diff --git a/hosts/x86_64-linux/swan/default.nix b/hosts/x86_64-linux/swan/default.nix index f0fd650..e2a73a4 100644 --- a/hosts/x86_64-linux/swan/default.nix +++ b/hosts/x86_64-linux/swan/default.nix @@ -14,6 +14,7 @@ rec { server.enable = true; home.enable = true; nas.enable = true; + shared-media.enable = true; }; home-manager.users."noah" = { @@ -28,6 +29,8 @@ rec { home.stateVersion = "23.05"; }; + system.stateVersion = "23.05"; + # Not sure what's necessary but too afraid to remove anything boot.initrd.availableKernelModules = [ "xhci_pci" @@ -63,7 +66,7 @@ rec { # Sets root ext4 filesystem instead of declaring it manually disko = { enableConfig = true; - devices = (import ../../../disks/root.nix { disk = "/dev/nvme0n1"; }); + devices = (import ./root.nix { disk = "/dev/nvme0n1"; }); }; # Allows private remote access over the internet diff --git a/hosts/x86_64-linux/tempest/default.nix b/hosts/x86_64-linux/tempest/default.nix index 89cea15..af82185 100644 --- a/hosts/x86_64-linux/tempest/default.nix +++ b/hosts/x86_64-linux/tempest/default.nix @@ -17,6 +17,8 @@ rec { gaming.enable = true; }; + nmasur.presets.services.grub.enable = true; + home-manager.users."noah" = { nmasur.settings = { username = nmasur.settings.username; diff --git a/platforms/nixos/modules/nmasur/presets/services/arr/arr.nix b/platforms/nixos/modules/nmasur/presets/services/arr/arr.nix index bf0aadc..b81a076 100644 --- a/platforms/nixos/modules/nmasur/presets/services/arr/arr.nix +++ b/platforms/nixos/modules/nmasur/presets/services/arr/arr.nix @@ -60,28 +60,23 @@ in services = { bazarr = { enable = true; - group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared"; }; jellyseerr.enable = true; prowlarr.enable = true; sabnzbd = { enable = true; - group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared"; # The config file must be editable within the application # It contains server configs and credentials configFile = "/data/downloads/sabnzbd/sabnzbd.ini"; }; sonarr = { enable = true; - group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared"; }; radarr = { enable = true; - group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared"; }; readarr = { enable = true; - group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared"; }; }; @@ -96,7 +91,6 @@ in { # Group means that routes with the same name are mutually exclusive, # so they are split between the appropriate services. - group = "download"; match = [ { host = [ hostnames.download ]; @@ -112,7 +106,6 @@ in ]; } { - group = "download"; match = [ { host = [ hostnames.download ]; @@ -127,7 +120,6 @@ in ]; } { - group = "download"; match = [ { host = [ hostnames.download ]; @@ -142,7 +134,6 @@ in ]; } { - group = "download"; match = [ { host = [ hostnames.download ]; @@ -158,7 +149,6 @@ in ]; } { - group = "download"; match = [ { host = [ hostnames.download ]; @@ -178,7 +168,6 @@ in ]; } { - group = "download"; match = [ { host = [ hostnames.download ]; @@ -193,7 +182,6 @@ in ]; } { - group = "download"; match = [ { host = [ hostnames.download ]; } ]; handle = [ { diff --git a/platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix b/platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix index cc139ad..553d85b 100644 --- a/platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix +++ b/platforms/nixos/modules/nmasur/presets/services/audiobookshelf.nix @@ -19,10 +19,6 @@ in services.audiobookshelf = { enable = true; - # Setting a generic group to make it easier for the different programs - # that make use of the same files - group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared"; - # This is the default /var/lib/audiobookshelf dataDir = "audiobookshelf"; }; diff --git a/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix b/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix index 1f3ed75..15630d8 