nix-configs/nixos-configurations/zeus.nix

{
  config,
  pkgs,
  inputs,
  ezModules,
  modulesPath,
  lib,
  ...
}:
let
  pkgs-unstable = import inputs.nixunstable { inherit (pkgs.stdenv) system; };
in
{
  imports = [
    "${modulesPath}/installer/scan/not-detected.nix"
    inputs.impermanence.nixosModules.impermanence
    inputs.nixos-hardware.nixosModules.supermicro
    inputs.nixos-hardware.nixosModules.common-cpu-amd
    inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
    inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower
    inputs.nixos-hardware.nixosModules.common-pc
    ezModules.aarch64-emu
    ezModules.networkd-base
    ezModules.smartd
    ezModules.plymouth
    ezModules.docker-proxy
  ];

  boot = {
    initrd.availableKernelModules = [
      "ohci_pci"
      "ehci_pci"
      "sata_nv"
      "sd_mod"
    ];
    loader = {
      grub = {
        enable = true;
        efiSupport = true;
        mirroredBoots = [
          {
            devices = [ "nodev" ];
            path = "/efi";
          }
          {
            devices = [ "nodev" ];
            path = "/efi1";
          }
        ];
      };

      efi = {
        canTouchEfiVariables = true;
        efiSysMountPoint = "/efi";
      };
    };

    kernelModules = [ "kvm-amd" ];
    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  };

  fileSystems = {
    "/" = {
      device = "none";
      fsType = "tmpfs";
      options = [
        "defaults"
        "mode=755"
      ];
    };

    "/persist" = {
      device = "zroot/root";
      fsType = "zfs";
      neededForBoot = true;
    };

    "/boot" = {
      device = "zboot/boot";
      fsType = "zfs";
    };

    "/home" = {
      device = "zroot/home";
      fsType = "zfs";
    };

    "/nix" = {
      device = "zroot/nix";
      fsType = "zfs";
    };

    "/var" = {
      device = "zroot/var";
      fsType = "zfs";
    };

    "/video-data" = {
      device = "rpool/video-data";
      fsType = "zfs";
    };

    "/efi" = {
      device = "/dev/disk/by-uuid/6ED6-2ED0";
      fsType = "vfat";
      options = [ "nofail" ];
    };

    "/efi1" = {
      device = "/dev/disk/by-uuid/6A4C-BAFE";
      fsType = "vfat";
      options = [ "nofail" ];
    };
  };

  swapDevices = [
    { device = "/dev/disk/by-uuid/aecf6400-9c9f-43f9-8c57-08f3c8a633e7"; }
    { device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; }
  ];

  sops = {
    secrets."tailscale/authkey" = { };
    templates."docker.env".content = ''
      TAILSCALE_AUTHKEY=${config.sops.placeholder."tailscale/authkey"}
    '';
  };
  networking = {
    hostName = "zeus"; # Define your hostname.
    hostId = "9e95b576";
  };
  systemd.services = {
    recyclarr = {
      script = "${pkgs-unstable.recyclarr}/bin/recyclarr sync";
      startAt = "daily";
    };
  };
  systemd.network.netdevs = {
    bond0 = {
      netdevConfig = {
        Name = "bond0";
        Kind = "bond";
      };
      bondConfig = {
        Mode = "active-backup";
      };
    };
    lan-shim = {
      netdevConfig = {
        Name = "lan-shim";
        Kind = "macvlan";
        MACAddress = "3e:53:37:25:08:ef";
      };
      macvlanConfig = {
        Mode = "bridge";
      };
    };
  };
  systemd.network.networks = {
    "00-bondage" = {
      name = "eno*";
      networkConfig.Bond = "bond0";
    };
    bond0 = {
      name = "bond0";
      networkConfig.MACVLAN = "lan-shim";
    };
    lan-shim = {
      name = "lan-shim";
      address = [
        "10.42.69.100/24"
        "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64"
      ];
      dns = [ "10.42.69.2" ];
      domains = [ "icanttype.org" ];
      gateway = [ "10.42.69.1" ];
    };
  };

