Modules
<shared>
Common configuration enabled on all hosts.
Alerts:
- A zpool is in "degraded" status (alertmanager)
Options:
Declared in: shared/default.nix
bookdb
bookdb is a webapp to keep track of all my books, with a public instance on bookdb.barrucadu.co.uk.
bookdb uses a containerised elasticsearch database, it also stores uploaded book cover images.
Backups: the elasticsearch database and uploaded files.
Erase your darlings: overrides the dataDir.
Options:
nixfiles.bookdb.dataDirnixfiles.bookdb.elasticsearchPortnixfiles.bookdb.elasticsearchTagnixfiles.bookdb.enablenixfiles.bookdb.logFormatnixfiles.bookdb.logLevelnixfiles.bookdb.portnixfiles.bookdb.readOnly
Declared in: shared/bookdb/default.nix
bookmarks
bookmarks is a webapp to keep track of all my bookmarks, with a public instance on bookmarks.barrucadu.co.uk.
bookmarks uses a containerised elasticsearch database.
Backups: the elasticsearch database.
Options:
nixfiles.bookmarks.elasticsearchPortnixfiles.bookmarks.elasticsearchTagnixfiles.bookmarks.enablenixfiles.bookmarks.logFormatnixfiles.bookmarks.logLevelnixfiles.bookmarks.portnixfiles.bookmarks.readOnly
Declared in: shared/bookmarks/default.nix
concourse
Concourse CI is a "continuous thing-doer", it's a CI / CD tool. This module sets up a single-user instance, with GitHub authentication.
Concourse uses a containerised postgres database.
Provides a grafana dashboard.
Backups: the postgres database.
Options:
nixfiles.concourse.concourseTagnixfiles.concourse.enablenixfiles.concourse.environmentFilenixfiles.concourse.githubUsernixfiles.concourse.metricsPortnixfiles.concourse.portnixfiles.concourse.postgresTagnixfiles.concourse.workerScratchDir
Declared in: shared/concourse/default.nix
erase-your-darlings
Wipe / on boot, inspired by "erase your darlings".
This module is responsible for configuring standard NixOS options and
services, all of my modules have their own erase-your-darlings.nix file
which makes any changes that they need.
This requires a setting up ZFS in a specific way when first installing NixOS. See the "set up a new host" runbook.
Options:
nixfiles.eraseYourDarlings.barrucaduPasswordFilenixfiles.eraseYourDarlings.enablenixfiles.eraseYourDarlings.machineIdnixfiles.eraseYourDarlings.persistDirnixfiles.eraseYourDarlings.rootSnapshot
Declared in: shared/erase-your-darlings/default.nix
finder
finder is a webapp to read downloaded manga. There is no public deployment.
finder uses a containerised elasticsearch database, and requires read access to the filesystem where manga is stored. It does not manage the manga, only provides an interface to search and read.
The database can be recreated from the manga files, so this module does not include a backup script.
Options:
nixfiles.finder.elasticsearchTagnixfiles.finder.enablenixfiles.finder.imagenixfiles.finder.mangaDirnixfiles.finder.port
Declared in: shared/finder/default.nix
foundryvtt
FoundryVTT is a virtual tabletop to run roleplaying games. It is licensed software and needs to be downloaded after purchase. This module doesn't manage the FoundryVTT program files, only operating it.
The downloaded FoundryVTT program files must be in ''${dataDir}/bin.
Backups: the data files - this requires briefly stopping the service, so don't schedule backups during game time.
Erase your darlings: overrides the dataDir.
Options:
Declared in: shared/foundryvtt/default.nix
minecraft
Minecraft Java Edition runner. Supports multiple servers, with mods. This module doesn't manage the Minecraft server files, only operating them.
Yes, I know there's a NixOS minecraft module, but it uses the Minecraft in nixpkgs and only runs one server, whereas I want to run multiple modded servers.
The Minecraft server files must be in ''${dataDir}/{name}.
This module does not include a backup script. Servers must be backed up independently.
Erase your darlings: overrides the dataDir.
Options:
nixfiles.minecraft.dataDirnixfiles.minecraft.enablenixfiles.minecraft.serversnixfiles.minecraft.servers.<name>.autoStartnixfiles.minecraft.servers.<name>.jarnixfiles.minecraft.servers.<name>.jrenixfiles.minecraft.servers.<name>.jvmOptsnixfiles.minecraft.servers.<name>.port
Declared in: shared/minecraft/default.nix
oci-containers
An abstraction over running containers as systemd units, enforcing some good practices:
- Container DNS behaves the same under docker and podman.
- Ports are exposed on
127.0.0.1, rather than0.0.0.0. - Volumes are backed up by bind-mounts to the host filesystem.
Switching between using docker or podman for the container runtime should be totally transparent.
Erase your darlings: overrides the volumeBaseDir.
