mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
mjallen18
2025-04-24 15:11:05 -05:00
parent ebf15f5582
commit a11bd8c149
10 changed files with 9 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
.vscode/tasks.json vendored
View File

@@ -1,34 +0,0 @@
{
// See https://go.microsoft.com/fwlink/?LinkId=733558
// for the documentation about the tasks.json format
"version": "2.0.0",
"tasks": [
{
"label": "rebuild",
"type": "shell",
"command": "#!/usr/bin/env bash sudo nixos-rebuild boot",
"problemMatcher": [],
"group": {
"kind": "build",
}
},
{
"label": "switch",
"type": "shell",
"command": "#!/usr/bin/env bash sudo nixos-rebuild switch",
"problemMatcher": [],
"group": {
"kind": "build",
}
},
{
"label": "rebuild nas",
"type": "shell",
"command": "#!/usr/bin/env bash nixos-rebuild boot --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas",
"problemMatcher": [],
"group": {
"kind": "build",
}
}
]
}

16
hosts/nas/apps.nix
View File

@@ -8,37 +8,21 @@
./apps/jellyfin
./apps/jellyseerr
./apps/lubelogger
./apps/netbootxyz
./apps/nextcloud
./apps/ollama
./apps/paperless
./apps/paperless-ai
./apps/traefik
./apps/vert
./apps/wyoming
../../modules
./apps/netdata
];
nas-apps = {
free-games-claimer.enable = true;
manyfold.enable = true;
netbootxyz = {
enable = true;
port = "4000";
port2 = "4080";
};
paperless-ai.enable = false;
tdarr.enable = true;
# spotify cancelled, data still in db
your_spotify.enable = false;
mongodb.enable = false;
};
}

7
hosts/nas/apps/gitea/default.nix
View File

@@ -46,6 +46,7 @@ in
PROTOCOL = "http";
ROOT_URL = rootUrl;
SSH_PORT = sshPort;
# SSH_LISTEN_PORT = sshPort;
};
service = {
REGISTER_EMAIL_CONFIRM = false;
@@ -96,9 +97,13 @@ in
sourcePort = httpPort;
}
{
destination = "${localAddress}:${toString sshPort}";
destination = "${localAddress}:${toString 22}";
sourcePort = sshPort;
}
# {
# destination = "${localAddress}:${toString 22}";
# sourcePort = 22;
# }
];
};
}

41
hosts/nas/apps/netdata/default.nix
View File

@@ -1,41 +0,0 @@
{ config, pkgs, ... }:
{
services.netdata = {
enable = true;
# package = pkgs.netdataCloud;
package = pkgs.netdata.override {
withCloudUi = true;
};
configDir."python.d.conf" = pkgs.writeText "python.d.conf" ''
samba: yes
'';
# claimTokenFile = config.sops.secrets."jallen-nas/netdata-token".path;
config = {
# enable machine learning plugin
ml = {
"enabled" = "yes";
};
# enable samba plugin
plugins = {
"enable running new plugins" = "yes";
"ioping.plugin" = "yes";
"freeipmi.plugin" = "yes";
"perf.plugin" = "yes";
};
};
};
# add samba and sudo to path of python plugin
systemd.services.netdata.path = [ pkgs.samba "/run/wrappers" ];
# permit to run sudo smbstatus -P
security.sudo.extraConfig = ''
netdata ALL=(root) NOPASSWD: ${pkgs.samba}/bin/smbstatus
'';
# as documented here : https://github.com/netdata/netdata/blob/master/system/netdata.service.in
# review capabilityset above if other plugins are non functional
systemd.services.netdata.serviceConfig.CapabilityBoundingSet = ["CAP_SETGID"];
}

32
hosts/nas/apps/paperless-ai/default.nix
View File

@@ -1,32 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.nas-apps.paperless-ai;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
virtualisation.oci-containers.containers.${cfg.name} = {
autoStart = true;
image = cfg.image;
extraOptions = [
"--device=nvidia.com/gpu=0"
"--network=bridge"
"--add-host=host.docker.internal:host-gateway"
];
volumes = [ "${cfg.configPath}:/app/data" ];
ports = [ "${cfg.port}:3000" ];
environment = {
NVIDIA_VISIBLE_DEVICES = "all";
NVIDIA_DRIVER_CAPABILITIES = "all";
PAPERLESS_API_URL = "http://10.0.1.20:28981";
PAPERLESS_API_TOKEN = "6f26e1a4632f23bc2da5b74c799ccbda18fa8022";
PUID = cfg.puid;
PGID = cfg.pgid;
TZ = cfg.timeZone;
};
};
};
}

47
hosts/nas/apps/paperless-ai/options.nix
View File

@@ -1,47 +0,0 @@
{ lib, ... }:
with lib;
{
options.nas-apps.paperless-ai = {
enable = mkEnableOption "paperless-ai docker service";
autoStart = mkOption {
type = types.bool;
default = true;
};
port = mkOption {
type = types.str;
default = "3023";
};
name = mkOption {
type = types.str;
default = "paperless-ai";
};
image = mkOption {
type = types.str;
default = "clusterzx/paperless-ai";
};
configPath = mkOption {
type = types.str;
default = "/media/nas/ssd/nix-app-data/paperless-ai";
};
puid = mkOption {
type = types.str;
default = "911";
};
pgid = mkOption {
type = types.str;
default = "1000";
};
timeZone = mkOption {
type = types.str;
default = "America/Chicago";
};
};
}

