mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

udpate 24.11

Browse Source
This commit is contained in:
mjallen18
2024-11-18 15:12:29 -06:00
parent 96a05612c6
commit f5e6943e9d
12 changed files with 404 additions and 238 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
flake.lock generated
View File

@@ -14,11 +14,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1730835992, "lastModified": 1731622832,
"narHash": "sha256-XYr4WQMxJdZkrQlsouyURMY4iNL5SS2RlQ7XGnjEQBU=", "narHash": "sha256-uTdeXrKRhkBaDAGSxw7s8YYvbU2JN6bbWh2ngUjmnUM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "authentik-nix", "repo": "authentik-nix",
"rev": "5af11599eaec65b5b6e6e39d77b541db361c08aa", "rev": "91ff8d93f089104d3d75c85758832252989c6a04",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -30,16 +30,16 @@
"authentik-src": { "authentik-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1730826392, "lastModified": 1731600340,
"narHash": "sha256-EuNOfMy7yVa1OqWwCtNtmdeIQeQCTCKBXgJdz0QCPIU=", "narHash": "sha256-7uQteE+Ywiu04Ymhl3G8IRH6JJXPyd0mg61tJJMeGvg=",
"owner": "goauthentik", "owner": "goauthentik",
"repo": "authentik", "repo": "authentik",
"rev": "665de8ef2211524f3cc13dce9344bd59c61c3a5c", "rev": "66a4970014da49ceec0715e5dec8c9aa032a3146",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "goauthentik", "owner": "goauthentik",
"ref": "version/2024.10.1", "ref": "version/2024.10.2",
"repo": "authentik", "repo": "authentik",
"type": "github" "type": "github"
} }
@@ -52,11 +52,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1730767100, "lastModified": 1731866540,
"narHash": "sha256-SGkgP2H+i1jewNFBuAs4+grutNrfm5by+JUERUdXIRo=", "narHash": "sha256-wAz/S5GLm+9Vp0kmUPsva3Mxp+VUnbEUZ8aBM1aEhhY=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "f8969fe1947ed81785a9e52f62622c03d3e58971", "rev": "0857914b69d90ba758e614298452636c6fdc9c7c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -76,11 +76,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1730830166, "lastModified": 1731712317,
"narHash": "sha256-F2SA8PkrV+Ed8WZKwEimO2oBxQJFJU2ni/wqIbupX4Y=", "narHash": "sha256-NpkSAwLFTFRZx+C2yL0JCBnjnZQRs8PsWRqZ0S08Bc8=",
"owner": "lilyinstarlight", "owner": "lilyinstarlight",
"repo": "nixos-cosmic", "repo": "nixos-cosmic",
"rev": "49ee81f51e7449314af27915f3719cc76e9abe1f", "rev": "0b0e62252fb3b4e6b0a763190413513be499c026",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -295,11 +295,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730633670, "lastModified": 1731535640,
"narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", "narHash": "sha256-2EckCJn4wxran/TsRiCOFcmVpep2m9EBKl99NBh2GnM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", "rev": "35b055009afd0107b69c286fca34d2ad98940d57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -315,16 +315,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1731880681,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.05", "ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@@ -336,11 +336,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730633670, "lastModified": 1731887066,
"narHash": "sha256-ZFJqIXpvVKvzOVFKWNRDyIyAo+GYdmEPaYi1bZB6uf0=", "narHash": "sha256-uw7K/RsYioJicV79Nl39yjtfhdfTDU2aRxnBgvFhkZ8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8f6ca7855d409aeebe2a582c6fd6b6a8d0bf5661", "rev": "f3a2ff69586f3a54b461526e5702b1a2f81e740a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -351,11 +351,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1730403150, "lastModified": 1731242966,
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -373,11 +373,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730625581, "lastModified": 1731227601,
"narHash": "sha256-vFxtzNCxtUIrmv8tluquZHjNTwMkCGtT0NCoVuwlqd4=", "narHash": "sha256-aGUQ6W/Oxd9xjH9RQbnUtC61sTK2fWlKr+J7kavT/RQ=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "e6195c6bfc037617e20d6d7d4d6c9cdeee6aba6d", "rev": "7691d0ac1deb6ac7482c5a22fe1a14a34ca608b0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -393,7 +393,7 @@
