nix-configs/systems/zeus/configuration.nix

367 lines
11 KiB
Nix
Raw Normal View History

2024-08-20 09:34:22 -04:00
{ config, pkgs, ... }:
2024-04-25 20:43:21 -04:00
{
2024-05-11 12:51:25 -04:00
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/common.nix
../../modules/aarch64-emu.nix
../../modules/networkd-base.nix
../../modules/smartd.nix
2024-05-31 20:50:40 -04:00
../../modules/plymouth.nix
2024-05-11 12:51:25 -04:00
];
2024-04-25 20:43:21 -04:00
2024-05-27 13:00:39 -04:00
boot = {
loader = {
grub = {
enable = true;
efiSupport = true;
mirroredBoots = [
{
devices = [ "nodev" ];
path = "/efi";
}
{
devices = [ "nodev" ];
path = "/efi1";
}
];
};
efi = {
2024-05-27 13:15:09 -04:00
canTouchEfiVariables = true;
2024-05-27 13:00:39 -04:00
efiSysMountPoint = "/efi";
};
};
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
};
2024-05-26 20:35:04 -04:00
2024-08-19 16:41:12 -04:00
sops = {
secrets."tailscale/authkey" = {};
templates."docker.env".content = ''
TAILSCALE_AUTHKEY=${config.sops.placeholder."tailscale/authkey"}
'';
};
2024-04-25 20:43:21 -04:00
networking.hostName = "zeus"; # Define your hostname.
2024-04-25 20:46:12 -04:00
networking.hostId = "9e95b576";
2024-08-20 15:00:33 -04:00
systemd.services = {
recyclarr = {
script = "${pkgs.recyclarr}/bin/recyclarr sync";
startAt = "daily";
};
};
2024-04-25 20:43:21 -04:00
systemd.network.netdevs = {
bond0 = {
netdevConfig = {
Name = "bond0";
Kind = "bond";
};
2024-05-11 12:51:25 -04:00
bondConfig = { Mode = "active-backup"; };
2024-04-25 20:43:21 -04:00
};
lan-shim = {
netdevConfig = {
Name = "lan-shim";
Kind = "macvlan";
MACAddress = "3e:53:37:25:08:ef";
};
2024-05-11 12:51:25 -04:00
macvlanConfig = { Mode = "bridge"; };
2024-04-25 20:43:21 -04:00
};
};
systemd.network.networks = {
"00-bondage" = {
name = "eno*";
2024-04-25 20:43:21 -04:00
networkConfig.Bond = "bond0";
};
bond0 = {
name = "bond0";
networkConfig.MACVLAN = "lan-shim";
};
lan-shim = {
name = "lan-shim";
2024-05-11 12:51:25 -04:00
address =
[ "10.42.69.100/24" "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" ];
2024-04-25 20:43:21 -04:00
dns = [ "10.42.69.2" ];
domains = [ "icanttype.org" ];
gateway = [ "10.42.69.1" ];
};
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.containers = {
dockerproxy = {
image = "ghcr.io/tecnativa/docker-socket-proxy:latest";
volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock:ro" ];
environment = {
2024-05-11 12:51:25 -04:00
CONTAINERS = "1";
POST = "0";
2024-04-25 20:43:21 -04:00
};
2024-05-11 12:51:25 -04:00
extraOptions = [ "--pull=newer" "--network=www" ];
2024-04-25 20:43:21 -04:00
};
swag = {
image = "lscr.io/linuxserver/swag:2.9.0-ls292";
volumes = [ "swag-config:/config" ];
environment = {
2024-05-11 12:51:25 -04:00
TZ = "America/New_York";
URL = "icanttype.org";
VALIDATION = "dns";
SUBDOMAINS = "wildcard";
DNSPLUGIN = "cloudflare";
DOCKER_HOST = "dockerproxy";
DOCKER_MODS =
"linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared";
CF_ZONE_ID = "4e68852334290a922718696a0986e75a";
CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa";
CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ";
CF_TUNNEL_NAME = "icanttype.org";
CF_TUNNEL_PASSWORD = "iZh4UYxVSo3S2H3XwwboM2z@mJEqYJkQ5yMTfd5p";
FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml";
EMAIL = "cdombroski@gmail.com";
2024-04-25 20:43:21 -04:00
};
ports = [ "80:80" "443:443" ];
2024-05-11 12:51:25 -04:00
extraOptions = [
"--pull=newer"
