mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updates and formatting

Browse Source
This commit is contained in:
mjallen18
2025-01-21 11:43:08 -06:00
parent a774f7eb41
commit c4133aef37
16 changed files with 355 additions and 462 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/desktop/home.nix
View File

@@ -90,7 +90,7 @@ in
morph
nextcloud-client
nixfmt-rfc-style
stable.orca-slicer
orca-slicer
papirus-icon-theme
piper
pop-gtk-theme

214
hosts/nas/apps/arrs/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
radarrPort = 7878;
@@ -14,7 +19,8 @@ let
mediaDir = "/media";
arrUserId = config.users.users.nix-apps.uid;
arrGroupId = config.users.groups.jallen-nas.gid;
# sonarrPkg = pkgs.stable.sonarr;
sonarrPkg = pkgs.stable.sonarr;
jackettPkg = pkgs.unstable.jackett;
in
{
nixpkgs.config.permittedInsecurePackages = [
@@ -29,115 +35,129 @@ in
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.51";
config = { config, pkgs, lib, ... }: {
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
# Enable radarr service
services.radarr = {
enable = true;
openFirewall = true;
user = "arrs";
group = "media";
dataDir = radarrDataDir;
};
# Enable Sonarr service
services.sonarr = {
enable = true;
openFirewall = true;
user = "arrs";
group = "media";
dataDir = sonarrDataDir;
# package = sonarrPkg;
};
config =
{
config,
pkgs,
lib,
...
}:
{
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
# Enable Sabnzbd service
services.sabnzbd = {
enable = true;
openFirewall = true;
user = "arrs";
group = "media";
configFile = "${sabnzbdConfig}/sabnzbd.ini";
};
services.deluge = {
enable = true;
user = "arrs";
group = "media";
openFirewall = true;
dataDir = "/media";
web = {
# Enable radarr service
services.radarr = {
enable = true;
port = 8112;
openFirewall = true;
user = "arrs";
group = "media";
dataDir = radarrDataDir;
};
};
services.jackett = {
enable = true;
user = "arrs";
group = "media";
openFirewall = true;
};
# Enable Sonarr service
services.sonarr = {
enable = true;
openFirewall = true;
user = "arrs";
group = "media";
dataDir = sonarrDataDir;
# package = sonarrPkg;
};
# Create required users and groups
users.users.arrs = {
isSystemUser = true;
uid = lib.mkForce arrUserId;
group = "media";
extraGroups = [ "downloads" ];
};
# Enable Sabnzbd service
services.sabnzbd = {
enable = true;
openFirewall = true;
user = "arrs";
group = "media";
configFile = "${sabnzbdConfig}/sabnzbd.ini";
};
users.groups = {
media = { gid = lib.mkForce arrGroupId; };
downloads = {};
};
services.deluge = {
enable = true;
user = "arrs";
group = "media";
openFirewall = true;
dataDir = "/media";
web = {
enable = true;
port = 8112;
openFirewall = true;
};
};
# System packages
environment.systemPackages = with pkgs; [
glib
sqlite
mono
mediainfo
protonvpn-cli_2
];
services.jackett = {
enable = true;
user = "arrs";
group = "media";
openFirewall = true;
package = jackettPkg;
};
# Create and set permissions for required directories
system.activationScripts.radarr-dirs = ''
mkdir -p ${radarrDataDir}
mkdir -p ${sonarrDataDir}
mkdir -p ${sabnzbdConfig}
mkdir -p ${downloadDir}
mkdir -p ${incompleteDir}
mkdir -p ${mediaDir}
# Create required users and groups
users.users.arrs = {
isSystemUser = true;
uid = lib.mkForce arrUserId;
group = "media";
extraGroups = [ "downloads" ];
};
chown -R arrs:media ${radarrDataDir}
chown -R arrs:media ${sonarrDataDir}
chown -R arrs:media ${sabnzbdConfig}
chown -R arrs:media ${downloadDir}
chown -R arrs:media ${incompleteDir}
chown -R arrs:media ${mediaDir}
chmod -R 775 ${radarrDataDir}
chmod -R 775 ${sonarrDataDir}
chmod -R 775 ${sabnzbdConfig}
chmod -R 775 ${downloadDir}
chmod -R 775 ${incompleteDir}
chmod -R 775 ${mediaDir}
'';
users.groups = {
media = {
gid = lib.mkForce arrGroupId;
};
downloads = { };
};
# System packages
environment.systemPackages = with pkgs; [
glib
sqlite
mono
mediainfo
protonvpn-cli_2
];
# Create and set permissions for required directories
system.activationScripts.radarr-dirs = ''
mkdir -p ${radarrDataDir}
mkdir -p ${sonarrDataDir}
mkdir -p ${sabnzbdConfig}
mkdir -p ${downloadDir}
mkdir -p ${incompleteDir}
mkdir -p ${mediaDir}
chown -R arrs:media ${radarrDataDir}
chown -R arrs:media ${sonarrDataDir}
chown -R arrs:media ${sabnzbdConfig}
chown -R arrs:media ${downloadDir}
chown -R arrs:media ${incompleteDir}
chown -R arrs:media ${mediaDir}
chmod -R 775 ${radarrDataDir}
chmod -R 775 ${sonarrDataDir}
chmod -R 775 ${sabnzbdConfig}
chmod -R 775 ${downloadDir}
chmod -R 775 ${incompleteDir}
chmod -R 775 ${mediaDir}
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ radarrPort sonarrPort sabnzbdPort ];
allowedTCPPorts = [
radarrPort
sonarrPort
sabnzbdPort
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
@@ -213,4 +233,4 @@ in
}
];
};
}
}