  virtualisation = {
    podman = {
      defaultNetwork.settings.dns_enabled = true;
      autoPrune.enable = true;
    };
    oci-containers.containers = {
      swag = {
        image = "lscr.io/linuxserver/swag:2.9.0-ls292";
        volumes = [ "swag-config:/config" ];
        environment = {
          TZ = "America/New_York";
          URL = "icanttype.org";
          VALIDATION = "dns";
          SUBDOMAINS = "wildcard";
          DNSPLUGIN = "cloudflare";
          DOCKER_HOST = "dockerproxy";
          DOCKER_MODS = "linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared";
          CF_ZONE_ID = "4e68852334290a922718696a0986e75a";
          CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa";
          CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ";
          CF_TUNNEL_NAME = "icanttype.org";
          CF_TUNNEL_PASSWORD = "iZh4UYxVSo3S2H3XwwboM2z@mJEqYJkQ5yMTfd5p";
          FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml";
          EMAIL = "cdombroski@gmail.com";
        };
        ports = [
          "80:80"
          "443:443"
        ];
        extraOptions = [
          "--pull=newer"
          "--network=www"
          "--cap-add"
          "NET_ADMIN"
          "--network-alias=icanttype.org"
        ];
      };
      jellyfin = {
        image = "lscr.io/linuxserver/jellyfin:latest";
        volumes = [
          "jellyfin-config:/config"
          "/video-data/media:/data/media"
          "jellyfin-tailscale:/var/lib/tailscale"
        ];
        environment = {
          DOCKER_MODS = "ghcr.io/tailscale-dev/docker-mod:main";
          TAILSCALE_STATE_DIR = "/var/lib/tailscale";
          TAILSCALE_HOSTNAME = "jellyfin";
          TAILSCALE_SERVE_PORT = "8096";
          TAILSCALE_SERVE_MODE = "http";
          TZ = "America/New_York";
        };
        environmentFiles = [ config.sops.templates."docker.env".path ];
        labels.swag = "enable";
        ports = [
          "1900:1900/udp"
          "7359:7359/udp"
        ];
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      zwave-js-ui = {
        image = "my-zwave-js-ui:latest";
        imageFile = pkgs.dockerTools.buildLayeredImage {
          name = "my-zwave-js-ui";
          tag = "latest";
          contents = [ pkgs.cacert ];
          config.Cmd = [ "${inputs.self.packages.${pkgs.stdenv.system}.zwave-js-ui}/bin/zwave-js-ui" ];
        };
        volumes = [ "zwave-config:/usr/src/app/store" ];
        environment = {
          TZ = "America/New_York";
          STORE_DIR = "/usr/src/app/store";
          ZWAVEJS_EXTERNAL_CONFIG = "/usr/src/app/store/.config-db";
        };
        labels = {
          swag = "enable";
          swag_url = "zwave.icanttype.org";
          swag_port = "8091";
        };
        extraOptions = [
          "--network=www"
          "--device=/dev/ttyACM0:/dev/zwave"
        ];
      };
      homeassistant = {
        image = "lscr.io/linuxserver/homeassistant:latest";
        volumes = [ "homeassistant-config:/config" ];
        environment.TZ = "America/New_York";
        labels.swag = "enable";
        extraOptions = [
          "--pull=newer"
          "--network=www"
          "--network=lan"
        ];
      };
      postgres = {
        image = "docker.io/library/postgres:15";
        volumes = [ "postgres-15:/var/lib/postgresql/data" ];
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      calibre = {
        image = "lscr.io/linuxserver/calibre:latest";
        volumes = [
          "calibre-config:/config"
          "/video-data:/data"
        ];
        environment.TZ = "America/New_York";
        labels.swag = "enable";
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      calibre-web = {
        image = "lscr.io/linuxserver/calibre-web:latest";
        volumes = [
          "calibre-web-config:/config"
          "/video-data:/data"
        ];
        environment.TZ = "America/New_York";
        labels.swag = "enable";
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      flaresolverr = {
        image = "ghcr.io/flaresolverr/flaresolverr:latest";
        environment.LOG_LEVEL = "info";
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      qbittorrent = {
        image = "lscr.io/linuxserver/qbittorrent:latest";
        volumes = [
          "qbittorrent-config:/config"
          "/video-data/torrent:/data/torrent"
        ];
        environment = {
          TZ = "America/New_York";
          UMASK_SET = "000";
          DELUGE_LOGLEVEL = "error";
        };
        labels.swag = "enable";
        ports = [
          "34996:34996"
          "34996:34996/udp"
        ];
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      prowlarr = {
        image = "lscr.io/linuxserver/prowlarr:latest";
        volumes = [ "prowlarr-config:/config" ];
        environment.TZ = "America/New_York";
        labels.swag = "enable";
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      readarr = {
        image = "lscr.io/linuxserver/readarr:develop";
        volumes = [
          "readarr-config:/config"
          "/video-data:/data"
        ];
        environment.TZ = "America/New_York";
        labels.swag = "enable";
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      radarr = {
        image = "lscr.io/linuxserver/radarr:latest";
        volumes = [
          "radarr-config:/config"
          "/video-data:/data"
        ];
        environment.TZ = "America/New_York";
        labels.swag = "enable";
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      sonarr = {
        image = "lscr.io/linuxserver/sonarr:latest";
        volumes = [
          "sonarr-config:/config"
          "/video-data:/data"
        ];
        environment.TZ = "America/New_York";
        labels.swag = "enable";
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      static = {
        image = "docker.io/library/nginx:alpine";
        volumes = [
          "/srv/docker/nginx/static:/usr/share/nginx/html:ro"
          "/srv/docker/nginx/config/static/default.conf:/etc/nginx/config.d/default.conf:ro"
        ];
        labels = {
          swag = "enable";
          swag_url = "www.icanttype.org";
        };
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      forgejo = {
        image = "codeberg.org/forgejo/forgejo:8";
        volumes = [
          "forgejo-data:/data"
          "/etc/localtime:/etc/localtime:ro"
        ];
        labels = {
          swag = "enable";
          swag_url = "git.icanttype.org";
          swag_port = "3000";
        };
        ports = [ "10022:22" ];
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
      docker_dind = {
        image = "docker.io/library/docker:dind";
        cmd = [
          "dockerd"
          "-H"
          "tcp://0.0.0.0:2375"
          "--tls=false"
        ];
        extraOptions = [
          "--pull=newer"
          "--privileged"
          "--network=www"
        ];
      };
      runner = {
        image = "code.forgejo.org/forgejo/runner:3.4.1";
        dependsOn = [ "docker_dind" ];
        environment.DOCKER_HOST = "tcp://docker_dind:2375";
        volumes = [ "forgejo-runner:/data" ];
        cmd = [
          "forgejo-runner"
          "daemon"
        ];
        extraOptions = [
          "--pull=newer"
          "--network=www"
        ];
      };
    };
  };
  networking.firewall = {
    interfaces."podman+" = {
      allowedUDPPorts = [ 53 ];
      allowedTCPPorts = [ 53 ];
    };
    allowedUDPPorts = [
      137
      138
    ];
    allowedTCPPorts = [
      139
      445
    ];
  };