13
hosts/nas/apps/vert/default.nix
View File

@@ -1,13 +0,0 @@
{ config, ... }:
{
virtualisation.oci-containers.containers.vert = {
autoStart = true;
image = "ghcr.io/vert-sh/vert";
ports = [ "9876:80" ];
environment = {
PUID = toString config.users.users.nix-apps.uid;
PGID = toString config.users.groups.jallen-nas.gid;
TZ = "America/Chicago";
};
};
}

2
hosts/nas/networking.nix
View File

@@ -6,7 +6,6 @@ let
9000 # authentik
2342 # grafana
51820 # wireguard
19999 # netdata
1025
1143
10200
@@ -16,6 +15,7 @@ let
4000 # netbootxyz
4080 # netbootxyz
3000 # gitea
2222 # gitea ssh
3300
9898
6754 # lubelogger

3
hosts/nas/sops.nix
View File

@@ -101,9 +101,6 @@ in
"jallen-nas/open-webui" = {
restartUnits = [ "open-webui.service" ];
};
"jallen-nas/netdata-token" = {
restartUnits = [ "netdata.service" ];
};
"jallen-nas/paperless/secret" = {
restartUnits = [ "container@paperless.service" ];
};

5
secrets/secrets.yaml
View File

@@ -38,7 +38,6 @@ jallen-nas:
secret: ENC[AES256_GCM,data:qrwi13OLSM1Oww4pttfblrjvsdPR,iv:IITw2M6YfoSP3nECeUPWlhr56n7u03ivp8+fx5MDd54=,tag:4thPUaa2ueO95LOB5SiL6w==,type:str]
authentik-client-id: ENC[AES256_GCM,data:8kHTmnT4kbxrN7Kyet1eu1KB+jA7bBx1Zs64cn5VZm0VjdSfYOwxxA==,iv:iTgsd9XWnRCQoBxj0QVjbIrSjPoYdnXv4lmn3qfllUA=,tag:CDAWMAOQ6X2sbu8RD8oiBw==,type:str]
authentik-client-secret: ENC[AES256_GCM,data:WROqpqGQrZ8+Xy6v4dxABfqWs4lPDnl/OdsD2xvw5nqZ8mD66IJMx5eoS9UJ1aIOAr0bvQCUyMtC+xzSMcEORCmMoxT7qfg2rV6KZgRzDtRGt1loYdHECXpz1hGAc87YwiD8fVrEsuTAmlK8N6tmmfie5o6QakcFeoTpZSlAUJ0=,iv:fQg5itx52OIZeqBSylSbwtR7FD/8kF0YiDZ0jguIKus=,tag:yIm8q0PJQVDt7F4IIljbdg==,type:str]
netdata-token: ENC[AES256_GCM,data:kQiSTLxIztDoka5aa4/ymdp6Xyhc9VC2hwmr/afelGifjN7V7MgzhlMT6xfKoIQ+6RboH6kq50pS5A0AmY/ojog8QEP3k6zGjEsvlV3kNCGWvBU97L+7PH4okIApSYu+Hq996121rSOof+Pgk5mbG7Of5DZGeAJPXe9Dc9Z0cSLJrO6s6zCd,iv:0csCFa1XshbuGp0O3Kxs/NvQsJmadB091ZPSPAnuBL4=,tag:roTlcbeRwA/26G2GkhaaqA==,type:str]
wireguard:
private: ENC[AES256_GCM,data:/nOkn5nMrEEeKi1ySo9fAp+r1lQL02k0FZA99hUIKq7THvVWNaQ/Z6paoJU=,iv:iCTfGSdjJ0wMwv/34dv2ygKSm3qAJq6czOErMaFqHtg=,tag:EJZzBlVB5FSvveo5MWtC1g==,type:str]
public: ENC[AES256_GCM,data:rOmyhwpolxNV2JroLdh90gYAuCGNZu/gY5NBxkHHNJ+qEblmDsom9alNHMQ=,iv:bF+XCO9lPHopLCEILTT4gA349d/Sa5qReSKN70EA3d4=,tag:Yx2TL/37n5Uohlwnlx97vg==,type:str]
@@ -150,7 +149,7 @@ sops:
TWRvYVZ5eklJQU81SzBVZ1BBbENuTkEKwMTa1cAH3sNm2npVhQ/dDl5M7Q8T3vOx
9slEt5EVUgqaJVhVr9AM9aAhghWJa5i5+Eh628C6p53XFxrO+6zUYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-24T19:31:51Z"
mac: ENC[AES256_GCM,data:uUlq9fHcjs1UsPBYSnpRq2OOH3AH24bq7QnIjaS1HsIoqxqJiUD6vmljQYUHUQoFV7w8yq8tD6z2yhzfrTUiZ18EOcW5GUC+k1eYXaJhUSPPm94TnkjWs7b5B9ldk2LM9CISWSo2hwBLJAhuI1Cw7Pr1TwMePqf5AhQYeZQiIFg=,iv:vTDGkvL/cJ4gMY4Cz3P/xLwhx3+C1lPUesX1KzXIXnc=,tag:sJE3+O3Et9JH0E3Zkoyc4w==,type:str]
lastmodified: "2025-04-24T20:09:26Z"
mac: ENC[AES256_GCM,data:IpZwdqqGM9I7To1N/J/PTq/d7fXtmpYN5cK3l4SIjDlAtR2zlTEWxKYDWZauDATNSLEuZ8ssuohzfwaa+hVxkQLjqvKhvdlSlODVL5wdVZGP17E0uJPPQn6hoYmivslZ//91+/zD1TgcTPzEdm7F0q/NrvJVg4zgnWjOKrMhJVY=,iv:q52RCURJSZ+J4ZrebboM6YihuZrBSMIqomgI3aRRmBc=,tag:7ETvaLMs3JqcdNQvil1bqg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.1