"--network=www"
"--cap-add"
"NET_ADMIN"
"--network-alias=icanttype.org"
];
2024-04-25 20:43:21 -04:00
};
jellyfin = {
image = "lscr.io/linuxserver/jellyfin:latest";
2024-08-19 16:41:12 -04:00
volumes = [ "jellyfin-config:/config" "/video-data/media:/data/media" "jellyfin-tailscale:/var/lib/tailscale"];
environment = {
DOCKER_MODS="ghcr.io/tailscale-dev/docker-mod:main";
TAILSCALE_STATE_DIR="/var/lib/tailscale";
TAILSCALE_HOSTNAME="jellyfin";
TAILSCALE_SERVE_PORT="8096";
TAILSCALE_SERVE_MODE="http";
TZ = "America/New_York";
};
environmentFiles = [ config.sops.templates."docker.env".path ];
2024-04-25 20:43:21 -04:00
labels.swag = "enable";
ports = [ "1900:1900/udp" "7359:7359/udp" ];
extraOptions = [ "--pull=newer" "--network=www" ];
};
zwave-js-ui = {
2024-08-20 21:49:04 -04:00
image = "my-zwave-js-ui";
imageFile = pkgs.dockerTools.buildImage {
name = "my-zwave-js-ui";
config.Cmd = [ "${pkgs.zwave-js-ui}/bin/zwave-js-ui" ];
};
2024-04-25 20:43:21 -04:00
volumes = [ "zwave-config:/usr/src/app/store" ];
2024-08-20 21:49:04 -04:00
environment = {
TZ = "America/New_York";
STORE_DIR = "/usr/src/app/store";
ZWAVEJS_EXTERNAL_CONFIG = "/usr/src/app/store/.config-db";
};
2024-05-11 12:51:25 -04:00
labels = {
swag = "enable";
swag_url = "zwave.icanttype.org";
};
extraOptions =
2024-08-20 21:49:04 -04:00
[ "--network=www" "--device=/dev/ttyACM0:/dev/zwave" ];
2024-04-25 20:43:21 -04:00
};
homeassistant = {
image = "lscr.io/linuxserver/homeassistant:latest";
volumes = [ "homeassistant-config:/config" ];
environment.TZ = "America/New_York";
labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" "--network=lan" ];
};
postgres = {
image = "docker.io/library/postgres:15";
volumes = [ "postgres-15:/var/lib/postgresql/data" ];
extraOptions = [ "--pull=newer" "--network=www" ];
};
calibre = {
image = "lscr.io/linuxserver/calibre:latest";
volumes = [ "calibre-config:/config" "/video-data:/data" ];
environment.TZ = "America/New_York";
labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ];
};
calibre-web = {
image = "lscr.io/linuxserver/calibre-web:latest";
volumes = [ "calibre-web-config:/config" "/video-data:/data" ];
environment.TZ = "America/New_York";
labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ];
};
flaresolverr = {
image = "ghcr.io/flaresolverr/flaresolverr:latest";
environment.LOG_LEVEL = "info";
extraOptions = [ "--pull=newer" "--network=www" ];
};
qbittorrent = {
image = "lscr.io/linuxserver/qbittorrent:latest";
2024-05-11 12:51:25 -04:00
volumes =
[ "qbittorrent-config:/config" "/video-data/torrent:/data/torrent" ];
2024-04-25 20:43:21 -04:00
environment = {
TZ = "America/New_York";
UMASK_SET = "000";
DELUGE_LOGLEVEL = "error";
};
labels.swag = "enable";
ports = [ "34996:34996" "34996:34996/udp" ];
extraOptions = [ "--pull=newer" "--network=www" ];
};
prowlarr = {
image = "lscr.io/linuxserver/prowlarr:latest";
volumes = [ "prowlarr-config:/config" ];
environment.TZ = "America/New_York";
labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ];
};
readarr = {
image = "lscr.io/linuxserver/readarr:develop";
volumes = [ "readarr-config:/config" "/video-data:/data" ];
environment.TZ = "America/New_York";
labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ];
};
radarr = {
image = "lscr.io/linuxserver/radarr:latest";
volumes = [ "radarr-config:/config" "/video-data:/data" ];
environment.TZ = "America/New_York";
labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ];
};
sonarr = {
