mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

kek

Browse Source
This commit is contained in:
mjallen18
2026-04-01 13:21:25 -05:00
parent 57fa32bf9c
commit 03f6b730cf
13 changed files with 112 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -71,7 +71,7 @@ A powerful AMD-based desktop with gaming capabilities, featuring:
### NAS ### NAS
A home server with various self-hosted services: A home server with various self-hosted services:
- Media management (Jellyfin, Jellyseerr) - Media management (Jellyfin, seerr)
- Download automation (Sonarr, Radarr, etc.) - Download automation (Sonarr, Radarr, etc.)
- Document management (Paperless) - Document management (Paperless)
- File sharing (Samba, Nextcloud) - File sharing (Samba, Nextcloud)

2
docs/modules/README.md
View File

@@ -140,7 +140,7 @@ mjallen.services.jellyfin = {
Available services: Available services:
`actual`, `ai`, `appimage`, `arrs`, `attic`, `authentik`, `authentikRac`, `booklore`, `caddy`, `calibre`, `calibre-web`, `cockpit`, `code-server`, `collabora`, `coturn`, `crowdsec`, `dispatcharr`, `free-games-claimer`, `gitea`, `glance`, `glances`, `grafana`, `guacd`, `headscale`, `immich`, `jellyfin`, `jellyseerr`, `lubelogger`, `manyfold`, `matrix`, `minecraft`, `mongodb`, `nebula`, `netbootxyz`, `nextcloud`, `ntfy`, `onlyoffice`, `opencloud`, `orca`, `paperless`, `paperless-ai`, `protonmail-bridge`, `restic`, `samba`, `sparky-fitness`, `sparky-fitness-server`, `sunshine`, `tdarr`, `termix`, `tunarr`, `unmanic`, `uptime-kuma`, `wyoming`, `your-spotify` `actual`, `ai`, `appimage`, `arrs`, `attic`, `authentik`, `authentikRac`, `booklore`, `caddy`, `calibre`, `calibre-web`, `cockpit`, `code-server`, `collabora`, `coturn`, `crowdsec`, `dispatcharr`, `free-games-claimer`, `gitea`, `glance`, `glances`, `grafana`, `guacd`, `headscale`, `immich`, `jellyfin`, `seerr`, `lubelogger`, `manyfold`, `matrix`, `minecraft`, `mongodb`, `nebula`, `netbootxyz`, `nextcloud`, `ntfy`, `onlyoffice`, `opencloud`, `orca`, `paperless`, `paperless-ai`, `protonmail-bridge`, `restic`, `samba`, `sparky-fitness`, `sparky-fitness-server`, `sunshine`, `tdarr`, `termix`, `tunarr`, `unmanic`, `uptime-kuma`, `wyoming`, `your-spotify`
#### Nebula VPN (`services/nebula/`) #### Nebula VPN (`services/nebula/`)

