bartronx7/guix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server config init from guix-confs

Browse source
This commit is contained in:
bart 2025-11-01 08:44:41 -05:00
commit 835fb85c25
5 changed files with 510 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
docs_luks_notes.txt Normal file
View file

@ -0,0 +1,57 @@
# cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sdc /etc/cryptkey
# cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sde /etc/cryptkey
cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sdc -
cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sde -
cryptsetup luksHeaderBackup --header-backup-file ~/sde.header.bak /dev/sde
cryptsetup luksHeaderBackup --header-backup-file ~/sdc.header.bak /dev/sdc
/etc/crypttab
doc1 UUID=dcfc1a1e-7920-43e4-a55a-e841fb23a389 /etc/cryptkey luks,noearly #,discard (for SSDs)
doc2 UUID=8445e3f9-4c73-4726-966b-1b8ec8fa9675 /etc/cryptkey luks,noearly #,discard (for SSDs)
/dev/sde: UUID="cf6bafca-b225-46ca-8dfc-b82fb6ab5560" TYPE="crypto_LUKS"
/dev/sdc: UUID="05f833fb-1c68-4453-9df5-68a454f59845" TYPE="crypto_LUKS"
# cryptsetup open --key-file=/etc/cryptkey --type luks /dev/sde doc1
# cryptsetup open --key-file=/etc/cryptkey --type luks /dev/sdc doc2
cryptsetup open --type luks /dev/sde doc1
cryptsetup open --type luks /dev/sdc doc2
mkfs.btrfs -f -L docs -m raid1 -d raid1 /dev/mapper/doc1 /dev/mapper/doc2
Label: docs
UUID: 2ae0eae2-bc13-4dbc-baa7-6e902847e0a6
Node size: 16384
Sector size: 4096
Filesystem size: 1.82TiB
Block group profiles:
Data: RAID1 1.00GiB
Metadata: RAID1 1.00GiB
System: RAID1 8.00MiB
SSD detected: no
Zoned device: no
Incompat features: extref, skinny-metadata, no-holes, free-space-tree
Runtime features: free-space-tree
Checksum: crc32c
Number of devices: 2
Devices:
ID SIZE PATH
1 931.51GiB /dev/mapper/doc1
2 931.51GiB /dev/mapper/doc2
mount -t btrfs -o defaults,noatime,compress=zstd -L docs /docs
sudo blkid /dev/mapper/doc1
/dev/mapper/doc1: LABEL="docs" UUID="cd4efb2f-a791-41de-8f19-65baf747c57c" UUID_SUB="c0356a61-57e8-4f1e-b9cb-7ca16c5e8c0b" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/mapper/doc1: LABEL="docs" UUID="cd4efb2f-a791-41de-8f19-65baf747c57c" UUID_SUB="c0356a61-57e8-4f1e-b9cb-7ca16c5e8c0b" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/mapper/doc2: LABEL="docs" UUID="cd4efb2f-a791-41de-8f19-65baf747c57c" UUID_SUB="d3266122-df77-49e6-be86-4bb6226e96df" BLOCK_SIZE="4096" TYPE="btrfs"

70
server/caddy/Caddyfile Normal file
View file

@ -0,0 +1,70 @@
{
debug
}
*.akeley.tech {
tls {
dns namecheap {
api_key af43a35060854eb98fd0c0837113a384
user bakeley
api_endpoint https://api.namecheap.com/xml.response
# client_ip 70.112.209.162
client_ip 172.58.55.28
}
}
@actual host actual.akeley.tech
handle @actual {
reverse_proxy actual:5006
}
@miniflux host miniflux.akeley.tech
handle @miniflux {
reverse_proxy miniflux:8080
}
@forgejo host forgejo.akeley.tech
handle @forgejo {
reverse_proxy forgejo:3000
}
@plex host plex.akeley.tech
handle @plex {
reverse_proxy plex:32400
}
@jellyfin host jellyfin.akeley.tech
handle @jellyfin {
reverse_proxy jellyfin:8096
}
@sonarr host sonarr.akeley.tech
handle @sonarr {
reverse_proxy sonarr:8989
}
@radarr host radarr.akeley.tech
handle @radarr {
reverse_proxy radarr:7878
}
@prowlarr host prowlarr.akeley.tech
handle @prowlarr {
reverse_proxy prowlarr:9696
}
@nzbget host nzbget.akeley.tech
handle @nzbget {
reverse_proxy nzbget:6789
}
@sftp host sftp.akeley.tech
handle @sftp {
reverse_proxy sftpgo:8080
}
@immich host immich.akeley.tech
handle @immich {
reverse_proxy immich-server:2283
}
}

