mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

udpate 24.11

Browse Source
This commit is contained in:
mjallen18
2024-11-18 15:12:29 -06:00
parent 96a05612c6
commit f5e6943e9d
12 changed files with 404 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
flake.lock generated
View File

@@ -14,11 +14,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1730835992,
"narHash": "sha256-XYr4WQMxJdZkrQlsouyURMY4iNL5SS2RlQ7XGnjEQBU=",
"lastModified": 1731622832,
"narHash": "sha256-uTdeXrKRhkBaDAGSxw7s8YYvbU2JN6bbWh2ngUjmnUM=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "5af11599eaec65b5b6e6e39d77b541db361c08aa",
"rev": "91ff8d93f089104d3d75c85758832252989c6a04",
"type": "github"
},
"original": {
@@ -30,16 +30,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1730826392,
"narHash": "sha256-EuNOfMy7yVa1OqWwCtNtmdeIQeQCTCKBXgJdz0QCPIU=",
"lastModified": 1731600340,
"narHash": "sha256-7uQteE+Ywiu04Ymhl3G8IRH6JJXPyd0mg61tJJMeGvg=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "665de8ef2211524f3cc13dce9344bd59c61c3a5c",
"rev": "66a4970014da49ceec0715e5dec8c9aa032a3146",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2024.10.1",
"ref": "version/2024.10.2",
"repo": "authentik",
"type": "github"
}
@@ -52,11 +52,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1730767100,
"narHash": "sha256-SGkgP2H+i1jewNFBuAs4+grutNrfm5by+JUERUdXIRo=",
"lastModified": 1731866540,
"narHash": "sha256-wAz/S5GLm+9Vp0kmUPsva3Mxp+VUnbEUZ8aBM1aEhhY=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "f8969fe1947ed81785a9e52f62622c03d3e58971",
"rev": "0857914b69d90ba758e614298452636c6fdc9c7c",
"type": "github"
},
"original": {
@@ -76,11 +76,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1730830166,
"narHash": "sha256-F2SA8PkrV+Ed8WZKwEimO2oBxQJFJU2ni/wqIbupX4Y=",
"lastModified": 1731712317,
"narHash": "sha256-NpkSAwLFTFRZx+C2yL0JCBnjnZQRs8PsWRqZ0S08Bc8=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "49ee81f51e7449314af27915f3719cc76e9abe1f",
"rev": "0b0e62252fb3b4e6b0a763190413513be499c026",
"type": "github"
},
"original": {
@@ -295,11 +295,11 @@
]
},
"locked": {
"lastModified": 1730633670,
"narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=",
"lastModified": 1731535640,
"narHash": "sha256-2EckCJn4wxran/TsRiCOFcmVpep2m9EBKl99NBh2GnM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661",
"rev": "35b055009afd0107b69c286fca34d2ad98940d57",
"type": "github"
},
"original": {
@@ -315,16 +315,16 @@
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"lastModified": 1731880681,
"narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
@@ -336,11 +336,11 @@
]
},
"locked": {
"lastModified": 1730633670,
"narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=",
"lastModified": 1731887066,
"narHash": "sha256-uw7K/RsYioJicV79Nl39yjtfhdfTDU2aRxnBgvFhkZ8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661",
"rev": "f3a2ff69586f3a54b461526e5702b1a2f81e740a",
"type": "github"
},
"original": {
@@ -351,11 +351,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1730403150,
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
"lastModified": 1731242966,
"narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
"rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
"type": "github"
},
"original": {
@@ -373,11 +373,11 @@
]
},
"locked": {
"lastModified": 1730625581,
"narHash": "sha256-vFxtzNCxtUIrmv8tluquZHjNTwMkCGtT0NCoVuwlqd4=",
"lastModified": 1731227601,
"narHash": "sha256-aGUQ6W/Oxd9xjH9RQbnUtC61sTK2fWlKr+J7kavT/RQ=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "e6195c6bfc037617e20d6d7d4d6c9cdeee6aba6d",
"rev": "7691d0ac1deb6ac7482c5a22fe1a14a34ca608b0",
"type": "github"
},
"original": {
@@ -393,7 +393,7 @@
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs-unstable"
"nixpkgs-stable"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay_2"
@@ -444,11 +444,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1730779758,
