feat(home): replace gonic with navidrome, add aonsoku

author: spl3g <spleefer6@yandex.ru> 2025-10-27 23:38:17 +0300
committer: spl3g <spleefer6@yandex.ru> 2025-10-27 23:38:17 +0300
commit: e651a030805306fee68f57d2f432633afcc79e1b (patch)
tree: 11a65179e722dbe22e94ce65fd409d165f42fa46 /nixos/server
parent: e6f739deb5369556f2895b523ffa1b02b74c60b1 (diff)
1 files changed, 57 insertions, 36 deletions
diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix
index e921491..4fdb3ec 100644
--- a/nixos/server/configuration.nix
+++ b/nixos/server/configuration.nix
@@ -4,8 +4,9 @@
   pkgs,
   config,
   ...
-}:
-{
+}: let
+  domain = "kcu.su";
+in {
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
     (modulesPath + "/profiles/qemu-guest.nix")
@@ -30,9 +31,10 @@
 
   services.openssh.enable = true;
 
-  environment.systemPackages = map lib.lowPrio [
-    pkgs.curl
-    pkgs.gitMinimal
+  environment.systemPackages = with pkgs; [
+    curl
+    gitMinimal
+    beets
   ];
 
   users.users = {
@@ -62,8 +64,8 @@
 
   networking.hostName = "ltrr-home";
   networking.firewall = {
-    allowedTCPPorts = [ 80 5030 2049 ];
-    allowedUDPPorts = [ 51820 ];
+    allowedTCPPorts = [80 5030 2049];
+    allowedUDPPorts = [51820];
   };
 
   security.acme = {
@@ -73,7 +75,7 @@
 
   nginx = {
     enable = true;
-    domain = "kcu.su";
+    domain = domain;
 
     recommendedProxySettings = false;
     subdomains = {
@@ -91,29 +93,28 @@
           proxy_send_timeout   600s;
           send_timeout         600s;
         '';
-
       };
 
-      "music".proxyPass = "http://127.0.0.1:4747";
+      "music".proxyPass = "http://127.0.0.1:5692";
+      "navidrome".proxyPass = "http://127.0.0.1:4533";
       "files".proxyPass = "http://127.0.0.1:${toString config.services.filebrowser.settings.port}";
       "track".proxyPass = "http://127.0.0.1:7093";
     };
   };
 
-  
-  sops.secrets.wg_private_key = {
+  sops.secrets.wg-private-key = {
     restartUnits = ["wg-quick-wg0.service"];
   };
   networking.wg-quick = {
     interfaces.wg0 = {
-      address = [ "10.1.1.2/32" ];
+      address = ["10.1.1.2/32"];
       listenPort = 51820;
 
-      privateKeyFile = config.sops.secrets.wg_private_key.path;
+      privateKeyFile = config.sops.secrets.wg-private-key.path;
 
       peers = [
         {
-          endpoint = "kcu.su:51820";
+          endpoint = "${domain}:51820";
           publicKey = "1RwEOL8br97Mujhz3fkfYKcxUFNHYAmt5JbWTbR3ihE=";
           allowedIPs = ["10.1.1.1/32"];
           persistentKeepalive = 25;
@@ -122,10 +123,10 @@
     };
   };
 
-
   services.tailscale.enable = true;
 
-  users.users.filebrowser.extraGroups = [ "music" "images" ];
+  users.users.filebrowser.extraGroups = ["music" "images"];
+  systemd.services.filebrowser.serviceConfig.SupplementaryGroups = ["music" "images"];
   services.filebrowser = {
     enable = true;
     group = "files";
@@ -134,50 +135,70 @@
       port = 9337;
     };
   };
-  
+
   systemd.tmpfiles.rules = [
     "d /srv/files/slskd 0740 slskd music"
     "d /opt/traggo/data"
     "d /var/lib/traggo"
   ];
-  users.users.slskd.extraGroups = [ "files" ];
+  users.users.slskd.extraGroups = ["files"];
   services.slskd = {
     enable = true;
     environmentFile = "/var/lib/slskd/env";
     group = "music";
     settings = {
-      shares.directories = [ "/srv/files/music" ];
+      shares.directories = ["/srv/files/music"];
       directories.downloads = "/srv/files/slskd";
     };
     openFirewall = true;
     domain = null;
   };
 
-  gonic = {
+  sops.secrets.navidrome-env = {
+    restartUnits = ["navidrome.service"];
+  };
+  users.users.navidrome.extraGroups = ["files" "music"];
+  services.navidrome = {
     enable = true;
-    extraGroups = ["music" "files"];
-    musicPaths = ["/srv/files/music"];
     settings = {
-      scan-watcher-enabled = true;
+      BaseUrl = "https://navidrome.${domain}";
+      MusicFolder = "/srv/files/music";
+      PlaylistsPath = "playlists";
+      Scanner.PurgeMissing = "always";
+      EnableSharing = true;
     };
+    environmentFile = config.sops.secrets.navidrome-env.path;
   };
 
-  virtualisation.oci-containers.backend = "docker";
-  virtualisation.oci-containers.containers.traggo = {
-    image = "traggo/server";
-    ports = [
-      "127.0.0.1:7093:3030"
-    ];
-    environmentFiles = [ "/var/lib/traggo/env" ];
-    workdir = "/opt/traggo/";
-    volumes = [
-      "/opt/traggo/data:/opt/traggo/data"
-    ];
+  virtualisation.oci-containers.backend = "podman";
+  virtualisation.oci-containers.containers = {
+    aonsoku = {
+      image = "ghcr.io/victoralvesf/aonsoku:latest";
+      ports = [
+        "127.0.0.1:5692:8080"
+      ];
+      environment = {
+        SERVER_URL = "https://navidrome.${domain}";
+        HIDE_SERVER = "true";
+      };
+    };
+
+    traggo = {
+      image = "traggo/server";
+      ports = [
+        "127.0.0.1:7093:3030"
+      ];
+      environmentFiles = ["/var/lib/traggo/env"];
+      workdir = "/opt/traggo/";
+      volumes = [
+        "/opt/traggo/data:/opt/traggo/data"
+      ];
+    };
   };
 
   services.immich = {
     enable = true;
   };
-  
+
   system.stateVersion = "24.05";
 }
author	spl3g <spleefer6@yandex.ru>	2025-10-27 23:38:17 +0300
committer	spl3g <spleefer6@yandex.ru>	2025-10-27 23:38:17 +0300
commit	e651a030805306fee68f57d2f432633afcc79e1b (patch)
tree	11a65179e722dbe22e94ce65fd409d165f42fa46 /nixos/server
parent	e6f739deb5369556f2895b523ffa1b02b74c60b1 (diff)