Modules
<shared>
Common configuration enabled on all hosts.
Alerts:
- A zpool is in "degraded" status (alertmanager)
Options:
Declared in: shared/default.nix
bookdb
bookdb is a webapp to keep track of all my books, with a public instance on bookdb.barrucadu.co.uk.
bookdb uses a containerised elasticsearch database, it also stores uploaded book cover images.
Backups: the elasticsearch database and uploaded files.
Erase your darlings: overrides the dataDir
.
Options:
nixfiles.bookdb.dataDir
nixfiles.bookdb.elasticsearchPort
nixfiles.bookdb.elasticsearchTag
nixfiles.bookdb.enable
nixfiles.bookdb.logFormat
nixfiles.bookdb.logLevel
nixfiles.bookdb.port
nixfiles.bookdb.readOnly
nixfiles.bookdb.remoteSync.receive.authorizedKeys
nixfiles.bookdb.remoteSync.receive.enable
nixfiles.bookdb.remoteSync.send.enable
nixfiles.bookdb.remoteSync.send.sshKeyFile
nixfiles.bookdb.remoteSync.send.targets
Declared in: shared/bookdb/default.nix
bookmarks
bookmarks is a webapp to keep track of all my bookmarks, with a public instance on bookmarks.barrucadu.co.uk.
bookmarks uses a containerised elasticsearch database.
Backups: the elasticsearch database.
Options:
nixfiles.bookmarks.elasticsearchPort
nixfiles.bookmarks.elasticsearchTag
nixfiles.bookmarks.enable
nixfiles.bookmarks.logFormat
nixfiles.bookmarks.logLevel
nixfiles.bookmarks.port
nixfiles.bookmarks.readOnly
nixfiles.bookmarks.remoteSync.receive.authorizedKeys
nixfiles.bookmarks.remoteSync.receive.enable
nixfiles.bookmarks.remoteSync.send.enable
nixfiles.bookmarks.remoteSync.send.sshKeyFile
nixfiles.bookmarks.remoteSync.send.targets
Declared in: shared/bookmarks/default.nix
concourse
Concourse CI is a "continuous thing-doer", it's a CI / CD tool. This module sets up a single-user instance, with GitHub authentication.
Concourse uses a containerised postgres database.
Provides a grafana dashboard.
Backups: the postgres database.
Options:
nixfiles.concourse.concourseTag
nixfiles.concourse.enable
nixfiles.concourse.environmentFile
nixfiles.concourse.githubUser
nixfiles.concourse.metricsPort
nixfiles.concourse.port
nixfiles.concourse.postgresTag
nixfiles.concourse.workerScratchDir
Declared in: shared/concourse/default.nix
erase-your-darlings
Wipe /
on boot, inspired by "erase your darlings".
This module is responsible for configuring standard NixOS options and
services, all of my modules have their own erase-your-darlings.nix
file
which makes any changes that they need.
This requires a setting up ZFS in a specific way when first installing NixOS. See the "set up a new host" runbook.
Options:
nixfiles.eraseYourDarlings.barrucaduPasswordFile
nixfiles.eraseYourDarlings.enable
nixfiles.eraseYourDarlings.machineId
nixfiles.eraseYourDarlings.persistDir
nixfiles.eraseYourDarlings.rootSnapshot
Declared in: shared/erase-your-darlings/default.nix
finder
finder is a webapp to read downloaded manga. There is no public deployment.
finder uses a containerised elasticsearch database, and requires read access to the filesystem where manga is stored. It does not manage the manga, only provides an interface to search and read.
The database can be recreated from the manga files, so this module does not include a backup script.
Options:
nixfiles.finder.elasticsearchTag
nixfiles.finder.enable
nixfiles.finder.image
nixfiles.finder.mangaDir
nixfiles.finder.port
Declared in: shared/finder/default.nix
foundryvtt
FoundryVTT is a virtual tabletop to run roleplaying games. It is licensed software and needs to be downloaded after purchase. This module doesn't manage the FoundryVTT program files, only operating it.
The downloaded FoundryVTT program files must be in ''${dataDir}/bin
.
Backups: the data files - this requires briefly stopping the service, so don't schedule backups during game time.
Erase your darlings: overrides the dataDir
.
Options:
Declared in: shared/foundryvtt/default.nix
minecraft
Minecraft Java Edition runner. Supports multiple servers, with mods. This module doesn't manage the Minecraft server files, only operating them.
Yes, I know there's a NixOS minecraft module, but it uses the Minecraft in nixpkgs and only runs one server, whereas I want to run multiple modded servers.
The Minecraft server files must be in ''${dataDir}/{name}
.
This module does not include a backup script. Servers must be backed up independently.
Erase your darlings: overrides the dataDir
.
Options:
nixfiles.minecraft.dataDir
nixfiles.minecraft.enable
nixfiles.minecraft.servers
nixfiles.minecraft.servers.<name>.autoStart
nixfiles.minecraft.servers.<name>.jar
nixfiles.minecraft.servers.<name>.jre
nixfiles.minecraft.servers.<name>.jvmOpts
nixfiles.minecraft.servers.<name>.port
Declared in: shared/minecraft/default.nix
oci-containers
An abstraction over running containers as systemd units, enforcing some good practices:
- Container DNS behaves the same under docker and podman.
- Ports are exposed on
127.0.0.1
, rather than0.0.0.0
. - Volumes are backed up by bind-mounts to the host filesystem.