Options:
nixfiles.oci-containers.backendnixfiles.oci-containers.podsnixfiles.oci-containers.pods.<name>.containersnixfiles.oci-containers.pods.<name>.containers.<name>.autoStartnixfiles.oci-containers.pods.<name>.containers.<name>.cmdnixfiles.oci-containers.pods.<name>.containers.<name>.dependsOnnixfiles.oci-containers.pods.<name>.containers.<name>.environmentnixfiles.oci-containers.pods.<name>.containers.<name>.environmentFilesnixfiles.oci-containers.pods.<name>.containers.<name>.extraOptionsnixfiles.oci-containers.pods.<name>.containers.<name>.imagenixfiles.oci-containers.pods.<name>.containers.<name>.login.passwordFilenixfiles.oci-containers.pods.<name>.containers.<name>.login.registrynixfiles.oci-containers.pods.<name>.containers.<name>.login.usernamenixfiles.oci-containers.pods.<name>.containers.<name>.portsnixfiles.oci-containers.pods.<name>.containers.<name>.ports.*.hostnixfiles.oci-containers.pods.<name>.containers.<name>.ports.*.innernixfiles.oci-containers.pods.<name>.containers.<name>.pullOnStartnixfiles.oci-containers.pods.<name>.containers.<name>.volumesnixfiles.oci-containers.pods.<name>.containers.<name>.volumes.*.hostnixfiles.oci-containers.pods.<name>.containers.<name>.volumes.*.innernixfiles.oci-containers.pods.<name>.containers.<name>.volumes.*.namenixfiles.oci-containers.pods.<name>.volumeSubDirnixfiles.oci-containers.volumeBaseDir
Declared in: shared/oci-containers/default.nix
pleroma
Pleroma is a fediverese server.
Pleroma uses a containerised postgres database.
Backups: the postgres database, uploaded files, and custom emojis.
Erase your darlings: transparently stores data on the persistent volume.
Options:
nixfiles.pleroma.adminEmailnixfiles.pleroma.allowRegistrationnixfiles.pleroma.domainnixfiles.pleroma.enablenixfiles.pleroma.faviconPathnixfiles.pleroma.instanceNamenixfiles.pleroma.notifyEmailnixfiles.pleroma.portnixfiles.pleroma.postgresTagnixfiles.pleroma.secretsFile
Declared in: shared/pleroma/default.nix
resolved
resolved is a recursive DNS server for LAN DNS.
Provides a grafana dashboard.
Options:
nixfiles.resolved.addressnixfiles.resolved.authoritativeOnlynixfiles.resolved.cacheSizenixfiles.resolved.enablenixfiles.resolved.forwardAddressnixfiles.resolved.hostsDirsnixfiles.resolved.logFormatnixfiles.resolved.logLevelnixfiles.resolved.metricsAddressnixfiles.resolved.protocolModenixfiles.resolved.useDefaultZonesnixfiles.resolved.zonesDirs
Declared in: shared/resolved/default.nix
restic-backups
Manage regular incremental, compressed, and encrypted backups with restic.
Backups are uploaded to the barrucadu-backups-a19c48 B2 bucket.
List all the snapshots with:
nix run .#backups # all snapshots
nix run .#backups -- snapshots --host <hostname> # for a specific host
nix run .#backups -- snapshots --tag <tag> # for a specific tag
Restore a snapshot to <restore-dir> with:
nix run .#backups restore <snapshot> [<restore-dir>]
If unspecified, the snapshot is restored to /tmp/restic-restore-<snapshot>.
Alerts:
- Creating or uploading a snapshot fails.
Options:
nixfiles.restic-backups.backupsnixfiles.restic-backups.backups.<name>.cleanupCommandnixfiles.restic-backups.backups.<name>.pathsnixfiles.restic-backups.backups.<name>.prepareCommandnixfiles.restic-backups.backups.<name>.startAtnixfiles.restic-backups.checkRepositoryAtnixfiles.restic-backups.enablenixfiles.restic-backups.environmentFilenixfiles.restic-backups.sudoRulesnixfiles.restic-backups.sudoRules.*.commandnixfiles.restic-backups.sudoRules.*.runAs
Declared in: shared/restic-backups/default.nix
rtorrent
rTorrent is a bittorrent client. This module configures it in a way appropriate for private trackers.
This module does not include a backup script. Torrented files must be backed up independently.
Erase your darlings: transparently stores session data and logs on the persistent volume.
Options:
nixfiles.rtorrent.downloadDirnixfiles.rtorrent.enablenixfiles.rtorrent.flood.enablenixfiles.rtorrent.flood.portnixfiles.rtorrent.logLevelsnixfiles.rtorrent.openFirewallnixfiles.rtorrent.portRange.fromnixfiles.rtorrent.portRange.tonixfiles.rtorrent.usernixfiles.rtorrent.watchDir
Declared in: shared/rtorrent/default.nix
umami
umami is a web analytics tool.
umami uses a containerised postgres database.
Backups: the postgres database.
Options:
nixfiles.umami.enablenixfiles.umami.environmentFilenixfiles.umami.portnixfiles.umami.postgresTagnixfiles.umami.umamiTag
Declared in: shared/umami/default.nix