From b7c85a7a5696a6ff55bc0b2e5aee29b913b75494 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Wed, 27 Nov 2024 09:53:18 -0600 Subject: [PATCH] temp and updates --- flake.lock | 106 ++++++++++++------------- flake.nix | 6 +- hosts/desktop/boot.nix | 2 +- hosts/desktop/configuration.nix | 13 +++ hosts/desktop/gnome/home.nix | 3 +- hosts/nas/apps.nix | 7 +- hosts/nas/boot.nix | 2 +- hosts/nas/configuration.nix | 2 +- hosts/nas/impermanence.nix | 1 + hosts/nas/services.nix | 2 +- modules/apps/jellyseerr/jellyseerr.nix | 2 +- modules/apps/paperless/default.nix | 92 +++++++++++++++++++++ modules/apps/radarr/radarr.nix | 2 +- share/amd/default.nix | 4 +- share/gaming/default.nix | 2 +- share/nvidia/default.nix | 4 +- 16 files changed, 179 insertions(+), 71 deletions(-) create mode 100644 modules/apps/paperless/default.nix diff --git a/flake.lock b/flake.lock index cab2ecb..56d0306 100644 --- a/flake.lock +++ b/flake.lock @@ -8,17 +8,17 @@ "flake-utils": "flake-utils", "napalm": "napalm", "nixpkgs": [ - "nixpkgs-stable" + "nixpkgs-unstable" ], "poetry2nix": "poetry2nix", "systems": "systems" }, "locked": { - "lastModified": 1731622832, - "narHash": "sha256-uTdeXrKRhkBaDAGSxw7s8YYvbU2JN6bbWh2ngUjmnUM=", + "lastModified": 1732215451, + "narHash": "sha256-P2VVlzRGKBNsiHsN1yMZcSMXpwtIx9ysMFZAqKFJ14o=", "owner": "nix-community", "repo": "authentik-nix", - "rev": "91ff8d93f089104d3d75c85758832252989c6a04", + "rev": "9d9c0a3a94a91cfed654a18239e27cf56970daa4", "type": "github" }, "original": { @@ -30,16 +30,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1731600340, - "narHash": "sha256-7uQteE+Ywiu04Ymhl3G8IRH6JJXPyd0mg61tJJMeGvg=", + "lastModified": 1732213300, + "narHash": "sha256-4Pv35cnZGiTxe6j2O0F9L9sHzxVIC1SazeAUD5kWeBs=", "owner": "goauthentik", "repo": "authentik", - "rev": "66a4970014da49ceec0715e5dec8c9aa032a3146", + "rev": "527e584699abc93712114b05f70f59c5187caa66", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2024.10.2", + "ref": "version/2024.10.4", "repo": "authentik", "type": "github" } @@ -52,11 +52,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1731866540, - "narHash": "sha256-wAz/S5GLm+9Vp0kmUPsva3Mxp+VUnbEUZ8aBM1aEhhY=", + "lastModified": 1732400024, + "narHash": "sha256-uf1QzIl0Jj5dr7+erWjHWiCUEvywLaR7ir1jcqGgjeQ=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "0857914b69d90ba758e614298452636c6fdc9c7c", + "rev": "376a2e022a5d8fa21cecb5bb0fef0cb54db5cdfc", "type": "github" }, "original": { @@ -76,11 +76,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1731712317, - "narHash": "sha256-NpkSAwLFTFRZx+C2yL0JCBnjnZQRs8PsWRqZ0S08Bc8=", + "lastModified": 1732412226, + "narHash": "sha256-Eb7LqtaCVgZy5Kp3pMrRTAmcnFO7HGj6lpAM2TrQzTA=", "owner": "lilyinstarlight", "repo": "nixos-cosmic", - "rev": "0b0e62252fb3b4e6b0a763190413513be499c026", + "rev": "44c9057ebbf4eb41cff08b8fc9c952b3f977656a", "type": "github" }, "original": { @@ -295,11 +295,11 @@ ] }, "locked": { - "lastModified": 1731535640, - "narHash": "sha256-2EckCJn4wxran/TsRiCOFcmVpep2m9EBKl99NBh2GnM=", + "lastModified": 1732303962, + "narHash": "sha256-5Umjb5AdtxV5jSJd5jxoCckh5mlg+FBQDsyAilu637g=", "owner": "nix-community", "repo": "home-manager", - "rev": "35b055009afd0107b69c286fca34d2ad98940d57", + "rev": "8cf9cb2ee78aa129e5b8220135a511a2be254c0c", "type": "github" }, "original": { @@ -315,11 +315,11 @@ ] }, "locked": { - "lastModified": 1731880681, - "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=", + "lastModified": 1732466619, + "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=", "owner": "nix-community", "repo": "home-manager", - "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6", + "rev": "f3111f62a23451114433888902a55cf0692b408d", "type": "github" }, "original": { @@ -336,11 +336,11 @@ ] }, "locked": { - "lastModified": 1731887066, - "narHash": "sha256-uw7K/RsYioJicV79Nl39yjtfhdfTDU2aRxnBgvFhkZ8=", + "lastModified": 1732482255, + "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "owner": "nix-community", "repo": "home-manager", - "rev": "f3a2ff69586f3a54b461526e5702b1a2f81e740a", + "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "type": "github" }, "original": { @@ -373,11 +373,11 @@ ] }, "locked": { - "lastModified": 