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  users.users.nixremote = {
    description = "User for remote builds";
    isNormalUser = true;
    uid = 1100;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole"
    ];
  };
  nix.settings.trusted-users = [ "nixremote" ];
  environment = {
    systemPackages = builtins.attrValues {
      inherit (pkgs)
        vim
        dive
        podman-tui
        docker-compose
        tcpdump
        ethtool
        ;
      inherit (pkgs-unstable) recyclarr;
    };
    persistence."/persist" = {
      enableWarnings = false;
      hideMounts = true;
      directories = [
        "/srv/docker"
        "/tmp"
        "/etc/containers/networks"
      ];
      files = [
        "/etc/machine-id"
        "/etc/adjtime"
        "/etc/ssh/ssh_host_rsa_key"
        "/etc/ssh/ssh_host_rsa_key.pub"
        "/etc/ssh/ssh_host_ed25519_key"
        "/etc/ssh/ssh_host_ed25519_key.pub"
      ];
    };
  };

  services = {
    samba = {
      enable = true;
      shares = {
        media = {
          path = "/video-data";
          browseable = "yes";
          "read only" = "no";
          "guest ok" = "yes";
        };
      };
    };
    avahi = {
      enable = true;
      nssmdns4 = true;
      nssmdns6 = true;
      openFirewall = true;
      extraServiceFiles = {
        smb = ''
          <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
          <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
          <service-group>
            <name replace-wildcards="yes">%h</name>
            <service>
              <type>_smb._tcp</type>
              <port>445</port>
            </service>
          </service-group>
        '';
      };
    };
  };
  services.zfs.autoScrub.enable = true;
  services.zfs.zed.settings = {
    ZED_EMAIL_ADDR = [ "root" ];
    ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
    ZED_EMAIL_OPTS = "@ADDRESS@";
    ZED_NOTIFY_INTERVAL_SECS = 3600;
    ZED_NOTIFY_VERBOSE = true;
    ZED_USE_ENCLOSURE_LEDS = true;
    ZED_SCRUB_AFTER_RESILVER = true;
  };
  services.zfs.zed.enableMail = false;