8
server/caddy/Dockerfile Normal file
View file

@ -0,0 +1,8 @@
FROM caddy:2.9-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/namecheap
FROM caddy:2.9
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

318
server/config.scm Normal file
View file

@ -0,0 +1,318 @@
;; Indicate which modules to import to access the variables
;; used in this configuration.
(use-modules (gnu))
(use-package-modules databases)
(use-service-modules cups desktop networking ssh xorg docker dbus databases)
(operating-system
(locale "en_US.utf8")
(timezone "America/Chicago")
(keyboard-layout (keyboard-layout "us"))
(host-name "excellon")
;; The list of user accounts ('root' is implicit).
(users
(cons* (user-account
(name "bartronx7")
(comment "bartronx7")
(group "users")
(home-directory "/home/bartronx7")
(supplementary-groups '("wheel" "netdev" "audio" "video" "docker")))
%base-user-accounts))
;; Below is the list of system services. To search for available
;; services, run 'guix system search KEYWORD' in a terminal.
(services
(append (list
;; To configure OpenSSH, pass an 'openssh-configuration'
;; record as a second argument to 'service' below.
(service openssh-service-type)
(service dhcp-client-service-type)
(service ntp-service-type)
(service elogind-service-type
(elogind-configuration (handle-suspend-key 'ignore)))
(service dbus-root-service-type)
(service containerd-service-type)
(service docker-service-type (docker-configuration
(environment-variables (list
"TMPDIR=/tmp/dockerd"))))
(service oci-container-service-type (list
(oci-container-configuration
(image "localhost:5000/caddy:latest")
(provision "caddy")
(respawn? #t)
(network "sandbox")
(ports '(
("80" . "80")
("443" . "443")))
(environment (list
'("NAMECHEAP_API_KEY" . "af43a35060854eb98fd0c0837113a384")
'("NAMECHEAP_API_USER" . "bakeley")
'("PUBLIC_IP" . "70.112.209.162")))
(volumes (list
'("/data/docker/volumes/caddy/Caddyfile" . "/etc/caddy/Caddyfile")
'("/data/docker/volumes/caddy/data" . "/data")
'("/data/docker/volumes/caddy/config" . "/config"))))
(oci-container-configuration
(image "docker.io/actualbudget/actual-server:latest")
(provision "actual")
(network "sandbox")
(ports '(
("5006" . "5006")))
(volumes (list
'("/data/docker/volumes/actual/data" . "/data"))))
(oci-container-configuration
(image "miniflux/miniflux:latest")
(provision "miniflux")
(network "sandbox")
(requirement '(miniflux-db))
(ports '(
("8081" . "8080")))
(environment (list
'("DATABASE_URL" . "postgres://miniflux:99uskas0_l@miniflux-db/miniflux?sslmode=disable")
'("RUN_MIGRATIONS" . "1")
'("CREATE_ADMIN" . "1")
'("ADMIN_USERNAME" . "admin")
'("ADMIN_PASSWORD" . "982#@2gGGHjf"))))
(oci-container-configuration
(image "docker.io/postgres:17-alpine")
(provision "miniflux-db")
(network "sandbox")
(ports '(
("5432" . "5432")))
(environment (list
'("POSTGRES_USER" . "miniflux")
'("POSTGRES_PASSWORD" . "99uskas0_l")
'("POSTGRES_DB" . "miniflux")))
(volumes (list
'("/data/docker/volumes/miniflux_db" . "/var/lib/postgresql/data"))))
(oci-container-configuration
(image "codeberg.org/forgejo/forgejo:10")
(provision "forgejo")
(network "sandbox")
(ports '(
("3000" . "3000")
("2222" . "22")))
(environment (list
'("USER_UID" . "1000")
'("USER_GID" . "1000")))
(volumes (list
'("/data/docker/volumes/forgejo" . "/data")
'("/etc/timezone" . "/etc/timezone:ro")
'("/etc/localtime" . "/etc/localtime:ro"))))
(oci-container-configuration
(image "packetriot/pktriot:latest")
(provision "pktriot")
(respawn? #t)
(network "sandbox")
(volumes (list
'("/data/docker/volumes/pktriot" . "/data:rw"))))
(oci-container-configuration
(image "plexinc/pms-docker")
(provision "plex")
(network "sandbox")
(extra-arguments '("--device=/dev/dvb"))
(ports '(
("32400" . "32400")
("8324" . "8324")
("32469" . "32469")
("1900" . "1900")
("32410" . "32410")
("32412" . "32412")
("32413" . "32413")
("32414" . "32414")))
(environment (list
'("TZ" . "America/Chicago")
'("PLEX_CLAIM:" . "claim-7-N1LVT5AMco6ayhy4Tm")
'("ADVERTISE_IP:" . "http://192.168.1.3:32400/")))
(volumes (list
'("/data/docker/volumes/plex/config" . "/config")
'("/data/docker/volumes/plex/transcode" . "/transcode")
'("/data" . "/data:rw"))))
(oci-container-configuration
(image "jellyfin/jellyfin:latest")
(provision "jellyfin")
(network "sandbox")
(ports '(
("8096" . "8096")))
(volumes (list
'("/data/docker/volumes/jellyfin/config" . "/config")
