Compare commits
2 commits
afd6aa4072
...
5859a7232b
Author | SHA1 | Date | |
---|---|---|---|
5859a7232b | |||
ed44f28e07 |
18 changed files with 490 additions and 219 deletions
80
flake.nix
80
flake.nix
|
@ -27,31 +27,43 @@
|
||||||
};
|
};
|
||||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||||
};
|
};
|
||||||
outputs = inputs@{ flake-parts, ... }:
|
outputs =
|
||||||
flake-parts.lib.mkFlake { inherit inputs; } ({ self, ... }: {
|
inputs@{ flake-parts, ... }:
|
||||||
|
flake-parts.lib.mkFlake { inherit inputs; } (
|
||||||
|
{ withSystem, self, ... }:
|
||||||
|
{
|
||||||
imports = [ inputs.devshell.flakeModule ];
|
imports = [ inputs.devshell.flakeModule ];
|
||||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
systems = [
|
||||||
|
"x86_64-linux"
|
||||||
|
"aarch64-linux"
|
||||||
|
];
|
||||||
flake = {
|
flake = {
|
||||||
deploy = {
|
deploy = {
|
||||||
sshUser = "root";
|
sshUser = "root";
|
||||||
fastConnection = true;
|
fastConnection = true;
|
||||||
nodes = {
|
nodes =
|
||||||
|
withSystem "x86_64-linux" (
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
smolboi = {
|
smolboi = {
|
||||||
hostname = "smolboi";
|
hostname = "smolboi";
|
||||||
profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos
|
profiles.system.path = pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.smolboi;
|
||||||
self.nixosConfigurations.smolboi;
|
|
||||||
};
|
};
|
||||||
zeus = {
|
zeus = {
|
||||||
hostname = "zeus";
|
hostname = "zeus";
|
||||||
profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos
|
profiles.system.path = pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.zeus;
|
||||||
self.nixosConfigurations.zeus;
|
|
||||||
};
|
};
|
||||||
|
}
|
||||||
|
)
|
||||||
|
// withSystem "aarch64-linux" (
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
orangepihole = {
|
orangepihole = {
|
||||||
hostname = "orangepihole";
|
hostname = "orangepihole";
|
||||||
profiles.system.path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos
|
profiles.system.path = pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.orangepihole;
|
||||||
self.nixosConfigurations.orangepihole;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
}
|
||||||
|
);
|
||||||
};
|
};
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
smolboi = inputs.nixpkgs.lib.nixosSystem {
|
smolboi = inputs.nixpkgs.lib.nixosSystem {
|
||||||
|
@ -73,8 +85,7 @@
|
||||||
inputs.home-manager.nixosModules.home-manager
|
inputs.home-manager.nixosModules.home-manager
|
||||||
{
|
{
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
home-manager.users.cdombroski =
|
home-manager.users.cdombroski = import ./systems/smolboi/home.nix;
|
||||||
import ./systems/smolboi/home.nix;
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
@ -105,22 +116,31 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
perSystem = { pkgs, inputs', system, ... }: {
|
perSystem =
|
||||||
# _module.args.pkgs = import inputs'.nixpkgs {
|
{ pkgs, system, ... }:
|
||||||
# inherit system;
|
{
|
||||||
# overlays = [
|
_module.args.pkgs = import inputs.nixpkgs {
|
||||||
# inputs.deploy-rs.overlay
|
inherit system;
|
||||||
# (final: prev: {
|
overlays = [
|
||||||
# deploy-rs = {
|
inputs.deploy-rs.overlay
|
||||||
# inherit (pkgs) deploy-rs;
|
(final: prev: {
|
||||||
# lib = prev.deploy-rs.lib;
|
deploy-rs = {
|
||||||
# };
|
inherit (inputs.nixpkgs.legacyPackages.${system}) deploy-rs;
|
||||||
# })
|
lib = prev.deploy-rs.lib;
|
||||||
# ];
|
};
|
||||||
# };
|
})
|
||||||
devshells.default = { packages = with pkgs; [ deploy-rs sops ]; };
|
];
|
||||||
checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy;
|
config = { };
|
||||||
formatter = pkgs.nixfmt;
|
};
|
||||||
|
devshells.default = {
|
||||||
|
packages = with pkgs; [
|
||||||
|
deploy-rs.deploy-rs
|
||||||
|
sops
|
||||||
|
];
|
||||||
|
};
|
||||||
|
checks = inputs.deploy-rs.lib.${system}.deployChecks self.deploy;
|
||||||
|
formatter = pkgs.nixfmt-rfc-style;
|
||||||
};
|
};
|
||||||
});
|
}
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
{ lib, ... }: {
|
{ lib, ... }:
|
||||||
imports = builtins.map (n: ./common + "/${n}") (builtins.attrNames
|
{
|
||||||
(lib.filterAttrs (k: v: v == "regular" && lib.hasSuffix ".nix" k)
|
imports = builtins.map (n: ./common + "/${n}") (
|
||||||
(builtins.readDir ./common)));
|
builtins.attrNames (
|
||||||
|
lib.filterAttrs (k: v: v == "regular" && lib.hasSuffix ".nix" k) (builtins.readDir ./common)
|
||||||
|
)
|
||||||
|
);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
time.timeZone = "America/New_York";
|
time.timeZone = "America/New_York";
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
programs.vim.defaultEditor = true;
|
programs.vim.defaultEditor = true;
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ config, ... }: {
|
{ config, ... }:
|
||||||
|
{
|
||||||
sops.secrets."gmail/password" = { };
|
sops.secrets."gmail/password" = { };
|
||||||
programs.msmtp = {
|
