diff --git a/.vscode/tasks.json b/.vscode/tasks.json deleted file mode 100755 index 6c551a1..0000000 --- a/.vscode/tasks.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - // See https://go.microsoft.com/fwlink/?LinkId=733558 - // for the documentation about the tasks.json format - "version": "2.0.0", - "tasks": [ - { - "label": "rebuild", - "type": "shell", - "command": "#!/usr/bin/env bash sudo nixos-rebuild boot", - "problemMatcher": [], - "group": { - "kind": "build", - } - }, - { - "label": "switch", - "type": "shell", - "command": "#!/usr/bin/env bash sudo nixos-rebuild switch", - "problemMatcher": [], - "group": { - "kind": "build", - } - }, - { - "label": "rebuild nas", - "type": "shell", - "command": "#!/usr/bin/env bash nixos-rebuild boot --use-remote-sudo --target-host admin@10.0.1.18 --build-host admin@10.0.1.18 --flake ~/nix-config#jallen-nas", - "problemMatcher": [], - "group": { - "kind": "build", - } - } - ] -} \ No newline at end of file diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index 6bdb9ef..a4f1ddc 100755 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -8,37 +8,21 @@ ./apps/jellyfin ./apps/jellyseerr ./apps/lubelogger - ./apps/netbootxyz ./apps/nextcloud ./apps/ollama ./apps/paperless - ./apps/paperless-ai ./apps/traefik - ./apps/vert ./apps/wyoming ../../modules - - ./apps/netdata ]; nas-apps = { - free-games-claimer.enable = true; manyfold.enable = true; - - netbootxyz = { - enable = true; - port = "4000"; - port2 = "4080"; - }; paperless-ai.enable = false; tdarr.enable = true; - - # spotify cancelled, data still in db - your_spotify.enable = false; - mongodb.enable = false; }; } diff --git a/hosts/nas/apps/gitea/default.nix b/hosts/nas/apps/gitea/default.nix index 3f76ee8..1bd0fae 100644 --- a/hosts/nas/apps/gitea/default.nix +++ b/hosts/nas/apps/gitea/default.nix @@ -46,6 +46,7 @@ in PROTOCOL = "http"; ROOT_URL = rootUrl; SSH_PORT = sshPort; + # SSH_LISTEN_PORT = sshPort; }; service = { REGISTER_EMAIL_CONFIRM = false; @@ -96,9 +97,13 @@ in sourcePort = httpPort; } { - destination = "${localAddress}:${toString sshPort}"; + destination = "${localAddress}:${toString 22}"; sourcePort = sshPort; } + # { + # destination = "${localAddress}:${toString 22}"; + # sourcePort = 22; + # } ]; }; } \ No newline at end of file diff --git a/hosts/nas/apps/netdata/default.nix b/hosts/nas/apps/netdata/default.nix deleted file mode 100755 index fe2872e..0000000 --- a/hosts/nas/apps/netdata/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, pkgs, ... }: -{ - services.netdata = { - enable = true; - # package = pkgs.netdataCloud; - package = pkgs.netdata.override { - withCloudUi = true; - }; - configDir."python.d.conf" = pkgs.writeText "python.d.conf" '' - samba: yes - ''; - # claimTokenFile = config.sops.secrets."jallen-nas/netdata-token".path; - - config = { - # enable machine learning plugin - ml = { - "enabled" = "yes"; - }; - - # enable