diff --git a/flake.lock b/flake.lock index 543db55..f33b087 100644 --- a/flake.lock +++ b/flake.lock @@ -8,21 +8,22 @@ "flake-utils": "flake-utils", "napalm": "napalm", "nixpkgs": [ - "nixpkgs-unstable" + "nixpkgs-stable" ], "poetry2nix": "poetry2nix", "systems": "systems" }, "locked": { - "lastModified": 1733851514, - "narHash": "sha256-fQt/HzF+OBC8xLRYeHiYLSEzjrgOLNWhyd102aY2oLU=", - "owner": "nix-community", + "lastModified": 1734115107, + "narHash": "sha256-0Rz8OZNMH1/a06Mw6TprwSw93PH6y3WyFTWJ2UJERvw=", + "owner": "fpletz", "repo": "authentik-nix", - "rev": "b059e1d6e7a94bbeabb4e87d47b5f5097fd61823", + "rev": "f6742fc5dd624ad3bfae2cf6daef24ce49e1432b", "type": "github" }, "original": { - "owner": "nix-community", + "owner": "fpletz", + "ref": "24.11", "repo": "authentik-nix", "type": "github" } @@ -219,11 +220,11 @@ ] }, "locked": { - "lastModified": 1733951607, - "narHash": "sha256-CN6q6iCzxI1gkNyk4xLdwaMKi10r7n+aJkRzWj8PXwQ=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "6e5b2d9e8014b5572e3367937a329e7053458d34", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -234,11 +235,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1734200366, + "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", "type": "github" }, "original": { @@ -362,11 +363,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1733861262, - "narHash": "sha256-+jjPup/ByS0LEVIrBbt7FnGugJgLeG9oc+ivFASYn2U=", + "lastModified": 1734352517, + "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cf737e2eba82b603f54f71b10cb8fd09d22ce3f5", + "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", "type": "github" }, "original": { @@ -418,13 +419,29 @@ "type": "github" } }, - "nixpkgs-unstable": { + "nixpkgs-stable_2": { "locked": { - "lastModified": 1733759999, - "narHash": "sha256-463SNPWmz46iLzJKRzO3Q2b0Aurff3U1n0nYItxq7jU=", + "lastModified": 1734323986, + "narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a73246e2eef4c6ed172979932bc80e1404ba2d56", + "rev": "394571358ce82dff7411395829aa6a3aad45b907", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1734424634, + "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "type": "github" }, "original": { @@ -533,6 +550,7 @@ "nix-darwin": "nix-darwin", "nixos-apple-silicon": "nixos-apple-silicon", "nixos-hardware": "nixos-hardware", + "nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" } @@ -583,11 +601,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1733965552, - "narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=", + "lastModified": 1734546875, + "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004", + "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3ae4636..29ac9d0 100644 --- a/flake.nix +++ b/flake.nix @@ -9,12 +9,13 @@ # nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; # nixpgs - # nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11"; # Authentik authentik-nix = { - url = "github:nix-community/authentik-nix"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; + # url = "github:nix-community/authentik-nix"; + url = "github:fpletz/authentik-nix/24.11"; # for some reason this is broken in stable and unstable + inputs.nixpkgs.follows = "nixpkgs-stable"; }; # Chaotic-nix @@ -63,7 +64,7 @@ self, nixpkgs-unstable, # nixpkgs-unstable-small, - # nixpkgs-stable, + nixpkgs-stable, # chaotic, lanzaboote, impermanence, diff --git a/hosts/desktop/gnome/home.nix b/hosts/desktop/gnome/home.nix index 26efb5a..b0c1f01 100644 --- a/hosts/desktop/gnome/home.nix +++ b/hosts/desktop/gnome/home.nix @@ -21,7 +21,7 @@ "org/gnome/tweaks".show-extensions-notice = false; "org/gnome/shell".enabled-extensions = [ "appindicatorsupport@rgcjonas.gmail.com" - "arcmenu@arcmenu.com" + # "arcmenu@arcmenu.com" "user-theme@gnome-shell-extensions.gcampax.github.com" "tiling-assistant@leleat-on-github" "dash-to-dock@micxgx.gmail.com" diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index 740dd2a..544d036 100644 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -1,11 +1,13 @@ { config, ... }: { imports = [ + ./apps/arrs + ./apps/jellyfin/jellyfin.nix + ./apps/jellyseerr/jellyseerr.nix + ./apps/paperless ../../modules - # ../../modules/apps/caddy - ../../modules/apps/jellyfin/jellyfin.nix - ../../modules/apps/paperless - ../../modules/apps/jellyseerr/jellyseerr.nix + + # ./apps/nextcloud ]; nas-apps = { diff --git a/modules/apps/arrs/default.nix b/hosts/nas/apps/arrs/default.nix similarity index 100% rename from modules/apps/arrs/default.nix rename to hosts/nas/apps/arrs/default.nix diff --git a/hosts/nas/apps/collabora/default.nix b/hosts/nas/apps/collabora/default.nix new file mode 100644 index 0000000..83793b8 --- /dev/null +++ b/hosts/nas/apps/collabora/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + services.collabora-online = { + enable = true; + port = 9980; + }; +} \ No newline at end of file diff --git a/modules/apps/jellyfin/default.nix b/hosts/nas/apps/jellyfin/default.nix similarity index 100% rename from modules/apps/jellyfin/default.nix rename to hosts/nas/apps/jellyfin/default.nix diff --git a/modules/apps/jellyfin/jellyfin.nix b/hosts/nas/apps/jellyfin/jellyfin.nix similarity index 100% rename from modules/apps/jellyfin/jellyfin.nix rename to hosts/nas/apps/jellyfin/jellyfin.nix diff --git a/modules/apps/jellyfin/options.nix b/hosts/nas/apps/jellyfin/options.nix similarity index 100% rename from modules/apps/jellyfin/options.nix rename to hosts/nas/apps/jellyfin/options.nix diff --git a/modules/apps/jellyseerr/default.nix b/hosts/nas/apps/jellyseerr/default.nix similarity index 100% rename from modules/apps/jellyseerr/default.nix rename to hosts/nas/apps/jellyseerr/default.nix diff --git a/modules/apps/jellyseerr/jellyseerr.nix b/hosts/nas/apps/jellyseerr/jellyseerr.nix similarity index 100% rename from modules/apps/jellyseerr/jellyseerr.nix rename to hosts/nas/apps/jellyseerr/jellyseerr.nix diff --git a/modules/apps/jellyseerr/options.nix b/hosts/nas/apps/jellyseerr/options.nix similarity index 100% rename from modules/apps/jellyseerr/options.nix rename to hosts/nas/apps/jellyseerr/options.nix diff --git a/hosts/nas/apps/nextcloud/default.nix b/hosts/nas/apps/nextcloud/default.nix new file mode 100644 index 0000000..f3080c4 --- /dev/null +++ b/hosts/nas/apps/nextcloud/default.nix @@ -0,0 +1,143 @@ +{ config, ... }: +let + adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; + dbpass = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path; + smtppassword = config.sops.templates."nextcloud-smtp".content; + nextcloudUserId = config.users.users.nix-apps.uid; + nextcloudGroupId = config.users.groups.jallen-nas.gid; +in +{ + containers.nextcloud = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.0.1.18"; + localAddress = "10.0.2.18"; + + bindMounts = { + secrets = { + hostPath = "/run/secrets/jallen-nas/nextcloud"; + isReadOnly = true; + mountPoint = "/run/secrets/jallen-nas/nextcloud"; + }; + + data = { + hostPath = "/media/nas/main/nextcloud"; + isReadOnly = false; + mountPoint = "/data"; + }; + }; + + config = + { pkgs, lib, ... }: + { + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud30; + # datadir = "/data"; + hostName = "localhost"; + appstoreEnable = true; + caching.redis = true; + configureRedis = true; + config = { + adminuser = "mjallen"; + adminpassFile = adminpass; + dbhost = "10.0.1.18:3306"; + dbtype = "mysql"; + dbname = "jallen_nextcloud"; + dbuser = "nextcloud"; + dbpassFile = dbpass; + }; + settings = { + datadirectory = "/data"; + trusted_domains = [ + "10.0.1.18:9988" + "10.0.1.18:9943" + "10.0.2.18:80" + "10.0.2.18:443" + "cloud.mjallen.dev" + ]; + trusted_proxies = [ "10.0.1.18" ]; + maintenance_window_start = 6; + default_phone_region = "US"; + mail_from_address = "matt.l.jallen"; + mail_smtpmode = "smtp"; + mail_sendmailmode = "smtp"; + mail_domain = "gmail.com"; + mail_smtpauth = 1; + mail_smtpname = "matt.l.jallen"; + mail_smtppassword = smtppassword; + mail_smtpsecure = "ssl"; + mail_smtphost = "smtp.gmail.com"; + mail_smtpport = 465; + enable_previews = true; + enabledPreviewProviders = [ + "OC\\\\Preview\\\\PNG" + "OC\\\\Preview\\\\JPEG" + "OC\\\\Preview\\\\GIF" + "OC\\\\Preview\\\\BMP" + "OC\\\\Preview\\\\XBitmap" + "OC\\\\Preview\\\\MP3" + "OC\\\\Preview\\\\TXT" + "OC\\\\Preview\\\\MarkDown" + "OC\\\\Preview\\\\OpenDocument" + "OC\\\\Preview\\\\Krita" + "OC\\\\Preview\\\\HEIC" + ]; + installed = true; + # config_is_read_only = true; + }; + }; + + }; + + # Create required users and groups + users.users.nextcloud = { + isSystemUser = true; + uid = lib.mkForce nextcloudUserId; + group = "nextcloud"; + }; + + users.groups = { + nextcloud = { gid = lib.mkForce nextcloudGroupId; }; + downloads = {}; + }; + + # Create and set permissions for required directories + system.activationScripts.radarr-dirs = '' + mkdir -p /data + + chown -R nextcloud:nextcloud /data + + chmod -R 775 /data + + ''; + + system.stateVersion = "23.11"; + networking = { + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; + # Use systemd-resolved inside the container + # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 + useHostResolvConf = lib.mkForce false; + }; + services.resolved.enable = true; + + }; + }; + + networking.nat = { + forwardPorts = [ + { + destination = "10.0.2.18:443"; + sourcePort = 9943; + } + { + destination = "10.0.2.18:80"; + sourcePort = 9988; + } + ]; + }; +} diff --git a/modules/apps/paperless/default.nix b/hosts/nas/apps/paperless/default.nix similarity index 100% rename from modules/apps/paperless/default.nix rename to hosts/nas/apps/paperless/default.nix diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index 4c4fc15..c5f6080 100644 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -6,24 +6,6 @@ in # Services configs services = { - caddy = { - enable = false; - email = "jalle008@proton.me"; - enableReload = true; - user = "nix-apps"; - group = "jallen-nas"; - dataDir = "/media/nas/ssd/nix-app-data/caddy"; - - virtualHosts = { - "authentik.mjallen.dev".extraConfig = '' - reverse_proxy http://10.0.1.18:9000 - ''; - "jellyfin.mjallen.dev".extraConfig = '' - reverse_proxy http://10.0.1.18:8096 - ''; - }; - }; - minecraft-server = { enable = true; eula = true; diff --git a/modules/apps/caddy/custom-caddy.nix b/modules/apps/caddy/custom-caddy.nix deleted file mode 100644 index 509e3b0..0000000 --- a/modules/apps/caddy/custom-caddy.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - pkgs, - config, - plugins, - stdenv, - lib, - ... -}: - -stdenv.mkDerivation rec { - pname = "caddy"; - # https://github.com/NixOS/nixpkgs/issues/113520 - version = "2.7.6"; - dontUnpack = true; - - nativeBuildInputs = [ - pkgs.git - pkgs.go - pkgs.xcaddy - ]; - - configurePhase = '' - export GOCACHE=$TMPDIR/go-cache - export GOPATH="$TMPDIR/go" - ''; - - buildPhase = - let - pluginArgs = lib.concatMapStringsSep " " (plugin: "--with ${plugin}") plugins; - in - '' - runHook preBuild - ${pkgs.xcaddy}/bin/xcaddy build "v${version}" ${pluginArgs} - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - mkdir -p $out/bin - mv caddy $out/bin - runHook postInstall - ''; -} diff --git a/modules/apps/caddy/default.nix b/modules/apps/caddy/default.nix deleted file mode 100644 index 5d84ba6..0000000 --- a/modules/apps/caddy/default.nix +++ /dev/null @@ -1,231 +0,0 @@ -{ config, pkgs, ... }: -{ - # Enable containers - containers.caddy = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.0.1.18"; - localAddress = "10.0.2.1"; - - config = - { config, pkgs, ... }: - { - nixpkgs.overlays = [ - ( - _final: prev: - let - plugins = [ "github.com/caddy-dns/cloudflare" ]; - goImports = prev.lib.flip prev.lib.concatMapStrings plugins (pkg: " _ \"${pkg}\"\n"); - goGets = prev.lib.flip prev.lib.concatMapStrings plugins (pkg: "go get ${pkg}\n "); - main = '' - package main - import ( - caddycmd "github.com/caddyserver/caddy/v2/cmd" - _ "github.com/caddyserver/caddy/v2/modules/standard" - ${goImports} - ) - func main() { - caddycmd.Main() - } - ''; - - in - { - caddy-cloudflare = prev.buildGoModule { - pname = "caddy-cloudflare"; - version = prev.caddy.version; - runVend = true; - - subPackages = [ "cmd/caddy" ]; - - src = prev.caddy.src; - - vendorHash = "sha256-fTcMtg5GGEgclIwJCav0jjWpqT+nKw2OF1Ow0MEEitk="; - - overrideModAttrs = ( - _: { - preBuild = '' - echo '${main}' > cmd/caddy/main.go - ${goGets} - ''; - postInstall = "cp go.sum go.mod $out/ && ls $out/"; - } - ); - - postPatch = '' - echo '${main}' > cmd/caddy/main.go - cat cmd/caddy/main.go - ''; - - postConfigure = '' - cp vendor/go.sum ./ - cp vendor/go.mod ./ - ''; - - meta = with prev.lib; { - homepage = "https://caddyserver.com"; - description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; - license = licenses.asl20; - maintainers = with maintainers; [ - Br1ght0ne - techknowlogick - ]; - }; - }; - } - ) - ]; - - systemd.services.caddy.serviceConfig.AmbientCapabilities = "CAP_NET_BIND_SERVICE"; - - # Caddy web server - services.caddy = { - enable = true; - email = "jalle008@proton.me"; - enableReload = true; - package = pkgs.caddy-cloudflare; - adapter = "''"; # Required to enable JSON - - # virtualHosts = { - - # } - - configFile = pkgs.writeText "Caddyfile" ( - builtins.toJSON { - apps.http.servers.main = { - listen = [ ":443" ]; - routes = [ - { - match = [ { host = [ "authentik.mjallen.dev" ]; } ]; - handle = [ - { - handler = "reverse_proxy"; - upstreams = [ { dial = "http://10.0.1.18:9000"; } ]; - } - ]; - } - ]; - }; - apps.tls.automation.policies = [ - { - issuers = [ - { - module = "acme"; - challenges = { - dns = { - provider = { - name = "cloudflare"; - api_token = "{env.CLOUDFLARE_API_TOKEN}"; - }; - resolvers = [ "1.1.1.1" ]; - }; - }; - } - ]; - } - ]; - } - ); - - # configFile = pkgs.writeText "Caddyfile" '' - # apps.tls.automation.policies = [{ - # issuers = [{ - # module = "acme"; - # challenges = { - # dns = { - # provider = { - # name = "cloudflare"; - # api_token = "{env.CLOUDFLARE_API_TOKEN}"; - # }; - # resolvers = [ "1.1.1.1" ]; - # }; - # }; - # }]; - # # Wildcard certificate for all subdomains - # *.mjallen.dev { - # tls { - # dns cloudflare {env.CLOUDFLARE_API_TOKEN} - # } - # } - - # :80 { - # respond "Hello from Caddy!" - # } - - # :443 { - # respond "Hello from Caddy!" - # } - - # authentik.mjallen.dev { - # reverse_proxy 10.0.1.18:9000 - # } - # ''; - }; - - # Environment variable for DNS challenge - environment.etc."caddy/cloudflare.env" = { - mode = "0600"; - text = '' - CLOUDFLARE_API_TOKEN=HYhx7cN6e-O6QQJNKd9g7RpgvCzY-aegOPU2iQwB - ''; - }; - - # Fail2Ban configuration - environment.etc."fail2ban/filter.d/caddy.local" = { - mode = "0644"; - text = '' - [Definition] - failregex = ^ .* "(GET|POST|PUT|DELETE|HEAD|OPTIONS) .* HTTP/\d\.