'("/data/docker/volumes/jellyfin/cache" . "/cache")
'("/data/shows" . "/shows")
'("/data/movies" . "/movies")
'("/data/music" . "/music"))))
(oci-container-configuration
(image "lscr.io/linuxserver/sonarr:latest")
(provision "sonarr")
(requirement '(prowlarr))
(network "sandbox")
(ports '(
("8989" . "8989")))
(environment (list
'("PUID" . "1000")
'("PGID" . "1000")
'("TZ" . "US/America/Chicago")))
(volumes (list
'("/data/docker/volumes/sonarr/config" . "/config")
'("/data/shows" . "/data/shows")
'("/data/downloads" . "/data/downloads"))))
(oci-container-configuration
(image "ghcr.io/hotio/radarr:latest")
(provision "radarr")
(requirement '(prowlarr))
(network "sandbox")
(ports '(
("7878" . "7878")))
(environment (list
'("PUID" . "1000")
'("PGID" . "1000")
'("UMASK" . "002")
'("TZ" . "US/America/Chicago")))
(volumes (list
'("/data/docker/volumes/radarr/config" . "/config")
'("/data/downloads" . "/data/downloads")
'("/data/movies" . "/data/movies"))))
(oci-container-configuration
(image "ghcr.io/hotio/prowlarr:latest")
(provision "prowlarr")
(network "sandbox")
(ports '(
("9696" . "9696")))
(environment (list
'("PUID" . "1000")
'("PGID" . "1000")
'("TZ" . "US/America/Chicago")))
(volumes (list
'("/data/docker/volumes/prowlarr/config" . "/config"))))
(oci-container-configuration
(image "ghcr.io/hotio/nzbget:latest")
(provision "nzbget")
(network "sandbox")
(ports '(
("6789" . "6789")))
(environment (list
'("PUID" . "1000")
'("PGID" . "1000")
'("UMASK" . "002")
'("TZ" . "US/America/Chicago")))
(volumes (list
'("/data/docker/volumes/nzbget/config" . "/config")
'("/data/downloads" . "/data/downloads")
'("/data/movies" . "/data/movies")
'("/data/shows" . "/data/shows"))))
(oci-container-configuration
(image "drakkan/sftpgo:latest")
(provision "sftpgo")
(network "sandbox")
(ports '(
("8082" . "8080")
("2022" . "2022")))
(volumes (list
'("/data/movies" . "/movies")
'("/data/shows" . "/shows")
'("/data/music" . "/music")
'("/data/pictures" . "/pictures"))))
(oci-container-configuration
(image "ghcr.io/immich-app/immich-server:release")
(provision "immich-server")
(network "sandbox")
(requirement '(immich-redis immich-postgres))
(volumes (list
'("/data/docker/volumes/immich/server" . "/data")
'("/data/docker/volumes/immich/pgdata" . "/db")
'("/data/pictures" . "/pictures")
'("/etc/localtime" . "/etc/localtime")
))
(environment (list
'("DB_DATA_LOCATION" . "/db")
'("DB_HOSTNAME" . "immich-postgres")
'("DB_DATABASE_NAME" . "immich")
'("DB_USERNAME" . "immich")
'("DB_PASSWORD" . "i7_qpV3$0o")
'("REDIS_HOSTNAME" . "immich-redis")))
(ports '(
("2283" . "2283"))))
(oci-container-configuration
(image "ghcr.io/immich-app/immich-machine-learning:release")
(provision "immich-ml")
(network "sandbox")
(respawn? #t)
(volumes (list
'("/data/docker/volumes/immich/ml/cache" . "/cache"))))
(oci-container-configuration
(image "docker.io/valkey/valkey:8-bookworm")
(provision "immich-redis")
(network "sandbox")
(respawn? #t)
(volumes (list
'("/data/docker/volumes/immich/valkey" . "/data"))))
(oci-container-configuration
(image "ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0")
(provision "immich-postgres")
(network "sandbox")
(respawn? #t)
(environment (list
'("POSTGRES_PASSWORD" . "i7_qpV3$0o")
'("POSTGRES_USER" . "immich")
'("POSTGRES_DB" . "immich")
'("POSTGRES_INITDB_ARGS" . "--data-checksums")
'("DB_STORAGE_TYPE" . "HDD")))
(volumes (list
'("/data/docker/volumes/immich/pgdata" . "/var/lib/postgresql/data"))))
))) %base-services))
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(targets (list "/dev/sda"))
(keyboard-layout keyboard-layout)))
;; The devices that make up the luks "docs" labelled filesystem
(mapped-devices
(list (mapped-device
(source (uuid "cf6bafca-b225-46ca-8dfc-b82fb6ab5560"))
(target "doc1")
(type luks-device-mapping))
(mapped-device
(source (uuid "05f833fb-1c68-4453-9df5-68a454f59845"))
(target "doc2")
(type luks-device-mapping))))
;; The list of file systems that get "mounted". The unique
;; file system identifiers there ("UUIDs") can be obtained
;; by running 'blkid' in a terminal.
(file-systems
(cons* (file-system
(mount-point "/")
(device (file-system-label "guixos"))
(type "btrfs"))
(file-system
(mount-point "/data")
(device (file-system-label "datapool"))
(type "btrfs"))
(file-system
(mount-point "/docs")
(device "/dev/mapper/doc1")
(type "btrfs"))
%base-file-systems)))