programs.msmtp = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -23,4 +24,3 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ ... }: {
|
{ ... }:
|
||||||
|
{
|
||||||
programs.git.enable = true;
|
programs.git.enable = true;
|
||||||
programs.nh = {
|
programs.nh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -6,7 +7,12 @@
|
||||||
clean.extraArgs = "--keep-since 7d";
|
clean.extraArgs = "--keep-since 7d";
|
||||||
};
|
};
|
||||||
nix = {
|
nix = {
|
||||||
settings = { experimental-features = [ "nix-command" "flakes" ]; };
|
settings = {
|
||||||
|
experimental-features = [
|
||||||
|
"nix-command"
|
||||||
|
"flakes"
|
||||||
|
];
|
||||||
|
};
|
||||||
optimise.automatic = true;
|
optimise.automatic = true;
|
||||||
};
|
};
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ inputs, ... }: {
|
{ inputs, ... }:
|
||||||
|
{
|
||||||
imports = [ inputs.sops-nix.nixosModules.sops ];
|
imports = [ inputs.sops-nix.nixosModules.sops ];
|
||||||
sops.defaultSopsFile = ../../secrets/secret.yaml;
|
sops.defaultSopsFile = ../../secrets/secret.yaml;
|
||||||
sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
|
@ -1,5 +1,13 @@
|
||||||
{ pkgs, sops, config, ... }: {
|
{
|
||||||
sops.secrets."root/password" = { neededForUsers = true; };
|
pkgs,
|
||||||
|
sops,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
sops.secrets."root/password" = {
|
||||||
|
neededForUsers = true;
|
||||||
|
};
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
users.users.root = {
|
users.users.root = {
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
{ pkgs, lib, ... }: {
|
{ pkgs, lib, ... }:
|
||||||
|
{
|
||||||
boot.plymouth = {
|
boot.plymouth = {
|
||||||
enable = true;
|
enable = true;
|
||||||
themePackages = with pkgs;
|
themePackages = with pkgs; [ (adi1090x-plymouth-themes.override { selected_themes = [ "owl" ]; }) ];
|
||||||
[ (adi1090x-plymouth-themes.override { selected_themes = [ "owl" ]; }) ];
|
|
||||||
theme = lib.mkForce "owl";
|
theme = lib.mkForce "owl";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,19 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
inherit (lib) mkIf mkEnableOption mkOption types;
|
inherit (lib)
|
||||||
|
mkIf
|
||||||
|
mkEnableOption
|
||||||
|
mkOption
|
||||||
|
types
|
||||||
|
;
|
||||||
cfg = config.services.zwave-js-ui;
|
cfg = config.services.zwave-js-ui;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
options.services.zwave-js-ui = {
|
options.services.zwave-js-ui = {
|
||||||
enable = mkEnableOption "zwave-js-ui";
|
enable = mkEnableOption "zwave-js-ui";
|
||||||
store = mkOption {
|
store = mkOption {
|
||||||
|
@ -14,10 +25,12 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
assertions = [{
|
assertions = [
|
||||||
|
{
|
||||||
assertion = !config.services.zwave-js.enable;
|
assertion = !config.services.zwave-js.enable;
|
||||||
message = "zwave-js-ui conflicts with zwave-js";
|
message = "zwave-js-ui conflicts with zwave-js";
|
||||||
}];
|
}
|
||||||
|
];
|
||||||
systemd.services.zwave-js-ui = {
|
systemd.services.zwave-js-ui = {
|
||||||
environment = {
|
environment = {
|
||||||
STORE_DIR = cfg.store;
|
STORE_DIR = cfg.store;
|
||||||
|
|
|
@ -4,20 +4,24 @@ let
|
||||||
arch = "x64";
|
arch = "x64";
|
||||||
hash = "sha256:04vg1s86krg7baifcpnqr5zg6jd6nfw0jhjsq09zzpxwg5skxlf7";
|
hash = "sha256:04vg1s86krg7baifcpnqr5zg6jd6nfw0jhjsq09zzpxwg5skxlf7";
|
||||||
version = "7.2.1";
|
version = "7.2.1";
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
recyclarr = prev.recyclarr.overrideAttrs (old: {
|
recyclarr = prev.recyclarr.overrideAttrs (old: {
|
||||||
inherit version;
|
inherit version;
|
||||||
name = "recyclarr-${version}";
|
name = "recyclarr-${version}";
|
||||||
src = prev.fetchurl {
|
src = prev.fetchurl {
|
||||||
url =
|
url = "https://github.com/recyclarr/recyclarr/releases/download/v${version}/recyclarr-${os}-${arch}.tar.xz";
|
||||||
"https://github.com/recyclarr/recyclarr/releases/download/v${version}/recyclarr-${os}-${arch}.tar.xz";
|
|
||||||
inherit hash;
|
inherit hash;
|
||||||
};
|
};
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
wrapProgram $out/bin/recyclarr \
|
wrapProgram $out/bin/recyclarr \
|
||||||
--prefix PATH : ${prev.lib.makeBinPath [ prev.git ]} \
|
--prefix PATH : ${prev.lib.makeBinPath [ prev.git ]} \
|
||||||
--prefix LD_LIBRARY_PATH : ${
|
--prefix LD_LIBRARY_PATH : ${
|
||||||
prev.lib.makeLibraryPath [ prev.icu prev.openssl prev.zlib ]
|
prev.lib.makeLibraryPath [
|
||||||
|
prev.icu
|
||||||
|
prev.openssl
|
||||||
|
prev.zlib
|
||||||
|
]
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
});
|
});
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
{ lib, buildNpmPackage, fetchFromGitHub }:
|
{
|
||||||
|
lib,
|
||||||
|
buildNpmPackage,
|
||||||
|
fetchFromGitHub,
|
||||||
|
}:
|
||||||
|
|
||||||
buildNpmPackage rec {
|
buildNpmPackage rec {
|
||||||
pname = "zwave-js-ui";
|
pname = "zwave-js-ui";
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ # Include the results of the hardware scan.