100644 --- a/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix +++ b/platforms/nixos/modules/nmasur/presets/services/calibre-web.nix @@ -26,7 +26,6 @@ in config = lib.mkIf cfg.enable { services.calibre-web = { - group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared"; openFirewall = true; options = { reverseProxyAuth.enable = false; diff --git a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix index 41121d3..8f96e54 100644 --- a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix +++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix @@ -68,7 +68,11 @@ in # Tell Caddy to use Cloudflare DNS for ACME challenge validation services.caddy.package = pkgs.caddy.withPlugins { plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ]; - hash = "sha256-3nvVGW+ZHLxQxc1VCc/oTzCLZPBKgw4mhn+O3IoyiSs="; + hash = + if pkgs.stdenv.isx86_64 then + "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc=" + else + "sha256-3nvVGW+ZHLxQxc1VCc/oTzCLZPBKgw4mhn+O3IoyiSs="; }; nmasur.presets.services.caddy.tlsPolicies = [ { diff --git a/platforms/nixos/modules/nmasur/presets/services/immich.nix b/platforms/nixos/modules/nmasur/presets/services/immich.nix index 8e439a7..acabc9a 100644 --- a/platforms/nixos/modules/nmasur/presets/services/immich.nix +++ b/platforms/nixos/modules/nmasur/presets/services/immich.nix @@ -13,7 +13,6 @@ in services.immich = { enable = true; port = 2283; - group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared"; database.enable = true; redis.enable = true; machine-learning.enable = true; diff --git a/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix b/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix index dd27b4c..0d83c94 100644 --- a/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix +++ b/platforms/nixos/modules/nmasur/presets/services/jellyfin.nix @@ -18,10 +18,11 @@ in config = lib.mkIf cfg.enable { - services.jellyfin.group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared"; - users.users.jellyfin = { - isSystemUser = true; - }; + services.jellyfin.enable = true; + + # users.users.jellyfin = { + # isSystemUser = true; + # }; nmasur.presets.services.caddy.routes = [ # Prevent public access to Prometheus metrics. @@ -77,9 +78,6 @@ in "video" ]; # Access to /dev/dri - # Fix issue where Jellyfin-created directories don't allow access for media group - systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007"; - # Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:8096" ]; }; diff --git a/platforms/nixos/modules/nmasur/presets/services/metrics/prometheus-exporters.nix b/platforms/nixos/modules/nmasur/presets/services/metrics/prometheus-exporters.nix index 9ef2046..4e23c12 100644 --- a/platforms/nixos/modules/nmasur/presets/services/metrics/prometheus-exporters.nix +++ b/platforms/nixos/modules/nmasur/presets/services/metrics/prometheus-exporters.nix @@ -34,11 +34,11 @@ in ]; services.prometheus = { - exporters.node.enable = config.prometheus.exporters.enable; + exporters.node.enable = true; exporters.node.enabledCollectors = [ ]; exporters.node.disabledCollectors = [ "cpufreq" ]; - exporters.systemd.enable = config.prometheus.exporters.enable; - exporters.process.enable = config.prometheus.exporters.enable; + exporters.systemd.enable = true; + exporters.process.enable = true; exporters.process.settings.process_names = [ # Remove nix store path from process name { diff --git a/platforms/nixos/modules/nmasur/presets/services/metrics/vm-agent.nix b/platforms/nixos/modules/nmasur/presets/services/metrics/vm-agent.nix index 2035408..1a1c8a7 100644 --- a/platforms/nixos/modules/nmasur/presets/services/metrics/vm-agent.nix +++ b/platforms/nixos/modules/nmasur/presets/services/metrics/vm-agent.nix @@ -3,8 +3,8 @@ { config, + pkgs, lib, - pkgs-stable, ... }: @@ -37,7 +37,7 @@ in services.vmagent = { enable = true; - package = pkgs-stable.vmagent; + package = pkgs.stable.vmagent; prometheusConfig = prometheusConfig; remoteWrite = { url = "https://${hostnames.prometheus}/api/v1/write"; diff --git a/platforms/nixos/modules/nmasur/presets/services/nextcloud/nextcloud.nix b/platforms/nixos/modules/nmasur/presets/services/nextcloud/nextcloud.nix index 36e7a84..c2cea9e 100644 --- a/platforms/nixos/modules/nmasur/presets/services/nextcloud/nextcloud.nix +++ b/platforms/nixos/modules/nmasur/presets/services/nextcloud/nextcloud.nix @@ -220,7 +220,7 @@ in # Log metrics to prometheus networking.hosts."127.0.0.1" = [ hostnames.content ]; services.prometheus.exporters.nextcloud = { - enable = config.prometheus.exporters.enable; + enable = true; username = config.services.nextcloud.config.adminuser; url = "https://${hostnames.content}"; passwordFile = config.services.nextcloud.config.adminpassFile; diff --git a/platforms/nixos/modules/nmasur/presets/zfs.nix b/platforms/nixos/modules/nmasur/presets/zfs.nix index 50f4ae6..1bd80a9 100644 --- a/platforms/nixos/modules/nmasur/presets/zfs.nix +++ b/platforms/nixos/modules/nmasur/presets/zfs.nix @@ -19,7 +19,7 @@ in boot.kernelPackages = pkgs.linuxPackages; # Defaults to latest LTS boot.kernelParams = [ "nohibernate" ]; # ZFS does not work with hibernation boot.supportedFilesystems = [ "zfs" ]; - services.prometheus.exporters.zfs.enable = config.prometheus.exporters.enable; + services.prometheus.exporters.zfs.enable = true; nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}" ]; diff --git a/platforms/nixos/modules/nmasur/profiles/home.nix b/platforms/nixos/modules/nmasur/profiles/home.nix index 12daea4..45983de 100644 --- a/platforms/nixos/modules/nmasur/profiles/home.nix +++ b/platforms/nixos/modules/nmasur/profiles/home.nix @@ -17,7 +17,6 @@ in config = lib.mkIf cfg.enable { nmasur.presets.services = { - grub.enable = lib.mkDefault true; # Configure physical power buttons logind.enable = lib.mkDefault true; }; diff --git a/platforms/nixos/modules/nmasur/profiles/shared-media.nix b/platforms/nixos/modules/nmasur/profiles/shared-media.nix index 1280a0a..cec70f2 100644 --- a/platforms/nixos/modules/nmasur/profiles/shared-media.nix +++ b/platforms/nixos/modules/nmasur/profiles/shared-media.nix @@ -21,5 +21,20 @@ in # Give the human user access to the shared group users.users.${username}.extraGroups = [ config.users.groups.shared.name ]; + services = { + audiobookshelf.group = "shared"; + bazarr.group = "shared"; + jellyfin.group = "shared"; + radarr.group = "shared"; + readarr.group = "shared"; + sabnzbd.group = "shared"; + sonarr.group = "shared"; + immich.group = "shared"; + calibre-web.group = "shared"; + }; + + # Fix issue where Jellyfin-created directories don't allow access for media group + systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007"; + }; } diff --git a/platforms/nixos/modules/services/filebrowser.nix b/platforms/nixos/modules/services/filebrowser.nix index da6ef64..84ba1b9 100644 --- a/platforms/nixos/modules/services/filebrowser.nix +++ b/platforms/nixos/modules/services/filebrowser.nix @@ -31,7 +31,6 @@ in passwordHash = lib.mkOption { type = lib.types.str; description = ''Hashed password created from htpasswd -nBC 10 "" | tr -d ':\n' ''; - default = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za"; }; }; @@ -39,7 +38,7 @@ in environment.etc."filebrowser/.filebrowser.json".text = builtins.toJSON settings; - systemd.services.filebrowser = lib.mkIf config.filebrowser.enable { + systemd.services.filebrowser = { description = "Filebrowser cloud file services"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; @@ -58,9 +57,6 @@ in path = [ pkgs.getent ]; # Fix: getent not found in $PATH }; - # Configure Cloudflare DNS to point to this machine - services.cloudflare-dyndns.domains = [ hostnames.files ]; - }; }