mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

stuff lol

Browse Source
This commit is contained in:
mjallen18
2024-12-29 17:30:45 -06:00
parent 161dc2d411
commit 886f1e979b
13 changed files with 302 additions and 391 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.sops.yaml
View File

@@ -1,7 +1,4 @@
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
# for a more complex example.
# See https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
keys:
- &matt age157jemphjzg6zmk373vpccuguyw6e75qnkqmz8pcnn2yue85p939swqqhy0
- &desktop age1jv8ap5zwa49ftv0gg7wqf5ps0e68uuwxe2fekjsn0zkyql964unqyc58rf

1
hosts/desktop/home.nix
View File

@@ -88,6 +88,7 @@ in
papirus-icon-theme
piper
pop-gtk-theme
prismlauncher
protonup
protontricks
protonvpn-gui

6
hosts/nas/apps.nix
View File

@@ -2,8 +2,8 @@
{
imports = [
./apps/arrs
./apps/jellyfin/jellyfin.nix
./apps/jellyseerr/jellyseerr.nix
./apps/jellyfin
./apps/jellyseerr
./apps/nextcloud
./apps/ollama
./apps/paperless
@@ -20,7 +20,7 @@
free-games-claimer.enable = true;
jackett.enable = true;
jackett.enable = false;
manyfold.enable = true;

17
hosts/nas/apps/arrs/default.nix
View File

@@ -4,11 +4,13 @@ let
radarrPort = 7878;
sonarrPort = 8989;
sabnzbdPort = 8280;
jackettPort = 9117;
radarrDataDir = "/var/lib/radarr";
downloadDir = "/downloads";
incompleteDir = "/downloads-incomplete";
sonarrDataDir = "/var/lib/sonarr";
sabnzbdConfig = "/var/lib/sabnzbd";
jackettDir = "/var/lib/jackett/.config/Jackett";
mediaDir = "/media";
arrUserId = config.users.users.nix-apps.uid;
arrGroupId = config.users.groups.jallen-nas.gid;
@@ -78,6 +80,13 @@ in
};
};
services.jackett = {
enable = true;
user = "arrs";
group = "media";
openFirewall = true;
};
# Create required users and groups
users.users.arrs = {
isSystemUser = true;
@@ -161,6 +170,10 @@ in
hostPath = "/media/nas/ssd/ssd_app_data/downloads-incomplete";
isReadOnly = false;
};
"${jackettDir}" = {
hostPath = "/media/nas/ssd/nix-app-data/jackett";
isReadOnly = false;
};
"/media/movies" = {
hostPath = "/media/nas/main/movies";
isReadOnly = false;
@@ -194,6 +207,10 @@ in
destination = "10.0.1.51:8112";
sourcePort = 8112;
}
{
destination = "10.0.1.51:9117";
sourcePort = 9117;
}
];
};
}