  system.stateVersion = "23.11"; # Did you read the comment?
  zramSwap.enable = true;
}
Cleanup 2024-09-19 20:46:32 -04:00			`{`
			`config,`
			`pkgs,`
			`inputs,`
Move zeus to ezconfigs 2024-09-19 21:56:38 -04:00			`ezModules,`
Merge zeus config 2024-09-20 19:43:01 -04:00			`modulesPath,`
			`lib,`
Cleanup 2024-09-19 20:46:32 -04:00			`...`
			`}:`
Move zeus to ezconfigs 2024-09-19 21:56:38 -04:00			`let`
			`pkgs-unstable = import inputs.nixunstable { inherit (pkgs.stdenv) system; };`
			`in`
Import zeus config 2024-04-25 20:43:21 -04:00			`{`
new formatter? 2024-09-05 19:08:29 -04:00			`imports = [`
Merge zeus config 2024-09-20 19:43:01 -04:00			`"${modulesPath}/installer/scan/not-detected.nix"`
Move zeus to ezconfigs 2024-09-19 21:56:38 -04:00			`inputs.impermanence.nixosModules.impermanence`
			`inputs.nixos-hardware.nixosModules.supermicro`
			`inputs.nixos-hardware.nixosModules.common-cpu-amd`
			`inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate`
			`inputs.nixos-hardware.nixosModules.common-cpu-amd-zenpower`
			`inputs.nixos-hardware.nixosModules.common-pc`
			`ezModules.aarch64-emu`
			`ezModules.networkd-base`
			`ezModules.smartd`
			`ezModules.plymouth`
some modules for containers 2024-09-30 20:37:45 -04:00			`ezModules.docker-proxy`
Reformat 2024-05-11 12:51:25 -04:00			`];`
Import zeus config 2024-04-25 20:43:21 -04:00
EFI Grub? 2024-05-27 13:00:39 -04:00			`boot = {`
Merge zeus config 2024-09-20 19:43:01 -04:00			`initrd.availableKernelModules = [`
			`"ohci_pci"`
			`"ehci_pci"`
			`"sata_nv"`
			`"sd_mod"`
			`];`
EFI Grub? 2024-05-27 13:00:39 -04:00			`loader = {`
			`grub = {`
			`enable = true;`
			`efiSupport = true;`
			`mirroredBoots = [`
			`{`
			`devices = [ "nodev" ];`
			`path = "/efi";`
			`}`
			`{`
			`devices = [ "nodev" ];`
			`path = "/efi1";`
			`}`
			`];`
			`};`
Merge zeus config 2024-09-20 19:43:01 -04:00
EFI Grub? 2024-05-27 13:00:39 -04:00			`efi = {`
Change to efivars 2024-05-27 13:15:09 -04:00			`canTouchEfiVariables = true;`
EFI Grub? 2024-05-27 13:00:39 -04:00			`efiSysMountPoint = "/efi";`
			`};`
			`};`
Merge zeus config 2024-09-20 19:43:01 -04:00
			`kernelModules = [ "kvm-amd" ];`
EFI Grub? 2024-05-27 13:00:39 -04:00			`kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;`
			`};`
Add vfat to zeus 2024-05-26 20:35:04 -04:00
Merge zeus config 2024-09-20 19:43:01 -04:00			`fileSystems = {`
			`"/" = {`
			`device = "none";`
			`fsType = "tmpfs";`
			`options = [`
			`"defaults"`
			`"mode=755"`
			`];`
			`};`

			`"/persist" = {`
			`device = "zroot/root";`
			`fsType = "zfs";`
			`neededForBoot = true;`
			`};`

			`"/boot" = {`
			`device = "zboot/boot";`
			`fsType = "zfs";`
			`};`

			`"/home" = {`
			`device = "zroot/home";`
			`fsType = "zfs";`
			`};`

			`"/nix" = {`
			`device = "zroot/nix";`
			`fsType = "zfs";`
			`};`

			`"/var" = {`
			`device = "zroot/var";`
			`fsType = "zfs";`
			`};`

			`"/video-data" = {`
			`device = "rpool/video-data";`
			`fsType = "zfs";`
			`};`

			`"/efi" = {`
			`device = "/dev/disk/by-uuid/6ED6-2ED0";`
			`fsType = "vfat";`
			`options = [ "nofail" ];`
			`};`