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../modules/common.nix
|
../../modules/common.nix
|
||||||
../../modules/networkd-base.nix
|
../../modules/networkd-base.nix
|
||||||
|
@ -16,8 +17,14 @@
|
||||||
};
|
};
|
||||||
systemd.network.networks."40-end0" = {
|
systemd.network.networks."40-end0" = {
|
||||||
matchConfig.Name = "end0";
|
matchConfig.Name = "end0";
|
||||||
address = [ "10.42.69.2/24" "fd72:3dd5:21ae:3c97::2/64" ];
|
address = [
|
||||||
dns = [ "10.42.69.2" "fd72:3dd5:21ae:3c97::2" ];
|
"10.42.69.2/24"
|
||||||
|
"fd72:3dd5:21ae:3c97::2/64"
|
||||||
|
];
|
||||||
|
dns = [
|
||||||
|
"10.42.69.2"
|
||||||
|
"fd72:3dd5:21ae:3c97::2"
|
||||||
|
];
|
||||||
domains = [ "icanttype.org" ];
|
domains = [ "icanttype.org" ];
|
||||||
gateway = [ "10.42.69.1" ];
|
gateway = [ "10.42.69.1" ];
|
||||||
networkConfig.DHCPServer = true;
|
networkConfig.DHCPServer = true;
|
||||||
|
@ -27,7 +34,10 @@
|
||||||
DNS = "10.42.69.2";
|
DNS = "10.42.69.2";
|
||||||
EmitRouter = true;
|
EmitRouter = true;
|
||||||
Router = "10.42.69.1";
|
Router = "10.42.69.1";
|
||||||
SendOption = [ "15:string:icanttype.org" "119:string:icanttype.org" ];
|
SendOption = [
|
||||||
|
"15:string:icanttype.org"
|
||||||
|
"119:string:icanttype.org"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
networkConfig.IPv6SendRA = true;
|
networkConfig.IPv6SendRA = true;
|
||||||
ipv6SendRAConfig.RouterLifetimeSec = 0;
|
ipv6SendRAConfig.RouterLifetimeSec = 0;
|
||||||
|
@ -35,10 +45,12 @@
|
||||||
ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ];
|
ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ];
|
||||||
};
|
};
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
swapDevices = [{
|
swapDevices = [
|
||||||
|
{
|
||||||
device = "/persist/swapfile";
|
device = "/persist/swapfile";
|
||||||
size = 1024;
|
size = 1024;
|
||||||
}];
|
}
|
||||||
|
];
|
||||||
services = {
|
services = {
|
||||||
unbound = {
|
unbound = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -48,9 +60,15 @@
|
||||||
do-ip6 = "no";
|
do-ip6 = "no";
|
||||||
qname-minimisation = "yes";
|
qname-minimisation = "yes";
|
||||||
interface = [ "end0" ];
|
interface = [ "end0" ];
|
||||||
access-control = [ "10.0.0.0/8 allow" "fc::/7 allow" ];
|
access-control = [
|
||||||
|
"10.0.0.0/8 allow"
|
||||||
|
"fc::/7 allow"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
include = [ "/etc/unbound/ads.conf" "${./unbound-local.conf}" ];
|
include = [
|
||||||
|
"/etc/unbound/ads.conf"
|
||||||
|
"${./unbound-local.conf}"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
journald.storage = "volatile";
|
journald.storage = "volatile";
|
||||||
|
@ -60,7 +78,10 @@
|
||||||
services.adblock = {
|
services.adblock = {
|
||||||
startAt = "daily";
|
startAt = "daily";
|
||||||
postStop = "systemctl try-reload-or-restart unbound";
|
postStop = "systemctl try-reload-or-restart unbound";
|
||||||
path = with pkgs; [ gawk wget ];
|
path = with pkgs; [
|
||||||
|
gawk
|
||||||
|
wget
|
||||||
|
];
|
||||||
script = ''
|
script = ''
|
||||||
wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/tif.blacklist.conf > /tmp/new.conf
|
wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/tif.blacklist.conf > /tmp/new.conf
|
||||||
echo 'local-zone: "tiktok.com." always_nxdomain' >> /tmp/new.conf
|
echo 'local-zone: "tiktok.com." always_nxdomain' >> /tmp/new.conf
|
||||||
|
@ -79,7 +100,11 @@
|
||||||
];
|
];
|
||||||
persistence."/persist" = {
|
persistence."/persist" = {
|
||||||
hideMounts = true;
|
hideMounts = true;
|
||||||
directories = [ "/var/lib/nixos" "/var/lib/systemd" "/tmp" ];
|
directories = [
|
