mirror of
https://github.com/nmasur/dotfiles
synced 2025-04-04 22:41:11 +00:00
build succeed on swan
This commit is contained in:
parent
6a7706ca85
commit
59e67fb406
@ -14,6 +14,7 @@ rec {
|
|||||||
server.enable = true;
|
server.enable = true;
|
||||||
home.enable = true;
|
home.enable = true;
|
||||||
nas.enable = true;
|
nas.enable = true;
|
||||||
|
shared-media.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users."noah" = {
|
home-manager.users."noah" = {
|
||||||
@ -28,6 +29,8 @@ rec {
|
|||||||
home.stateVersion = "23.05";
|
home.stateVersion = "23.05";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
|
||||||
# Not sure what's necessary but too afraid to remove anything
|
# Not sure what's necessary but too afraid to remove anything
|
||||||
boot.initrd.availableKernelModules = [
|
boot.initrd.availableKernelModules = [
|
||||||
"xhci_pci"
|
"xhci_pci"
|
||||||
@ -63,7 +66,7 @@ rec {
|
|||||||
# Sets root ext4 filesystem instead of declaring it manually
|
# Sets root ext4 filesystem instead of declaring it manually
|
||||||
disko = {
|
disko = {
|
||||||
enableConfig = true;
|
enableConfig = true;
|
||||||
devices = (import ../../../disks/root.nix { disk = "/dev/nvme0n1"; });
|
devices = (import ./root.nix { disk = "/dev/nvme0n1"; });
|
||||||
};
|
};
|
||||||
|
|
||||||
# Allows private remote access over the internet
|
# Allows private remote access over the internet
|
||||||
|
@ -17,6 +17,8 @@ rec {
|
|||||||
gaming.enable = true;
|
gaming.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nmasur.presets.services.grub.enable = true;
|
||||||
|
|
||||||
home-manager.users."noah" = {
|
home-manager.users."noah" = {
|
||||||
nmasur.settings = {
|
nmasur.settings = {
|
||||||
username = nmasur.settings.username;
|
username = nmasur.settings.username;
|
||||||
|
@ -60,28 +60,23 @@ in
|
|||||||
services = {
|
services = {
|
||||||
bazarr = {
|
bazarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
|
|
||||||
};
|
};
|
||||||
jellyseerr.enable = true;
|
jellyseerr.enable = true;
|
||||||
prowlarr.enable = true;
|
prowlarr.enable = true;
|
||||||
sabnzbd = {
|
sabnzbd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
|
|
||||||
# The config file must be editable within the application
|
# The config file must be editable within the application
|
||||||
# It contains server configs and credentials
|
# It contains server configs and credentials
|
||||||
configFile = "/data/downloads/sabnzbd/sabnzbd.ini";
|
configFile = "/data/downloads/sabnzbd/sabnzbd.ini";
|
||||||
};
|
};
|
||||||
sonarr = {
|
sonarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
|
|
||||||
};
|
};
|
||||||
radarr = {
|
radarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
|
|
||||||
};
|
};
|
||||||
readarr = {
|
readarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -96,7 +91,6 @@ in
|
|||||||
{
|
{
|
||||||
# Group means that routes with the same name are mutually exclusive,
|
# Group means that routes with the same name are mutually exclusive,
|
||||||
# so they are split between the appropriate services.
|
# so they are split between the appropriate services.
|
||||||
group = "download";
|
|
||||||
match = [
|
match = [
|
||||||
{
|
{
|
||||||
host = [ hostnames.download ];
|
host = [ hostnames.download ];
|
||||||
@ -112,7 +106,6 @@ in
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
group = "download";
|
|
||||||
match = [
|
match = [
|
||||||
{
|
{
|
||||||
host = [ hostnames.download ];
|
host = [ hostnames.download ];
|
||||||
@ -127,7 +120,6 @@ in
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
group = "download";
|
|
||||||
match = [
|
match = [
|
||||||
{
|
{
|
||||||
host = [ hostnames.download ];
|
host = [ hostnames.download ];
|
||||||
@ -142,7 +134,6 @@ in
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
group = "download";
|
|
||||||
match = [
|
match = [
|
||||||
{
|
{
|
||||||
host = [ hostnames.download ];
|
host = [ hostnames.download ];
|
||||||
@ -158,7 +149,6 @@ in
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
group = "download";
|
|
||||||
match = [
|
match = [
|
||||||
{
|
{
|
||||||
host = [ hostnames.download ];
|
host = [ hostnames.download ];
|
||||||
@ -178,7 +168,6 @@ in
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
group = "download";
|
|
||||||
match = [
|
match = [
|
||||||
{
|
{
|
||||||
host = [ hostnames.download ];
|
host = [ hostnames.download ];
|
||||||
@ -193,7 +182,6 @@ in
|
|||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