90
docs/services.md Normal file
View File

@@ -0,0 +1,90 @@
# Services
All services are derived from `lib.mjallen.network` (`lib/network/default.nix`).
Domain: `mjallen.dev`
Services are grouped by host. The **URL** column is only present when a reverse proxy
is configured (i.e. `reverseProxy.enable = true`) or a well-known public URL exists.
Services without a public URL are accessible only on the LAN or internally.
---
## NAS (`jallen-nas` — `10.0.1.3`)
| Service | Enabled | Port | URL |
|---------|---------|------|-----|
| actual | No | 3333 | https://actual.mjallen.dev |
| ai (Ollama + llama.cpp + Open-WebUI) | Yes | 8127 / 11434 / various | https://chat.mjallen.dev |
| arrs (Sonarr + Radarr + SABnzbd) | Yes | 8989 / 7878 / 8280 | — |
| attic | Yes | 9012 | https://cache.mjallen.dev |
| authentik | Yes | 9000 | https://authentik.mjallen.dev |
| authentikRac | Yes | 4823 | — |
| caddy | Yes | 80 / 443 | — |
| calibre | No | 8084 | https://calibre.mjallen.dev |
| calibre-web | No | 8083 | https://calibre-web.mjallen.dev |
| cockpit | Yes | 9091 | — |
| code-server | Yes | 4444 | https://code.mjallen.dev |
| collabora | Yes | 9980 | https://office.mjallen.dev |
| coturn | Yes | 3478 | — |
| crowdsec | Yes | 8181 | — |
| dispatcharr | No | 9191 | https://dispatcharr.mjallen.dev |
| free-games-claimer | No | 6080 | — |
| gitea | Yes | 3000 / SSH 2222 | https://gitea.mjallen.dev |
| glance | Yes | 5555 | https://glance.mjallen.dev |
| glances | Yes | 61208 | https://glances.mjallen.dev |
| grafana | Yes | 9999 | https://grafana.mjallen.dev |
| grimmory | No | 6066 | https://grimmory.mjallen.dev |
| guacd | Yes | 4822 | — |
| headscale | No | 2112 | https://headscale.mjallen.dev |
| immich | Yes | 2283 | https://immich.mjallen.dev |
| jellyfin | Yes | 8096 | https://jellyfin.mjallen.dev |
| seerr | Yes | 5055 | https://seerr.mjallen.dev |
| kavita | Yes | 5000 | — |
| lemonade | No | 8001 | — |
| lubelogger | Yes | 6754 | https://lubelogger.mjallen.dev |
| manyfold | Yes | 3214 | — |
| matrix | Yes | 8448 | https://matrix.mjallen.dev |
| minecraft | No | 25565 | — |
| mongodb | No | 27017 | — |
| nebula | Yes | 4242 | — |
| netbootxyz | No | 4000 | https://netbootxyz.mjallen.dev |
| nextcloud | Yes | 9988 | https://cloud.mjallen.dev |
| ntfy | Yes | 2586 | https://ntfy.mjallen.dev |
| ocis | No | 9200 | — |
| onlyoffice | No | 9943 | — |
| opencloud | No | 9200 | — |
| orca-slicer | No | 3100 | https://orca-slicer.mjallen.dev |
| paperless | Yes | 28981 | — |
| paperless-ai | Yes | 28982 | — |
| protonmail-bridge | Yes | SMTP 1025 / IMAP 1143 | — |
| restic-server | Yes | 8008 | — |
| sparky-fitness (frontend) | Yes | 3004 | https://sparky.mjallen.dev |
| sparky-fitness-server (backend) | Yes | 3010 | — |
| sunshine | Yes | 47989 | — |
| tdarr | No | 8265 / 8266 | https://tdarr.mjallen.dev |
| termix | Yes | 7777 | https://termix.mjallen.dev |
| tunarr | Yes | 8000 | https://tunarr.mjallen.dev |
| unmanic | Yes | 8265 | https://unmanic.mjallen.dev |
| uptime-kuma | Yes | 3001 | — |
| wyoming (Whisper + Piper) | Yes | 10300 / 10200 | — |
---
## NUC (`nuc-nixos` — `10.0.1.4`)
| Service | Enabled | Port | URL |
|---------|---------|------|-----|
| home-assistant | Yes | 8123 | https://hass.mjallen.dev |
| esphome | Yes | 6052 | — |
| otbr (OpenThread Border Router) | Yes | 8880 / REST 8881 | — |
| mosquitto (MQTT) | Yes | 1883 | — |
---
## Pi5 (`pi5` — `10.0.1.2`)
| Service | Enabled | Port | URL |
|---------|---------|------|-----|
| adguard | Yes | 3000 | — |
| nebula (lighthouse) | Yes | 4242 | — |
| dns | Yes | 53 | — |

2
docs/systems/jallen-nas.md
View File

@@ -54,7 +54,7 @@
| Attic | 9012 | Nix binary cache (`cache.mjallen.dev`) | | Attic | 9012 | Nix binary cache (`cache.mjallen.dev`) |
| Immich | 2283 | Photo management | | Immich | 2283 | Photo management |
| Jellyfin | 8096 | Media server | | Jellyfin | 8096 | Media server |
| Jellyseerr | 5055 | Media request manager | | Seerr | 5055 | Media request manager |
| Nextcloud | 9988 | Cloud storage | | Nextcloud | 9988 | Cloud storage |
| Paperless | 28981 | Document management | | Paperless | 28981 | Document management |
| Paperless AI | 28982 | AI-assisted document tagging | | Paperless AI | 28982 | AI-assisted document tagging |

1
homes/x86_64-linux/matt@matt-nixos/default.nix
View File

@@ -181,7 +181,6 @@ in
piper piper
prismlauncher prismlauncher
protontricks protontricks
protonvpn-gui
runelite runelite
smile smile
via via

2
lib/network/default.nix
View File

@@ -129,7 +129,7 @@
headscale = 2112; headscale = 2112;
immich = 2283; immich = 2283;
jellyfin = 8096; jellyfin = 8096;
jellyseerr = 5055; seerr = 5055;
kavita = 5000; kavita = 5000;
llamaCpp = 8127; llamaCpp = 8127;
lubelogger = 6754; lubelogger = 6754;

2
modules/home/home/default.nix
View File

@@ -44,7 +44,7 @@ in
pciutils pciutils
proton-pass-cli proton-pass-cli
proton-vpn-cli proton-vpn-cli
protonvpn-gui proton-vpn
protonup-ng protonup-ng
rsync rsync
smartmontools smartmontools