188
hosts/nas/apps/jellyfin/default.nix
View File

@@ -1,30 +1,168 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-apps.jellyfin;
in
{
imports = [ ./options.nix ];
config,
pkgs,
lib,
...
}:
config = mkIf cfg.enable {
# let
# jellyfinPort = 8096;
# jellyfinUserId = config.users.users.nix-apps.uid;
# jellyfinGroupId = config.users.groups.jallen-nas.gid;
# package = pkgs.jellyfin;
# in {
# containers.jellyfin = {
# autoStart = true;
# privateNetwork = true;
# hostAddress = "10.0.1.18";
# localAddress = "10.0.2.25";
virtualisation.oci-containers.containers.${cfg.name} = {
autoStart = true;
image = cfg.image;
extraOptions = [ "--device=nvidia.com/gpu=0" ];
volumes = [
"${cfg.configPath}:/config"
"${cfg.moviesPath}:/data/movies"
"${cfg.tvPath}:/data/tv"
];
ports = [ "${cfg.port}:8096" ];
environment = {
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
# config = { config, pkgs, lib, ... }: {
# # Enable jellyfin service
# nixpkgs.config.allowUnfree = true;
# hardware = {
# # Nvidia
# nvidia = {
# package = config.boot.kernelPackages.nvidiaPackages.latest;
# # Modesetting is required.
# modesetting.enable = true;
# # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# powerManagement.enable = true;
# # Fine-grained power management. Turns off GPU when not in use.
# # Experimental and only works on modern Nvidia GPUs (Turing or newer).
# powerManagement.finegrained = false;
# # Use the NVidia open source kernel module (not to be confused with the
# # independent third-party "nouveau" open source driver).
# # Support is limited to the Turing and later architectures. Full list of
# # supported GPUs is at:
# # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# # Only available from driver 515.43.04+
# # Currently alpha-quality/buggy, so false is currently the recommended setting.
# open = true;
# # Enable the Nvidia settings menu,
# # accessible via `nvidia-settings`.
# nvidiaSettings = true;
# };
# # Enable graphics
# graphics = {
# enable = true;
# enable32Bit = true;
# };
# };
# # Services configs
# services.xserver = {
# # Load nvidia driver for Xorg and Wayland
# videoDrivers = [ "nvidia" ];
# };
# services.jellyfin = {
# enable = true;
# openFirewall = true;
# user = "jellyfin";
# group = "media";
# dataDir = "/data";
# configDir = "/config";
# # cacheDir = "/cache";
# };
# # Create required users and groups
# users.users.jellyfin = {
# isSystemUser = true;
# uid = lib.mkForce jellyfinUserId;
# group = "media";
# extraGroups = [ "downloads" ];
# };
# users.groups = {
# media = { gid = lib.mkForce jellyfinGroupId; };
# downloads = { };
# };
# networking = {
# firewall = {
# enable = true;
# allowedTCPPorts = [ jellyfinPort ];
# };
# # Use systemd-resolved inside the container
# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
# useHostResolvConf = lib.mkForce false;
# };
# # System packages
# environment.systemPackages = with pkgs; [
# sqlite
# mono
# mediainfo
# # ffmpeg
# # nvidiaPackages.gpu
# # nvidiaPackages.nvidia-settings
# # nvidiaPackages.nvidia-x11
# ];
# services.resolved.enable = true;
# system.stateVersion = "23.11";
# };
# # Bind mount directories from host
# bindMounts = {
# "/data" = {
# hostPath = "/media/nas/ssd/nix-app-data/jellyfin";
# isReadOnly = false;
# };
# "/tv" = {
# hostPath = "/media/nas/main/tv";
# isReadOnly = false;
# };
# "/movies" = {
# hostPath = "/media/nas/main/movies";
# isReadOnly = false;
# };
# "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; }; # GPU device
# "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; }; # NVIDIA control
# "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; }; # modesetting
# };
# # allowedDevices = [
# # {
# # modifier = "rw";
# # node = "/dev/nvidia0";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidiactl";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-modeset";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-uvm";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-uvm-tools";
# # }
# # ];
# };
# networking.nat = {
# forwardPorts = [{
# destination = "10.0.2.25:8096";
# sourcePort = jellyfinPort;
# }];
# };
# }
{
services.jellyfin = {
enable = true;
openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = "/media/nas/ssd/nix-app-data/jellyfin";
# cacheDir = "/cache";
};
}