group = "download";
|
|
||||||
match = [ { host = [ hostnames.download ]; } ];
|
match = [ { host = [ hostnames.download ]; } ];
|
||||||
handle = [
|
handle = [
|
||||||
{
|
{
|
||||||
|
@ -19,10 +19,6 @@ in
|
|||||||
services.audiobookshelf = {
|
services.audiobookshelf = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
# Setting a generic group to make it easier for the different programs
|
|
||||||
# that make use of the same files
|
|
||||||
group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
|
|
||||||
|
|
||||||
# This is the default /var/lib/audiobookshelf
|
# This is the default /var/lib/audiobookshelf
|
||||||
dataDir = "audiobookshelf";
|
dataDir = "audiobookshelf";
|
||||||
};
|
};
|
||||||
|
@ -26,7 +26,6 @@ in
|
|||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
services.calibre-web = {
|
services.calibre-web = {
|
||||||
group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
|
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
options = {
|
options = {
|
||||||
reverseProxyAuth.enable = false;
|
reverseProxyAuth.enable = false;
|
||||||
|
@ -68,7 +68,11 @@ in
|
|||||||
# Tell Caddy to use Cloudflare DNS for ACME challenge validation
|
# Tell Caddy to use Cloudflare DNS for ACME challenge validation
|
||||||
services.caddy.package = pkgs.caddy.withPlugins {
|
services.caddy.package = pkgs.caddy.withPlugins {
|
||||||
plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ];
|
plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de" ];
|
||||||
hash = "sha256-3nvVGW+ZHLxQxc1VCc/oTzCLZPBKgw4mhn+O3IoyiSs=";
|
hash =
|
||||||
|
if pkgs.stdenv.isx86_64 then
|
||||||
|
"sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc="
|
||||||
|
else
|
||||||
|
"sha256-3nvVGW+ZHLxQxc1VCc/oTzCLZPBKgw4mhn+O3IoyiSs=";
|
||||||
};
|
};
|
||||||
nmasur.presets.services.caddy.tlsPolicies = [
|
nmasur.presets.services.caddy.tlsPolicies = [
|
||||||
{
|
{
|
||||||
|
@ -13,7 +13,6 @@ in
|
|||||||
services.immich = {
|
services.immich = {
|
||||||
enable = true;
|
enable = true;
|
||||||
port = 2283;
|
port = 2283;
|
||||||
group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
|
|
||||||
database.enable = true;
|
database.enable = true;
|
||||||
redis.enable = true;
|
redis.enable = true;
|
||||||
machine-learning.enable = true;
|
machine-learning.enable = true;
|
||||||
|
@ -18,10 +18,11 @@ in
|
|||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
services.jellyfin.group = lib.mkIf config.nmasur.profiles.shared-media.enable "shared";
|
services.jellyfin.enable = true;
|
||||||
users.users.jellyfin = {
|
|
||||||
isSystemUser = true;
|
# users.users.jellyfin = {
|
||||||
};
|
# isSystemUser = true;
|
||||||
|
# };
|
||||||
|
|
||||||
nmasur.presets.services.caddy.routes = [
|
nmasur.presets.services.caddy.routes = [
|
||||||
# Prevent public access to Prometheus metrics.
|
# Prevent public access to Prometheus metrics.
|
||||||
@ -77,9 +78,6 @@ in
|
|||||||
"video"
|
"video"
|
||||||
]; # Access to /dev/dri
|
]; # Access to /dev/dri
|
||||||
|
|
||||||
# Fix issue where Jellyfin-created directories don't allow access for media group
|
|
||||||
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
|
|
||||||
|
|
||||||
# Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
|
# Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
|
||||||
nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:8096" ];
|
nmasur.presets.services.prometheus-exporters.scrapeTargets = [ "127.0.0.1:8096" ];
|
||||||
};
|
};
|
||||||
|
@ -34,11 +34,11 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
exporters.node.enable = config.prometheus.exporters.enable;
|
exporters.node.enable = true;
|
||||||
exporters.node.enabledCollectors = [ ];
|
exporters.node.enabledCollectors = [ ];
|
||||||
exporters.node.disabledCollectors = [ "cpufreq" ];
|
exporters.node.disabledCollectors = [ "cpufreq" ];
|
||||||
exporters.systemd.enable = config.prometheus.exporters.enable;
|
exporters.systemd.enable = true;
|
||||||
exporters.process.enable = config.prometheus.exporters.enable;
|
exporters.process.enable = true;
|
||||||
exporters.process.settings.process_names = [
|
exporters.process.settings.process_names = [
|
||||||
# Remove nix store path from process name
|
# Remove nix store path from process name
|
||||||
{
|
{
|
||||||
|
@ -3,8 +3,8 @@
|
|||||||
|
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
pkgs-stable,
|
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
@ -37,7 +37,7 @@ in
|
|||||||
|
|
||||||
services.vmagent = {