			`"/efi1" = {`
			`device = "/dev/disk/by-uuid/6A4C-BAFE";`
			`fsType = "vfat";`
			`options = [ "nofail" ];`
			`};`
			`};`

			`swapDevices = [`
			`{ device = "/dev/disk/by-uuid/aecf6400-9c9f-43f9-8c57-08f3c8a633e7"; }`
			`{ device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; }`
			`];`

jellyfin tailscale 2024-08-19 16:41:12 -04:00			`sops = {`
Nix format 2024-08-28 21:24:00 -04:00			`secrets."tailscale/authkey" = { };`
jellyfin tailscale 2024-08-19 16:41:12 -04:00			`templates."docker.env".content = ''`
			`TAILSCALE_AUTHKEY=${config.sops.placeholder."tailscale/authkey"}`
			`'';`
			`};`
Merge zeus config 2024-09-20 19:43:01 -04:00			`networking = {`
			`hostName = "zeus"; # Define your hostname.`
			`hostId = "9e95b576";`
			`};`
auto recyclarr sync 2024-08-20 15:00:33 -04:00			`systemd.services = {`
			`recyclarr = {`
Cleanup 2024-09-19 20:46:32 -04:00			`script = "${pkgs-unstable.recyclarr}/bin/recyclarr sync";`
auto recyclarr sync 2024-08-20 15:00:33 -04:00			`startAt = "daily";`
			`};`
			`};`
Import zeus config 2024-04-25 20:43:21 -04:00			`systemd.network.netdevs = {`
			`bond0 = {`
			`netdevConfig = {`
			`Name = "bond0";`
			`Kind = "bond";`
			`};`
new formatter? 2024-09-05 19:08:29 -04:00			`bondConfig = {`
			`Mode = "active-backup";`
			`};`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`lan-shim = {`
			`netdevConfig = {`
			`Name = "lan-shim";`
			`Kind = "macvlan";`
			`MACAddress = "3e:53:37:25:08:ef";`
			`};`
new formatter? 2024-09-05 19:08:29 -04:00			`macvlanConfig = {`
			`Mode = "bridge";`
			`};`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`};`
			`systemd.network.networks = {`
			`"00-bondage" = {`
Change network config for 3rd interface (probably bmc) 2024-05-23 12:06:52 -04:00			`name = "eno*";`
Import zeus config 2024-04-25 20:43:21 -04:00			`networkConfig.Bond = "bond0";`
			`};`
			`bond0 = {`
			`name = "bond0";`
			`networkConfig.MACVLAN = "lan-shim";`
			`};`
			`lan-shim = {`
			`name = "lan-shim";`
new formatter? 2024-09-05 19:08:29 -04:00			`address = [`
			`"10.42.69.100/24"`
			`"fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`dns = [ "10.42.69.2" ];`
			`domains = [ "icanttype.org" ];`
			`gateway = [ "10.42.69.1" ];`
			`};`
			`};`