||||||
|
"/var/lib/nixos"
|
||||||
|
"/var/lib/systemd"
|
||||||
|
"/tmp"
|
||||||
|
];
|
||||||
files = [
|
files = [
|
||||||
"/etc/machine-id"
|
"/etc/machine-id"
|
||||||
"/etc/adjtime"
|
"/etc/adjtime"
|
||||||
|
@ -93,20 +118,34 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedUDPPorts = [ 53 67 68 ];
|
allowedUDPPorts = [
|
||||||
|
53
|
||||||
|
67
|
||||||
|
68
|
||||||
|
];
|
||||||
allowedTCPPorts = [ 53 ];
|
allowedTCPPorts = [ 53 ];
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.11"; # Did you read the comment?
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
sops.secrets."nixremote/sshkey" = { };
|
sops.secrets."nixremote/sshkey" = { };
|
||||||
nix.buildMachines = [{
|
nix.buildMachines = [
|
||||||
|
{
|
||||||
hostName = "zeus";
|
hostName = "zeus";
|
||||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
systems = [
|
||||||
|
"x86_64-linux"
|
||||||
|
"aarch64-linux"
|
||||||
|
];
|
||||||
protocol = "ssh-ng";
|
protocol = "ssh-ng";
|
||||||
sshKey = config.sops.secrets."nixremote/sshkey".path;
|
sshKey = config.sops.secrets."nixremote/sshkey".path;
|
||||||
sshUser = "nixremote";
|
sshUser = "nixremote";
|
||||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
supportedFeatures = [
|
||||||
}];
|
"nixos-test"
|
||||||
|
"benchmark"
|
||||||
|
"big-parallel"
|
||||||
|
"kvm"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
programs.ssh.extraConfig = ''
|
programs.ssh.extraConfig = ''
|
||||||
Host zeus
|
Host zeus
|
||||||
User nixremote
|
User nixremote
|
||||||
|
@ -117,4 +156,3 @@
|
||||||
nix.distributedBuilds = false;
|
nix.distributedBuilds = false;
|
||||||
#nix.settings.max-jobs = 0;
|
#nix.settings.max-jobs = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,10 @@
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
@ -6,13 +12,21 @@
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "none";
|
device = "none";
|
||||||
fsType = "tmpfs";
|
fsType = "tmpfs";
|
||||||
options = [ "defaults" "mode=755" ];
|
options = [
|
||||||
|
"defaults"
|
||||||
|
"mode=755"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
fileSystems."/persist" = {
|
fileSystems."/persist" = {
|
||||||
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
|
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
neededForBoot = true;
|
neededForBoot = true;
|
||||||
options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/root" ];
|
options = [
|
||||||
|
"compress=lzo"
|
||||||
|
"autodefrag"
|
||||||
|
"defaults"
|
||||||
|
"subvol=@nixos/root"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80";
|
device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80";
|
||||||
|
@ -22,11 +36,15 @@
|
||||||
fileSystems."/nix" = {
|
fileSystems."/nix" = {
|
||||||
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
|
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "compress=lzo" "autodefrag" "defaults" "subvol=@nixos/nix" ];
|
options = [
|
||||||
|
"compress=lzo"
|
||||||
|
"autodefrag"
|
||||||
|
"defaults"
|
||||||
|
"subvol=@nixos/nix"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ # Include the results of the hardware scan.
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../modules/common.nix
|
../../modules/common.nix
|
||||||
../../modules/aarch64-emu.nix
|
../../modules/aarch64-emu.nix
|
||||||
|
@ -29,16 +30,17 @@
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "smolboi"; # Define your hostname.
|
hostName = "smolboi"; # Define your hostname.
|
||||||
networkmanager.enable =
|
networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
||||||
true; # Easiest to use and most distros use this by default.
