{ config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ../../modules/common.nix ../../modules/aarch64-emu.nix ../../modules/networkd-base.nix ../../modules/smartd.nix ../../modules/plymouth.nix ]; boot = { loader = { grub = { enable = true; efiSupport = true; mirroredBoots = [ { devices = [ "nodev" ]; path = "/efi"; } { devices = [ "nodev" ]; path = "/efi1"; } ]; }; efi = { canTouchEfiVariables = true; efiSysMountPoint = "/efi"; }; }; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; }; sops = { secrets."tailscale/authkey" = {}; templates."docker.env".content = '' TAILSCALE_AUTHKEY=${config.sops.placeholder."tailscale/authkey"} ''; }; networking.hostName = "zeus"; # Define your hostname. networking.hostId = "9e95b576"; systemd.services = { recyclarr = { script = "${pkgs.recyclarr}/bin/recyclarr sync"; startAt = "daily"; }; }; systemd.network.netdevs = { bond0 = { netdevConfig = { Name = "bond0"; Kind = "bond"; }; bondConfig = { Mode = "active-backup"; }; }; lan-shim = { netdevConfig = { Name = "lan-shim"; Kind = "macvlan"; MACAddress = "3e:53:37:25:08:ef"; }; macvlanConfig = { Mode = "bridge"; }; }; }; systemd.network.networks = { "00-bondage" = { name = "eno*"; networkConfig.Bond = "bond0"; }; bond0 = { name = "bond0"; networkConfig.MACVLAN = "lan-shim"; }; lan-shim = { name = "lan-shim"; address = [ "10.42.69.100/24" "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64" ]; dns = [ "10.42.69.2" ]; domains = [ "icanttype.org" ]; gateway = [ "10.42.69.1" ]; }; }; virtualisation = { containers.enable = true; podman = { enable = true; dockerCompat = true; defaultNetwork.settings.dns_enabled = true; }; oci-containers.containers = { dockerproxy = { image = "ghcr.io/tecnativa/docker-socket-proxy:latest"; volumes = [ "/var/run/podman/podman.sock:/var/run/docker.sock:ro" ]; environment = { CONTAINERS = "1"; POST = "0"; }; extraOptions = [ "--pull=newer" "--network=www" ]; }; swag = { image = "lscr.io/linuxserver/swag:2.9.0-ls292"; volumes = [ "swag-config:/config" ]; environment = { TZ = "America/New_York"; URL = "icanttype.org"; VALIDATION = "dns"; SUBDOMAINS = "wildcard"; DNSPLUGIN = "cloudflare"; DOCKER_HOST = "dockerproxy"; DOCKER_MODS = "linuxserver/mods:swag-dashboard|linuxserver/mods:swag-auto-proxy|linuxserver/mods:universal-docker|linuxserver/mods:universal-cloudflared"; CF_ZONE_ID = "4e68852334290a922718696a0986e75a"; CF_ACCOUNT_ID = "5c1c252b9d9a9af6ea3a5de8590f36fa"; CF_API_TOKEN = "mRfY8ubtFUxzVuehI6WFipSQFIcstCNds7RF5FTQ"; CF_TUNNEL_NAME = "icanttype.org"; CF_TUNNEL_PASSWORD = "iZh4UYxVSo3S2H3XwwboM2z@mJEqYJkQ5yMTfd5p"; FILE__CF_TUNNEL_CONFIG = "/config/tunnelconfig.yml"; EMAIL = "cdombroski@gmail.com"; }; ports = [ "80:80" "443:443" ]; extraOptions = [ "--pull=newer" "--network=www" "--cap-add" "NET_ADMIN" "--network-alias=icanttype.org" ]; }; jellyfin = { image = "lscr.io/linuxserver/jellyfin:latest"; volumes = [ "jellyfin-config:/config" "/video-data/media:/data/media" "jellyfin-tailscale:/var/lib/tailscale"]; environment = { DOCKER_MODS="ghcr.io/tailscale-dev/docker-mod:main"; TAILSCALE_STATE_DIR="/var/lib/tailscale"; TAILSCALE_HOSTNAME="jellyfin"; TAILSCALE_SERVE_PORT="8096"; TAILSCALE_SERVE_MODE="http"; TZ = "America/New_York"; }; environmentFiles = [ config.sops.templates."docker.env".path ]; labels.swag = "enable"; ports = [ "1900:1900/udp" "7359:7359/udp" ]; extraOptions = [ "--pull=newer" "--network=www" ]; }; zwave-js-ui = { image = "my-zwave-js-ui"; imageFile = pkgs.dockerTools.buildImage { name = "my-zwave-js-ui"; config.Cmd = "${pkgs.zwave-js-ui}/bin/zwave-js-ui"; }; volumes = [ "zwave-config:/usr/src/app/store" ]; environment.TZ = "America/New_York"; labels = { swag = "enable"; swag_url = "zwave.icanttype.org"; }; extraOptions = [ "--pull=newer" "--network=www" "--device=/dev/ttyACM0:/dev/zwave" ]; }; homeassistant = { image = "lscr.io/linuxserver/homeassistant:latest"; volumes = [ "homeassistant-config:/config" ]; environment.TZ = "America/New_York"; labels.swag = "enable"; extraOptions = [ "--pull=newer" "--network=www" "--network=lan" ]; }; postgres = { image = "docker.io/library/postgres:15"; volumes = [ "postgres-15:/var/lib/postgresql/data" ]; extraOptions = [ "--pull=newer" "--network=www" ]; }; calibre = { image = "lscr.io/linuxserver/calibre:latest"; volumes = [ "calibre-config:/config" "/video-data:/data" ]; environment.TZ = "America/New_York"; labels.swag = "enable"; extraOptions = [ "--pull=newer" "--network=www" ]; }; calibre-web = { image = "lscr.io/linuxserver/calibre-web:latest"; volumes = [ "calibre-web-config:/config" "/video-data:/data" ]; environment.TZ = "America/New_York"; labels.swag = "enable"; extraOptions = [ "--pull=newer" "--network=www" ]; }; flaresolverr = { image = "ghcr.io/flaresolverr/flaresolverr:latest"; environment.LOG_LEVEL = "info"; extraOptions = [ "--pull=newer" "--network=www" ]; }; qbittorrent = { image = "lscr.io/linuxserver/qbittorrent:latest"; volumes = [ "qbittorrent-config:/config" "/video-data/torrent:/data/torrent" ]; environment = { TZ = "America/New_York"; UMASK_SET = "000"; DELUGE_LOGLEVEL = "error"; }; labels.swag = "enable"; ports = [ "34996:34996" "34996:34996/udp" ]; extraOptions = [ "--pull=newer" "--network=www" ]; }; prowlarr = { image = "lscr.io/linuxserver/prowlarr:latest"; volumes = [ "prowlarr-config:/config" ]; environment.TZ = "America/New_York"; labels.swag = "enable"; extraOptions = [ "--pull=newer" "--network=www" ]; }; readarr = { image = "lscr.io/linuxserver/readarr:develop"; volumes = [ "readarr-config:/config" "/video-data:/data" ]; environment.TZ = "America/New_York"; labels.swag = "enable"; extraOptions = [ "--pull=newer" "--network=www" ]; }; radarr = { image = "lscr.io/linuxserver/radarr:latest"; volumes = [ "radarr-config:/config" "/video-data:/data" ]; environment.TZ = "America/New_York"; labels.swag = "enable"; extraOptions = [ "--pull=newer" "--network=www" ]; }; sonarr = { image = "lscr.io/linuxserver/sonarr:latest"; volumes = [ "sonarr-config:/config" "/video-data:/data" ]; environment.TZ = "America/New_York"; labels.swag = "enable"; extraOptions = [ "--pull=newer" "--network=www" ]; }; static = { image = "docker.io/library/nginx:alpine"; volumes = [ "/srv/docker/nginx/static:/usr/share/nginx/html:ro" "/srv/docker/nginx/config/static/default.conf:/etc/nginx/config.d/default.conf:ro" ]; labels = { swag = "enable"; swag_url = "www.icanttype.org"; }; extraOptions = [ "--pull=newer" "--network=www" ]; }; forgejo = { image = "codeberg.org/forgejo/forgejo:7"; volumes = [ "forgejo-data:/data" "/etc/localtime:/etc/localtime:ro" ]; labels = { swag = "enable"; swag_url = "git.icanttype.org"; swag_port = "3000"; }; ports = [ "10022:22" ]; extraOptions = [ "--pull=newer" "--network=www" ]; }; docker_dind = { image = "docker.io/library/docker:dind"; cmd = [ "dockerd" "-H" "tcp://0.0.0.0:2375" "--tls=false" ]; extraOptions = [ "--pull=newer" "--privileged" "--network=www" ]; }; runner = { image = "code.forgejo.org/forgejo/runner:3.4.1"; dependsOn = [ "docker_dind" ]; environment.DOCKER_HOST = "tcp://docker_dind:2375"; volumes = [ "forgejo-runner:/data" ]; cmd = [ "forgejo-runner" "daemon" ]; extraOptions = [ "--pull=newer" "--network=www" ]; }; }; }; networking.firewall = { interfaces."podman+" = { allowedUDPPorts = [ 53 ]; allowedTCPPorts = [ 53 ]; }; allowedUDPPorts = [ 137 138 ]; allowedTCPPorts = [ 139 445 ]; }; users.users.nixremote = { description = "User for remote builds"; isNormalUser = true; uid = 1100; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole" ]; }; environment = { systemPackages = with pkgs; [ vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. dive podman-tui docker-compose tcpdump ethtool recyclarr ]; persistence."/persist" = { hideMounts = true; directories = [ "/srv/docker" "/tmp" "/etc/containers/networks" ]; files = [ "/etc/machine-id" "/etc/adjtime" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" ]; }; }; services = { samba = { enable = true; shares = { media = { path = "/video-data"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes"; }; }; }; avahi = { enable = true; nssmdns4 = true; nssmdns6 = true; openFirewall = true; extraServiceFiles = { smb = '' %h _smb._tcp 445 ''; }; }; }; services.zfs.autoScrub.enable = true; services.zfs.zed.settings = { ZED_EMAIL_ADDR = [ "root" ]; ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp"; ZED_EMAIL_OPTS = "@ADDRESS@"; ZED_NOTIFY_INTERVAL_SECS = 3600; ZED_NOTIFY_VERBOSE = true; ZED_USE_ENCLOSURE_LEDS = true; ZED_SCRUB_AFTER_RESILVER = true; }; services.zfs.zed.enableMail = false; system.stateVersion = "23.11"; # Did you read the comment? zramSwap.enable = true; }