"narHash": "sha256-5WI9AnsBwhLzVRnQm3Qn9oAbROnuLDQTpaXeyZCK8qw=",
"lastModified": 1731885500,
"narHash": "sha256-ZrztYfSOS33J+ewq5alBOSdnIyZ0/sr1iy7FyBe9zIg=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "0e3f3f017c14467085f15d42343a3aaaacd89bcb",
"rev": "c60b5c924c6188a0b3ca2e139ead3d0f92ae5db5",
"type": "github"
},
"original": {
@@ -509,11 +509,11 @@
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1725418254,
"narHash": "sha256-2zPzPP9Eu5NxgJxTVcuCCX5xh7CWy7rYaLHfaAZS6H8=",
"lastModified": 1731473366,
"narHash": "sha256-sE2WfD3YyNrCROfRZKqMDR77g3KV4FXUaJ7NWe+A7ro=",
"owner": "tpwrules",
"repo": "nixos-apple-silicon",
"rev": "c5f944f49a052232015bb3c03524b69e3fdd2aa4",
"rev": "3eee753e4b074790342fadb1c4e7183d037ddac4",
"type": "github"
},
"original": {
@@ -524,11 +524,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1730828750,
"narHash": "sha256-XrnZLkLiBYNlwV5gus/8DT7nncF1TS5la6Be7rdVOpI=",
"lastModified": 1731797098,
"narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2e78b1af8025108ecd6edaa3ab09695b8a4d3d55",
"rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
"type": "github"
},
"original": {
@@ -540,11 +540,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1730531603,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
"lastModified": 1731676054,
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"type": "github"
},
"original": {
@@ -568,11 +568,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"lastModified": 1731386116,
"narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"rev": "689fed12a013f56d4c4d3f612489634267d86529",
"type": "github"
},
"original": {
@@ -600,43 +600,27 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"lastModified": 1731755305,
"narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_4": {
"locked": {
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1730531603,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
"lastModified": 1731676054,
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"type": "github"
},
"original": {
@@ -648,11 +632,11 @@
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1730815137,
"narHash": "sha256-/SMEl8lpjVJOH5OQ11OLn6O2DeHb0yo3oIz1mi2bvWY=",
"lastModified": 1731919951,
"narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "78366fc8acbc8092d898f021354ab61ca161c412",
"rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe",
"type": "github"
},
"original": {
@@ -678,11 +662,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1725103162,
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
"lastModified": 1731139594,
"narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
"rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
"type": "github"
},
"original": {
@@ -694,11 +678,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1730272153,
"narHash": "sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z+w=",
"lastModified": 1731763621,
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53",
"rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
"type": "github"
},
"original": {
@@ -792,11 +776,11 @@
]
},
"locked": {
"lastModified": 1730687492,
"narHash": "sha256-xQVadjquBA/tFxDt5A55LJ1D1AvkVWsnrKC2o+pr8F4=",
"lastModified": 1731551344,
"narHash": "sha256-wr8OOqgw7M1pWfe4W7WA5lErzOVMg3zvrrxx/dy/nPo=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "41814763a2c597755b0755dbe3e721367a5e420f",
"rev": "27570abfd3461875f11fc07c9b01c141a6332b4f",
"type": "github"
},
"original": {
@@ -848,15 +832,14 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable_4"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1730746162,
"narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=",
"lastModified": 1731862312,
"narHash": "sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "59d6988329626132eaf107761643f55eb979eef1",
"rev": "472741cf3fee089241ac9ea705bb2b9e0bfa2978",
"type": "github"
},
"original": {