|
|
||||||
firewall.allowedTCPPorts = [ 22000 ];
|
firewall.allowedTCPPorts = [ 22000 ];
|
||||||
};
|
};
|
||||||
nixpkgs.config = {
|
nixpkgs.config = {
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
permittedInsecurePackages = [ "electron-25.9.0" "nix-2.16.2" ];
|
permittedInsecurePackages = [
|
||||||
|
"electron-25.9.0"
|
||||||
|
"nix-2.16.2"
|
||||||
|
];
|
||||||
packageOverrides = pkgs: {
|
packageOverrides = pkgs: {
|
||||||
steam =
|
steam = pkgs.steam.override { extraPkgs = pkgs: with pkgs; [ winetricks ]; };
|
||||||
pkgs.steam.override { extraPkgs = pkgs: with pkgs; [ winetricks ]; };
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -77,7 +79,10 @@
|
||||||
resolved.enable = true;
|
resolved.enable = true;
|
||||||
btrfs.autoScrub = {
|
btrfs.autoScrub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
fileSystems = [ "/" "/home" ];
|
fileSystems = [
|
||||||
|
"/"
|
||||||
|
"/home"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
hardware = {
|
hardware = {
|
||||||
|
@ -175,24 +180,39 @@
|
||||||
};
|
};
|
||||||
zramSwap = {
|
zramSwap = {
|
||||||
enable = true;
|
enable = true;
|
||||||
writebackDevice =
|
writebackDevice = "/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d";
|
||||||
"/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
"/persist".options =
|
"/persist".options = [
|
||||||
[ "compress=lzo" "autodefrag" "discard=async" "defaults" ];
|
"compress=lzo"
|
||||||
"/nix".options =
|
"autodefrag"
|
||||||
[ "compress=lzo" "autodefrag" "discard=async" "noatime" "defaults" ];
|
"discard=async"
|
||||||
"/steam-library".options =
|
"defaults"
|
||||||
[ "compress=lzo" "autodefrag" "discard=async" "defaults" ];
|
];
|
||||||
"/home".options =
|
"/nix".options = [
|
||||||
[ "compress=lzo" "autodefrag" "discard=async" "defaults" ];
|
"compress=lzo"
|
||||||
|
"autodefrag"
|
||||||
|
"discard=async"
|
||||||
|
"noatime"
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
"/steam-library".options = [
|
||||||
|
"compress=lzo"
|
||||||
|
"autodefrag"
|
||||||
|
"discard=async"
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
"/home".options = [
|
||||||
|
"compress=lzo"
|
||||||
|
"autodefrag"
|
||||||
|
"discard=async"
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
stylix = {
|
stylix = {
|
||||||
image =
|
image = "${pkgs.kdePackages.breeze}/share/wallpapers/Next/contents/images_dark/2560x1440.png";
|
||||||
"${pkgs.kdePackages.breeze}/share/wallpapers/Next/contents/images_dark/2560x1440.png";
|
|
||||||
base16Scheme = "${pkgs.base16-schemes}/share/themes/solarflare.yaml";
|
base16Scheme = "${pkgs.base16-schemes}/share/themes/solarflare.yaml";
|
||||||
fonts = {
|
fonts = {
|
||||||
serif = {
|
serif = {
|
||||||
|
@ -217,4 +237,3 @@
|
||||||
|
|
||||||
system.stateVersion = "23.11"; # Did you read the comment?
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,25 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules =
|
boot.initrd.availableKernelModules = [
|
||||||
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
|
"nvme"
|
||||||
|
"xhci_pci"
|
||||||
|
"ahci"
|
||||||
|
"usb_storage"
|
||||||
|
"usbhid"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
@ -15,7 +27,11 @@
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "none";
|
device = "none";
|
||||||
fsType = "tmpfs";
|
fsType = "tmpfs";
|
||||||
options = [ "defaults" "size=2g" "mode=755" ];
|
options = [
|
||||||
|
"defaults"
|
||||||
|
"size=2g"
|
||||||
|
"mode=755"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/persist" = {
|
fileSystems."/persist" = {
|
||||||
|
@ -59,6 +75,5 @@
|
||||||
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
|
# networking.interfaces.wlp5s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
hardware.cpu.amd.updateMicrocode =
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
# Home Manager needs a bit of information about you and the paths it should
|
# Home Manager needs a bit of information about you and the paths it should
|
||||||
|
@ -97,8 +102,7 @@
|
||||||
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "discord" ];
|
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "discord" ];
|
||||||
permittedInsecurePackages = [ "electron-25.9.0" ];
|
permittedInsecurePackages = [ "electron-25.9.0" ];
|
||||||
};
|
};
|
||||||
xdg.configFile."autostart/yakuake.desktop".source =
|
xdg.configFile."autostart/yakuake.desktop".source = "${pkgs.yakuake}/share/applications/org.kde.yakuake.desktop";
|
||||||
"${pkgs.yakuake}/share/applications/org.kde.yakuake.desktop";
|
|
||||||
|
|
||||||
# Home Manager is pretty good at managing dotfiles. The primary way to manage
|
# Home Manager is pretty good at managing dotfiles. The primary way to manage
|
||||||
# plain files is through 'home.file'.
|
# plain files is through 'home.file'.
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ # Include the results of the hardware scan.