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-stable"
], ],
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
@@ -444,11 +444,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1730779758, "lastModified": 1731885500,
"narHash": "sha256-5WI9AnsBwhLzVRnQm3Qn9oAbROnuLDQTpaXeyZCK8qw=", "narHash": "sha256-ZrztYfSOS33J+ewq5alBOSdnIyZ0/sr1iy7FyBe9zIg=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "0e3f3f017c14467085f15d42343a3aaaacd89bcb", "rev": "c60b5c924c6188a0b3ca2e139ead3d0f92ae5db5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -509,11 +509,11 @@
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1725418254, "lastModified": 1731473366,
"narHash": "sha256-2zPzPP9Eu5NxgJxTVcuCCX5xh7CWy7rYaLHfaAZS6H8=", "narHash": "sha256-sE2WfD3YyNrCROfRZKqMDR77g3KV4FXUaJ7NWe+A7ro=",
"owner": "tpwrules", "owner": "tpwrules",
"repo": "nixos-apple-silicon", "repo": "nixos-apple-silicon",
"rev": "c5f944f49a052232015bb3c03524b69e3fdd2aa4", "rev": "3eee753e4b074790342fadb1c4e7183d037ddac4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -524,11 +524,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1730828750, "lastModified": 1731797098,
"narHash": "sha256-XrnZLkLiBYNlwV5gus/8DT7nncF1TS5la6Be7rdVOpI=", "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "2e78b1af8025108ecd6edaa3ab09695b8a4d3d55", "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -540,11 +540,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1730531603, "lastModified": 1731676054,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -568,11 +568,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730602179, "lastModified": 1731386116,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", "rev": "689fed12a013f56d4c4d3f612489634267d86529",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -600,43 +600,27 @@
}, },
"nixpkgs-stable_3": { "nixpkgs-stable_3": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1731755305,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_4": {
"locked": {
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1730531603, "lastModified": 1731676054,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=", "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d", "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -648,11 +632,11 @@
}, },
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1730815137, "lastModified": 1731919951,
"narHash": "sha256-/SMEl8lpjVJOH5OQ11OLn6O2DeHb0yo3oIz1mi2bvWY=", "narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "78366fc8acbc8092d898f021354ab61ca161c412", "rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -678,11 +662,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1725103162, "lastModified": 1731139594,
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -694,11 +678,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1730272153, "lastModified": 1731763621,
"narHash": "sha256-B5WRZYsRlJgwVHIV6DvidFN7VX7Fg9uuwkRW9Ha8z+w=", "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2d2a9ddbe3f2c00747398f3dc9b05f7f2ebb0f53", "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -792,11 +776,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730687492, "lastModified": 1731551344,
"narHash": "sha256-xQVadjquBA/tFxDt5A55LJ1D1AvkVWsnrKC2o+pr8F4=", "narHash": "sha256-wr8OOqgw7M1pWfe4W7WA5lErzOVMg3zvrrxx/dy/nPo=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "41814763a2c597755b0755dbe3e721367a5e420f", "rev": "27570abfd3461875f11fc07c9b01c141a6332b4f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -848,15 +832,14 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4"
"nixpkgs-stable": "nixpkgs-stable_4"
}, },
"locked": { "locked": {
"lastModified": 1730746162, "lastModified": 1731862312,
"narHash": "sha256-ZGmI+3AbT8NkDdBQujF+HIxZ+sWXuyT6X8B49etWY2g=", "narHash": "sha256-NVUTFxKrJp/hjehlF1IvkPnlRYg/O9HFVutbxOM8zNM=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "59d6988329626132eaf107761643f55eb979eef1", "rev": "472741cf3fee089241ac9ea705bb2b9e0bfa2978",
"type": "github" "type": "github"
}, },
"original": { "original": {