\d" (4\d{2}|5\d{2}) - ignoreregex = - ''; - }; - - services.fail2ban = { - enable = true; - jails = { - caddy = { - settings = { - filter = "caddy"; - logpath = "/var/log/caddy/access.log"; - maxretry = 5; - bantime = "30m"; - }; - }; - }; - }; - - # Ensure logging for Caddy - services.caddy.logDir = "/var/log/caddy"; - - # Open necessary firewall ports - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 80 - 443 - ]; - }; - - # Install additional packages if needed - environment.systemPackages = with pkgs; [ - caddy - fail2ban - ]; - - system.stateVersion = "23.11"; - }; - }; - - networking.nat = { - forwardPorts = [ - { - destination = "10.0.2.1:80"; - sourcePort = 80; - } - { - destination = "10.0.2.1:443"; - sourcePort = 443; - } - ]; - }; -} diff --git a/modules/apps/sabnzbd/default.nix b/modules/apps/sabnzbd/default.nix deleted file mode 100644 index 4a8f4b3..0000000 --- a/modules/apps/sabnzbd/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.sabnzbd; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:8080" ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.moviesPath}:/movies" - "${cfg.tvPath}:/tv" - "${cfg.downloadsPath}:/downloads" - "${cfg.downloadsIncompletePath}:/downloads-incomplete" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/modules/apps/sabnzbd/options.nix b/modules/apps/sabnzbd/options.nix deleted file mode 100644 index a2df523..0000000 --- a/modules/apps/sabnzbd/options.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.sabnzbd = { - enable = mkEnableOption "sabnzbd docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "8080"; - }; - - name = mkOption { - type = types.str; - default = "sabnzbd"; - }; - - image = mkOption { - type = types.str; - default = "linuxserver/sabnzbd"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/sabnzbd"; - }; - - moviesPath = mkOption { - type = types.str; - default = "/media/nas/main/movies"; - }; - - tvPath = mkOption { - type = types.str; - default = "/media/nas/main/tv"; - }; - - downloadsPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/downloads"; - }; - - downloadsIncompletePath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/downloads-incomplete"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/sabnzbd/sabnzbd.nix b/modules/apps/sabnzbd/sabnzbd.nix deleted file mode 100644 index 0191ff7..0000000 --- a/modules/apps/sabnzbd/sabnzbd.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -let - sabnzbdPort = 8080; - dataDir = "/var/lib/sabnzbd"; - downloadDir = "/downloads"; - mediaDir = "/media"; - sabnzbdUserId = config.users.users.nix-apps.uid; - sabnzbdGroupId = config.users.groups.jallen-nas.gid; - package = pkgs.sabnzbd; -in -{ - containers.sabnzbd = { - autoStart = true; - privateNetwork = true; - hostAddress = "10.0.1.18"; - localAddress = "10.0.2.20"; - - config = - { - config, - pkgs, - lib, - ... - }: - { - # Enable sabnzbd service - services.sabnzbd = { - enable = true; - openFirewall = true; - }; - - networking = { - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - - services.resolved.enable = true; - system.stateVersion = "23.11"; - }; - }; - - networking.nat = { - forwardPorts = [ - { - destination = "10.0.2.20:8080"; - sourcePort = sabnzbdPort; - } - ]; - }; -} diff --git a/modules/apps/sonarr/default.nix b/modules/apps/sonarr/default.nix deleted file mode 100644 index ba795d2..0000000 --- a/modules/apps/sonarr/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ lib, config, ... }: -with lib; -let - cfg = config.nas-apps.sonarr; -in -{ - imports = [ ./options.nix ]; - - config = mkIf cfg.enable { - virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; - ports = [ "${cfg.port}:8989" ]; - volumes = [ - "${cfg.configPath}:/config" - "${cfg.tvPath}:/tv" - "${cfg.downloadsPath}:/downloads" - ]; - environment = { - PUID = cfg.puid; - PGID = cfg.pgid; - TZ = cfg.timeZone; - }; - }; - }; -} diff --git a/modules/apps/sonarr/options.nix b/modules/apps/sonarr/options.nix deleted file mode 100644 index 9ce2304..0000000 --- a/modules/apps/sonarr/options.