6
flake.nix
View File

@@ -9,7 +9,7 @@
nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
# nixpgs
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
# Authentik
authentik-nix = {
@@ -30,14 +30,14 @@
};
home-manager-stable = {
url = "github:nix-community/home-manager/release-24.05";
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
# Lanzaboote
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs-unstable";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
# Nix hardware

14
hosts/nas/apps.nix
View File

@@ -1,8 +1,10 @@
{ config, ... }:
{
# imports = [
# ../../modules/services/jellyfin
# ];
imports = [
../../modules/apps/jellyseerr/jellyseerr.nix
../../modules/apps/radarr/radarr.nix
../../modules/apps/sonarr/sonarr.nix
];
nas-apps = {
beszel.enable = true;
@@ -24,7 +26,7 @@
jellyfin.enable = true;
jellyseerr.enable = true;
jellyseerr.enable = false;
manyfold.enable = true;
@@ -63,11 +65,11 @@
httpsPort = "3301";
};
radarr.enable = true;
radarr.enable = false;
sabnzbd.enable = true;
sonarr.enable = true;
sonarr.enable = false;
swag.enable = true;

2
hosts/nas/boot.nix
View File

@@ -46,7 +46,7 @@ in
systemd = {
enable = true;
# tpm2.enable = true;
enableTpm2 = true;
tpm2.enable = true;
};
};
};

2
hosts/nas/configuration.nix
View File

@@ -168,6 +168,8 @@ in
"libvirtd"
"nix-apps"
"jallen-nas"
"media"
"nscd"
]; # Enable sudo for the user.
hashedPasswordFile = passwordFile;
shell = pkgs.zsh;

109
hosts/nas/networking.nix
View File

@@ -24,62 +24,14 @@ in
# Disable Network Manager
networkmanager.enable = true;
# interfaces = {
# wlp7s0 = {
# useDHCP = true;
# ipv4.addresses = [
# {
# address = ipAddress;
# prefixLength = 24;
# }
# ];
# };
# wlp6s0 = {
# useDHCP = true;
# ipv4.addresses = [
# {
# address = ipAddress2;
# prefixLength = 24;
# }
# ];
# };
# };
# defaultGateway = {
# interface = "wlp7s0";
# address = gateway;
# metric = 1;
# };
# nameservers = [ gateway ];
# wireless = {
# enable = false;
# userControlled.enable = true;
# # secretsFile = config.sops.secrets."wifi".path;
# environmentFile = config.sops.secrets."wifi".path;
# allowAuxiliaryImperativeNetworks = true;
# interfaces = [
# "wlp6s0"
# "wlp7s0"
# ];
# networks = {
# "Joey's Jungle 6G" = {
# pskRaw = "ext:PSK";
# priority = 1000;
# # psk = "kR8v&3Qd";
# extraConfig = ''
# key_mgmt=SAE
# ieee80211w=2
# '';
# };
# "Joey's Jungle 5G" = {
# pskRaw = "ext:PSK";
# priority = -100;
# };
# };
# };
nat = {
enable = true;
internalInterfaces = ["ve-+"];
externalInterface = "wlp7s0";
# Lazy IPv6 connectivity for the container
enableIPv6 = true;
};
firewall = {
enable = true;
@@ -91,50 +43,5 @@ in
# always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
};
# nat = {
# enable = true;
# externalInterface = "wlp7s0";
# internalInterfaces = [ "wg0" ];
# };
# wireguard.interfaces = {
# # "wg0" is the network interface name. You can name the interface arbitrarily.
# wg0 = {
# # Determines the IP address and subnet of the server's end of the tunnel interface.
# ips = [ "10.0.100.1/24" ];
# # The port that WireGuard listens to. Must be accessible by the client.
# listenPort = 51820;
# # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
# postSetup = ''
# ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
# '';
# # This undoes the above command
# postShutdown = ''
# ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
# '';
# # Path to the private key file.
# #
# # Note: The private key can also be included inline via the privateKey option,
# # but this makes the private key world-readable; thus, using privateKeyFile is
# # recommended.
# privateKeyFile = wireguard-private;
# peers = [
# # List of allowed peers.
# { # Feel free to give a meaning full name
# # Public key of the peer (not a file path).
# publicKey = wireguard-public;
# # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
# allowedIPs = [ "10.0.100.2/32" ];
# }
# ];
# };
# };
};
}