6
flake.nix
View File

@@ -9,7 +9,7 @@
nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
# nixpgs # nixpgs
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.11";
# Authentik # Authentik
authentik-nix = { authentik-nix = {
@@ -30,14 +30,14 @@
}; };
home-manager-stable = { home-manager-stable = {
url = "github:nix-community/home-manager/release-24.05"; url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs-stable"; inputs.nixpkgs.follows = "nixpkgs-stable";
}; };
# Lanzaboote # Lanzaboote
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1"; url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-stable";
}; };
# Nix hardware # Nix hardware

14
hosts/nas/apps.nix
View File

@@ -1,8 +1,10 @@
{ config, ... }: { config, ... }:
{ {
# imports = [ imports = [
# ../../modules/services/jellyfin ../../modules/apps/jellyseerr/jellyseerr.nix
# ]; ../../modules/apps/radarr/radarr.nix
../../modules/apps/sonarr/sonarr.nix
];
nas-apps = { nas-apps = {
beszel.enable = true; beszel.enable = true;
@@ -24,7 +26,7 @@
jellyfin.enable = true; jellyfin.enable = true;
jellyseerr.enable = true; jellyseerr.enable = false;
manyfold.enable = true; manyfold.enable = true;
@@ -63,11 +65,11 @@
httpsPort = "3301"; httpsPort = "3301";
}; };
radarr.enable = true; radarr.enable = false;
sabnzbd.enable = true; sabnzbd.enable = true;
sonarr.enable = true; sonarr.enable = false;
swag.enable = true; swag.enable = true;

2
hosts/nas/boot.nix
View File

@@ -46,7 +46,7 @@ in
systemd = { systemd = {
enable = true; enable = true;
# tpm2.enable = true; # tpm2.enable = true;
enableTpm2 = true; tpm2.enable = true;
}; };
}; };
}; };

2
hosts/nas/configuration.nix
View File

@@ -168,6 +168,8 @@ in
"libvirtd" "libvirtd"
"nix-apps" "nix-apps"
"jallen-nas" "jallen-nas"
"media"
"nscd"
]; # Enable sudo for the user. ]; # Enable sudo for the user.
hashedPasswordFile = passwordFile; hashedPasswordFile = passwordFile;
shell = pkgs.zsh; shell = pkgs.zsh;

109
hosts/nas/networking.nix
View File

@@ -24,62 +24,14 @@ in
# Disable Network Manager # Disable Network Manager
networkmanager.enable = true; networkmanager.enable = true;
# interfaces = { nat = {
# wlp7s0 = { enable = true;
# useDHCP = true; internalInterfaces = ["ve-+"];
# ipv4.addresses = [ externalInterface = "wlp7s0";
# { # Lazy IPv6 connectivity for the container
# address = ipAddress; enableIPv6 = true;
# prefixLength = 24; };
# }
# ];
# };
# wlp6s0 = {
# useDHCP = true;
# ipv4.addresses = [
# {
# address = ipAddress2;
# prefixLength = 24;
# }
# ];
# };
# };
# defaultGateway = {
# interface = "wlp7s0";
# address = gateway;
# metric = 1;
# };
# nameservers = [ gateway ];
# wireless = {
# enable = false;
# userControlled.enable = true;
# # secretsFile = config.sops.secrets."wifi".path;
# environmentFile = config.sops.secrets."wifi".path;
# allowAuxiliaryImperativeNetworks = true;
# interfaces = [
# "wlp6s0"
# "wlp7s0"
# ];
# networks = {
# "Joey's Jungle 6G" = {
# pskRaw = "ext:PSK";
# priority = 1000;
# # psk = "kR8v&3Qd";
# extraConfig = ''
# key_mgmt=SAE
# ieee80211w=2
# '';
# };
# "Joey's Jungle 5G" = {
# pskRaw = "ext:PSK";
# priority = -100;
# };
# };
# };
firewall = { firewall = {
enable = true; enable = true;
@@ -91,50 +43,5 @@ in
# always allow traffic from your Tailscale network # always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = [ "tailscale0" ];
}; };
# nat = {
# enable = true;
# externalInterface = "wlp7s0";
# internalInterfaces = [ "wg0" ];
# };
# wireguard.interfaces = {
# # "wg0" is the network interface name. You can name the interface arbitrarily.
# wg0 = {
# # Determines the IP address and subnet of the server's end of the tunnel interface.
# ips = [ "10.0.100.1/24" ];
# # The port that WireGuard listens to. Must be accessible by the client.
# listenPort = 51820;
# # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
# postSetup = ''
# ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
# '';
# # This undoes the above command
# postShutdown = ''
# ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.100.0/24 -o wlp7s0 -j MASQUERADE
# '';
# # Path to the private key file.
# #
# # Note: The private key can also be included inline via the privateKey option,
# # but this makes the private key world-readable; thus, using privateKeyFile is
# # recommended.
# privateKeyFile = wireguard-private;
# peers = [
# # List of allowed peers.
# { # Feel free to give a meaning full name
# # Public key of the peer (not a file path).
# publicKey = wireguard-public;
# # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
# allowedIPs = [ "10.0.100.2/32" ];
# }
# ];
# };
# };
}; };
} }