57
server/docs_luks_notes.txt Normal file
View file

@ -0,0 +1,57 @@
# cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sdc /etc/cryptkey
# cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sde /etc/cryptkey
cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sdc -
cryptsetup -v -c aes-xts-plain64 -h sha512 -s 512 luksFormat /dev/sde -
cryptsetup luksHeaderBackup --header-backup-file ~/sde.header.bak /dev/sde
cryptsetup luksHeaderBackup --header-backup-file ~/sdc.header.bak /dev/sdc
/etc/crypttab
doc1 UUID=dcfc1a1e-7920-43e4-a55a-e841fb23a389 /etc/cryptkey luks,noearly #,discard (for SSDs)
doc2 UUID=8445e3f9-4c73-4726-966b-1b8ec8fa9675 /etc/cryptkey luks,noearly #,discard (for SSDs)
/dev/sde: UUID="cf6bafca-b225-46ca-8dfc-b82fb6ab5560" TYPE="crypto_LUKS"
/dev/sdc: UUID="05f833fb-1c68-4453-9df5-68a454f59845" TYPE="crypto_LUKS"
# cryptsetup open --key-file=/etc/cryptkey --type luks /dev/sde doc1
# cryptsetup open --key-file=/etc/cryptkey --type luks /dev/sdc doc2
cryptsetup open --type luks /dev/sde doc1
cryptsetup open --type luks /dev/sdc doc2
mkfs.btrfs -f -L docs -m raid1 -d raid1 /dev/mapper/doc1 /dev/mapper/doc2
Label: docs
UUID: 2ae0eae2-bc13-4dbc-baa7-6e902847e0a6
Node size: 16384
Sector size: 4096
Filesystem size: 1.82TiB
Block group profiles:
Data: RAID1 1.00GiB
Metadata: RAID1 1.00GiB
System: RAID1 8.00MiB
SSD detected: no
Zoned device: no
Incompat features: extref, skinny-metadata, no-holes, free-space-tree
Runtime features: free-space-tree
Checksum: crc32c
Number of devices: 2
Devices:
ID SIZE PATH
1 931.51GiB /dev/mapper/doc1
2 931.51GiB /dev/mapper/doc2
mount -t btrfs -o defaults,noatime,compress=zstd -L docs /docs
sudo blkid /dev/mapper/doc1
/dev/mapper/doc1: LABEL="docs" UUID="cd4efb2f-a791-41de-8f19-65baf747c57c" UUID_SUB="c0356a61-57e8-4f1e-b9cb-7ca16c5e8c0b" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/mapper/doc1: LABEL="docs" UUID="cd4efb2f-a791-41de-8f19-65baf747c57c" UUID_SUB="c0356a61-57e8-4f1e-b9cb-7ca16c5e8c0b" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/mapper/doc2: LABEL="docs" UUID="cd4efb2f-a791-41de-8f19-65baf747c57c" UUID_SUB="d3266122-df77-49e6-be86-4bb6226e96df" BLOCK_SIZE="4096" TYPE="btrfs"