53
modules/apps/jellyseerr/jellyseerr.nix Normal file
View File

@@ -0,0 +1,53 @@
{ config, pkgs, lib, ... }:
let
jellyseerrPort = 5055;
dataDir = "/var/lib/jellyseerr";
downloadDir = "/downloads";
mediaDir = "/media";
jellyseerrUserId = config.users.users.nix-apps.uid;
jellyseerrGroupId = config.users.groups.jallen-nas.gid;
package = pkgs.unstable.jellyseerr;
in
{
containers.jellyseerr = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.52";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::4";
config = { config, pkgs, lib, ... }: {
# Enable jellyseerr service
services.jellyseerr = {
enable = true;
port = jellyseerrPort;
# package = package;
openFirewall = true;
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ jellyseerrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.52:5055";
sourcePort = jellyseerrPort;
}
];
};
}

106
modules/apps/radarr/radarr.nix Normal file
View File

@@ -0,0 +1,106 @@
{ config, pkgs, lib, ... }:
let
radarrPort = 7878;
dataDir = "/var/lib/radarr";
downloadDir = "/downloads";
mediaDir = "/media";
radarrUserId = config.users.users.nix-apps.uid;
radarrGroupId = config.users.groups.jallen-nas.gid;
package = pkgs.unstable.radarr;
in
{
containers.radarr = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.51";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::3";
config = { config, pkgs, lib, ... }: {
# Enable radarr service
services.radarr = {
enable = true;
user = "radarr";
group = "media";
dataDir = dataDir;
package = package;
};
# Create required users and groups
users.users.radarr = {
isSystemUser = true;
uid = lib.mkForce radarrUserId;
group = "media";
extraGroups = [ "downloads" ];
};
users.groups = {
media = { gid = lib.mkForce radarrGroupId; };
downloads = {};
};
# System packages
environment.systemPackages = with pkgs; [
sqlite
mono
mediainfo
];
# Create and set permissions for required directories
system.activationScripts.radarr-dirs = ''
mkdir -p ${dataDir}
mkdir -p ${downloadDir}
mkdir -p ${mediaDir}
chown -R radarr:media ${dataDir}
chown -R radarr:media ${downloadDir}
chown -R radarr:media ${mediaDir}
chmod -R 775 ${dataDir}
chmod -R 775 ${downloadDir}
chmod -R 775 ${mediaDir}
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ radarrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/var/lib/radarr" = {
hostPath = "/media/nas/ssd/nix-app-data/radarr";
isReadOnly = false;
};
"/downloads" = {
hostPath = "/media/nas/ssd/ssd_app_data/downloads";
isReadOnly = false;
};
"/media" = {
hostPath = "/media/nas/main/movies";
isReadOnly = false;
};
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.51:7878";
sourcePort = radarrPort;
}
];
};
}