6
modules/nixos/services/actual/default.nix
View File

@@ -21,17 +21,17 @@ let
settings = { settings = {
trustedProxies = [ config.${namespace}.network.ipv4.address ]; trustedProxies = [ config.${namespace}.network.ipv4.address ];
port = cfg.port; port = cfg.port;
configDir = "${cfg.configDir}/${name}";
serverFiles = "${cfg.configDir}/${name}/server-files"; serverFiles = "${cfg.configDir}/${name}/server-files";
userFiles = "${cfg.configDir}/${name}/user-files"; userFiles = "${cfg.configDir}/${name}/user-files";
dataDir = "${cfg.configDir}/${name}";
}; };
}; };
systemd.services = lib.mkIf cfg.createUser { systemd.services = lib.mkIf cfg.createUser {
actual = { actual = {
environment.ACTUAL_CONFIG_PATH = lib.mkForce "${cfg.configDir}/${name}/config.json"; environment.ACTUAL_CONFIG_PATH = lib.mkForce "/run/actual/config.json";
serviceConfig = { serviceConfig = {
ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config ${cfg.configDir}/${name}/config.json"; ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config /run/actual/config.json";
WorkingDirectory = lib.mkForce "${cfg.configDir}/${name}"; WorkingDirectory = lib.mkForce "${cfg.configDir}/${name}";
StateDirectoryMode = lib.mkForce 700; StateDirectoryMode = lib.mkForce 700;
DynamicUser = lib.mkForce false; DynamicUser = lib.mkForce false;

14
modules/nixos/services/jellyseerr/default.nix
View File

@@ -6,16 +6,16 @@
}: }:
with lib; with lib;
let let
name = "jellyseerr"; name = "seerr";
cfg = config.${namespace}.services.${name}; cfg = config.${namespace}.services.${name};
jellyseerrConfig = lib.${namespace}.mkModule { seerrConfig = lib.${namespace}.mkModule {
inherit config name; inherit config name;
description = "jellyseerr"; description = "seerr";
options = { }; options = { };
moduleConfig = { moduleConfig = {
# Enable jellyseerr service # Enable seerr service
services.jellyseerr = { services.seerr = {
enable = true; enable = true;
port = cfg.port; port = cfg.port;
openFirewall = cfg.openFirewall; openFirewall = cfg.openFirewall;
@@ -23,7 +23,7 @@ let
}; };
systemd.services = { systemd.services = {
jellyseerr = { seerr = {
serviceConfig = { serviceConfig = {
WorkingDirectory = lib.mkForce "${cfg.configDir}/jellyseerr"; WorkingDirectory = lib.mkForce "${cfg.configDir}/jellyseerr";
StateDirectory = lib.mkForce "${cfg.configDir}/jellyseerr"; StateDirectory = lib.mkForce "${cfg.configDir}/jellyseerr";
@@ -37,5 +37,5 @@ let
}; };
in in
{ {
imports = [ jellyseerrConfig ]; imports = [ seerrConfig ];
} }

6
systems/x86_64-linux/jallen-nas/apps.nix
View File

@@ -12,10 +12,10 @@ in
${namespace} = { ${namespace} = {
services = { services = {
actual = { actual = {
enable = false; enable = true;
port = 3333; port = 3333;
createUser = true; createUser = true;
reverseProxy = enabled; reverseProxy = disabled;
hostedService = { hostedService = {
group = "Finance"; group = "Finance";
icon = "si:actualbudget"; icon = "si:actualbudget";
@@ -319,7 +319,7 @@ in
icon = "si:jellyfin"; icon = "si:jellyfin";
}; };
}; };
jellyseerr = { seerr = {
enable = true; enable = true;
port = 5055; port = 5055;
createUser = true; createUser = true;

3
systems/x86_64-linux/jallen-nas/default.nix
View File

@@ -226,6 +226,7 @@ in
shares = { shares = {
"3d_printer".sharePath = "/media/nas/main/documents/3d-models"; "3d_printer".sharePath = "/media/nas/main/documents/3d-models";
Backup.sharePath = "/media/nas/main/backup"; Backup.sharePath = "/media/nas/main/backup";
Books.sharePath = "/media/nas/main/books";
Documents.sharePath = "/media/nas/main/documents"; Documents.sharePath = "/media/nas/main/documents";
isos.sharePath = "/media/nas/main/documents/isos"; isos.sharePath = "/media/nas/main/documents/isos";
app_data.sharePath = "/media/nas/main/appdata"; app_data.sharePath = "/media/nas/main/appdata";
@@ -338,7 +339,7 @@ in
packagekit packagekit
pass pass
protonmail-bridge protonmail-bridge
protonvpn-gui proton-vpn
qrencode qrencode
sbctl sbctl
systemctl-tui systemctl-tui

2
systems/x86_64-linux/jallen-nas/disabled.nix
View File

@@ -39,7 +39,7 @@ in
headscale = mkForce disabled; headscale = mkForce disabled;
immich = mkForce disabled; immich = mkForce disabled;
jellyfin = mkForce disabled; jellyfin = mkForce disabled;
jellyseerr = mkForce disabled; seerr = mkForce disabled;
lubelogger = mkForce disabled; lubelogger = mkForce disabled;
manyfold = mkForce disabled; manyfold = mkForce disabled;
matrix = mkForce disabled; matrix = mkForce disabled;

2
systems/x86_64-linux/jallen-nas/nas-defaults.nix
View File

@@ -56,7 +56,7 @@ in
"headscale" "headscale"
"immich" "immich"
"jellyfin" "jellyfin"
"jellyseerr" "seerr"
"kavita" "kavita"
"lemonade" "lemonade"
"lubelogger" "lubelogger"