2
hosts/nas/apps/collabora/default.nix
View File

@@ -4,4 +4,4 @@
enable = true;
port = 9980;
};
}
}

159
hosts/nas/apps/jellyfin/default.nix
View File

@@ -1,161 +1,4 @@
{
config,
pkgs,
lib,
...
}:
# let
# jellyfinPort = 8096;
# jellyfinUserId = config.users.users.nix-apps.uid;
# jellyfinGroupId = config.users.groups.jallen-nas.gid;
# package = pkgs.jellyfin;
# in {
# containers.jellyfin = {
# autoStart = true;
# privateNetwork = true;
# hostAddress = "10.0.1.18";
# localAddress = "10.0.2.25";
# config = { config, pkgs, lib, ... }: {
# # Enable jellyfin service
# nixpkgs.config.allowUnfree = true;
# hardware = {
# # Nvidia
# nvidia = {
# package = config.boot.kernelPackages.nvidiaPackages.latest;
# # Modesetting is required.
# modesetting.enable = true;
# # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# powerManagement.enable = true;
# # Fine-grained power management. Turns off GPU when not in use.
# # Experimental and only works on modern Nvidia GPUs (Turing or newer).
# powerManagement.finegrained = false;
# # Use the NVidia open source kernel module (not to be confused with the
# # independent third-party "nouveau" open source driver).
# # Support is limited to the Turing and later architectures. Full list of
# # supported GPUs is at:
# # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# # Only available from driver 515.43.04+
# # Currently alpha-quality/buggy, so false is currently the recommended setting.
# open = true;
# # Enable the Nvidia settings menu,
# # accessible via `nvidia-settings`.
# nvidiaSettings = true;
# };
# # Enable graphics
# graphics = {
# enable = true;
# enable32Bit = true;
# };
# };
# # Services configs
# services.xserver = {
# # Load nvidia driver for Xorg and Wayland
# videoDrivers = [ "nvidia" ];
# };
# services.jellyfin = {
# enable = true;
# openFirewall = true;
# user = "jellyfin";
# group = "media";
# dataDir = "/data";
# configDir = "/config";
# # cacheDir = "/cache";
# };
# # Create required users and groups
# users.users.jellyfin = {
# isSystemUser = true;
# uid = lib.mkForce jellyfinUserId;
# group = "media";
# extraGroups = [ "downloads" ];
# };
# users.groups = {
# media = { gid = lib.mkForce jellyfinGroupId; };
# downloads = { };
# };
# networking = {
# firewall = {
# enable = true;
# allowedTCPPorts = [ jellyfinPort ];
# };
# # Use systemd-resolved inside the container
# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
# useHostResolvConf = lib.mkForce false;
# };
# # System packages
# environment.systemPackages = with pkgs; [
# sqlite
# mono
# mediainfo
# # ffmpeg
# # nvidiaPackages.gpu
# # nvidiaPackages.nvidia-settings
# # nvidiaPackages.nvidia-x11
# ];
# services.resolved.enable = true;
# system.stateVersion = "23.11";
# };
# # Bind mount directories from host
# bindMounts = {
# "/data" = {
# hostPath = "/media/nas/ssd/nix-app-data/jellyfin";
# isReadOnly = false;
# };
# "/tv" = {
# hostPath = "/media/nas/main/tv";
# isReadOnly = false;
# };
# "/movies" = {
# hostPath = "/media/nas/main/movies";
# isReadOnly = false;
# };
# "/dev/nvidia0" = { hostPath = "/dev/nvidia0"; }; # GPU device
# "/dev/nvidiactl" = { hostPath = "/dev/nvidiactl"; }; # NVIDIA control
# "/dev/nvidia-modeset" = { hostPath = "/dev/nvidia-modeset"; }; # modesetting
# };
# # allowedDevices = [
# # {
# # modifier = "rw";
# # node = "/dev/nvidia0";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidiactl";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-modeset";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-uvm";
# # }
# # {
# # modifier = "rw";
# # node = "/dev/nvidia-uvm-tools";
# # }
# # ];
# };
# networking.nat = {
# forwardPorts = [{
# destination = "10.0.2.25:8096";
# sourcePort = jellyfinPort;
# }];
# };
# }
{ ... }:
{
services.jellyfin = {
enable = true;