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../modules/common.nix
|
../../modules/common.nix
|
||||||
../../modules/aarch64-emu.nix
|
../../modules/aarch64-emu.nix
|
||||||
|
@ -54,7 +55,9 @@
|
||||||
Name = "bond0";
|
Name = "bond0";
|
||||||
Kind = "bond";
|
Kind = "bond";
|
||||||
};
|
};
|
||||||
bondConfig = { Mode = "active-backup"; };
|
bondConfig = {
|
||||||
|
Mode = "active-backup";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
lan-shim = {
|
lan-shim = {
|
||||||
netdevConfig = {
|
netdevConfig = {
|
||||||
|
@ -62,7 +65,9 @@
|
||||||
Kind = "macvlan";
|
Kind = "macvlan";
|
||||||
MACAddress = "3e:53:37:25:08:ef";
|
MACAddress = "3e:53:37:25:08:ef";
|
||||||
};
|
};
|
||||||
macvlanConfig = { Mode = "bridge"; };
|
macvlanConfig = {
|
||||||
|
Mode = "bridge";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.network.networks = {
|
systemd.network.networks = {
|
||||||
|
@ -76,8 +81,10 @@
|
||||||
};
|
};
|
||||||
lan-shim = {
|
lan-shim = {
|
||||||
name = "lan-shim";
|
name = "lan-shim";
|
||||||
address =
|
address = [
|
||||||
[ "10.42.69.100/24" "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" ];
|
"10.42.69.100/24"
|
||||||
|
"fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64"
|
||||||
|
];
|
||||||
dns = [ "10.42.69.2" ];
|
dns = [ "10.42.69.2" ];
|
||||||
domains = [ "icanttype.org" ];
|
domains = [ "icanttype.org" ];
|
||||||
gateway = [ "10.42.69.1" ];
|
gateway = [ "10.42.69.1" ];
|
||||||
|
@ -100,7 +107,10 @@
|
||||||
CONTAINERS = "1";
|
CONTAINERS = "1";
|
||||||
POST = "0";
|
POST = "0";
|
||||||
};
|
};
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
swag = {
|
swag = {
|
||||||
image = "lscr.io/linuxserver/swag:2.9.0-ls292";
|
image = "lscr.io/linuxserver/swag:2.9.0-ls292";
|
||||||
|
@ -112,8 +122,7 @@
|
||||||
SUBDOMAINS = "wildcard";
|
SUBDOMAINS = "wildcard";
|
||||||
DNSPLUGIN = "cloudflare";
|
DNSPLUGIN = "cloudflare";
|
||||||
DOCKER_HOST = "dockerproxy";
|
DOCKER_HOST = "dockerproxy";
|
||||||
DOCKER_MODS =
|
DOCKER_MODS = "linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared";
|
||||||
"linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared";
|
|
||||||
CF_ZONE_ID = "4e68852334290a922718696a0986e75a";
|
CF_ZONE_ID = "4e68852334290a922718696a0986e75a";
|
||||||
CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa";
|
CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa";
|
||||||
CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ";
|
CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ";
|
||||||
|
@ -122,7 +131,10 @@
|
||||||
FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml";
|
FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml";
|
||||||
EMAIL = "cdombroski@gmail.com";
|
EMAIL = "cdombroski@gmail.com";
|
||||||
};
|
};
|
||||||
ports = [ "80:80" "443:443" ];
|
ports = [
|
||||||
|
"80:80"
|
||||||
|
"443:443"
|
||||||
|
];
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=newer"
|
"--pull=newer"
|
||||||
"--network=www"
|
"--network=www"
|
||||||
|
@ -148,8 +160,14 @@
|
||||||
};
|
};
|
||||||
environmentFiles = [ config.sops.templates."docker.env".path ];
|
environmentFiles = [ config.sops.templates."docker.env".path ];
|
||||||
labels.swag = "enable";
|
labels.swag = "enable";
|
||||||
ports = [ "1900:1900/udp" "7359:7359/udp" ];
|
ports = [
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
"1900:1900/udp"
|
||||||
|
"7359:7359/udp"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
zwave-js-ui = {
|
zwave-js-ui = {
|
||||||
image = "my-zwave-js-ui:latest";
|
image = "my-zwave-js-ui:latest";
|
||||||
|
@ -170,79 +188,133 @@
|
||||||
swag_url = "zwave.icanttype.org";
|
swag_url = "zwave.icanttype.org";
|
||||||
swag_port = "8091";
|
swag_port = "8091";
|
||||||
};
|
};
|
||||||
extraOptions = [ "--network=www" "--device=/dev/ttyACM0:/dev/zwave" ];
|
extraOptions = [
|
||||||
|
"--network=www"
|
||||||
|
"--device=/dev/ttyACM0:/dev/zwave"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
homeassistant = {
|
homeassistant = {
|
||||||
image = "lscr.io/linuxserver/homeassistant:latest";
|
image = "lscr.io/linuxserver/homeassistant:latest";
|
||||||
volumes = [ "homeassistant-config:/config" ];
|
volumes = [ "homeassistant-config:/config" ];
|
||||||
environment.TZ = "America/New_York";
|
environment.TZ = "America/New_York";
|
||||||
labels.swag = "enable";
|