53
modules/apps/jellyseerr/jellyseerr.nix Normal file
View File

@@ -0,0 +1,53 @@
{ config, pkgs, lib, ... }:
let
jellyseerrPort = 5055;
dataDir = "/var/lib/jellyseerr";
downloadDir = "/downloads";
mediaDir = "/media";
jellyseerrUserId = config.users.users.nix-apps.uid;
jellyseerrGroupId = config.users.groups.jallen-nas.gid;
package = pkgs.unstable.jellyseerr;
in
{
containers.jellyseerr = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.52";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::4";
config = { config, pkgs, lib, ... }: {
# Enable jellyseerr service
services.jellyseerr = {
enable = true;
port = jellyseerrPort;
# package = package;
openFirewall = true;
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ jellyseerrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.52:5055";
sourcePort = jellyseerrPort;
}
];
};
}

106
modules/apps/radarr/radarr.nix Normal file
View File

@@ -0,0 +1,106 @@
{ config, pkgs, lib, ... }:
let
radarrPort = 7878;
dataDir = "/var/lib/radarr";
downloadDir = "/downloads";
mediaDir = "/media";
radarrUserId = config.users.users.nix-apps.uid;
radarrGroupId = config.users.groups.jallen-nas.gid;
package = pkgs.unstable.radarr;
in
{
containers.radarr = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.51";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::3";
config = { config, pkgs, lib, ... }: {
# Enable radarr service
services.radarr = {
enable = true;
user = "radarr";
group = "media";
dataDir = dataDir;
package = package;
};
# Create required users and groups
users.users.radarr = {
isSystemUser = true;
uid = lib.mkForce radarrUserId;
group = "media";
extraGroups = [ "downloads" ];
};
users.groups = {
media = { gid = lib.mkForce radarrGroupId; };
downloads = {};
};
# System packages
environment.systemPackages = with pkgs; [
sqlite
mono
mediainfo
];
# Create and set permissions for required directories
system.activationScripts.radarr-dirs = ''
mkdir -p ${dataDir}
mkdir -p ${downloadDir}
mkdir -p ${mediaDir}
chown -R radarr:media ${dataDir}
chown -R radarr:media ${downloadDir}
chown -R radarr:media ${mediaDir}
chmod -R 775 ${dataDir}
chmod -R 775 ${downloadDir}
chmod -R 775 ${mediaDir}
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ radarrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/var/lib/radarr" = {
hostPath = "/media/nas/ssd/nix-app-data/radarr";
isReadOnly = false;
};
"/downloads" = {
hostPath = "/media/nas/ssd/ssd_app_data/downloads";
isReadOnly = false;
};
"/media" = {
hostPath = "/media/nas/main/movies";
isReadOnly = false;
};
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.51:7878";
sourcePort = radarrPort;
}
];
};
}

104
modules/apps/sonarr/sonarr.nix Normal file
View File

@@ -0,0 +1,104 @@
{ config, pkgs, lib, ... }:
let
sonarrPort = 8989;
dataDir = "/var/lib/sonarr";
downloadDir = "/downloads";
mediaDir = "/media";
sonarrUserId = config.users.users.nix-apps.uid;
sonarrGroupId = config.users.groups.jallen-nas.gid;
in
{
containers.sonarr = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.1.18";
localAddress = "10.0.1.50";
hostAddress6 = "fc00::1";
localAddress6 = "fc00::2";
config = { config, pkgs, lib, ... }: {
# Enable Sonarr service
services.sonarr = {
enable = true;
user = "sonarr";
group = "media";
dataDir = dataDir;
};
# Create required users and groups
users.users.sonarr = {
isSystemUser = true;
uid = lib.mkForce sonarrUserId;
group = "media";
extraGroups = [ "downloads" ];
};
users.groups = {
media = { gid = lib.mkForce sonarrGroupId; };
downloads = {};
};
# System packages
environment.systemPackages = with pkgs; [
sqlite
mono
mediainfo
];
# Create and set permissions for required directories
system.activationScripts.sonarr-dirs = ''
mkdir -p ${dataDir}
mkdir -p ${downloadDir}
mkdir -p ${mediaDir}
chown -R sonarr:media ${dataDir}
chown -R sonarr:media ${downloadDir}
chown -R sonarr:media ${mediaDir}
chmod -R 775 ${dataDir}
chmod -R 775 ${downloadDir}
chmod -R 775 ${mediaDir}
'';
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ sonarrPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
system.stateVersion = "23.11";
};
# Bind mount directories from host
bindMounts = {
"/var/lib/sonarr" = {
hostPath = "/media/nas/ssd/nix-app-data/sonarr";
isReadOnly = false;
};
"/downloads" = {
hostPath = "/media/nas/ssd/ssd_app_data/downloads";
isReadOnly = false;
};
"/media" = {
hostPath = "/media/nas/main/tv";
isReadOnly = false;
};
};
};
networking.nat = {
forwardPorts = [
{
destination = "10.0.1.50:8989";
sourcePort = 8989;
}
];
};
}