			`virtualisation = {`
			`podman = {`
			`defaultNetwork.settings.dns_enabled = true;`
Prune old podmans 2024-09-04 18:32:12 -04:00			`autoPrune.enable = true;`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`oci-containers.containers = {`
			`swag = {`
			`image = "lscr.io/linuxserver/swag:2.9.0-ls292";`
			`volumes = [ "swag-config:/config" ];`
			`environment = {`
Reformat 2024-05-11 12:51:25 -04:00			`TZ = "America/New_York";`
			`URL = "icanttype.org";`
			`VALIDATION = "dns";`
			`SUBDOMAINS = "wildcard";`
			`DNSPLUGIN = "cloudflare";`
			`DOCKER_HOST = "dockerproxy";`
new formatter? 2024-09-05 19:08:29 -04:00			`DOCKER_MODS = "linuxserver/mods:swag-dashboard\|linuxserver/mods:swag-auto-proxy\|linuxserver/mods:universal-docker\|linuxserver/mods:universal-cloudflared";`
Reformat 2024-05-11 12:51:25 -04:00			`CF_ZONE_ID = "4e68852334290a922718696a0986e75a";`
			`CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa";`
			`CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ";`
			`CF_TUNNEL_NAME = "icanttype.org";`
			`CF_TUNNEL_PASSWORD = "iZh4UYxVSo3S2H3XwwboM2z@mJEqYJkQ5yMTfd5p";`
			`FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml";`
			`EMAIL = "cdombroski@gmail.com";`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
new formatter? 2024-09-05 19:08:29 -04:00			`ports = [`
			`"80:80"`
			`"443:443"`
			`];`
Reformat 2024-05-11 12:51:25 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`"--cap-add"`
			`"NET_ADMIN"`
			`"--network-alias=icanttype.org"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`jellyfin = {`
			`image = "lscr.io/linuxserver/jellyfin:latest";`
Nix format 2024-08-28 21:24:00 -04:00			`volumes = [`
			`"jellyfin-config:/config"`
			`"/video-data/media:/data/media"`
			`"jellyfin-tailscale:/var/lib/tailscale"`
			`];`
jellyfin tailscale 2024-08-19 16:41:12 -04:00			`environment = {`
Nix format 2024-08-28 21:24:00 -04:00			`DOCKER_MODS = "ghcr.io/tailscale-dev/docker-mod:main";`
			`TAILSCALE_STATE_DIR = "/var/lib/tailscale";`
			`TAILSCALE_HOSTNAME = "jellyfin";`
			`TAILSCALE_SERVE_PORT = "8096";`
			`TAILSCALE_SERVE_MODE = "http";`
jellyfin tailscale 2024-08-19 16:41:12 -04:00			`TZ = "America/New_York";`
			`};`
			`environmentFiles = [ config.sops.templates."docker.env".path ];`
Import zeus config 2024-04-25 20:43:21 -04:00			`labels.swag = "enable";`
new formatter? 2024-09-05 19:08:29 -04:00			`ports = [`
			`"1900:1900/udp"`
			`"7359:7359/udp"`
			`];`
			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`zwave-js-ui = {`
nixos zwave? 2024-08-20 21:49:04 -04:00			`image = "my-zwave-js-ui:latest";`
flake.lock: Update Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c42fcfbdfeae23e68fc520f9182dde9f38ad1890?narHash=sha256-9tUadhnZQbWIiYVXH8ncfGXGvkNq3Hag4RCBEMUk7MI%3D' (2024-08-17) → 'github:NixOS/nixpkgs/f1bad50880bae73ff2d82fafc22010b4fc097a9c?narHash=sha256-D5HwjQw/02fuXbR4LCTo64koglP2j99hkDR79/3yLOE%3D' (2024-08-19) 2024-08-21 02:04:16 -04:00			`imageFile = pkgs.dockerTools.buildLayeredImage {`
nixos zwave? 2024-08-20 21:49:04 -04:00			`name = "my-zwave-js-ui";`
			`tag = "latest";`
abolish with scoping 2024-09-21 21:50:25 -04:00			`contents = [ pkgs.cacert ];`
Cleanup 2024-09-19 20:46:32 -04:00			`config.Cmd = [ "${inputs.self.packages.${pkgs.stdenv.system}.zwave-js-ui}/bin/zwave-js-ui" ];`
nixos zwave? 2024-08-20 21:49:04 -04:00			`};`
Import zeus config 2024-04-25 20:43:21 -04:00			`volumes = [ "zwave-config:/usr/src/app/store" ];`
nixos zwave? 2024-08-20 21:49:04 -04:00			`environment = {`
			`TZ = "America/New_York";`
			`STORE_DIR = "/usr/src/app/store";`
			`ZWAVEJS_EXTERNAL_CONFIG = "/usr/src/app/store/.config-db";`
			`};`
Reformat 2024-05-11 12:51:25 -04:00			`labels = {`
			`swag = "enable";`
			`swag_url = "zwave.icanttype.org";`
nixos zwave? 2024-08-20 21:49:04 -04:00			`swag_port = "8091";`
Reformat 2024-05-11 12:51:25 -04:00			`};`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--network=www"`
			`"--device=/dev/ttyACM0:/dev/zwave"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`homeassistant = {`
			`image = "lscr.io/linuxserver/homeassistant:latest";`
			`volumes = [ "homeassistant-config:/config" ];`
			`environment.TZ = "America/New_York";`
			`labels.swag = "enable";`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`"--network=lan"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`postgres = {`
			`image = "docker.io/library/postgres:15";`
			`volumes = [ "postgres-15:/var/lib/postgresql/data" ];`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`calibre = {`
			`image = "lscr.io/linuxserver/calibre:latest";`
new formatter? 2024-09-05 19:08:29 -04:00			`volumes = [`
