muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2026-03-08 03:25:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: muon:c54a2dd18353449e3ee0a09a8dc07f61fa76e190
Branches Tags
muon:main
muon:homelab
muon:vps
muon:container
muon:fresh
muon:i3
muon:hyprland
muon:refactor
muon:legacy
...
compare: muon:83f52717dfe1f6c97ae7a4b6bc5c176e98342f37
Branches Tags
muon:main
muon:homelab
muon:vps
muon:container
muon:fresh
muon:i3
muon:hyprland
muon:refactor
muon:legacy

4 commits
c54a2dd183 ... 83f52717df

Author SHA1 Message Date
muon
83f52717df Merge remote-tracking branch 'refs/remotes/origin/main' 2026-01-03 11:35:38 +00:00
muon
99c3b62d1a Fix seedbox 2026-01-03 11:35:31 +00:00
muon
ce74d1b0eb Merge branch 'main' of codeberg.org:muon/home 2026-01-03 11:33:14 +00:00
muon
63f7d1433d Revert dns 2026-01-03 11:33:06 +00:00
3 changed files with 185 additions and 192 deletions
Download patch file Download diff file Expand all files Collapse all files

33
hosts/mups/configuration.nix
View file

@ -75,43 +75,40 @@ in {
forceSSL = true; forceSSL = true;
locations."/" = {proxyPass = "http://10.0.0.3:5001";}; locations."/" = {proxyPass = "http://10.0.0.3:5001";};
}; };
"seedbox.muon.host" = { "stream.muon.host" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://10.0.0.3:3013"; proxyPass = "http://10.0.0.3:3013";
}; };
"/api" = { "/api/" = {
proxyPass = "http://10.0.0.3:3014"; proxyPass = "http://10.0.0.3:3014";
extraConfig = extraConfig =
#sh #sh
'' ''
limit_req zone=api burst=20 nodelay;
# CORS headers # CORS headers
add_header Access-Control-Allow-Origin "*" always; # add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always; # add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" always;
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always; # add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization" always;
add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always; # add_header Access-Control-Expose-Headers "Content-Length,Content-Range" always;
# Handle preflight requests # Handle preflight requests
if ($request_method = 'OPTIONS') { # if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin "*"; # add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"; # add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization"; # add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization";
add_header Content-Type text/plain; # add_header Content-Type text/plain;
add_header Content-Length 0; # add_header Content-Length 0;
return 204; # return 204;
} # }
''; '';
}; };
"/api/stream" = { "/api/stream/" = {
proxyPass = "http://10.0.0.3:3014"; proxyPass = "http://10.0.0.3:3014";
extraConfig = extraConfig =
#sh #sh
'' ''
limit_req zone=download burst=10 nodelay;
proxy_set_header Range $http_range; proxy_set_header Range $http_range;
# Streaming optimizations # Streaming optimizations

2
modules/nixos/core/network.nix
View file

@ -76,7 +76,7 @@ in
"10.0.0.${toString wg.id}/24" "10.0.0.${toString wg.id}/24"
"fdc9:281f:04d7:9ee9::${toString wg.id}/64" "fdc9:281f:04d7:9ee9::${toString wg.id}/64"
]; ];
# dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
mtu = 1500; mtu = 1500;
privateKeyFile = "/home/muon/wireguard-keys/private"; privateKeyFile = "/home/muon/wireguard-keys/private";