labels.swag = "enable";
|
||||||
extraOptions = [ "--pull=newer" "--network=www" "--network=lan" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
"--network=lan"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
postgres = {
|
postgres = {
|
||||||
image = "docker.io/library/postgres:15";
|
image = "docker.io/library/postgres:15";
|
||||||
volumes = [ "postgres-15:/var/lib/postgresql/data" ];
|
volumes = [ "postgres-15:/var/lib/postgresql/data" ];
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
calibre = {
|
calibre = {
|
||||||
image = "lscr.io/linuxserver/calibre:latest";
|
image = "lscr.io/linuxserver/calibre:latest";
|
||||||
volumes = [ "calibre-config:/config" "/video-data:/data" ];
|
volumes = [
|
||||||
|
"calibre-config:/config"
|
||||||
|
"/video-data:/data"
|
||||||
|
];
|
||||||
environment.TZ = "America/New_York";
|
environment.TZ = "America/New_York";
|
||||||
labels.swag = "enable";
|
labels.swag = "enable";
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
calibre-web = {
|
calibre-web = {
|
||||||
image = "lscr.io/linuxserver/calibre-web:latest";
|
image = "lscr.io/linuxserver/calibre-web:latest";
|
||||||
volumes = [ "calibre-web-config:/config" "/video-data:/data" ];
|
volumes = [
|
||||||
|
"calibre-web-config:/config"
|
||||||
|
"/video-data:/data"
|
||||||
|
];
|
||||||
environment.TZ = "America/New_York";
|
environment.TZ = "America/New_York";
|
||||||
labels.swag = "enable";
|
labels.swag = "enable";
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
flaresolverr = {
|
flaresolverr = {
|
||||||
image = "ghcr.io/flaresolverr/flaresolverr:latest";
|
image = "ghcr.io/flaresolverr/flaresolverr:latest";
|
||||||
environment.LOG_LEVEL = "info";
|
environment.LOG_LEVEL = "info";
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
qbittorrent = {
|
qbittorrent = {
|
||||||
image = "lscr.io/linuxserver/qbittorrent:latest";
|
image = "lscr.io/linuxserver/qbittorrent:latest";
|
||||||
volumes =
|
volumes = [
|
||||||
[ "qbittorrent-config:/config" "/video-data/torrent:/data/torrent" ];
|
"qbittorrent-config:/config"
|
||||||
|
"/video-data/torrent:/data/torrent"
|
||||||
|
];
|
||||||
environment = {
|
environment = {
|
||||||
TZ = "America/New_York";
|
TZ = "America/New_York";
|
||||||
UMASK_SET = "000";
|
UMASK_SET = "000";
|
||||||
DELUGE_LOGLEVEL = "error";
|
DELUGE_LOGLEVEL = "error";
|
||||||
};
|
};
|
||||||
labels.swag = "enable";
|
labels.swag = "enable";
|
||||||
ports = [ "34996:34996" "34996:34996/udp" ];
|
ports = [
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
"34996:34996"
|
||||||
|
"34996:34996/udp"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
prowlarr = {
|
prowlarr = {
|
||||||
image = "lscr.io/linuxserver/prowlarr:latest";
|
image = "lscr.io/linuxserver/prowlarr:latest";
|
||||||
volumes = [ "prowlarr-config:/config" ];
|
volumes = [ "prowlarr-config:/config" ];
|
||||||
environment.TZ = "America/New_York";
|
environment.TZ = "America/New_York";
|
||||||
labels.swag = "enable";
|
labels.swag = "enable";
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
readarr = {
|
readarr = {
|
||||||
image = "lscr.io/linuxserver/readarr:develop";
|
image = "lscr.io/linuxserver/readarr:develop";
|
||||||
volumes = [ "readarr-config:/config" "/video-data:/data" ];
|
volumes = [
|
||||||
|
"readarr-config:/config"
|
||||||
|
"/video-data:/data"
|
||||||
|
];
|
||||||
environment.TZ = "America/New_York";
|
environment.TZ = "America/New_York";
|
||||||
labels.swag = "enable";
|
labels.swag = "enable";
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
radarr = {
|
radarr = {
|
||||||
image = "lscr.io/linuxserver/radarr:latest";
|
image = "lscr.io/linuxserver/radarr:latest";
|
||||||
volumes = [ "radarr-config:/config" "/video-data:/data" ];
|
volumes = [
|
||||||
|
"radarr-config:/config"
|
||||||
|
"/video-data:/data"
|
||||||
|
];
|
||||||
environment.TZ = "America/New_York";
|
environment.TZ = "America/New_York";
|
||||||
labels.swag = "enable";
|
labels.swag = "enable";
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
sonarr = {
|
sonarr = {
|
||||||
image = "lscr.io/linuxserver/sonarr:latest";
|
image = "lscr.io/linuxserver/sonarr:latest";
|
||||||
volumes = [ "sonarr-config:/config" "/video-data:/data" ];
|
volumes = [
|
||||||
|
"sonarr-config:/config"
|
||||||
|
"/video-data:/data"
|
||||||
|
];
|
||||||
environment.TZ = "America/New_York";