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ lib, ... }: -with lib; -{ - options.nas-apps.sonarr = { - enable = mkEnableOption "sonarr docker service"; - - autoStart = mkOption { - type = types.bool; - default = true; - }; - - port = mkOption { - type = types.str; - default = "8989"; - }; - - name = mkOption { - type = types.str; - default = "sonarr"; - }; - - image = mkOption { - type = types.str; - default = "linuxserver/sonarr"; - }; - - configPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/sonarr"; - }; - - tvPath = mkOption { - type = types.str; - default = "/media/nas/main/tv"; - }; - - downloadsPath = mkOption { - type = types.str; - default = "/media/nas/ssd/ssd_app_data/downloads"; - }; - - puid = mkOption { - type = types.str; - default = "911"; - }; - - pgid = mkOption { - type = types.str; - default = "1000"; - }; - - timeZone = mkOption { - type = types.str; - default = "America/Chicago"; - }; - }; -} diff --git a/modules/apps/sonarr/sonarr.nix b/modules/apps/sonarr/sonarr.nix deleted file mode 100644 index d3dfd15..0000000 --- a/modules/apps/sonarr/sonarr.nix +++ /dev/null @@ -1,118 +0,0 @@ -# { -# config, -# pkgs, -# lib, -# ... -# }: - -# let -# sonarrPort = 8989; -# dataDir = "/var/lib/sonarr"; -# downloadDir = "/downloads"; -# mediaDir = "/media"; -# sonarrUserId = config.users.users.nix-apps.uid; -# sonarrGroupId = config.users.groups.jallen-nas.gid; -# in -# { -# containers.sonarr = { -# autoStart = true; -# privateNetwork = true; -# hostAddress = "10.0.1.18"; -# localAddress = "10.0.1.50"; -# hostAddress6 = "fc00::1"; -# localAddress6 = "fc00::2"; - -# config = -# { -# config, -# pkgs, -# lib, -# ... -# }: -# { -# # Enable Sonarr service -# services.sonarr = { -# enable = true; -# user = "sonarr"; -# group = "media"; -# dataDir = dataDir; -# }; - -# # Create required users and groups -# users.users.sonarr = { -# isSystemUser = true; -# uid = lib.mkForce sonarrUserId; -# group = "media"; -# extraGroups = [ "downloads" ]; -# }; - -# users.groups = { -# media = { -# gid = lib.mkForce sonarrGroupId; -# }; -# downloads = { }; -# }; - -# # System packages -# environment.systemPackages = with pkgs; [ -# sqlite -# mono -# mediainfo -# ]; - -# # Create and set permissions for required directories -# system.activationScripts.sonarr-dirs = '' -# mkdir -p ${dataDir} -# mkdir -p ${downloadDir} -# mkdir -p ${mediaDir} - -# chown -R sonarr:media ${dataDir} -# chown -R sonarr:media ${downloadDir} -# chown -R sonarr:media ${mediaDir} - -# chmod -R 775 ${dataDir} -# chmod -R 775 ${downloadDir} -# chmod -R 775 ${mediaDir} - -# ''; - -# networking = { -# firewall = { -# enable = true; -# allowedTCPPorts = [ sonarrPort ]; -# }; -# # Use systemd-resolved inside the container -# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 -# useHostResolvConf = lib.mkForce false; -# }; - -# services.resolved.enable = true; -# system.stateVersion = "23.11"; -# }; - -# # Bind mount directories from host -# bindMounts = { -# "/var/lib/sonarr" = { -# hostPath = "/media/nas/ssd/nix-app-data/sonarr"; -# isReadOnly = false; -# }; -# "/downloads" = { -# hostPath = "/media/nas/ssd/ssd_app_data/downloads"; -# isReadOnly = false; -# }; -# "/media" = { -# hostPath = "/media/nas/main/tv"; -# isReadOnly = false; -# }; -# }; -# }; - -# networking.nat = { -# forwardPorts = [ -# { -# destination = "10.0.1.50:8989"; -# sourcePort = 