342
modules/nixos/server/containers/seedbox.nix
View file

@ -17,181 +17,177 @@ in
}; };
}; };
config = config = mkIf cfg.enable {
mkIf config.mods.server.nginx.enable { networking.firewall = {
} allowedTCPPorts = [port bport];
// mkIf cfg.enable { };
networking.firewall = {
allowedTCPPorts = [port bport];
allowedUDPPorts = [port bport];
};
# Runtime # Runtime
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
}; };
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
# Containers # Containers
virtualisation.oci-containers.containers."seedbox-backend" = { virtualisation.oci-containers.containers."seedbox-backend" = {
image = "compose2nix/seedbox-backend"; image = "compose2nix/seedbox-backend";
volumes = [ volumes = [
"seedbox-lite_seedbox_cache:/app/cache:rw" "seedbox-lite_seedbox_cache:/app/cache:rw"
"seedbox-lite_seedbox_data:/app/data:rw" "seedbox-lite_seedbox_data:/app/data:rw"
]; ];
ports = [ ports = [
"${toString bport}:3001/tcp" "${toString bport}:3000/tcp"
]; ];
log-driver = "journald"; log-driver = "journald";
extraOptions = [ extraOptions = [
"--network-alias=seedbox-backend" "--network-alias=seedbox-backend"
"--network=seedbox-lite_seedbox-network" "--network=seedbox-lite_seedbox-network"
]; ];
environment = { environment = {
NODE_ENV = "production"; NODE_ENV = "production";
ACCESS_PASSWORD = "temp_pass"; ACCESS_PASSWORD = "temp_pass";
FRONTEND_URL = "http://localhost:${toString port}"; FRONTEND_URL = "http://localhost:${toString port}";
};
};
systemd.services."docker-seedbox-backend" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-seedbox-lite_seedbox-network.service"
"docker-volume-seedbox-lite_seedbox_cache.service"
"docker-volume-seedbox-lite_seedbox_data.service"
];
requires = [
"docker-network-seedbox-lite_seedbox-network.service"
"docker-volume-seedbox-lite_seedbox_cache.service"
"docker-volume-seedbox-lite_seedbox_data.service"
];
partOf = [
"docker-compose-seedbox-lite-root.target"
];
wantedBy = [
"docker-compose-seedbox-lite-root.target"
];
};
virtualisation.oci-containers.containers."seedbox-frontend" = {
image = "compose2nix/seedbox-frontend";
ports = [
"${toString port}:8080/tcp"
];
dependsOn = [
"seedbox-backend"
];
log-driver = "journald";
extraOptions = [
"--network-alias=seedbox-frontend"
"--network=seedbox-lite_seedbox-network"
];
environment = {
NODE_ENV = "production";
ACCESS_PASSWORD = "temp_pass";
};
};
systemd.services."docker-seedbox-frontend" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-seedbox-lite_seedbox-network.service"
];
requires = [
"docker-network-seedbox-lite_seedbox-network.service"
];
partOf = [
"docker-compose-seedbox-lite-root.target"
];
wantedBy = [
"docker-compose-seedbox-lite-root.target"
];
};
# Networks
systemd.services."docker-network-seedbox-lite_seedbox-network" = {
path = [pkgs.docker];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f seedbox-lite_seedbox-network";
};
script = ''
docker network inspect seedbox-lite_seedbox-network || docker network create seedbox-lite_seedbox-network --driver=bridge
'';
partOf = ["docker-compose-seedbox-lite-root.target"];
wantedBy = ["docker-compose-seedbox-lite-root.target"];
};
# Volumes
systemd.services."docker-volume-seedbox-lite_seedbox_cache" = {
path = [pkgs.docker];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect seedbox-lite_seedbox_cache || docker volume create seedbox-lite_seedbox_cache --driver=local
'';
partOf = ["docker-compose-seedbox-lite-root.target"];
wantedBy = ["docker-compose-seedbox-lite-root.target"];
};
systemd.services."docker-volume-seedbox-lite_seedbox_data" = {
path = [pkgs.docker];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect seedbox-lite_seedbox_data || docker volume create seedbox-lite_seedbox_data --driver=local
'';
partOf = ["docker-compose-seedbox-lite-root.target"];
wantedBy = ["docker-compose-seedbox-lite-root.target"];
};
# Builds
systemd.services."docker-build-seedbox-backend" = {
path = [pkgs.docker pkgs.git];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /tmp