168
hosts/nas/apps/jellyfin/jellyfin.nix
View File

@@ -1,168 +0,0 @@
{
config,
pkgs,
lib,
...
}:
# let
# jellyfinPort = 8096;
# jellyfinUserId = config.users.users.nix-apps.uid;
# jellyfinGroupId = config.users.groups.jallen-nas.gid;
# package = pkgs.jellyfin;
# in {
# containers.jellyfin = {
# autoStart = true;
# privateNetwork = true;
# hostAddress = "10.0.1.18";
# localAddress = "10.0.2.25";
# config = { config, pkgs, lib, ... }: {
# # Enable jellyfin service
# nixpkgs.config.allowUnfree = true;
# hardware = {
# # Nvidia
# nvidia = {
# package = config.boot.kernelPackages.nvidiaPackages.latest;
# # Modesetting is required.
# modesetting.enable = true;
# # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# powerManagement.enable = true;
# # Fine-grained power management. Turns off GPU when not in use.
# # Experimental and only works on modern Nvidia GPUs (Turing or newer).
# powerManagement.finegrained = false;
# # Use the NVidia open source kernel module (not to be confused with the
# # independent third-party "nouveau" open source driver).
# # Support is limited to the Turing and later architectures. Full list of
# # supported GPUs is at:
# # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# # Only available from driver 515.43.04+
# # Currently alpha-quality/buggy, so false is currently the recommended setting.
# open = true;
# # Enable the Nvidia settings menu,
# # accessible via `nvidia-settings`.
# nvidiaSettings = true;
# };
# # Enable graphics
# graphics = {
# enable = true;
# enable32Bit = true;
# };
# };
# # Services configs
# services.xserver = {
# # Load nvidia driver for Xorg and Wayland
# videoDrivers = [ "nvidia" ];
# };
# services.jellyfin = {
# enable = true;
# openFirewall = true;
# user = "jellyfin";
# group = "media";
# dataDir = "/data";
# configDir = "/config";
# # cacheDir = "/cache";
# };
# # Create required users and groups
# users.users.jellyfin = {
# isSystemUser = true;
# uid = lib.mkForce jellyfinUserId;
# group = "media";
# extraGroups = [ "downloads" ];
# };
# users.groups = {
# media = { gid = lib.mkForce jellyfinGroupId; };
# downloads = { };
# };
# networking = {
# firewall = {
# enable = true;
# allowedTCPPorts = [ jellyfinPort ];
# };
# # Use systemd-resolved inside the container
# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
# useHostResolvConf = lib.mkForce false;
# };
# # System packages
# environment.systemPackages = with pkgs; [
# sqlite
# mono
# mediainfo
# # ffmpeg
# # nvidiaPackages.gpu
# # nvidiaPackages.nvidia-settings
# # nvidiaPackages.nvidia-x11
# ];
# services.resolved.enable = true;
# system.stateVersion = "23.11";
# };
# # Bind mount directories from host
# bindMounts = {
# "/data" = {
# hostPath = "/media/nas/ssd/nix-app-data/jellyfin";
# isReadOnly = false;
# };
# "/tv" = {
# hostPath = "/media/nas/main/tv";
# isReadOnly = false;
# };
# "/movies" = {
# hostPath = "/media/nas/main/movies";
# isReadOnly = false;
# };
# "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; }; # GPU device
# "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; }; # NVIDIA control
# "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; }; # modesetting
# };
# # allowedDevices = [
# # {
# # modifier = "rw";
# # node = "/dev/nvidia0";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidiactl";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-modeset";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-uvm";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-uvm-tools";
# # }
# # ];
# };
# networking.nat = {
# forwardPorts = [{
# destination = "10.0.2.25:8096";
# sourcePort = jellyfinPort;
# }];
# };
# }
{
services.jellyfin = {
enable = true;
openFirewall = true;
user = "nix-apps";
group = "jallen-nas";
dataDir = "/media/nas/ssd/nix-app-data/jellyfin";
# cacheDir = "/cache";
};
}

57
hosts/nas/apps/jellyfin/options.nix
View File

@@ -1,57 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.jellyfin = {
enable = mkEnableOption "jellyfin docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
port = mkOption {
type = types.str;
default = "8096";
};
name = mkOption {
type = types.str;
default = "jellyfin";
};
image = mkOption {
type = types.str;
default = "lscr.io/linuxserver/jellyfin";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/jellyfin";
};
moviesPath = mkOption {
type = types.str;
default = "/media/nas/main/movies";
};
tvPath = mkOption {
type = types.str;
default = "/media/nas/main/tv";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

73
hosts/nas/apps/jellyseerr/default.nix
View File

@@ -1,22 +1,67 @@
{ lib, config, ... }:
with lib;
{
config,
pkgs,
lib,
...
}:
let
cfg = config.nas-apps.jellyseerr;
jellyseerrPort = 5055;
dataDir = "/var/lib/jellyseerr";
in
{
imports = [ ./options.nix ];
containers.jellyseerr = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.52";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::4";
config = mkIf cfg.enable {
virtualisation.oci-containers.containers."${cfg.name}" = {
autoStart = cfg.autoStart;
image = cfg.image;
ports = [ "${cfg.port}:5055" ];
volumes = [ "${cfg.configPath}:/app/config" ];
environment = {
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
bindMounts = {
${dataDir} = {
hostPath = "/media/nas/ssd/nix-app-data/jellyseerr";
isReadOnly = false;
};
};
config =
{
config,
pkgs,
lib,
...
}:
{
# Enable jellyseerr service
services.jellyseerr = {
enable = true;
port = jellyseerrPort;
# package = package;
openFirewall = true;
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ jellyseerrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.52:5055";
sourcePort = jellyseerrPort;
}
];
};
}

65
hosts/nas/apps/jellyseerr/jellyseerr.nix
View File

@@ -1,65 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
jellyseerrPort = 5055;
dataDir = "/var/lib/jellyseerr";
downloadDir = "/downloads";
mediaDir = "/media";
jellyseerrUserId = config.users.users.nix-apps.uid;
jellyseerrGroupId = config.users.groups.jallen-nas.gid;
package = pkgs.jellyseerr;
in
{
containers.jellyseerr = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.52";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::4";
config =
{
config,
pkgs,
lib,
...
}:
{
# Enable jellyseerr service
services.jellyseerr = {
enable = true;
port = jellyseerrPort;
# package = package;
openFirewall = true;
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ jellyseerrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.52:5055";
sourcePort = jellyseerrPort;
}
];
};
}