104
modules/apps/sonarr/sonarr.nix Normal file
View File

@@ -0,0 +1,104 @@
{ config, pkgs, lib, ... }:
let
sonarrPort = 8989;
dataDir = "/var/lib/sonarr";
downloadDir = "/downloads";
mediaDir = "/media";
sonarrUserId = config.users.users.nix-apps.uid;
sonarrGroupId = config.users.groups.jallen-nas.gid;
in
{
containers.sonarr = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.50";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::2";
config = { config, pkgs, lib, ... }: {
# Enable Sonarr service
services.sonarr = {
enable = true;
user = "sonarr";
group = "media";
dataDir = dataDir;
};
# Create required users and groups
users.users.sonarr = {
isSystemUser = true;
uid = lib.mkForce sonarrUserId;
group = "media";
extraGroups = [ "downloads" ];
};
users.groups = {
media = { gid = lib.mkForce sonarrGroupId; };
downloads = {};
};
# System packages
environment.systemPackages = with pkgs; [
sqlite
mono
mediainfo
];
# Create and set permissions for required directories
system.activationScripts.sonarr-dirs = ''
mkdir -p ${dataDir}
mkdir -p ${downloadDir}
mkdir -p ${mediaDir}
chown -R sonarr:media ${dataDir}
chown -R sonarr:media ${downloadDir}
chown -R sonarr:media ${mediaDir}
chmod -R 775 ${dataDir}
chmod -R 775 ${downloadDir}
chmod -R 775 ${mediaDir}
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ sonarrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/var/lib/sonarr" = {
hostPath = "/media/nas/ssd/nix-app-data/sonarr";
isReadOnly = false;
};
"/downloads" = {
hostPath = "/media/nas/ssd/ssd_app_data/downloads";
isReadOnly = false;
};
"/media" = {
hostPath = "/media/nas/main/tv";
isReadOnly = false;
};
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.50:8989";
sourcePort = 8989;
}
];
};
}

82
modules/samba/default.nix
View File

@@ -1,7 +1,9 @@
{ lib, pkgs, config, ... }:
{ lib, config, ... }:
with lib;
let cfg = config.nas-samba;
in {
let
cfg = config.nas-samba;
in
{
imports = [ ./options.nix ];
config = mkIf cfg.enable {
@@ -22,42 +24,50 @@ in {
};
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = user
#use sendfile = yes
#max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
force user = nix-apps
'';
shares = let
make = name: share:
nameValuePair "${name}" {
path = share.sharePath;
public = if share.enableTimeMachine then "no" else "yes";
browseable = if share.browseable then "yes" else "no";
writable = "yes";
"read only" = if share.readOnly then "yes" else "no";
"guest ok" = if share.guestOk then "yes" else "no";
"create mask" = share.createMask;
"directory mask" = share.directoryMask;
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
"vfs objects" = "catia fruit streams_xattr";
"fruit:time machine max size" = share.timeMachineMaxSize;
};
in mapAttrs' make cfg.shares;
# settings = {
# create-mode = 664;
# force directory mode = 2770
# workgroup = WORKGROUP
# server string = jallen-nas
# netbios name = jallen-nas
# security = user
# #use sendfile = yes
# #max protocol = smb2
# # note: localhost is the ipv6 localhost ::1
# hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost
# hosts deny = 0.0.0.0/0
# guest account = nobody
# map to guest = bad user
# usershare allow guests = yes
# };
settings =
let
make =
name: share:
nameValuePair "${name}" {
path = share.sharePath;
public = if share.enableTimeMachine then "no" else "yes";
private = if !share.public || share.enableTimeMachine then "yes" else "no";
browseable = if share.browseable then "yes" else "no";
writable = "yes";
"force group" = "jallen-nas";
"read only" = if share.readOnly then "yes" else "no";
"guest ok" = if share.guestOk then "yes" else "no";
"create mask" = share.createMask;
"directory mask" = share.directoryMask;
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
"vfs objects" = "catia fruit streams_xattr";
"fruit:time machine max size" = share.timeMachineMaxSize;
};
in
mapAttrs' make cfg.shares;
};
};
}
# private = if !share.public || share.enableTimeMachine then "yes" else "no";

4
share/amd/default.nix
View File

@@ -25,10 +25,10 @@ in
# Hardware configs
hardware = {
# Enable graphics
opengl = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = [ pkgs.unstable.mesa ];
driSupport32Bit = true;
extraPackages32 = [ pkgs.unstable.pkgsi686Linux.mesa ];
};
};

7
share/nvidia/default.nix
View File

@@ -47,11 +47,10 @@ in
nvidiaSettings = cfg.nvidiaSettings;
};
# Enable OpenGL
opengl = {
# Enable graphics
graphics = {
enable = true;
driSupport = true;
driSupport32Bit = true;
enable32Bit = true;
};
};