image = "lscr.io/linuxserver/sonarr:latest";
volumes = [ "sonarr-config:/config" "/video-data:/data" ];
environment.TZ = "America/New_York";
labels.swag = "enable";
extraOptions = [ "--pull=newer" "--network=www" ];
};
static = {
image = "docker.io/library/nginx:alpine";
2024-05-11 12:51:25 -04:00
volumes = [
"/srv/docker/nginx/static:/usr/share/nginx/html:ro"
"/srv/docker/nginx/config/static/default.conf:/etc/nginx/config.d/default.conf:ro"
];
2024-04-25 20:43:21 -04:00
labels = {
swag = "enable";
swag_url = "www.icanttype.org";
};
extraOptions = [ "--pull=newer" "--network=www" ];
};
forgejo = {
image = "codeberg.org/forgejo/forgejo:7";
volumes = [ "forgejo-data:/data" "/etc/localtime:/etc/localtime:ro" ];
labels = {
swag = "enable";
swag_url = "git.icanttype.org";
swag_port = "3000";
};
ports = [ "10022:22" ];
2024-05-11 12:51:25 -04:00
extraOptions = [ "--pull=newer" "--network=www" ];
2024-04-25 20:43:21 -04:00
};
docker_dind = {
image = "docker.io/library/docker:dind";
cmd = [ "dockerd" "-H" "tcp://0.0.0.0:2375" "--tls=false" ];
extraOptions = [ "--pull=newer" "--privileged" "--network=www" ];
};
runner = {
image = "code.forgejo.org/forgejo/runner:3.4.1";
dependsOn = [ "docker_dind" ];
environment.DOCKER_HOST = "tcp://docker_dind:2375";
volumes = [ "forgejo-runner:/data" ];
cmd = [ "forgejo-runner" "daemon" ];
extraOptions = [ "--pull=newer" "--network=www" ];
};
};
};
2024-04-27 22:10:36 -04:00
networking.firewall = {
interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
allowedUDPPorts = [ 137 138 ];
allowedTCPPorts = [ 139 445 ];
2024-04-25 20:43:21 -04:00
};
users.users.nixremote = {
description = "User for remote builds";
isNormalUser = true;
uid = 1100;
2024-05-11 12:51:25 -04:00
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole"
];
2024-04-25 20:43:21 -04:00
};
2024-05-31 20:04:28 -04:00
environment = {
2024-08-20 09:34:22 -04:00
systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
dive
podman-tui
docker-compose
tcpdump
ethtool
recyclarr
2024-05-31 20:04:28 -04:00
];
persistence."/persist" = {
hideMounts = true;
2024-05-31 20:51:33 -04:00
directories = [ "/srv/docker" "/tmp" "/etc/containers/networks" ];
2024-05-31 20:04:28 -04:00
files = [
"/etc/machine-id"
"/etc/adjtime"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
2024-05-31 20:51:33 -04:00
];
2024-05-31 20:04:28 -04:00
};
};
2024-04-25 20:43:21 -04:00
2024-05-04 12:59:59 -04:00
services = {
samba = {
enable = true;
shares = {
media = {
path = "/video-data";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
};
};
};
avahi = {
enable = true;
2024-05-30 20:39:54 -04:00
nssmdns4 = true;
nssmdns6 = true;
2024-05-04 12:59:59 -04:00
openFirewall = true;
extraServiceFiles = {
smb = ''
2024-05-11 12:51:25 -04:00
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_smb._tcp</type>
<port>445</port>
</service>
</service-group>
2024-05-04 12:59:59 -04:00
'';
};
2024-04-27 16:18:43 -04:00
};
};
2024-04-25 20:43:21 -04:00
services.zfs.autoScrub.enable = true;
2024-04-26 18:09:44 -04:00
services.zfs.zed.settings = {
ZED_EMAIL_ADDR = [ "root" ];
ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
ZED_EMAIL_OPTS = "@ADDRESS@";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = true;
ZED_USE_ENCLOSURE_LEDS = true;
ZED_SCRUB_AFTER_RESILVER = true;
};
services.zfs.zed.enableMail = false;
2024-04-25 20:43:21 -04:00
system.stateVersion = "23.11"; # Did you read the comment?
zramSwap.enable = true;
}