1731227601, - "narHash": "sha256-aGUQ6W/Oxd9xjH9RQbnUtC61sTK2fWlKr+J7kavT/RQ=", + "lastModified": 1732032028, + "narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "7691d0ac1deb6ac7482c5a22fe1a14a34ca608b0", + "rev": "65dc04371cf914c9af4f073638821e4787303005", "type": "github" }, "original": { @@ -444,11 +444,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1731885500, - "narHash": "sha256-ZrztYfSOS33J+ewq5alBOSdnIyZ0/sr1iy7FyBe9zIg=", + "lastModified": 1732603785, + "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "c60b5c924c6188a0b3ca2e139ead3d0f92ae5db5", + "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", "type": "github" }, "original": { @@ -524,11 +524,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1731797098, - "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=", + "lastModified": 1732483221, + "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6", + "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", "type": "github" }, "original": { @@ -540,11 +540,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731676054, - "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", + "lastModified": 1732014248, + "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", + "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "type": "github" }, "original": { @@ -568,11 +568,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1731386116, - "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=", + "lastModified": 1731797254, + "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "689fed12a013f56d4c4d3f612489634267d86529", + "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "type": "github" }, "original": { @@ -600,11 +600,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1731755305, - "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", + "lastModified": 1732350895, + "narHash": "sha256-GcOQbOgmwlsRhpLGSwZJwLbo3pu9ochMETuRSS1xpz4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4", + "rev": "0c582677378f2d9ffcb01490af2f2c678dcb29d3", "type": "github" }, "original": { @@ -616,11 +616,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1731676054, - "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", + "lastModified": 1732521221, + "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", + "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", "type": "github" }, "original": { @@ -632,11 +632,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1731919951, - "narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=", + "lastModified": 1732632041, + "narHash": "sha256-3nnq3M2rsGu9doFG9pj2kFKgVv8S19kd68EQkwuCwSI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe", + "rev": "bd4d2031f34254e597eaee1ad618749acb33ad86", "type": "github" }, "original": { @@ -776,11 +776,11 @@ ] }, "locked": { - "lastModified": 1731551344, - "narHash": "sha256-wr8OOqgw7M1pWfe4W7WA5lErzOVMg3zvrrxx/dy/nPo=", + "lastModified": 1732328983, + "narHash": "sha256-RHt12f/slrzDpSL7SSkydh8wUE4Nr4r23HlpWywed9E=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "27570abfd3461875f11fc07c9b01c141a6332b4f", + "rev": "ed8aa5b64f7d36d9338eb1d0a3bb60cf52069a72", "type": "github" }, "original": { @@ -835,11 +835,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1731862312, - "narHash": "sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM=", + "lastModified": 1732575825, + "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", "owner": "Mic92", "repo": "sops-nix", - "rev": "472741cf3fee089241ac9ea705bb2b9e0bfa2978", + "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 295937e..2550cf6 100644 --- a/flake.nix +++ b/flake.nix @@ -14,7 +14,7 @@ # Authentik authentik-nix = { url = "github:nix-community/authentik-nix"; - inputs.nixpkgs.follows = "nixpkgs-stable"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; # Chaotic-nix @@ -115,7 +115,7 @@ }; # NAS - "jallen-nas" = nixpkgs-stable.lib.nixosSystem { + "jallen-nas" = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs outputs; @@ -124,7 +124,7 @@ impermanence.nixosModules.impermanence ./hosts/nas/configuration.nix ./hosts/nas/impermanence.nix - home-manager-stable.nixosModules.home-manager + home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = false; home-manager.useUserPackages = true; diff --git a/hosts/desktop/boot.nix b/hosts/desktop/boot.nix