243
hosts/nas/apps/nextcloud/default.nix
View File

@@ -39,134 +39,139 @@ in
};
config =
{ pkgs, lib, ... }:
{
nixpkgs.config.allowUnfree = true;
{ pkgs, lib, ... }:
{
nixpkgs.config.allowUnfree = true;
services = {
nextcloud = {
enable = true;
package = pkgs.nextcloud30;
# datadir = "/data";
database.createLocally = true;
hostName = "cloud.mjallen.dev";
appstoreEnable = true;
caching.redis = true;
configureRedis = true;
enableImagemagick = true;
https = true;
config = {
adminuser = "mjallen";
adminpassFile = adminpass;
dbhost = "localhost";
dbtype = "sqlite";
dbname = "nextcloud";
dbuser = "nextcloud";
};
settings = {
allow_local_remote_servers = true;
upgrade.disable-web = false;
datadirectory = "/data";
trusted_domains = [
"10.0.1.18:9988"
"10.0.1.18:9943"
"10.0.2.18:80"
"10.0.2.18:443"
"cloud.mjallen.dev"
];
trusted_proxies = [ "10.0.1.18" ];
maintenance_window_start = 6;
default_phone_region = "US";
mail_from_address = "matt.l.jallen";
mail_smtpmode = "smtp";
mail_sendmailmode = "smtp";
mail_domain = "gmail.com";
mail_smtpauth = 1;
mail_smtpname = "matt.l.jallen";
mail_smtppassword = "egzo mltu kkoc hrfe "; # TODO: smtppassword;
mail_smtpsecure = "ssl";
mail_smtphost = "smtp.gmail.com";
mail_smtpport = 465;
enable_previews = true;
enabledPreviewProviders = [
"OC\\\\Preview\\\\PNG"
"OC\\\\Preview\\\\JPEG"
"OC\\\\Preview\\\\GIF"
"OC\\\\Preview\\\\BMP"
"OC\\\\Preview\\\\XBitmap"
"OC\\\\Preview\\\\MP3"
"OC\\\\Preview\\\\TXT"
"OC\\\\Preview\\\\MarkDown"
"OC\\\\Preview\\\\OpenDocument"
"OC\\\\Preview\\\\Krita"
"OC\\\\Preview\\\\HEIC"
];
installed = true;
user_oidc = {
auto_provision = false;
soft_auto_provision = false;
services = {
nextcloud = {
enable = true;
package = pkgs.nextcloud30;
# datadir = "/data";
database.createLocally = true;
hostName = "cloud.mjallen.dev";
appstoreEnable = true;
caching.redis = true;
configureRedis = true;
enableImagemagick = true;
https = true;
config = {
adminuser = "mjallen";
adminpassFile = adminpass;
dbhost = "localhost";
dbtype = "sqlite";
dbname = "nextcloud";
dbuser = "nextcloud";
};
settings = {
allow_local_remote_servers = true;
upgrade.disable-web = false;
datadirectory = "/data";
trusted_domains = [
"10.0.1.18:9988"
"10.0.1.18:9943"
"10.0.2.18:80"
"10.0.2.18:443"
"cloud.mjallen.dev"
];
trusted_proxies = [ "10.0.1.18" ];
maintenance_window_start = 6;
default_phone_region = "US";
mail_from_address = "matt.l.jallen";
mail_smtpmode = "smtp";
mail_sendmailmode = "smtp";