samba plugin - plugins = { - "enable running new plugins" = "yes"; - "ioping.plugin" = "yes"; - "freeipmi.plugin" = "yes"; - "perf.plugin" = "yes"; - }; - }; - }; - - # add samba and sudo to path of python plugin - systemd.services.netdata.path = [ pkgs.samba "/run/wrappers" ]; - - # permit to run sudo smbstatus -P - security.sudo.extraConfig = '' - netdata ALL=(root) NOPASSWD: ${pkgs.samba}/bin/smbstatus - ''; - - # as documented here : https://github.com/netdata/netdata/blob/master/system/netdata.service.in - # review capabilityset above if other plugins are non functional - systemd.services.netdata.serviceConfig.CapabilityBoundingSet = ["CAP_SETGID"]; -} diff --git a/hosts/nas/apps/paperless-ai/default.nix b/hosts/nas/apps/paperless-ai/default.nix deleted file mode 100755 index eb5dabb..0000000 --- a/hosts/nas/apps/paperless-ai/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.paperless-ai; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - - virtualisation.oci-containers.containers.${cfg.name} = { - autoStart = true; - image = cfg.image; - extraOptions = [ - "--device=nvidia.com/gpu=0" - "--network=bridge" - "--add-host=host.docker.internal:host-gateway" - ]; - volumes = [ "${cfg.configPath}:/app/data" ]; - ports = [ "${cfg.port}:3000" ]; - environment = { - NVIDIA_VISIBLE_DEVICES = "all"; - NVIDIA_DRIVER_CAPABILITIES = "all"; - PAPERLESS_API_URL = "http://10.0.1.20:28981"; - PAPERLESS_API_TOKEN = "6f26e1a4632f23bc2da5b74c799ccbda18fa8022"; - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/hosts/nas/apps/paperless-ai/options.nix b/hosts/nas/apps/paperless-ai/options.nix deleted file mode 100755 index eba05ba..0000000 --- a/hosts/nas/apps/paperless-ai/options.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.paperless-ai = { - enable = mkEnableOption "paperless-ai docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "3023"; - }; - - name = mkOption { - type = types.str; - default = "paperless-ai"; - }; - - image = mkOption { - type = types.str; - default = "clusterzx/paperless-ai"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/nix-app-data/paperless-ai"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/hosts/nas/apps/vert/default.nix b/hosts/nas/apps/vert/default.nix deleted file mode 100644 index a43dec0..0000000 --- a/hosts/nas/apps/vert/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, ... }: -{ - virtualisation.oci-containers.containers.vert = { - autoStart = true; - image = "ghcr.io/vert-sh/vert"; - ports = [ "9876:80" ]; - environment = { - PUID = toString config.users.users.nix-apps.uid; - PGID = toString config.users.groups.jallen-nas.gid; - TZ = "America/Chicago"; - }; - }; -} \ No newline at end of file diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix index fbaa50d..a49d7df 100755 --- a/hosts/nas/networking.nix +++ b/hosts/nas/networking.nix @@ -6,7 +6,6 @@ let 9000 # authentik 