index 5c59a55..9989574 100644 --- a/hosts/desktop/boot.nix +++ b/hosts/desktop/boot.nix @@ -2,7 +2,7 @@ let configLimit = 5; default = "@saved"; - kernel = pkgs.unstable.linuxPackages_latest; + kernel = pkgs.linuxPackages_latest; in { # Configure bootloader with lanzaboot and secureboot diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 420946e..53eb316 100644 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -272,6 +272,7 @@ in aspellDicts.en-computers aspellDicts.en-science borgbackup + brscan5 clinfo deja-dup direnv @@ -298,8 +299,10 @@ in rclone rclone-browser rsync + sane-frontends sbctl smartmontools + usbutils udisks2 vim vulkan-tools @@ -360,11 +363,21 @@ in "networkmanager" "ratbagd" "input" + "scanner" + "lp" ]; # Enable ‘sudo’ for the user. hashedPasswordFile = passwordFile; shell = pkgs.zsh; }; + hardware.sane = { + enable = true; + brscan5.enable = true; + dsseries.enable = false; + # backends-package = pkgs.brscan5; + extraBackends = [ pkgs.brscan5 ]; + }; + # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # diff --git a/hosts/desktop/gnome/home.nix b/hosts/desktop/gnome/home.nix index 84f56a7..26efb5a 100644 --- a/hosts/desktop/gnome/home.nix +++ b/hosts/desktop/gnome/home.nix @@ -5,11 +5,12 @@ settings = { "org/gnome/desktop/interface".clock-format = "12h"; "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + "org/gnome/desktop/interface".cursor-theme = lib.mkDefault "macOS"; "org/gnome/desktop/interface".enable-hot-corners = false; "org/gnome/desktop/interface".font-antialiasing = "grayscale"; "org/gnome/desktop/interface".font-hinting = "slight"; "org/gnome/desktop/interface".gtk-theme = lib.mkDefault "Colloid-Dark"; - "org/gnome/desktop/interface".icon-theme = lib.mkDefault "Colloid-dark"; + "org/gnome/desktop/interface".icon-theme = lib.mkDefault "Colloid-Dark"; "org/gnome/desktop/peripherals/mouse".accel-profile = "flat"; "org/gnome/desktop/peripherals/touchpad".two-finger-scrolling-enabled = true; "org/gnome/desktop/peripherals/touchpad".tap-to-click = true; diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index 297ebde..6154ed7 100644 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -1,6 +1,7 @@ { config, ... }: { imports = [ + ../../modules/apps/paperless ../../modules/apps/jellyseerr/jellyseerr.nix ../../modules/apps/radarr/radarr.nix ../../modules/apps/sonarr/sonarr.nix @@ -26,7 +27,7 @@ jellyfin.enable = true; - jellyseerr.enable = false; + # jellyseerr.enable = false; manyfold.enable = true; @@ -65,11 +66,11 @@ httpsPort = "3301"; }; - radarr.enable = false; + # radarr.enable = false; sabnzbd.enable = true; - sonarr.enable = false; + # sonarr.enable = false; swag.enable = true; diff --git a/hosts/nas/boot.nix b/hosts/nas/boot.nix index c72c9de..613f04e 100644 --- a/hosts/nas/boot.nix +++ b/hosts/nas/boot.nix @@ -1,7 +1,7 @@ { pkgs,... }: let configLimit = 5; - kernel = pkgs.unstable.linuxPackages_latest; + kernel = pkgs.linuxPackages_latest; in { # Configure bootloader with lanzaboot and secureboot diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index eb71307..2bf07a8 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -48,7 +48,7 @@ in share.hardware.nvidia = { enable = true; - enableBeta = false; + enableBeta = true; enableOpen = true; nvidiaSettings = true; enableNvidiaDocker = true; diff --git a/hosts/nas/impermanence.nix b/hosts/nas/impermanence.nix index 6c262e2..4d19cf7 100644 --- a/hosts/nas/impermanence.nix +++ b/hosts/nas/impermanence.nix @@ -8,6 +8,7 @@ directories = [ "/var/lib/bluetooth" "/var/lib/nixos" + "/var/lib/tailscale" "/var/lib/systemd/coredump" "/etc/NetworkManager/system-connections" "/etc/secureboot" diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index cc6bdf6..4c4fc15 100644 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -160,7 +160,7 @@ in "--hostname=jallen-nas" "--webclient" ]; - authKeyFile = "/media/nas/ssd/nix-app-data/tailscale/auth"; + # authKeyFile = "/media/nas/ssd/nix-app-data/tailscale/auth"; }; btrfs = { diff --git a/modules/apps/jellyseerr/jellyseerr.nix b/modules/apps/jellyseerr/jellyseerr.nix index 9b60dd3..d0b4760 100644 --- a/modules/apps/jellyseerr/jellyseerr.nix +++ b/modules/apps/jellyseerr/jellyseerr.nix @@ -7,7 +7,7 @@ let mediaDir = "/media"; jellyseerrUserId = config.users.users.nix-apps.uid; jellyseerrGroupId = config.users.groups.jallen-nas.gid; - package = pkgs.unstable.jellyseerr; + package = pkgs.jellyseerr; in { containers.jellyseerr = { diff --git a/modules/apps/paperless/default.nix b/modules/apps/paperless/default.nix new file mode 100644 index 0000000..0218f47 --- /dev/null +++ b/modules/apps/paperless/default.nix @@ -0,0 +1,92 @@ +{ config, pkgs, lib, ... }: + +let + paperlessPort = 28981; + paperlessUserId = config.users.users.nix-apps.uid; + paperlessGroupId = config.users.groups.jallen-nas.gid; + passwordFile = config.sops.secrets."jallen-nas/admin_password".path; +in +{ + containers.paperless = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.18"; + localAddress = "10.0.1.20"; + hostAddress6 = "fc00::1"; + localAddress6 = "fc00::20"; + + config = { config, pkgs, lib, ... }: { + # Enable paperless service + services.paperless = { + enable = true; + port = paperlessPort; + user = "paperless"; + address = "0.0.0.0"; + passwordFile = "/var/lib/paperless/paperless-password"; + # settings = { + # PAPERLESS_APPS="allauth.socialaccount.providers.openid_connect"; + # PAPERLESS_SOCIALACCOUNT_PROVIDERS = { + # "openid_connect" = { + # "OAUTH_PKCE_ENABLED":true, + # "APPS":[ + # {"provider_id":"authentik","name":"Authentik","client_id":"","secret":","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}} + # } + }; + + # Create required users and groups + users.groups = { + documents = { gid = lib.mkForce paperlessGroupId; }; + }; + + users.users.paperless = { + isSystemUser = true; + uid = lib.mkForce paperlessUserId; + group = lib.mkForce "documents"; + }; + + # Create and set permissions for required directories + system.activationScripts.paperless-dirs = '' + mkdir -p /var/lib/paperless + + chown -R paperless:documents /var/lib/paperless + + chmod -R 775 /var/lib/paperless + + ''; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ paperlessPort ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + + services.resolved.enable = true; + system.stateVersion = "23.11"; + }; + + # Bind mount directories from host + bindMounts = { + "/var/lib/paperless" = { + hostPath = "/media/nas/ssd/nix-app-data/paperless"; + isReadOnly = false; + }; + # "/run/keys/paperless-password" = { + # hostPath = passwordFile; + # isReadOnly = true; + # }; + }; + }; + + networking.nat = { + forwardPorts = [ + { + destination = "10.0.1.20:28981"; + sourcePort = paperlessPort; + } + ]; + }; +} \ No newline at end of file diff --git a/modules/apps/radarr/radarr.nix b/modules/apps/radarr/radarr.nix index 80f4a9a..d6f1e24 100644 --- a/modules/apps/radarr/radarr.nix +++ b/modules/apps/radarr/radarr.nix @@ -7,7 +7,7 @@ let mediaDir = "/media"; radarrUserId = config.users.users.nix-apps.uid; radarrGroupId = config.users.groups.jallen-nas.gid; - package = pkgs.unstable.radarr; + package = pkgs.radarr; in { containers.radarr = { diff --git a/share/amd/default.nix b/share/amd/default.nix index dd18869..284b19c 100644 --- a/share/amd/default.nix +++ b/share/amd/default.nix @@ -28,8 +28,8 @@ in graphics = { enable = true; enable32Bit = true; - extraPackages = [ pkgs.unstable.mesa ]; - extraPackages32 = [ pkgs.unstable.pkgsi686Linux.mesa ]; + # extraPackages = [ pkgs.unstable.mesa ]; + # extraPackages32 = [ pkgs.unstable.pkgsi686Linux.mesa ]; }; }; diff --git a/share/gaming/default.nix b/share/gaming/default.nix index 63326a7..dafae0a 100644 --- a/share/gaming/default.nix +++ b/share/gaming/default.nix @@ -38,7 +38,7 @@ in # Hardware configs hardware = { # Xbox controllers - xpadneo.enable = true; + xpadneo.enable = false; # Steam udev rules for remote play steam-hardware.enable = true; diff --git a/share/nvidia/default.nix b/share/nvidia/default.nix index ec87284..66cbb26 100644 --- a/share/nvidia/default.nix +++ b/share/nvidia/default.nix @@ -18,10 +18,10 @@ in package = if cfg.enableBeta then config.boot.kernelPackages.nvidiaPackages.beta - # pkgs.unstable.kernelPackages.nvidiaPackages.beta + # pkgs.unstable.linuxPackages.nvidiaPackages.beta else config.boot.kernelPackages.nvidiaPackages.latest; - # pkgs.unstable.kernelPackages.nvidiaPackages.latest; + # pkgs.unstable.linuxPackages.nvidiaPackages.latest; # Modesetting is required. modesetting.enable = true;