move base data dir

nixos/common/global/secrets/rekeyed/viridian/ad2e226886559938be8ab210a35772b1-wiki-js.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 KTkZog 7QJNbtDdO9LpwTDNgeaEtm4KTONs5Hgukenu2AL6dSY
+l7Nz7xlPLUmYWxbL2tcUT/pgaoZUcGppKaUzoSDty7g
+-> PLN-grease
+KPAHJevjQIdgSu1kVhcefi2Y6aNgqaqhKXS0D3QWBFlSk7Kr8YQw2dDFpFW7fH/1
+9tvZZz5hJe+sJA
+--- ZiUHAguNDc75YzOTCuWOz3HEAyA6KrWZJvWB/bLDJw8
+P|Öï†ì±Ç6(¢—"¥p3ål‚.éÛ"2½Ša¯Ñ¤TéïB:<3A>«üÜ6i4k¥Âb23`

nixos/viridian/configuration.nix

@@ -15,7 +15,9 @@
     ./services/minecraft
     ./services/mpd
     ./services/paperless-ngx
+    ./services/postgresql
     ./services/traefik
+    ./services/wiki-js
 
     # Multimedia
     ./multimedia/jellyfin

nixos/viridian/hardware-configuration.nix

@@ -57,18 +57,12 @@
     fsType = "ext4";
   };
 
-  fileSystems."/srv/containers" = {
+  fileSystems."/srv/multimedia/containers" = {
     device = "/dev/disk/by-label/data";
     fsType = "btrfs";
     options = ["subvol=containers" "compress=zstd"];
   };
 
-  fileSystems."/srv/services" = {
-    device = "/dev/disk/by-label/data";
-    fsType = "btrfs";
-    options = ["subvol=services" "compress=zstd"];
-  };
-
   fileSystems."/srv/shares" = {
     device = "/dev/disk/by-label/data";
     fsType = "btrfs";

nixos/viridian/multimedia/jellyfin/default.nix

@@ -16,8 +16,8 @@ in {
         # Media library
         "/srv/multimedia/library:/media:ro"
         # Container data
-        "/srv/containers/jellyfin/config:/config:rw"
+        "/srv/multimedia/containers/jellyfin/config:/config:rw"
-        "/srv/containers/jellyfin/cache:/cache:rw"
+        "/srv/multimedia/containers/jellyfin/cache:/cache:rw"
       ];
       environment = {
         PUID = "1000";

nixos/viridian/multimedia/lidarr/default.nix

@@ -13,7 +13,7 @@ in {
         # Media library
         "/srv/multimedia:/data:rw"
         # Container data
-        "/srv/containers/lidarr:/config:rw"
+        "/srv/multimedia/containers/lidarr:/config:rw"
       ];
       environment = {
         PUID = "1000";

nixos/viridian/multimedia/prowlarr/default.nix

@@ -11,7 +11,7 @@ in {
       ];
       volumes = [
         # Container data
-        "/srv/containers/prowlarr:/config:rw"
+        "/srv/multimedia/containers/prowlarr:/config:rw"
       ];
       environment = {
         PUID = "1000";

nixos/viridian/multimedia/qbittorrent/default.nix

@@ -13,7 +13,7 @@ in {
       volumes = [
         # Seedbox
         "/srv/multimedia/torrents:/data/torrents:rw"
-        "/srv/containers/qbittorrent:/config:rw"
+        "/srv/multimedia/containers/qbittorrent:/config:rw"
       ];
       environment = {
         PUID = "1000";

nixos/viridian/multimedia/radarr/default.nix

@@ -13,7 +13,7 @@ in {
         # Media library
         "/srv/multimedia:/data:rw"
         # Container data
-        "/srv/containers/radarr:/config:rw"
+        "/srv/multimedia/containers/radarr:/config:rw"
       ];
       environment = {
         PUID = "1000";

nixos/viridian/multimedia/sonarr/default.nix

@@ -13,7 +13,7 @@ in {
         # Media library
         "/srv/multimedia:/data:rw"
         # Container data
-        "/srv/containers/sonarr:/config:rw"
+        "/srv/multimedia/containers/sonarr:/config:rw"
       ];
       environment = {
         PUID = "1000";

nixos/viridian/services/borgbackup/default.nix

@@ -5,20 +5,27 @@
 
   services.borgbackup.jobs."borgbase" = {
     paths = [
-      # Shares
-      "/srv/shares/sajenim"
       # Services
-      "/srv/services/forgejo"
+      "/srv/minecraft"
-      "/srv/services/immich"
+      "/srv/shares/sajenim"
-      "/srv/services/minecraft"
+      "/srv/www/sajenim.dev"
-      "/srv/services/paperless-ngx"
+      "/var/lib/crowdsec"
-      # Containers
+      "/var/lib/forgejo"
-      "/srv/containers/jellyfin"
+      "/var/lib/immich"
-      "/srv/containers/lidarr"
+      "/var/lib/paperless-ngx"
-      "/srv/containers/prowlarr"
+      "/var/lib/postgresql"
-      "/srv/containers/qbittorrent"
+      "/var/lib/private/wiki-js"
-      "/srv/containers/radarr"
+      "/var/lib/redis-immich"
-      "/srv/containers/sonarr"
+      "/var/lib/redis-paperless"
+      "/var/lib/traefik"
+      "/var/lib/wiki-js"
+      # Multimedia
+      "/srv/multimedia/containers/jellyfin"
+      "/srv/multimedia/containers/lidarr"
+      "/srv/multimedia/containers/prowlarr"
+      "/srv/multimedia/containers/qbittorrent"
+      "/srv/multimedia/containers/radarr"
+      "/srv/multimedia/containers/sonarr"
     ];
 
     repo = "o93k24r6@o93k24r6.repo.borgbase.com:repo";