8989; -# } -# ]; -# }; -# } diff --git a/modules/default.nix b/modules/default.nix index 837be6c..8599817 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -2,14 +2,11 @@ { imports = [ ./samba - ./apps/arrs ./apps/collabora ./apps/deluge ./apps/discover-wrapped ./apps/free-games-claimer ./apps/jackett - ./apps/jellyfin - ./apps/jellyseerr ./apps/manyfold ./apps/mariadb ./apps/mongodb diff --git a/modules/services/nextcloud/default.nix b/modules/services/nextcloud/default.nix deleted file mode 100644 index 861c3fd..0000000 --- a/modules/services/nextcloud/default.nix +++ /dev/null @@ -1,128 +0,0 @@ -{ config, ... }: -let - adminpass = config.sops.secrets."jallen-nas/nextcloud/adminpassword".path; - dbpass = config.sops.secrets."jallen-nas/nextcloud/dbpassword".path; - smtppassword = config.sops.templates."nextcloud-smtp".content; -in -{ - containers.nextcloud = { - autoStart = true; - privateNetwork = true; - # hostAddress = "127.0.0.1"; - # localAddress = "10.233.0.2"; - # hostAddress6 = "fc00::1"; - # localAddress6 = "fc00::2"; - # hostForward = [ - # { - # hostPort = 9943; - # containerPort = 80; - # } - # ]; - - hostBridge = "br0"; - - bindMounts = { - secrets = { - hostPath = "/run/secrets/jallen-nas/nextcloud"; - isReadOnly = true; - mountPoint = "/run/secrets/jallen-nas/nextcloud"; - }; - - data = { - hostPath = "/media/nas/main/nextcloud"; - isReadOnly = false; - mountPoint = "/data"; - }; - }; - - config = - { pkgs, lib, ... }: - { - services = { - nextcloud = { - enable = true; - package = pkgs.nextcloud29; - datadir = "/data"; - hostName = "localhost"; - appstoreEnable = true; - caching.redis = true; - configureRedis = true; - config = { - adminuser = "mjallen"; - adminpassFile = adminpass; - dbhost = "10.0.1.18:3306"; - dbtype = "mysql"; - dbname = "jallen_nextcloud"; - dbuser = "nextcloud"; - dbpassFile = dbpass; - }; - settings = { - trusted_domains = [ - "10.0.1.18:9980" - "10.0.1.18:9943" - "cloud.mjallen.dev" - ]; - trusted_proxies = [ "10.0.1.18" ]; - maintenance_window_start = 6; - default_phone_region = "US"; - mail_from_address = "matt.l.jallen"; - mail_smtpmode = "smtp"; - mail_sendmailmode = "smtp"; - mail_domain = "gmail.com"; - mail_smtpauth = 1; - mail_smtpname = "matt.l.jallen"; - mail_smtppassword = smtppassword; - mail_smtpsecure = "ssl"; - mail_smtphost = "smtp.gmail.com"; - mail_smtpport = 465; - enable_previews = true; - enabledPreviewProviders = [ - "OC\\\\Preview\\\\PNG" - "OC\\\\Preview\\\\JPEG" - "OC\\\\Preview\\\\GIF" - "OC\\\\Preview\\\\BMP" - "OC\\\\Preview\\\\XBitmap" - "OC\\\\Preview\\\\MP3" - "OC\\\\Preview\\\\TXT" - "OC\\\\Preview\\\\MarkDown" - "OC\\\\Preview\\\\OpenDocument" - "OC\\\\Preview\\\\Krita" - "OC\\\\Preview\\\\HEIC" - ]; - }; - }; - - nginx = { - enable = true; - virtualHosts = { - "nextcloud-container.local" = { - # Change this to the desired port number - listen = [ - { - addr = "0.0.0.0"; - port = 9943; - } - ]; - - root = "/var/www/nextcloud"; - - # You may need to adjust other options for your specific setup - }; - }; - }; - }; - system.stateVersion = "23.11"; - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ 9943 ]; - }; - # Use systemd-resolved inside the container - # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 - useHostResolvConf = lib.mkForce false; - }; - services.resolved.enable = true; - - }; - }; -} diff --git a/share/impermanence/default.nix b/share/impermanence/default.nix index 4ddc314..943b1e7 100644 --- a/share/impermanence/default.nix +++ b/share/impermanence/default.nix @@ -8,6 +8,7 @@ directories = [ "/var/lib/bluetooth" "/var/lib/nixos" + "/var/lib/libvirt" "/var/lib/systemd/coredump" "/etc/NetworkManager/system-connections" "/etc/secureboot"