phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2026-02-08 00:47:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: phfroidmont:b3b6ec1cbbb8b57191d7e14112a3e292448315c8
Branches Tags
phfroidmont:master
...
compare: phfroidmont:161e9aa71f38849f5ae79dc57af0218baedf46d8
Branches Tags
phfroidmont:master

3 commits
b3b6ec1cbb ... 161e9aa71f

Author SHA1 Message Date
Paul-Henri Froidmont
161e9aa71f
Setup minecraft server 2025-12-09 01:47:51 +01:00
Paul-Henri Froidmont
30787dffc9
Downgrade jellyfin 2025-12-09 01:47:31 +01:00
Paul-Henri Froidmont
a1c8e713a2
Update inputs 2025-12-08 20:20:01 +01:00
10 changed files with 136 additions and 73 deletions
Download patch file Download diff file Expand all files Collapse all files

82
flake.lock generated
View file

@ -23,11 +23,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1756719547, "lastModified": 1762286984,
"narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", "narHash": "sha256-9I2H9x5We6Pl+DBYHjR1s3UT8wgwcpAH03kn9CqtdQc=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", "rev": "9c870f63e28ec1e83305f7f6cb73c941e699f74f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -41,11 +41,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1758287904, "lastModified": 1764627417,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -73,11 +73,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1761588595,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -91,11 +91,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1757786467, "lastModified": 1764578815,
"narHash": "sha256-gx3THVUlpycVrUFC9vGhAtYRLI7dJtHyo67Zdq5Hadc=", "narHash": "sha256-WZ8+pH/cLjv3geonV3VFwtfa8IuTkPHb60a1ACQpOmc=",
"owner": "reckenrode", "owner": "reckenrode",
"repo": "nix-foundryvtt", "repo": "nix-foundryvtt",
"rev": "1bbc26a28d320fb336d94e9f3cc6b92c035fab20", "rev": "1b875fb942c4ef926fd7aade7db327be363f7179",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -117,11 +117,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742649964, "lastModified": 1763319842,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", "narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", "rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -168,17 +168,17 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-25_05": { "nixpkgs-old": {
"locked": { "locked": {
"lastModified": 1747610100, "lastModified": 1764939437,
"narHash": "sha256-rpR5ZPMkWzcnCcYYo3lScqfuzEw5Uyfh+R0EKZfroAc=", "narHash": "sha256-4TLFHUwXraw9Df5mXC/vCrJgb50CRr3CzUzF0Mn3CII=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ca49c4304acf0973078db0a9d200fd2bae75676d", "rev": "00d2457e2f608b4be6fe8b470b0a36816324b0ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-25.05", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
@ -186,11 +186,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1759036355, "lastModified": 1764950072,
"narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "rev": "f61125a668a320878494449750330ca58b78c557",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -234,32 +234,32 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1759281824, "lastModified": 1764983851,
"narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=", "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5b5be50345d4113d04ba58c444348849f5585b4a", "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-25.05", "ref": "nixos-25.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1747179050, "lastModified": 1764020296,
"narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", "narHash": "sha256-6zddwDs2n+n01l+1TG6PlyokDdXzu/oBmEejcH5L5+A=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", "rev": "a320ce8e6e2cc6b4397eef214d202a50a4583829",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-25.11-small",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -270,6 +270,7 @@
"disko": "disko", "disko": "disko",
"foundryvtt": "foundryvtt", "foundryvtt": "foundryvtt",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",
"nixpkgs-old": "nixpkgs-old",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@ -280,20 +281,19 @@
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_5"
"nixpkgs-25_05": "nixpkgs-25_05"
}, },
"locked": { "locked": {
"lastModified": 1755110674, "lastModified": 1764185122,
"narHash": "sha256-PigqTAGkdBYXVFWsJnqcirrLeFqRFN4PFigLA8FzxeI=", "narHash": "sha256-+HUOwSIFLoyett2cvRjuFIbhobpHallfP9J2cia1apo=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "f5936247dbdb8501221978562ab0b302dd75456c", "rev": "a14fe3b293ec2720e5b7fc72ad136d22967e12ba",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"ref": "nixos-25.05", "ref": "nixos-25.11",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"type": "gitlab" "type": "gitlab"
} }
@ -305,11 +305,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759188042, "lastModified": 1765079830,
"narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", "narHash": "sha256-i9GMbBLkeZ7MVvy7+aAuErXkBkdRylHofrAjtpUPKt8=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", "rev": "aeb517262102f13683d7a191c7e496b34df8d24c",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
flake.nix
View file

@ -1,12 +1,13 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs-old.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
foundryvtt.url = "github:reckenrode/nix-foundryvtt"; foundryvtt.url = "github:reckenrode/nix-foundryvtt";
}; };
@ -14,6 +15,7 @@
inputs@{ inputs@{
self, self,
nixpkgs, nixpkgs,
nixpkgs-old,
nixpkgs-unstable, nixpkgs-unstable,
disko, disko,
deploy-rs, deploy-rs,
@ -28,6 +30,7 @@
defaultModuleArgs = defaultModuleArgs =
{ pkgs, ... }: { pkgs, ... }:
{ {
_module.args.pkgs-old = import nixpkgs-old { system = "x86_64-linux"; };
_module.args.pkgs-unstable = import nixpkgs-unstable { _module.args.pkgs-unstable = import nixpkgs-unstable {
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "minecraft-server" ]; config.allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) [ "minecraft-server" ];

1
modules/default.nix
View file

@ -11,6 +11,7 @@
./jellyfin.nix ./jellyfin.nix
./stb.nix ./stb.nix
./monero.nix ./monero.nix
./minecraft-server.nix
./torrents.nix ./torrents.nix
./jitsi.nix ./jitsi.nix
./binary-cache.nix ./binary-cache.nix

4
modules/headscale.nix
View file

@ -27,6 +27,10 @@ in
dns = { dns = {
base_domain = "ts.net"; base_domain = "ts.net";
nameservers = { nameservers = {
global = [
"9.9.9.10"
"149.112.112.10"
];
split = { split = {
"foyer.cloud" = "10.33.0.100"; "foyer.cloud" = "10.33.0.100";
"foyer.lu" = "10.33.0.100"; "foyer.lu" = "10.33.0.100";

9
modules/jellyfin.nix
View file

@ -1,4 +1,9 @@
{ config, lib, ... }: {
config,
lib,
pkgs-old,
...
}:
let let
cfg = config.custom.services.jellyfin; cfg = config.custom.services.jellyfin;
in in
@ -10,6 +15,8 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
# Downgrade because of https://github.com/jellyfin/jellyfin/issues/15388
package = pkgs-old.jellyfin;
dataDir = "/nix/var/data/jellyfin"; dataDir = "/nix/var/data/jellyfin";
}; };

2
modules/jitsi.nix
View file

@ -12,7 +12,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8043" ]; nixpkgs.config.permittedInsecurePackages = [ "jitsi-meet-1.0.8792" ];
services.jitsi-meet = { services.jitsi-meet = {
enable = true; enable = true;
hostName = "jitsi.froidmont.org"; hostName = "jitsi.froidmont.org";

55
modules/minecraft-server.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
lib,
pkgs,
pkgs-unstable,
...
}:
let
cfg = config.custom.services.minecraft-server;
in
{
options.custom.services.minecraft-server = {
enable = lib.mkEnableOption "minecraft server";
};
config = lib.mkIf cfg.enable {
services.minecraft-server = {
enable = true;
package = pkgs-unstable.minecraft-server;
eula = true;
openFirewall = true;
declarative = true;
serverProperties = {
enable-rcon = true;
"rcon.port" = 25575;
"rcon.password" = "password";
server-port = 23363;
online-mode = true;
force-gamemode = true;
white-list = true;
diffuculty = "hard";
};
whitelist = {
paulplay15 = "1d5abc95-2fdb-4dcb-98e8-4fb5a0fba953";
Xavier1258 = "e9059cf3-00ef-47a3-92ee-4e4a3fea0e6d";
denisjulien3333 = "3c93e1a2-42d8-4a51-9fe3-924c8e8d5b07";
};
dataDir = "/nix/var/data/minecraft";
};
services.bluemap = {
enable = true;
eula = true;
defaultWorld = "${config.services.minecraft-server.dataDir}/world";
host = "mcmap.${config.networking.domain}";
enableNginx = true;
enableRender = true;
};
services.nginx.virtualHosts."mcmap.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
};
};
}

1
modules/torrents.nix
View file

@ -161,6 +161,7 @@ in
services.transmission = { services.transmission = {
enable = true; enable = true;
package = pkgs-unstable.transmission_4;
openRPCPort = true; openRPCPort = true;
user = config.users.users.www-data.name; user = config.users.users.www-data.name;
group = config.users.groups.www-data.name; group = config.users.groups.www-data.name;

40
profiles/hel.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, ... }: {
config,
pkgs,
pkgs-unstable,
...
}:
{ {
imports = [ imports = [
../environment.nix ../environment.nix
@ -230,10 +235,11 @@
roundcube.enable = true; roundcube.enable = true;
monero.enable = true; monero.enable = true;
grafana.enable = true; grafana.enable = true;
monitoring-exporters.enable = true;
immich.enable = true;
forgejo.enable = true;
headscale.enable = true; headscale.enable = true;
immich.enable = true;
minecraft-server.enable = true;
monitoring-exporters.enable = true;
forgejo.enable = true;
backup-job = { backup-job = {
enable = true; enable = true;
@ -374,30 +380,6 @@
}; };
}; };
# services.minecraft-server = {
# enable = false;
# package = pkgs-unstable.minecraft-server;
# eula = true;
# openFirewall = false;
# declarative = true;
# serverProperties = {
# enable-rcon = true;
# "rcon.port" = 25575;
# "rcon.password" = "password";
# server-port = 23363;
# online-mode = true;
# force-gamemode = true;
# white-list = true;
# diffuculty = "hard";
# };
# whitelist = {
# paulplay15 = "1d5abc95-2fdb-4dcb-98e8-4fb5a0fba953";
# Xavier1258 = "e9059cf3-00ef-47a3-92ee-4e4a3fea0e6d";
# denisjulien3333 = "3c93e1a2-42d8-4a51-9fe3-924c8e8d5b07";
# };
# dataDir = "/nix/var/data/minecraft";
# };
# virtualisation.oci-containers.containers = { # virtualisation.oci-containers.containers = {
# "minecraft" = { # "minecraft" = {
# image = "itzg/minecraft-server"; # image = "itzg/minecraft-server";
@ -496,6 +478,8 @@
}; };
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
stateVersion = 3;
}; };
services.rspamd.extraConfig = '' services.rspamd.extraConfig = ''

8
terraform/dns.tf
View file

@ -28,6 +28,14 @@ resource "hetznerdns_record" "banditlair_hcloud_a" {
ttl = 600 ttl = 600
} }
resource "hetznerdns_record" "banditlair_mcmap_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "mcmap"
value = local.hel1_ip
type = "A"
ttl = 600
}
resource "hetznerdns_record" "webmail_a" { resource "hetznerdns_record" "webmail_a" {
zone_id = data.hetznerdns_zone.banditlair_zone.id zone_id = data.hetznerdns_zone.banditlair_zone.id
name = "webmail" name = "webmail"