nixos/viridian/services/forgejo/default.nix

@@ -1,7 +1,7 @@
 {config, ...}: {
   services.forgejo = {
     enable = true;
-    stateDir = "/srv/services/forgejo";
+    stateDir = "/var/lib/forgejo";
     settings = {
       server = {
         DOMAIN = "git.sajenim.dev";
@@ -35,4 +35,14 @@
       {url = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}";}
     ];
   };
+
+  environment.persistence."/persist" = {
+    directories = [
+      {
+        directory = "/var/lib/forgejo";
+        user = "forgejo";
+        group = "forgejo";
+      }
+    ];
+  };
 }

nixos/viridian/services/immich/default.nix

@@ -20,7 +20,7 @@
     port = 5489;
     host = "0.0.0.0";
     openFirewall = true;
-    mediaLocation = "/srv/services/immich/library";
+    mediaLocation = "/var/lib/immich";
     secretsFile = config.age.secrets.immich.path;
     database = {
       enable = true;
@@ -52,4 +52,19 @@
       {url = "http://127.0.0.1:${toString config.services.immich.port}";}
     ];
   };
+
+  environment.persistence."/persist" = {
+    directories = [
+      {
+        directory = "/var/lib/immich";
+        user = "immich";
+        group = "immich";
+      }
+      {
+        directory = "/var/lib/redis-immich";
+        user = "immich";
+        group = "immich";
+      }
+    ];
+  };
 }

nixos/viridian/services/lighttpd/default.nix

@@ -2,7 +2,7 @@
   services.lighttpd = {
     enable = true;
     port = 5624;
-    document-root = "/srv/services/websites/sajenim.dev";
+    document-root = "/srv/www/sajenim.dev";
   };
 
   services.traefik.dynamicConfigOptions.http.routers = {
@@ -24,4 +24,14 @@
       {url = "http://127.0.0.1:${toString config.services.lighttpd.port}";}
     ];
   };
+
+  environment.persistence."/persist" = {
+    directories = [
+      {
+        directory = "/srv/www";
+        user = "lighttpd";
+        group = "lighttpd";
+      }
+    ];
+  };
 }

nixos/viridian/services/minecraft/default.nix

@@ -70,7 +70,7 @@ in {
     };
 
     # Each server will be under a subdirectory named after the server name.
-    dataDir = "/srv/services/minecraft";
+    dataDir = "/srv/minecraft";
 
     # Open firewall for all servers.
     openFirewall = true;
@@ -97,4 +97,14 @@ in {
       {url = "http://127.0.0.1:${toString config.services.minecraft-servers.servers.kanto.serverProperties.server-port}";}
     ];
   };
+
+  environment.persistence."/persist" = {
+    directories = [
+      {
+        directory = "/srv/minecraft";
+        user = "minecraft";
+        group = "minecraft";
+      }
+    ];
+  };
 }

nixos/viridian/services/paperless-ngx/default.nix

@@ -1,5 +1,5 @@
 {config, ...}: let
-  dir = "/srv/services/paperless-ngx";
+  dir = "/var/lib/paperless-ngx";
 in {
   age.secrets.paperless-ngx = {
     rekeyFile = ./password.age;
@@ -34,4 +34,19 @@ in {
       {url = "http://127.0.0.1:${toString config.services.paperless.port}";}
     ];
   };
+
+  environment.persistence."/persist" = {
+    directories = [
+      {
+        directory = "/var/lib/paperless-ngx";
+        user = "paperless";
+        group = "paperless";
+      }
+      {
+        directory = "/var/lib/redis-paperless";
+        user = "redis-paperless";
+        group = "redis-paperless";
+      }
+    ];
+  };
 }

nixos/viridian/services/postgresql/default.nix

@@ -0,0 +1,20 @@
+{pkgs, ...}: {
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_15;
+    settings = {
+      port = 5432;
+    };
+    dataDir = "/var/lib/postgresql/15";
+  };
+
+  environment.persistence."/persist" = {
+    directories = [
+      {
+        directory = "/var/lib/postgresql";
+        user = "postgres";
+        group = "postgres";
+      }
+    ];
+  };
+}

nixos/viridian/services/traefik/default.nix

@@ -98,6 +98,11 @@
                 main = "sajenim.dev";
                 sans = ["*.sajenim.dev"];
               }
+              # Keyboards
+              {
+                main = "sajkbd.io";
+                sans = ["*.sajkbd.io"];
+              }
             ];
           };
         };

nixos/viridian/services/wiki-js/default.nix

@@ -0,0 +1,48 @@
+{config, ...}: {
+  systemd.services.wiki-js = {
+    requires = ["postgresql.service"];
+    after = ["postgresql.service"];
+  };
+
+  services.wiki-js = {
+    enable = true;
+    settings.db = {
+      db = "wiki-js";
+      host = "/run/postgresql";
+      type = "postgres";
+      user = "wiki-js";
+    };
+  };
+
+  services.postgresql = {
+    ensureDatabases = ["wiki-js"];
+    ensureUsers = [
+      {
+        name = "wiki-js";
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+
+  services.traefik.dynamicConfigOptions.http.routers = {
+    wiki-js = {
+      rule = "Host(`wiki.sajkbd.io`)";
+      entryPoints = [
+        "websecure"
+      ];
+      middlewares = [
+        "crowdsec"
+        "geoblock"
+      ];
+      service = "wiki-js";
+    };
+  };
+
+  services.traefik.dynamicConfigOptions.http.services = {
+    wiki-js.loadBalancer.servers = [
+      {url = "http://127.0.0.1:${toString config.services.wiki-js.settings.port}";}
+    ];
+  };
+
+  environment.persistence."/persist".directories = ["/var/lib/wiki-js"];
+}