Switching between using docker or podman for the container runtime should be totally transparent.
Erase your darlings: overrides the volumeBaseDir
.
Options:
nixfiles.oci-containers.backend
nixfiles.oci-containers.pods
nixfiles.oci-containers.pods.<name>.containers
nixfiles.oci-containers.pods.<name>.containers.<name>.autoStart
nixfiles.oci-containers.pods.<name>.containers.<name>.cmd
nixfiles.oci-containers.pods.<name>.containers.<name>.dependsOn
nixfiles.oci-containers.pods.<name>.containers.<name>.environment
nixfiles.oci-containers.pods.<name>.containers.<name>.environmentFiles
nixfiles.oci-containers.pods.<name>.containers.<name>.extraOptions
nixfiles.oci-containers.pods.<name>.containers.<name>.image
nixfiles.oci-containers.pods.<name>.containers.<name>.login.passwordFile
nixfiles.oci-containers.pods.<name>.containers.<name>.login.registry
nixfiles.oci-containers.pods.<name>.containers.<name>.login.username
nixfiles.oci-containers.pods.<name>.containers.<name>.ports
nixfiles.oci-containers.pods.<name>.containers.<name>.ports.*.host
nixfiles.oci-containers.pods.<name>.containers.<name>.ports.*.inner
nixfiles.oci-containers.pods.<name>.containers.<name>.pullOnStart
nixfiles.oci-containers.pods.<name>.containers.<name>.volumes
nixfiles.oci-containers.pods.<name>.containers.<name>.volumes.*.host
nixfiles.oci-containers.pods.<name>.containers.<name>.volumes.*.inner
nixfiles.oci-containers.pods.<name>.containers.<name>.volumes.*.name
nixfiles.oci-containers.pods.<name>.volumeSubDir
nixfiles.oci-containers.volumeBaseDir
Declared in: shared/oci-containers/default.nix
pleroma
Pleroma is a fediverese server.
Pleroma uses a containerised postgres database.
Backups: the postgres database, uploaded files, and custom emojis.
Erase your darlings: transparently stores data on the persistent volume.
Options:
nixfiles.pleroma.adminEmail
nixfiles.pleroma.allowRegistration
nixfiles.pleroma.domain
nixfiles.pleroma.enable
nixfiles.pleroma.faviconPath
nixfiles.pleroma.instanceName
nixfiles.pleroma.notifyEmail
nixfiles.pleroma.port
nixfiles.pleroma.postgresTag
nixfiles.pleroma.secretsFile
Declared in: shared/pleroma/default.nix
resolved
resolved is a recursive DNS server for LAN DNS.
Provides a grafana dashboard.
Options:
nixfiles.resolved.address
nixfiles.resolved.authoritativeOnly
nixfiles.resolved.cacheSize
nixfiles.resolved.enable
nixfiles.resolved.forwardAddress
nixfiles.resolved.hostsDirs
nixfiles.resolved.logFormat
nixfiles.resolved.logLevel
nixfiles.resolved.metricsAddress
nixfiles.resolved.protocolMode
nixfiles.resolved.useDefaultZones
nixfiles.resolved.zonesDirs
Declared in: shared/resolved/default.nix
restic-backups
Manage regular incremental, compressed, and encrypted backups with restic.
Backups are uploaded to the barrucadu-backups-a19c48
B2 bucket.
List all the snapshots with:
nix run .#backups # all snapshots
nix run .#backups -- snapshots --host <hostname> # for a specific host
nix run .#backups -- snapshots --tag <tag> # for a specific tag
Restore a snapshot to <restore-dir>
with:
nix run .#backups restore <snapshot> [<restore-dir>]
If unspecified, the snapshot is restored to /tmp/restic-restore-<snapshot>
.
Alerts:
- Creating or uploading a snapshot fails.
Options:
nixfiles.restic-backups.backups
nixfiles.restic-backups.backups.<name>.cleanupCommand
nixfiles.restic-backups.backups.<name>.paths
nixfiles.restic-backups.backups.<name>.prepareCommand
nixfiles.restic-backups.backups.<name>.startAt
nixfiles.restic-backups.checkRepositoryAt
nixfiles.restic-backups.enable
nixfiles.restic-backups.environmentFile
nixfiles.restic-backups.sudoRules
nixfiles.restic-backups.sudoRules.*.command
nixfiles.restic-backups.sudoRules.*.runAs
Declared in: shared/restic-backups/default.nix
torrents
Transmission is a bittorrent client. This module configures it along with a web UI.
This module does not include a backup script. Torrented files must be backed up independently.
Erase your darlings: transparently stores session data on the persistent volume.
Options:
nixfiles.torrents.downloadDir
nixfiles.torrents.enable
nixfiles.torrents.group
nixfiles.torrents.logLevel
nixfiles.torrents.openFirewall
nixfiles.torrents.peerPort
nixfiles.torrents.rpcPort
nixfiles.torrents.stateDir
nixfiles.torrents.user
nixfiles.torrents.watchDir
Declared in: shared/torrents/default.nix
umami
umami is a web analytics tool.
umami uses a containerised postgres database.
Backups: the postgres database.
Options:
nixfiles.umami.enable
nixfiles.umami.environmentFile
nixfiles.umami.port
nixfiles.umami.postgresTag
nixfiles.umami.umamiTag
Declared in: shared/umami/default.nix