mail_domain = "gmail.com";
mail_smtpauth = 1;
mail_smtpname = "matt.l.jallen";
mail_smtppassword = "egzo mltu kkoc hrfe "; # TODO: smtppassword;
mail_smtpsecure = "ssl";
mail_smtphost = "smtp.gmail.com";
mail_smtpport = 465;
enable_previews = true;
enabledPreviewProviders = [
"OC\\\\Preview\\\\PNG"
"OC\\\\Preview\\\\JPEG"
"OC\\\\Preview\\\\GIF"
"OC\\\\Preview\\\\BMP"
"OC\\\\Preview\\\\XBitmap"
"OC\\\\Preview\\\\MP3"
"OC\\\\Preview\\\\TXT"
"OC\\\\Preview\\\\MarkDown"
"OC\\\\Preview\\\\OpenDocument"
"OC\\\\Preview\\\\Krita"
"OC\\\\Preview\\\\HEIC"
];
installed = true;
user_oidc = {
auto_provision = false;
soft_auto_provision = false;
};
};
};
onlyoffice = {
enable = true;
port = 8000;
hostname = "office.mjallen.dev";
};
};
onlyoffice = {
enable = true;
port = 8000;
hostname = "office.mjallen.dev";
# System packages
environment.systemPackages = with pkgs; [
nextcloud30
onlyoffice-documentserver
sqlite
];
# Create required users and groups
users.users.nextcloud = {
isSystemUser = true;
uid = lib.mkForce nextcloudUserId;
group = "nextcloud";
};
};
# System packages
environment.systemPackages = with pkgs; [
nextcloud30
onlyoffice-documentserver
sqlite
];
# Create required users and groups
users.users.nextcloud = {
isSystemUser = true;
uid = lib.mkForce nextcloudUserId;
group = "nextcloud";
};
users.users.onlyoffice = {
group = lib.mkForce "nextcloud";
};
users.groups = {
nextcloud = { gid = lib.mkForce nextcloudGroupId; };
downloads = {};
};
# Create and set permissions for required directories
system.activationScripts.nextcloud-dirs = ''
mkdir -p /data
chown -R nextcloud:nextcloud /data
chown -R nextcloud:nextcloud /run/secrets/jallen-nas/nextcloud
chmod -R 775 /data
chmod -R 750 /run/secrets/jallen-nas/nextcloud
'';
system.stateVersion = "23.11";
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
users.users.onlyoffice = {
group = lib.mkForce "nextcloud";
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
users.groups = {
nextcloud = {
gid = lib.mkForce nextcloudGroupId;
};
downloads = { };
};
# Create and set permissions for required directories
system.activationScripts.nextcloud-dirs = ''
mkdir -p /data
chown -R nextcloud:nextcloud /data
chown -R nextcloud:nextcloud /run/secrets/jallen-nas/nextcloud
chmod -R 775 /data
chmod -R 750 /run/secrets/jallen-nas/nextcloud
'';
system.stateVersion = "23.11";
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
};
};
networking.nat = {