|
services.vmagent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs-stable.vmagent;
|
package = pkgs.stable.vmagent;
|
||||||
prometheusConfig = prometheusConfig;
|
prometheusConfig = prometheusConfig;
|
||||||
remoteWrite = {
|
remoteWrite = {
|
||||||
url = "https://${hostnames.prometheus}/api/v1/write";
|
url = "https://${hostnames.prometheus}/api/v1/write";
|
||||||
|
@ -220,7 +220,7 @@ in
|
|||||||
# Log metrics to prometheus
|
# Log metrics to prometheus
|
||||||
networking.hosts."127.0.0.1" = [ hostnames.content ];
|
networking.hosts."127.0.0.1" = [ hostnames.content ];
|
||||||
services.prometheus.exporters.nextcloud = {
|
services.prometheus.exporters.nextcloud = {
|
||||||
enable = config.prometheus.exporters.enable;
|
enable = true;
|
||||||
username = config.services.nextcloud.config.adminuser;
|
username = config.services.nextcloud.config.adminuser;
|
||||||
url = "https://${hostnames.content}";
|
url = "https://${hostnames.content}";
|
||||||
passwordFile = config.services.nextcloud.config.adminpassFile;
|
passwordFile = config.services.nextcloud.config.adminpassFile;
|
||||||
|
@ -19,7 +19,7 @@ in
|
|||||||
boot.kernelPackages = pkgs.linuxPackages; # Defaults to latest LTS
|
boot.kernelPackages = pkgs.linuxPackages; # Defaults to latest LTS
|
||||||
boot.kernelParams = [ "nohibernate" ]; # ZFS does not work with hibernation
|
boot.kernelParams = [ "nohibernate" ]; # ZFS does not work with hibernation
|
||||||
boot.supportedFilesystems = [ "zfs" ];
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
services.prometheus.exporters.zfs.enable = config.prometheus.exporters.enable;
|
services.prometheus.exporters.zfs.enable = true;
|
||||||
nmasur.presets.services.prometheus-exporters.scrapeTargets = [
|
nmasur.presets.services.prometheus-exporters.scrapeTargets = [
|
||||||
"127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}"
|
"127.0.0.1:${builtins.toString config.services.prometheus.exporters.zfs.port}"
|
||||||
];
|
];
|
||||||
|
@ -17,7 +17,6 @@ in
|
|||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
nmasur.presets.services = {
|
nmasur.presets.services = {
|
||||||
grub.enable = lib.mkDefault true;
|
|
||||||
# Configure physical power buttons
|
# Configure physical power buttons
|
||||||
logind.enable = lib.mkDefault true;
|
logind.enable = lib.mkDefault true;
|
||||||
};
|
};
|
||||||
|
@ -21,5 +21,20 @@ in
|
|||||||
# Give the human user access to the shared group
|
# Give the human user access to the shared group
|
||||||
users.users.${username}.extraGroups = [ config.users.groups.shared.name ];
|
users.users.${username}.extraGroups = [ config.users.groups.shared.name ];
|
||||||
|
|
||||||
|
services = {
|
||||||
|
audiobookshelf.group = "shared";
|
||||||
|
bazarr.group = "shared";
|
||||||
|
jellyfin.group = "shared";
|
||||||
|
radarr.group = "shared";
|
||||||
|
readarr.group = "shared";
|
||||||
|
sabnzbd.group = "shared";
|
||||||
|
sonarr.group = "shared";
|
||||||
|
immich.group = "shared";
|
||||||
|
calibre-web.group = "shared";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Fix issue where Jellyfin-created directories don't allow access for media group
|
||||||
|
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -31,7 +31,6 @@ in
|
|||||||
passwordHash = lib.mkOption {
|
passwordHash = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = ''Hashed password created from htpasswd -nBC 10 "" | tr -d ':\n' '';
|
description = ''Hashed password created from htpasswd -nBC 10 "" | tr -d ':\n' '';
|
||||||
default = "$2y$10$ze1cMob0k6pnXRjLowYfZOVZWg4G.dsPtH3TohbUeEbI0sdkG9.za";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -39,7 +38,7 @@ in
|
|||||||
|
|
||||||
environment.etc."filebrowser/.filebrowser.json".text = builtins.toJSON settings;
|
environment.etc."filebrowser/.filebrowser.json".text = builtins.toJSON settings;
|
||||||
|
|
||||||
systemd.services.filebrowser = lib.mkIf config.filebrowser.enable {
|
systemd.services.filebrowser = {
|
||||||
description = "Filebrowser cloud file services";
|
description = "Filebrowser cloud file services";
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
@ -58,9 +57,6 @@ in
|
|||||||
path = [ pkgs.getent ]; # Fix: getent not found in $PATH
|
path = [ pkgs.getent ]; # Fix: getent not found in $PATH
|
||||||
};
|
};
|
||||||
|
|
||||||
# Configure Cloudflare DNS to point to this machine
|
|
||||||
services.cloudflare-dyndns.domains = [ hostnames.files ];
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user