2342 # grafana 51820 # wireguard - 19999 # netdata 1025 1143 10200 @@ -16,6 +15,7 @@ let 4000 # netbootxyz 4080 # netbootxyz 3000 # gitea + 2222 # gitea ssh 3300 9898 6754 # lubelogger diff --git a/hosts/nas/sops.nix b/hosts/nas/sops.nix index 2d5faf8..e84b261 100755 --- a/hosts/nas/sops.nix +++ b/hosts/nas/sops.nix @@ -101,9 +101,6 @@ in "jallen-nas/open-webui" = { restartUnits = [ "open-webui.service" ]; }; - "jallen-nas/netdata-token" = { - restartUnits = [ "netdata.service" ]; - }; "jallen-nas/paperless/secret" = { restartUnits = [ "container@paperless.service" ]; }; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index b57fffb..caed24a 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -38,7 +38,6 @@ jallen-nas: secret: ENC[AES256_GCM,data:qrwi13OLSM1Oww4pttfblrjvsdPR,iv:IITw2M6YfoSP3nECeUPWlhr56n7u03ivp8+fx5MDd54=,tag:4thPUaa2ueO95LOB5SiL6w==,type:str] authentik-client-id: ENC[AES256_GCM,data:8kHTmnT4kbxrN7Kyet1eu1KB+jA7bBx1Zs64cn5VZm0VjdSfYOwxxA==,iv:iTgsd9XWnRCQoBxj0QVjbIrSjPoYdnXv4lmn3qfllUA=,tag:CDAWMAOQ6X2sbu8RD8oiBw==,type:str] authentik-client-secret: ENC[AES256_GCM,data:WROqpqGQrZ8+Xy6v4dxABfqWs4lPDnl/OdsD2xvw5nqZ8mD66IJMx5eoS9UJ1aIOAr0bvQCUyMtC+xzSMcEORCmMoxT7qfg2rV6KZgRzDtRGt1loYdHECXpz1hGAc87YwiD8fVrEsuTAmlK8N6tmmfie5o6QakcFeoTpZSlAUJ0=,iv:fQg5itx52OIZeqBSylSbwtR7FD/8kF0YiDZ0jguIKus=,tag:yIm8q0PJQVDt7F4IIljbdg==,type:str] - netdata-token: ENC[AES256_GCM,data:kQiSTLxIztDoka5aa4/ymdp6Xyhc9VC2hwmr/afelGifjN7V7MgzhlMT6xfKoIQ+6RboH6kq50pS5A0AmY/ojog8QEP3k6zGjEsvlV3kNCGWvBU97L+7PH4okIApSYu+Hq996121rSOof+Pgk5mbG7Of5DZGeAJPXe9Dc9Z0cSLJrO6s6zCd,iv:0csCFa1XshbuGp0O3Kxs/NvQsJmadB091ZPSPAnuBL4=,tag:roTlcbeRwA/26G2GkhaaqA==,type:str] wireguard: private: ENC[AES256_GCM,data:/nOkn5nMrEEeKi1ySo9fAp+r1lQL02k0FZA99hUIKq7THvVWNaQ/Z6paoJU=,iv:iCTfGSdjJ0wMwv/34dv2ygKSm3qAJq6czOErMaFqHtg=,tag:EJZzBlVB5FSvveo5MWtC1g==,type:str] public: ENC[AES256_GCM,data:rOmyhwpolxNV2JroLdh90gYAuCGNZu/gY5NBxkHHNJ+qEblmDsom9alNHMQ=,iv:bF+XCO9lPHopLCEILTT4gA349d/Sa5qReSKN70EA3d4=,tag:Yx2TL/37n5Uohlwnlx97vg==,type:str] @@ -150,7 +149,7 @@ sops: TWRvYVZ5eklJQU81SzBVZ1BBbENuTkEKwMTa1cAH3sNm2npVhQ/dDl5M7Q8T3vOx 9slEt5EVUgqaJVhVr9AM9aAhghWJa5i5+Eh628C6p53XFxrO+6zUYA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-24T19:31:51Z" - mac: ENC[AES256_GCM,data:uUlq9fHcjs1UsPBYSnpRq2OOH3AH24bq7QnIjaS1HsIoqxqJiUD6vmljQYUHUQoFV7w8yq8tD6z2yhzfrTUiZ18EOcW5GUC+k1eYXaJhUSPPm94TnkjWs7b5B9ldk2LM9CISWSo2hwBLJAhuI1Cw7Pr1TwMePqf5AhQYeZQiIFg=,iv:vTDGkvL/cJ4gMY4Cz3P/xLwhx3+C1lPUesX1KzXIXnc=,tag:sJE3+O3Et9JH0E3Zkoyc4w==,type:str] + lastmodified: "2025-04-24T20:09:26Z" + mac: ENC[AES256_GCM,data:IpZwdqqGM9I7To1N/J/PTq/d7fXtmpYN5cK3l4SIjDlAtR2zlTEWxKYDWZauDATNSLEuZ8ssuohzfwaa+hVxkQLjqvKhvdlSlODVL5wdVZGP17E0uJPPQn6hoYmivslZ//91+/zD1TgcTPzEdm7F0q/NrvJVg4zgnWjOKrMhJVY=,iv:q52RCURJSZ+J4ZrebboM6YihuZrBSMIqomgI3aRRmBc=,tag:7ETvaLMs3JqcdNQvil1bqg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.1