing.nix
   ];
 
   nixpkgs.hostPlatform = "x86_64-linux";

hosts/vessel/storage.nix

@@ -11,5 +11,17 @@
       group = "users";
       mode = "0755";
     };
+
+    "10-music"."/srv/music".d = {
+      user = "lukas";
+      group = "users";
+      mode = "0755";
+    };
+
+    "10-compmusic"."/srv/compmusic".d = {
+      user = "lukas";
+      group = "users";
+      mode = "0755";
+    };
   };
 }