reintro mantis

1 files changed, 72 insertions, 188 deletions

diff --git a/hosts/mantis/configuration.nix b/hosts/mantis/configuration.nix
index 8f71964..acc2a49 100644
--- a/hosts/mantis/configuration.nix
+++ b/hosts/mantis/configuration.nix
@@ -1,222 +1,105 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ config, lib, pkgs, self, ... }:
+{ config, lib, pkgs, ... }:
 
 {
   imports =
-    [
-      # Include the results of the hardware scan.
+    [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
     ];
 
-  nixpkgs.overlays = with self.overlays; [
-    flaresolverr
-  ];
-
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
   networking.hostName = "mantis"; # Define your hostname.
-  networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant.
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
 
+  # Set your time zone.
   time.timeZone = "Europe/London";
-  i18n.defaultLocale = "en_US.UTF-8";
 
-  nixpkgs.config.packageOverrides = pkgs: {
-    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
-  };
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  #   useXkbConfig = true; # use xkb.options in tty.
+  # };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+
+  # Enable the GNOME Desktop Environment.
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+  
+
+  # Configure keymap in X11
+  # services.xserver.xkb.layout = "us";
+  # services.xserver.xkb.options = "eurosign:e,caps:escape";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
 
   # Enable sound.
-  sound.enable = true;
-  hardware.pulseaudio.enable = true;
-  hardware.opengl = {
-    enable = true;
-    extraPackages = with pkgs; [
-      intel-media-driver
-      vaapiIntel
-      vaapiVdpau
-      libvdpau-va-gl
-      intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
-    ];
-  };
+  # hardware.pulseaudio.enable = true;
+  # OR
+  # services.pipewire = {
+  #   enable = true;
+  #   pulse.enable = true;
+  # };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.xserver.libinput.enable = true;
+  services.tailscale.enable = true;
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.op = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "tty" ];
-    packages = with pkgs; [ ];
-    home = "/home/op";
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle"
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    packages = with pkgs; [
+      qutebrowser
+      tree
     ];
+    createHome = true;
+    home = "/home/op";
   };
-  users.groups."torrent".members = [
-    "op"
-    "sonarr"
-    "radarr"
-    "bazarr"
-    "jackett"
-    "lidarr"
-    "jellyfin"
-    "transmission"
-  ];
 
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
   environment.systemPackages = with pkgs; [
-    vim
+    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
     wget
-    pkgs.jellyfin
-    pkgs.jellyfin-web
-    pkgs.jellyfin-ffmpeg
-
-    pkgs.htop
-    pkgs.ripgrep
-    pkgs.git
+    git
   ];
 
-  services.openssh.enable = true;
-  services.nginx.enable = true;
-  services.tailscale.enable = true;
-
-  services.jellyfin = {
-    enable = true;
-    openFirewall = true;
-    group = "torrent";
-  };
-  services.nginx.virtualHosts."stream.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:8096";
-      proxyWebsockets = true;
-    };
-  };
-
-  services.navidrome = {
-    enable = true;
-    openFirewall = true;
-    settings = {
-      MusicFolder = "/servarr/lidarr/";
-      DataFolder = "/etc/navidrome/data";
-      CacheFolder = "/etc/navidrome/cache";
-      Address = "0.0.0.0";
-      Port = 4533;
-      AuthRequestLimit = 0;
-      EnableTranscodingConfig = true;
-    };
-  };
-  services.nginx.virtualHosts."music.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:4533";
-      proxyWebsockets = true;
-    };
-  };
-
-  services.transmission = {
-    enable = true;
-    openFirewall = true;
-    openRPCPort = true;
-    group = "torrent";
-    settings = {
-      download-dir = "/torrents";
-      incomplete-dir = "/.incomplete";
-      rpc-bind-address = "0.0.0.0";
-      rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*";
-    };
-  };
-  services.nginx.virtualHosts."torrent.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:9091";
-    };
-  };
-
-  services.sonarr = {
-    enable = true;
-    openFirewall = true;
-    group = "torrent";
-  };
-  services.nginx.virtualHosts."sonarr.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:8989";
-    };
-  };
-
-  services.radarr = {
-    enable = true;
-    openFirewall = true;
-    group = "torrent";
-  };
-  services.nginx.virtualHosts."radarr.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:7878";
-    };
-  };
-
-  services.bazarr = {
-    enable = true;
-    openFirewall = true;
-    group = "torrent";
-  };
-  services.nginx.virtualHosts."bazarr.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:6767";
-    };
-  };
-
-  services.jackett = {
-    enable = true;
-    openFirewall = true;
-    group = "torrent";
-  };
-  services.nginx.virtualHosts."jackett.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:9117";
-    };
-  };
-
-  services.lidarr = {
-    enable = true;
-    openFirewall = true;
-    group = "torrent";
-  };
-  services.nginx.virtualHosts."lidarr.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:8686";
-    };
-  };
-
-  services.flaresolverr.enable = true;
-
-  services.radicale = {
-    enable = true;
-    settings = {
-      server.hosts = [ "0.0.0.0:5232" ];
-      auth = {
-        type = "htpasswd";
-        htpasswd_filename = "/etc/radicale/users";
-        htpasswd_encryption = "bcrypt";
-      };
-    };
-  };
-  services.nginx.virtualHosts."radicale.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:5232";
-    };
-  };
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
 
+  # List services that you want to enable:
 
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
   # accidentally delete configuration.nix.
@@ -229,7 +112,8 @@
   # even if you've upgraded your system to a new NixOS release.
   #
   # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
-  # so changing it will NOT upgrade your system.
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
   #
   # This value being lower than the current NixOS release does NOT mean your system is
   # out of date, out of support, or vulnerable.
@@ -238,7 +122,7 @@
   # and migrated your data accordingly.
   #
   # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 
 }