			`"calibre-config:/config"`
			`"/video-data:/data"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`environment.TZ = "America/New_York";`
			`labels.swag = "enable";`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`calibre-web = {`
			`image = "lscr.io/linuxserver/calibre-web:latest";`
new formatter? 2024-09-05 19:08:29 -04:00			`volumes = [`
			`"calibre-web-config:/config"`
			`"/video-data:/data"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`environment.TZ = "America/New_York";`
			`labels.swag = "enable";`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`flaresolverr = {`
			`image = "ghcr.io/flaresolverr/flaresolverr:latest";`
			`environment.LOG_LEVEL = "info";`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`qbittorrent = {`
			`image = "lscr.io/linuxserver/qbittorrent:latest";`
new formatter? 2024-09-05 19:08:29 -04:00			`volumes = [`
			`"qbittorrent-config:/config"`
			`"/video-data/torrent:/data/torrent"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`environment = {`
			`TZ = "America/New_York";`
			`UMASK_SET = "000";`
			`DELUGE_LOGLEVEL = "error";`
			`};`
			`labels.swag = "enable";`
new formatter? 2024-09-05 19:08:29 -04:00			`ports = [`
			`"34996:34996"`
			`"34996:34996/udp"`
			`];`
			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`prowlarr = {`
			`image = "lscr.io/linuxserver/prowlarr:latest";`
			`volumes = [ "prowlarr-config:/config" ];`
			`environment.TZ = "America/New_York";`
			`labels.swag = "enable";`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`readarr = {`
			`image = "lscr.io/linuxserver/readarr:develop";`
new formatter? 2024-09-05 19:08:29 -04:00			`volumes = [`
			`"readarr-config:/config"`
			`"/video-data:/data"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`environment.TZ = "America/New_York";`
			`labels.swag = "enable";`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`radarr = {`
			`image = "lscr.io/linuxserver/radarr:latest";`
new formatter? 2024-09-05 19:08:29 -04:00			`volumes = [`
			`"radarr-config:/config"`
			`"/video-data:/data"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`environment.TZ = "America/New_York";`
			`labels.swag = "enable";`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`sonarr = {`
			`image = "lscr.io/linuxserver/sonarr:latest";`
new formatter? 2024-09-05 19:08:29 -04:00			`volumes = [`
			`"sonarr-config:/config"`
			`"/video-data:/data"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`environment.TZ = "America/New_York";`
			`labels.swag = "enable";`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`static = {`
			`image = "docker.io/library/nginx:alpine";`
Reformat 2024-05-11 12:51:25 -04:00			`volumes = [`
			`"/srv/docker/nginx/static:/usr/share/nginx/html:ro"`
			`"/srv/docker/nginx/config/static/default.conf:/etc/nginx/config.d/default.conf:ro"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`labels = {`
			`swag = "enable";`
			`swag_url = "www.icanttype.org";`
			`};`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`forgejo = {`
forgejo 8 2024-08-21 11:26:54 -04:00			`image = "codeberg.org/forgejo/forgejo:8";`
new formatter? 2024-09-05 19:08:29 -04:00			`volumes = [`
			`"forgejo-data:/data"`
			`"/etc/localtime:/etc/localtime:ro"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`labels = {`
			`swag = "enable";`
			`swag_url = "git.icanttype.org";`
			`swag_port = "3000";`
			`};`
			`ports = [ "10022:22" ];`
new formatter? 2024-09-05 19:08:29 -04:00			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`docker_dind = {`
			`image = "docker.io/library/docker:dind";`
new formatter? 2024-09-05 19:08:29 -04:00			`cmd = [`
			`"dockerd"`
			`"-H"`
			`"tcp://0.0.0.0:2375"`
			`"--tls=false"`
			`];`
			`extraOptions = [`
			`"--pull=newer"`
			`"--privileged"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`runner = {`
			`image = "code.forgejo.org/forgejo/runner:3.4.1";`
			`dependsOn = [ "docker_dind" ];`
			`environment.DOCKER_HOST = "tcp://docker_dind:2375";`
			`volumes = [ "forgejo-runner:/data" ];`
new formatter? 2024-09-05 19:08:29 -04:00			`cmd = [`
			`"forgejo-runner"`
			`"daemon"`
			`];`
			`extraOptions = [`
			`"--pull=newer"`
			`"--network=www"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
			`};`
			`};`
modular! 2024-04-27 22:10:36 -04:00			`networking.firewall = {`
			`interfaces."podman+" = {`
			`allowedUDPPorts = [ 53 ];`
			`allowedTCPPorts = [ 53 ];`
			`};`
new formatter? 2024-09-05 19:08:29 -04:00			`allowedUDPPorts = [`
			`137`
			`138`
			`];`
			`allowedTCPPorts = [`
			`139`
			`445`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`

Merge zeus config 2024-09-20 19:43:01 -04:00			`nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";`
Import zeus config 2024-04-25 20:43:21 -04:00			`users.users.nixremote = {`
			`description = "User for remote builds";`
			`isNormalUser = true;`
			`uid = 1100;`
Reformat 2024-05-11 12:51:25 -04:00			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole"`
			`];`
Import zeus config 2024-04-25 20:43:21 -04:00			`};`
Merge zeus config 2024-09-20 19:43:01 -04:00			`nix.settings.trusted-users = [ "nixremote" ];`
Impermanence for zeus 2024-05-31 20:04:28 -04:00			`environment = {`
abolish with scoping 2024-09-21 21:50:25 -04:00			`systemPackages = builtins.attrValues {`
			`inherit (pkgs)`
			`vim`
			`dive`
			`podman-tui`
			`docker-compose`
			`tcpdump`
			`ethtool`
			`;`
			`inherit (pkgs-unstable) recyclarr;`
			`};`
Impermanence for zeus 2024-05-31 20:04:28 -04:00			`persistence."/persist" = {`
remove persistence warning 2024-08-21 21:11:53 -04:00			`enableWarnings = false;`
Impermanence for zeus 2024-05-31 20:04:28 -04:00			`hideMounts = true;`
new formatter? 2024-09-05 19:08:29 -04:00			`directories = [`
			`"/srv/docker"`
			`"/tmp"`
			`"/etc/containers/networks"`
			`];`
Impermanence for zeus 2024-05-31 20:04:28 -04:00			`files = [`
			`"/etc/machine-id"`
			`"/etc/adjtime"`
			`"/etc/ssh/ssh_host_rsa_key"`
			`"/etc/ssh/ssh_host_rsa_key.pub"`
			`"/etc/ssh/ssh_host_ed25519_key"`
			`"/etc/ssh/ssh_host_ed25519_key.pub"`
Formatting 2024-05-31 20:51:33 -04:00			`];`
Impermanence for zeus 2024-05-31 20:04:28 -04:00			`};`
			`};`
Import zeus config 2024-04-25 20:43:21 -04:00
Add avahi for samba shares 2024-05-04 12:59:59 -04:00			`services = {`
			`samba = {`
			`enable = true;`
			`shares = {`
			`media = {`
			`path = "/video-data";`
			`browseable = "yes";`
			`"read only" = "no";`
			`"guest ok" = "yes";`
			`};`
			`};`
			`};`
			`avahi = {`
			`enable = true;`
Update to 24.05 2024-05-30 20:39:54 -04:00			`nssmdns4 = true;`
			`nssmdns6 = true;`
Add avahi for samba shares 2024-05-04 12:59:59 -04:00			`openFirewall = true;`
			`extraServiceFiles = {`
			`smb = ''`
Reformat 2024-05-11 12:51:25 -04:00			`<?xml version="1.0" standalone='no'?><!---nxml--->`
			`<!DOCTYPE service-group SYSTEM "avahi-service.dtd">`
			`<service-group>`
			`<name replace-wildcards="yes">%h</name>`
			`<service>`
			`<type>_smb._tcp</type>`
			`<port>445</port>`
			`</service>`
			`</service-group>`
Add avahi for samba shares 2024-05-04 12:59:59 -04:00			`'';`
			`};`
Enable samba 2024-04-27 16:18:43 -04:00			`};`
			`};`
Import zeus config 2024-04-25 20:43:21 -04:00			`services.zfs.autoScrub.enable = true;`
Enable zfs zed 2024-04-26 18:09:44 -04:00			`services.zfs.zed.settings = {`
			`ZED_EMAIL_ADDR = [ "root" ];`
			`ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";`
			`ZED_EMAIL_OPTS = "@ADDRESS@";`
			`ZED_NOTIFY_INTERVAL_SECS = 3600;`
			`ZED_NOTIFY_VERBOSE = true;`
			`ZED_USE_ENCLOSURE_LEDS = true;`
			`ZED_SCRUB_AFTER_RESILVER = true;`
			`};`
			`services.zfs.zed.enableMail = false;`
Import zeus config 2024-04-25 20:43:21 -04:00
			`system.stateVersion = "23.11"; # Did you read the comment?`
			`zramSwap.enable = true;`
			`}`