82
modules/samba/default.nix
View File

@@ -1,7 +1,9 @@
{ lib, pkgs, config, ... }: { lib, config, ... }:
with lib; with lib;
let cfg = config.nas-samba; let
in { cfg = config.nas-samba;
in
{
imports = [ ./options.nix ]; imports = [ ./options.nix ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
@@ -22,42 +24,50 @@ in {
}; };
}; };
networking.firewall.enable = true;
networking.firewall.allowPing = true;
services.samba = { services.samba = {
enable = true; enable = true;
securityType = "user";
openFirewall = true; openFirewall = true;
extraConfig = '' # settings = {
workgroup = WORKGROUP # create-mode = 664;
server string = smbnix # force directory mode = 2770
netbios name = smbnix # workgroup = WORKGROUP
security = user # server string = jallen-nas
#use sendfile = yes # netbios name = jallen-nas
#max protocol = smb2 # security = user
# note: localhost is the ipv6 localhost ::1 # #use sendfile = yes
hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost # #max protocol = smb2
hosts deny = 0.0.0.0/0 # # note: localhost is the ipv6 localhost ::1
guest account = nobody # hosts allow = ${cfg.hostsAllow} 127.0.0.1 localhost
map to guest = bad user # hosts deny = 0.0.0.0/0
force user = nix-apps # guest account = nobody
''; # map to guest = bad user
shares = let # usershare allow guests = yes
make = name: share: # };
nameValuePair "${name}" { settings =
path = share.sharePath; let
public = if share.enableTimeMachine then "no" else "yes"; make =
browseable = if share.browseable then "yes" else "no"; name: share:
writable = "yes"; nameValuePair "${name}" {
"read only" = if share.readOnly then "yes" else "no"; path = share.sharePath;
"guest ok" = if share.guestOk then "yes" else "no"; public = if share.enableTimeMachine then "no" else "yes";
"create mask" = share.createMask; private = if !share.public || share.enableTimeMachine then "yes" else "no";
"directory mask" = share.directoryMask; browseable = if share.browseable then "yes" else "no";
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no"; writable = "yes";
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no"; "force group" = "jallen-nas";
"vfs objects" = "catia fruit streams_xattr"; "read only" = if share.readOnly then "yes" else "no";
"fruit:time machine max size" = share.timeMachineMaxSize; "guest ok" = if share.guestOk then "yes" else "no";
}; "create mask" = share.createMask;
in mapAttrs' make cfg.shares; "directory mask" = share.directoryMask;
"fruit:aapl" = if share.enableTimeMachine then "yes" else "no";
"fruit:time machine" = if share.enableTimeMachine then "yes" else "no";
"vfs objects" = "catia fruit streams_xattr";
"fruit:time machine max size" = share.timeMachineMaxSize;
};
in
mapAttrs' make cfg.shares;
}; };
}; };
} }
# private = if !share.public || share.enableTimeMachine then "yes" else "no";

4
share/amd/default.nix
View File

@@ -25,10 +25,10 @@ in
# Hardware configs # Hardware configs
hardware = { hardware = {
# Enable graphics # Enable graphics
opengl = { graphics = {
enable = true; enable = true;
enable32Bit = true;
extraPackages = [ pkgs.unstable.mesa ]; extraPackages = [ pkgs.unstable.mesa ];
driSupport32Bit = true;
extraPackages32 = [ pkgs.unstable.pkgsi686Linux.mesa ]; extraPackages32 = [ pkgs.unstable.pkgsi686Linux.mesa ];
}; };
}; };

7
share/nvidia/default.nix
View File

@@ -47,11 +47,10 @@ in
nvidiaSettings = cfg.nvidiaSettings; nvidiaSettings = cfg.nvidiaSettings;
}; };
# Enable OpenGL # Enable graphics
opengl = { graphics = {
enable = true; enable = true;
driSupport = true; enable32Bit = true;
driSupport32Bit = true;
}; };
}; };