2
hosts/nas/apps/ollama/default.nix
View File

@@ -30,4 +30,4 @@
LOCAL_FILES_ONLY = "False";
};
};
}
}

6
hosts/nas/apps/paperless-ai/default.nix
View File

@@ -11,7 +11,11 @@ in
virtualisation.oci-containers.containers.${cfg.name} = {
autoStart = true;
image = cfg.image;
extraOptions = [ "--device=nvidia.com/gpu=0" "--network=bridge" "--add-host=host.docker.internal:host-gateway" ];
extraOptions = [
"--device=nvidia.com/gpu=0"
"--network=bridge"
"--add-host=host.docker.internal:host-gateway"
];
volumes = [ "${cfg.configPath}:/app/data" ];
ports = [ "${cfg.port}:3000" ];
environment = {

5
hosts/nas/apps/paperless/default.nix
View File

@@ -4,12 +4,12 @@
lib,
...
}:
let
paperlessPort = 28981;
paperlessUserId = config.users.users.nix-apps.uid;
paperlessGroupId = config.users.groups.jallen-nas.gid;
passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
paperlessPkg = pkgs.stable.paperless-ngx;
in
{
containers.paperless = {
@@ -31,6 +31,7 @@ in
# Enable paperless service
services.paperless = {
enable = true;
package = paperlessPkg;
port = paperlessPort;
user = "paperless";
address = "0.0.0.0";
@@ -40,7 +41,7 @@ in
PAPERLESS_SECRET = "Luciferthecat03092024";
PAPERLESS_ENABLE_ALLAUTH = true;
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIALACCOUNT_PROVIDERS=''{"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"OZhMnBUxwJvpjkUhs4ISgA0iAWA7etgTXaohLCED","secret":"UrwdWObeyoEI1AogXcjV8SwYsJ585Wkh5YxDH5wFPXZxp8IVV9QNsn32PIAv6h9BdjaiiMrOFayaW3uXyZYg71olG5OQ1qGaD6WYn0EijYBwxoEuvp7LIdMJ4lImhVR1","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}'';
PAPERLESS_SOCIALACCOUNT_PROVIDERS = ''{"openid_connect":{"OAUTH_PKCE_ENABLED":true,"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"OZhMnBUxwJvpjkUhs4ISgA0iAWA7etgTXaohLCED","secret":"UrwdWObeyoEI1AogXcjV8SwYsJ585Wkh5YxDH5wFPXZxp8IVV9QNsn32PIAv6h9BdjaiiMrOFayaW3uXyZYg71olG5OQ1qGaD6WYn0EijYBwxoEuvp7LIdMJ4lImhVR1","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}}'';
};
};