47
hosts/nas/apps/jellyseerr/options.nix
View File

@@ -1,47 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.jellyseerr = {
enable = mkEnableOption "jellyseerr docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
port = mkOption {
type = types.str;
default = "5055";
};
name = mkOption {
type = types.str;
default = "jellyseerr";
};
image = mkOption {
type = types.str;
default = "fallenbagel/jellyseerr";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/ssd_app_data/jellyseerr";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

1
hosts/nas/apps/nextcloud/default.nix
View File

@@ -1,7 +1,6 @@
{ config, ... }:
let
adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path;
dbpass = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path;
smtppassword = config.sops.templates."nextcloud-smtp".content;
nextcloudUserId = config.users.users.nix-apps.uid;
nextcloudGroupId = config.users.groups.jallen-nas.gid;

4
hosts/nas/apps/ollama/default.nix
View File

@@ -12,9 +12,10 @@
services.open-webui = {
enable = true;
host = "0.0.0.0";
port = 8888;
openFirewall = true;
stateDir = "/media/nas/ssd/nix-app-data/open-webui";
# stateDir = "/media/nas/ssd/nix-app-data/open-webui";
environment = {
OAUTH_CLIENT_ID = "P4YrtPrdwoQkwYs4e5AHQx7xiz4FV6OpT24rjqXa";
OAUTH_CLIENT_SECRET = "XpZ1Y9RUMD6FVxBSxg8evHkRYuSUJ3saN99uCFfeNo4Z8vrmnqZBHJQzSSCFig1fgqEYCr3SmcOvCHGHUsz9FJT2aZFlZxKv6bZZpuMQYASHiQtuX2pTVEspiNab3129";
@@ -26,6 +27,7 @@
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434";
LOCAL_FILES_ONLY = "False";
};
};
}

61
hosts/nas/apps/traefik/default.nix
View File

@@ -1,15 +1,15 @@
{ config, ... }:
let
traefikDataDir = "/var/lib/traefik";
traefikUserId = config.users.users.nix-apps.uid;
traefikGroupId = config.users.groups.jallen-nas.gid;
domain = "mjallen.dev";
authUrl = "http://10.0.1.18:9000/outpost.goauthentik.io";
authentikUrl = "http://10.0.1.18:9000";
collaboraUrl = "http://10.0.1.18:9980";
cloudUrl = "http://10.0.2.18:80";
jellyfinUrl = "http://10.0.1.18:8096";
jellyseerrUrl = "http://10.0.1.18:5055";
jellyseerrUrl = "http://10.0.1.52:5055";
hassUrl = "http://10.0.1.183:8123";
openWebUIUrl = "http://10.0.1.18:8888";
in
{
networking.firewall = {
@@ -67,7 +67,7 @@ in
api.dashboard = true;
# Access the Traefik dashboard on <Traefik IP>:8080 of your server
# api.insecure = true;
api.insecure = true;
};
dynamicConfigOptions = {
@@ -76,7 +76,7 @@ in
authentik = {
forwardAuth = {
tls.insecureSkipVerify = true;
address = "https://authentik.${domain}/outpost.goauthentik.io/auth/traefik";
address = "http://10.0.1.18:9000/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true;
authResponseHeaders = [
"X-authentik-username"
@@ -93,9 +93,25 @@ in
];
};
};
# test-errors = {
# errors = {
# status = [
# "500"
# "501"
# "503"
# "505-599"
# ];
# service =
# };
# }
};
services = {
auth.loadBalancer.servers = [
{
url = authUrl;
}
];
authentik.loadBalancer.servers = [
{
url = authentikUrl;
@@ -121,9 +137,26 @@ in
url = jellyseerrUrl;
}
];
hass.loadBalancer.servers = [
{
url = hassUrl;
}
];
chat.loadBalancer.servers = [
{
url = openWebUIUrl;
}
];
};
routers = {
auth = {
entryPoints = ["websecure"];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
priority = 15;
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = ["websecure"];
rule = "Host(`authentik.${domain}`)";
@@ -154,6 +187,22 @@ in
service = "jellyseerr";
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = ["websecure"];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = "authentik";
priority = 10;
tls.certResolver = "letsencrypt";
};
open-webui = {
entryPoints = ["websecure"];
rule = "Host(`chat.${domain}`)";
service = "chat";
# middlewares = [ "authentik" ];
priority = 10;
tls.certResolver = "letsencrypt";
};
};
};
};