git clone https://github.com/hotheadhacker/seedbox-lite.git && cd seedbox-lite/server || cd seedbox-lite/server
podman build -t compose2nix/seedbox-backend .
'';
};
systemd.services."docker-build-seedbox-frontend" = {
path = [pkgs.docker pkgs.git];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /tmp
git clone https://github.com/hotheadhacker/seedbox-lite.git && cd seedbox-lite/client || cd seedbox-lite/client
podman build -t compose2nix/seedbox-frontend --build-arg VITE_API_BASE_URL=http://localhost:${toString bport} .
'';
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-seedbox-lite-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = ["multi-user.target"];
}; };
}; };
systemd.services."docker-seedbox-backend" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-seedbox-lite_seedbox-network.service"
"docker-volume-seedbox-lite_seedbox_cache.service"
"docker-volume-seedbox-lite_seedbox_data.service"
];
requires = [
"docker-network-seedbox-lite_seedbox-network.service"
"docker-volume-seedbox-lite_seedbox_cache.service"
"docker-volume-seedbox-lite_seedbox_data.service"
];
partOf = [
"docker-compose-seedbox-lite-root.target"
];
wantedBy = [
"docker-compose-seedbox-lite-root.target"
];
};
virtualisation.oci-containers.containers."seedbox-frontend" = {
image = "compose2nix/seedbox-frontend";
ports = [
"${toString port}:8080/tcp"
];
dependsOn = [
"seedbox-backend"
];
log-driver = "journald";
extraOptions = [
"--network-alias=seedbox-frontend"
"--network=seedbox-lite_seedbox-network"
];
environment = {
NODE_ENV = "production";
ACCESS_PASSWORD = "temp_pass";
};
};
systemd.services."docker-seedbox-frontend" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-seedbox-lite_seedbox-network.service"
];
requires = [
"docker-network-seedbox-lite_seedbox-network.service"
];
partOf = [
"docker-compose-seedbox-lite-root.target"
];
wantedBy = [
"docker-compose-seedbox-lite-root.target"
];
};
# Networks
systemd.services."docker-network-seedbox-lite_seedbox-network" = {
path = [pkgs.docker];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f seedbox-lite_seedbox-network";
};
script = ''
docker network inspect seedbox-lite_seedbox-network || docker network create seedbox-lite_seedbox-network --driver=bridge
'';
partOf = ["docker-compose-seedbox-lite-root.target"];
wantedBy = ["docker-compose-seedbox-lite-root.target"];
};
# Volumes
systemd.services."docker-volume-seedbox-lite_seedbox_cache" = {
path = [pkgs.docker];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect seedbox-lite_seedbox_cache || docker volume create seedbox-lite_seedbox_cache --driver=local
'';
partOf = ["docker-compose-seedbox-lite-root.target"];
wantedBy = ["docker-compose-seedbox-lite-root.target"];
};
systemd.services."docker-volume-seedbox-lite_seedbox_data" = {
path = [pkgs.docker];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect seedbox-lite_seedbox_data || docker volume create seedbox-lite_seedbox_data --driver=local
'';
partOf = ["docker-compose-seedbox-lite-root.target"];
wantedBy = ["docker-compose-seedbox-lite-root.target"];
};
# Builds
systemd.services."docker-build-seedbox-backend" = {
path = [pkgs.docker pkgs.git];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /tmp
git clone https://github.com/hotheadhacker/seedbox-lite.git && cd seedbox-lite/server || cd seedbox-lite/server
podman build -t compose2nix/seedbox-backend .
'';
};
systemd.services."docker-build-seedbox-frontend" = {
path = [pkgs.docker pkgs.git];
serviceConfig = {
Type = "oneshot";
TimeoutSec = 300;
};
script = ''
cd /tmp
git clone https://github.com/hotheadhacker/seedbox-lite.git && cd seedbox-lite/client || cd seedbox-lite/client
podman build -t compose2nix/seedbox-frontend --build-arg VITE_API_BASE_URL=http://localhost:${toString bport} .
'';
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-seedbox-lite-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = ["multi-user.target"];
};
};
} }