62
hosts/nas/apps/traefik/default.nix
View File

@@ -2,36 +2,36 @@
let
domain = "mjallen.dev";
authUrl = "http://10.0.1.18:9000/outpost.goauthentik.io";
authentikUrl = "http://10.0.1.18:9000";
collaboraUrl = "http://10.0.1.18:9980";
cloudUrl = "http://10.0.2.18:80";
jellyfinUrl = "http://10.0.1.18:8096";
authUrl = "http://10.0.1.18:9000/outpost.goauthentik.io";
authentikUrl = "http://10.0.1.18:9000";
collaboraUrl = "http://10.0.1.18:9980";
cloudUrl = "http://10.0.2.18:80";
jellyfinUrl = "http://10.0.1.18:8096";
jellyseerrUrl = "http://10.0.1.52:5055";
hassUrl = "http://10.0.1.183:8123";
openWebUIUrl = "http://10.0.1.18:8888";
paperlessUrl = "http://10.0.1.20:28981";
hassUrl = "http://10.0.1.183:8123";
openWebUIUrl = "http://10.0.1.18:8888";
paperlessUrl = "http://10.0.1.20:28981";
in
{
networking.firewall = {
allowedTCPPorts = [
80
443
8080
];
allowedUDPPorts = [
80
443
8080
];
};
allowedTCPPorts = [
80
443
8080
];
allowedUDPPorts = [
80
443
8080
];
};
services.traefik = {
enable = true;
dataDir = "/media/nas/ssd/nix-app-data/traefik";
group = "jallen-nas";
environmentFiles = [ "${config.services.traefik.dataDir}/traefik.env" ]; # todo: sops
staticConfigOptions = {
entryPoints = {
web = {
@@ -102,7 +102,7 @@ in
# "503"
# "505-599"
# ];
# service =
# service =
# };
# }
};
@@ -157,44 +157,44 @@ in
routers = {
auth = {
entryPoints = ["websecure"];
entryPoints = [ "websecure" ];
rule = "HostRegexp(`{subdomain:[a-z]+}.mjallen.dev`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
priority = 15;
tls.certResolver = "letsencrypt";
};
authentik = {
entryPoints = ["websecure"];
entryPoints = [ "websecure" ];
rule = "Host(`authentik.${domain}`)";
service = "authentik";
tls.certResolver = "letsencrypt";
};
collabora = {
entryPoints = ["websecure"];
entryPoints = [ "websecure" ];
rule = "Host(`office.${domain}`)";
service = "collabora";
tls.certResolver = "letsencrypt";
};
cloud = {
entryPoints = ["websecure"];
entryPoints = [ "websecure" ];
rule = "Host(`cloud.${domain}`)";
service = "cloud";
tls.certResolver = "letsencrypt";
};
jellyfin = {
entryPoints = ["websecure"];
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.${domain}`)";
service = "jellyfin";
tls.certResolver = "letsencrypt";
};
jellyseerr = {
entryPoints = ["websecure"];
entryPoints = [ "websecure" ];
rule = "Host(`jellyseerr.${domain}`)";
service = "jellyseerr";
tls.certResolver = "letsencrypt";
};
hass = {
entryPoints = ["websecure"];
entryPoints = [ "websecure" ];
rule = "Host(`hass.${domain}`)";
service = "hass";
middlewares = "authentik";
@@ -202,7 +202,7 @@ in
tls.certResolver = "letsencrypt";
};
open-webui = {
entryPoints = ["websecure"];
entryPoints = [ "websecure" ];
rule = "Host(`chat.${domain}`)";
service = "chat";
# middlewares = [ "authentik" ];
@@ -220,4 +220,4 @@ in
};
};
# todo: fail2ban/etc
}
}

2
hosts/nas/boot.nix
View File

@@ -1,4 +1,4 @@
{ pkgs,... }:
{ pkgs, ... }:
let
configLimit = 5;
kernel = pkgs.linuxPackages_latest;

5
hosts/nas/configuration.nix
View File

@@ -139,7 +139,10 @@ in
# Configure nixpkgs
nixpkgs = {
overlays = [ outputs.overlays.nixpkgs-unstable ];
overlays = [
outputs.overlays.nixpkgs-unstable
outputs.overlays.nixpkgs-stable
];
config = {
# Enable non free

4
hosts/nas/networking.nix
View File

@@ -24,10 +24,10 @@ in
# Disable Network Manager
networkmanager.enable = true;
nat = {
enable = true;
internalInterfaces = ["ve-+"];
internalInterfaces = [ "ve-+" ];
externalInterface = "wlp7s0";
# Lazy IPv6 connectivity for the container
enableIPv6 = true;

2
hosts/nas/services.nix
View File

@@ -210,7 +210,7 @@ in
};
dataDir = "/media/nas/ssd/nix-app-data/grafana";
};
nix-serve = {
enable = false;
secretKeyFile = "/var/cache-priv-key.pem";