|
environment.TZ = "America/New_York";
|
||||||
labels.swag = "enable";
|
labels.swag = "enable";
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
static = {
|
static = {
|
||||||
image = "docker.io/library/nginx:alpine";
|
image = "docker.io/library/nginx:alpine";
|
||||||
|
@ -254,31 +326,55 @@
|
||||||
swag = "enable";
|
swag = "enable";
|
||||||
swag_url = "www.icanttype.org";
|
swag_url = "www.icanttype.org";
|
||||||
};
|
};
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
forgejo = {
|
forgejo = {
|
||||||
image = "codeberg.org/forgejo/forgejo:8";
|
image = "codeberg.org/forgejo/forgejo:8";
|
||||||
volumes = [ "forgejo-data:/data" "/etc/localtime:/etc/localtime:ro" ];
|
volumes = [
|
||||||
|
"forgejo-data:/data"
|
||||||
|
"/etc/localtime:/etc/localtime:ro"
|
||||||
|
];
|
||||||
labels = {
|
labels = {
|
||||||
swag = "enable";
|
swag = "enable";
|
||||||
swag_url = "git.icanttype.org";
|
swag_url = "git.icanttype.org";
|
||||||
swag_port = "3000";
|
swag_port = "3000";
|
||||||
};
|
};
|
||||||
ports = [ "10022:22" ];
|
ports = [ "10022:22" ];
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
docker_dind = {
|
docker_dind = {
|
||||||
image = "docker.io/library/docker:dind";
|
image = "docker.io/library/docker:dind";
|
||||||
cmd = [ "dockerd" "-H" "tcp://0.0.0.0:2375" "--tls=false" ];
|
cmd = [
|
||||||
extraOptions = [ "--pull=newer" "--privileged" "--network=www" ];
|
"dockerd"
|
||||||
|
"-H"
|
||||||
|
"tcp://0.0.0.0:2375"
|
||||||
|
"--tls=false"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--privileged"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
runner = {
|
runner = {
|
||||||
image = "code.forgejo.org/forgejo/runner:3.4.1";
|
image = "code.forgejo.org/forgejo/runner:3.4.1";
|
||||||
dependsOn = [ "docker_dind" ];
|
dependsOn = [ "docker_dind" ];
|
||||||
environment.DOCKER_HOST = "tcp://docker_dind:2375";
|
environment.DOCKER_HOST = "tcp://docker_dind:2375";
|
||||||
volumes = [ "forgejo-runner:/data" ];
|
volumes = [ "forgejo-runner:/data" ];
|
||||||
cmd = [ "forgejo-runner" "daemon" ];
|
cmd = [
|
||||||
extraOptions = [ "--pull=newer" "--network=www" ];
|
"forgejo-runner"
|
||||||
|
"daemon"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--pull=newer"
|
||||||
|
"--network=www"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -287,8 +383,14 @@
|
||||||
allowedUDPPorts = [ 53 ];
|
allowedUDPPorts = [ 53 ];
|
||||||
allowedTCPPorts = [ 53 ];
|
allowedTCPPorts = [ 53 ];
|
||||||
};
|
};
|
||||||
allowedUDPPorts = [ 137 138 ];
|
allowedUDPPorts = [
|
||||||
allowedTCPPorts = [ 139 445 ];
|
137
|
||||||
|
138
|
||||||
|
];
|
||||||
|
allowedTCPPorts = [
|
||||||
|
139
|
||||||
|
445
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.nixremote = {
|
users.users.nixremote = {
|
||||||
|
@ -312,7 +414,11 @@
|
||||||
persistence."/persist" = {
|
persistence."/persist" = {
|
||||||
enableWarnings = false;
|
enableWarnings = false;
|
||||||
hideMounts = true;
|
hideMounts = true;
|
||||||
directories = [ "/srv/docker" "/tmp" "/etc/containers/networks" ];
|
directories = [
|
||||||
|
"/srv/docker"
|
||||||
|
"/tmp"
|
||||||
|
"/etc/containers/networks"
|
||||||
|
];
|
||||||
files = [
|
files = [
|
||||||
"/etc/machine-id"
|
"/etc/machine-id"
|
||||||
"/etc/adjtime"
|
"/etc/adjtime"
|
||||||
|
@ -371,4 +477,3 @@
|
||||||
system.stateVersion = "23.11"; # Did you read the comment?
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,13 +1,23 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules =
|
boot.initrd.availableKernelModules = [
|
||||||
[ "ohci_pci" "ehci_pci" "sata_nv" "sd_mod" ];
|
"ohci_pci"
|
||||||
|
"ehci_pci"
|
||||||
|
"sata_nv"
|
||||||
|
"sd_mod"
|
||||||
|
];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
@ -15,7 +25,10 @@
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "none";
|
device = "none";
|
||||||
fsType = "tmpfs";
|
fsType = "tmpfs";
|
||||||
options = [ "defaults" "mode=755" ];
|
options = [
|
||||||
|
"defaults"
|
||||||
|
"mode=755"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/persist" = {
|
fileSystems."/persist" = {
|
||||||
|
@ -73,6 +86,5 @@
|
||||||
networking.useDHCP = lib.mkDefault false;
|
networking.useDHCP = lib.mkDefault false;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
hardware.cpu.amd.updateMicrocode =
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue