feat(host/faunus-ater): new calibre-web service

This commit is contained in:
Malte Tammena 2024-04-02 13:17:41 +02:00
parent 4d8548dda9
commit 67e438cee9
6 changed files with 86 additions and 3 deletions

View file

@ -11,6 +11,7 @@ in {
inputs.nixos-hardware.nixosModules.common-cpu-intel #-cpu-only inputs.nixos-hardware.nixosModules.common-cpu-intel #-cpu-only
../../modules/nginx-reverse-proxy.nix ../../modules/nginx-reverse-proxy.nix
../../hardware/asrock-z370-i3-black-box.nix ../../hardware/asrock-z370-i3-black-box.nix
./modules/calibre.nix
./modules/forgejo.nix ./modules/forgejo.nix
./modules/home-assistant.nix ./modules/home-assistant.nix
./modules/hydra.nix ./modules/hydra.nix

View file

@ -0,0 +1,64 @@
{
pkgs,
lib,
config,
...
}: let
library = "/data/dirty/books";
port = config.state.services.calibre.port;
in {
services.calibre-web = {
enable = true;
group = "media";
listen.ip = "127.0.0.1";
listen.port = port;
options = {
enableBookConversion = true;
enableBookUploading = true;
calibreLibrary = library;
};
};
systemd.services.setup-calibre-library = {
enable = true;
description = "Setup calibre library if missing";
before = ["calibre-web.service"];
requiredBy = ["calibre-web.service"];
script = ''
${pkgs.calibre}/bin/calibredb --with-library ${library} list || echo "Error listing library, hopefully it was created now"
chown -R calibre-web:media ${library}
'';
};
# Configure nginx reverse proxy
services.nginx.virtualHosts = let
withPreset = domain:
lib.recursiveUpdate {
addSSL = true;
sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../../../secrets/ca.crt);
sslCertificateKey = config.sops.secrets."certificate-key-${domain}-tammena-me".path;
sslCertificate = pkgs.writeText "${domain}-tammena-me.crt" (builtins.readFile ../../../secrets/pub/${domain}-tammena-me.crt);
serverAliases = [
"${domain}.home"
];
};
in {
"calibre.tammena.me" = withPreset "calibre" {
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true;
};
};
};
# Secrets
sops.secrets = let
conf = {
owner = config.users.users.nginx.name;
mode = "0400";
};
in {
certificate-key-calibre-tammena-me = conf;
};
}

View file

@ -56,7 +56,7 @@ in {
proxyWebsockets = true; proxyWebsockets = true;
}; };
extraConfig = extraConfig =
if name == "foto" if name == "foto" || name == "calibre"
then '' then ''
client_max_body_size 800M; client_max_body_size 800M;
'' ''

View file

@ -27,6 +27,7 @@ certificate-key-prowlarr-tammena-me: ENC[AES256_GCM,data:AeiJMufnFh3EDjKnkPz5S+S
certificate-key-lidarr-tammena-me: ENC[AES256_GCM,data:vkoBDdBgHkdA9CmE6Ld5Tav+Q10fssGKKcbnRNYuS0Nh8I7DiBb8Md5yab33KNV9ZL4a/0A3VTPvpJs76GPFRkxVcwTTbcCl6O5oxTArvfc4SOtut7sC5tc3ReXMkJnKfHfwiJas9SW7ag01rRamgD9OUZ913qlKxmDO0RrhX8kjgAPvUiRPtpLyFPR7QypzP/PXHW7t70gtZFmIrwTbIFMTdR6bBMcyTA4S8qwSIu6DnTIlaJwIdELqmr5WIK8GzsXCowG+hlL0mImSSnoidwzygjrybSdBUyDbDIv9ga9uALO6UtsJfYLIiV9t5Yv+5rR/Q6i4xnCAZpqwZ0Y/sgELIMExxxSslBXrE7VRiG3F0ZqR2S+o2rYVCNlcmKpwZC3caZuj4pCDHtLl/+M=,iv:NsUI/VwzYqk/ovysBgvlVRKIRBt88iZ4AR44EEfN2cE=,tag:uw5jlgF6SP7w4DL0Zy6TMw==,type:str] certificate-key-lidarr-tammena-me: ENC[AES256_GCM,data:vkoBDdBgHkdA9CmE6Ld5Tav+Q10fssGKKcbnRNYuS0Nh8I7DiBb8Md5yab33KNV9ZL4a/0A3VTPvpJs76GPFRkxVcwTTbcCl6O5oxTArvfc4SOtut7sC5tc3ReXMkJnKfHfwiJas9SW7ag01rRamgD9OUZ913qlKxmDO0RrhX8kjgAPvUiRPtpLyFPR7QypzP/PXHW7t70gtZFmIrwTbIFMTdR6bBMcyTA4S8qwSIu6DnTIlaJwIdELqmr5WIK8GzsXCowG+hlL0mImSSnoidwzygjrybSdBUyDbDIv9ga9uALO6UtsJfYLIiV9t5Yv+5rR/Q6i4xnCAZpqwZ0Y/sgELIMExxxSslBXrE7VRiG3F0ZqR2S+o2rYVCNlcmKpwZC3caZuj4pCDHtLl/+M=,iv:NsUI/VwzYqk/ovysBgvlVRKIRBt88iZ4AR44EEfN2cE=,tag:uw5jlgF6SP7w4DL0Zy6TMw==,type:str]
certificate-key-music-tammena-me: ENC[AES256_GCM,data:W7562jT1GB1gHGrVjrkJWfcz4zOfh3IEg6QOuIEiRhI6WirGltFzTOXtBy+FQZWf448BTQvwJ07Mjyy5rdaTd1Ox79kx3QzYVyqmh3+G9ZY7J2HKxX6DEEyHVT6rF/AeQDX96eprAAXGz1OIEcy6RpzkZnuVk8LOSAynvLRvgWUFjQmbPulxPa+4yY7zoNH36r0mELLhPbif7N7pPUYev0N7NL7lX+PZzlDxLGiP4rxmjG5g8E84KkV1EZgZd+f3wUCBSGwz0X6GkR5baTsg6mlEBBmuVgjAgaSxmrRwp1cWTfPHV6di5Ihyw98/6MY4aoiEilBQNrUimkZLHxAmw4TDG2GmqtHukgSQbZLEu5m7y56oMKkCYLKUsjQn/twta3pMgToRjhE9VUhsWpQ=,iv:mc/XaCw0Kzllz3IIysSnoTcR0vbu9iizvXQSvcrReio=,tag:M5jhusP2vsZxPk8qd8rJNw==,type:str] certificate-key-music-tammena-me: ENC[AES256_GCM,data:W7562jT1GB1gHGrVjrkJWfcz4zOfh3IEg6QOuIEiRhI6WirGltFzTOXtBy+FQZWf448BTQvwJ07Mjyy5rdaTd1Ox79kx3QzYVyqmh3+G9ZY7J2HKxX6DEEyHVT6rF/AeQDX96eprAAXGz1OIEcy6RpzkZnuVk8LOSAynvLRvgWUFjQmbPulxPa+4yY7zoNH36r0mELLhPbif7N7pPUYev0N7NL7lX+PZzlDxLGiP4rxmjG5g8E84KkV1EZgZd+f3wUCBSGwz0X6GkR5baTsg6mlEBBmuVgjAgaSxmrRwp1cWTfPHV6di5Ihyw98/6MY4aoiEilBQNrUimkZLHxAmw4TDG2GmqtHukgSQbZLEu5m7y56oMKkCYLKUsjQn/twta3pMgToRjhE9VUhsWpQ=,iv:mc/XaCw0Kzllz3IIysSnoTcR0vbu9iizvXQSvcrReio=,tag:M5jhusP2vsZxPk8qd8rJNw==,type:str]
certificate-key-readarr-tammena-me: ENC[AES256_GCM,data:eCaAfxSXm9IKkOj0NsKLbqRf8TSb7NA0gLQk6eKQZICpPy4nmb0XNysaMYsbHprHjj57VduHNIn6CEQGemfF8MwrOGOAsbLt4lqMQHNp/fAARPiZRR3EzF/BH37GH9VYscbeetZaytS4qCzTQX3eqylis4FARiy4XIFHOJ9pjXjNoaH872MXrkr51M9n6CxWH1mdFNnaVjicnnlIZkZ/i4cIqYfO8eWuu5Rz3eN60OstZEUb3Dv9WbEgVs1tJjHOGZXUUXGQM9xXfTLxxKFp1zhB0hxJfp4pmDcNmaiYLgjh+4nu2uHrUuXGADJfQyOEfO87Pp6RHxfubbBzxg4C5fbETQv/znpaG0V9EX4PYvsJzUqfF3AUEeYq3bonrMLDkaIunWqbgIdcyn7WZ6E=,iv:d2IkVNrODicFNLXlvRWm752OR6ZUbpNOItv6Vk5YEAg=,tag:4Xmog/pf91X4N3ONEQNZ9w==,type:str] certificate-key-readarr-tammena-me: ENC[AES256_GCM,data:eCaAfxSXm9IKkOj0NsKLbqRf8TSb7NA0gLQk6eKQZICpPy4nmb0XNysaMYsbHprHjj57VduHNIn6CEQGemfF8MwrOGOAsbLt4lqMQHNp/fAARPiZRR3EzF/BH37GH9VYscbeetZaytS4qCzTQX3eqylis4FARiy4XIFHOJ9pjXjNoaH872MXrkr51M9n6CxWH1mdFNnaVjicnnlIZkZ/i4cIqYfO8eWuu5Rz3eN60OstZEUb3Dv9WbEgVs1tJjHOGZXUUXGQM9xXfTLxxKFp1zhB0hxJfp4pmDcNmaiYLgjh+4nu2uHrUuXGADJfQyOEfO87Pp6RHxfubbBzxg4C5fbETQv/znpaG0V9EX4PYvsJzUqfF3AUEeYq3bonrMLDkaIunWqbgIdcyn7WZ6E=,iv:d2IkVNrODicFNLXlvRWm752OR6ZUbpNOItv6Vk5YEAg=,tag:4Xmog/pf91X4N3ONEQNZ9w==,type:str]
certificate-key-calibre-tammena-me: ENC[AES256_GCM,data:xFTfCHfOMlkt/lo9bBVGBX/vsnr8kf94AjwaQIZ7mM+RhAkLeITAy1eHw68LRlrxjuqNi5wNNjrgUF8kX+C39cC7q4BtZqAn2DxiCAgqeKTwq4jzIvmhIKytkb9T/NjbXhgKHrvSkLb0NgQ6TY2widghyxAq2jIrSbjsm6r4F2FX/b456+O2OlcqpUbMMlCn+jOdOBsLiJaomqvCgO8uks+1JeAcrPfjyTXE0rvO58iGjftnkjTkwJPUzACYtbU2ojsiZR43iEUdq8nS+Lge96jzHmZSc0y8q+YkLTSyH1fbA5uyNEn8ZW30122pUQCVEZ6PyCiUETAa0RYxxG2pkWg+AM/xfF4CZWLadcfsOlcxkX4SNyecPBdWPa1HWJ3IpiQdP/geTKudiSH7SQ0=,iv:LStz7Etb8mflr+FvVwliqcs7iQv3dXwG1XOC2VJjZ1o=,tag:WqNyO/ZKD5bQJNpstOeFpA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -42,8 +43,8 @@ sops:
ZzFxdmlXaTRCY2tUZndBSDlNeUVROVUKH1CxbcdwHR3ELn9YlGvO6YbGGg++wGZv ZzFxdmlXaTRCY2tUZndBSDlNeUVROVUKH1CxbcdwHR3ELn9YlGvO6YbGGg++wGZv
97ez/ErXEOq/6IF6HzV3I9BsVV4WCJI2VTP8Lbiwt59qg5riH7CGJQ== 97ez/ErXEOq/6IF6HzV3I9BsVV4WCJI2VTP8Lbiwt59qg5riH7CGJQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-23T11:23:20Z" lastmodified: "2024-04-02T10:21:56Z"
mac: ENC[AES256_GCM,data:GZXpAGAwfOQ3KwRji82/44/Mij5V6wuifT9kszqb9fxQbJq3CmtifUwVQ6Jun1ohgtaB8+DRd+QtdT4Lw4iC1J5zNz+evI1ZEs+7XXq/6C4Urey4Wqt87ObJHe8O5BGU/7bAHT59aqxar5SZh90A4TzlTPg2hdDMdBQ7K1J6JG4=,iv:ME+8BoBOnZ85uaYhzvmxsVqiqU/QfS8A7OvJSZlIyu8=,tag:PzNyGKkKN729qALizpweBw==,type:str] mac: ENC[AES256_GCM,data:MjVexGuVosn4L2Dd1PeQ5DFvWPFKwT3Qjnxkqn7V4ZIwI+BUhGJMb0hqRUxuBIIxAr7CkVxFmfVKe01dhTNnQPV3/QJn43mjYMQAsy/RXxrsn38K+lgKAvkJUxdcnmjy+ODZmanZjIYsn29JdvANTvRcDflTMPLXGvZespChW40=,iv:AxjtWvm5tJnbDkDliAiourf7BSlyV0XkER9N/lUXlpY=,tag:c81mdtcfehi0zyMCM5BmHw==,type:str]
pgp: pgp:
- created_at: "2023-11-06T16:58:30Z" - created_at: "2023-11-06T16:58:30Z"
enc: | enc: |

View file

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBvDCCAWGgAwIBAgIUP9ClJn0BjVbdIIF4qy7XCQlHZSswCgYIKoZIzj0EAwIw
FTETMBEGA1UEAwwKTXkgSG9tZSBDQTAeFw0yNDA0MDIxMDIxNTVaFw0yNTA0MDIx
MDIxNTVaMBExDzANBgNVBAMMBiouaG9tZTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABCGMj+51l1F6Aj6SHB6zu4RuVPMUeJRef61UpQMv9Tyxc2Y2sfmBDB6ZJh5F
dLcc/jbOabuCysQjCdwQhTalFJKjgZIwgY8wCwYDVR0PBAQDAgXgMBMGA1UdJQQM
MAoGCCsGAQUFBwMBMCsGA1UdEQQkMCKCEmNhbGlicmUudGFtbWVuYS5tZYIMY2Fs
aWJyZS5ob21lMB0GA1UdDgQWBBTMXyMIbh8GDwzXdqe+bO+lU2CpkjAfBgNVHSME
GDAWgBQA+twP2yay+C3XJDsZsiKtZZlPqzAKBggqhkjOPQQDAgNJADBGAiEAmr0n
l+Py6S1CjhOlnRnV2+yH94zCE4DW35VVlOJWSqcCIQCPLVOfoPhlwGOcLA7F9Htg
K0etoU5Z+h/ijdIaNi0QLw==
-----END CERTIFICATE-----

View file

@ -77,5 +77,10 @@
port = 4533; port = 4533;
external = true; external = true;
}; };
calibre = {
host = "faunus-ater";
port = 12834;
external = true;
};
}; };
} }