1 files changed, 61 insertions, 185 deletions
diff --git a/hosts/mantis/configuration.nix b/hosts/mantis/configuration.nix
index 8f71964..d96f321 100644
--- a/hosts/mantis/configuration.nix
+++ b/hosts/mantis/configuration.nix
@@ -1,5 +1,3 @@
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 { config, lib, pkgs, self, ... }:
@@ -11,217 +9,94 @@
      ./hardware-configuration.nix
    ];
-  nixpkgs.overlays = with self.overlays; [
-    flaresolverr
-  ];
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+  boot.kernelParams = [ "i915.force_probe=4650" ];
-  networking.hostName = "mantis"; # Define your hostname.
+  networking.hostName = "mantis";
-  networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant.
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
  time.timeZone = "Europe/London";
-  i18n.defaultLocale = "en_US.UTF-8";
-  nixpkgs.config.packageOverrides = pkgs: {
+  nixpkgs.overlays = with self.overlays; [
-    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+    prompt
-  };
+    better-text-objs
+    vim-colors-plain
+  ];
-  # Enable sound.
+  nixpkgs.config = {
-  sound.enable = true;
+    "2bwm".patches = [
-  hardware.pulseaudio.enable = true;
+      ../../patches/2bwm/nerd-patch.diff
-  hardware.opengl = {
-    enable = true;
-    extraPackages = with pkgs; [
-      intel-media-driver
-      vaapiIntel
-      vaapiVdpau
-      libvdpau-va-gl
-      intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
    ];
+    st = {
+      conf = builtins.readFile ../../programs/st/config.h;
+      extraLibs = with pkgs; [ harfbuzz ];
+      patches = [
+        ../../patches/st/xres.diff
+        ../../patches/st/bright.diff
+        ../../patches/st/ligatures.diff
+      ];
+    };
  };
-  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.op = {
    isNormalUser = true;
-    extraGroups = [ "wheel" "tty" ];
+    extraGroups = [ "wheel" "docker" ];
-    packages = with pkgs; [ ];
+    packages = with pkgs; [
-    home = "/home/op";
+      qutebrowser
-    openssh.authorizedKeys.keys = [
+      tree
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle"
    ];
-  };
+    createHome = true;
-  users.groups."torrent".members = [
+    home = "/home/op";
-    "op"
-    "sonarr"
-    "radarr"
-    "bazarr"
-    "jackett"
-    "lidarr"
-    "jellyfin"
-    "transmission"
-  ];
-  environment.systemPackages = with pkgs; [
-    vim
-    wget
-    pkgs.jellyfin
-    pkgs.jellyfin-web
-    pkgs.jellyfin-ffmpeg
-    pkgs.htop
-    pkgs.ripgrep
-    pkgs.git
-  ];
-  services.openssh.enable = true;
-  services.nginx.enable = true;
-  services.tailscale.enable = true;
-  services.jellyfin = {
-    enable = true;
-    openFirewall = true;
-    group = "torrent";
-  };
-  services.nginx.virtualHosts."stream.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:8096";
-      proxyWebsockets = true;
-    };
-  };
-  services.navidrome = {
-    enable = true;
-    openFirewall = true;
-    settings = {
-      MusicFolder = "/servarr/lidarr/";
-      DataFolder = "/etc/navidrome/data";
-      CacheFolder = "/etc/navidrome/cache";
-      Address = "0.0.0.0";
-      Port = 4533;
-      AuthRequestLimit = 0;
-      EnableTranscodingConfig = true;
-    };
-  };
-  services.nginx.virtualHosts."music.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:4533";
-      proxyWebsockets = true;
-    };
-  };
-  services.transmission = {
-    enable = true;
-    openFirewall = true;
-    openRPCPort = true;
-    group = "torrent";
-    settings = {
-      download-dir = "/torrents";
-      incomplete-dir = "/.incomplete";
-      rpc-bind-address = "0.0.0.0";
-      rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*";
-    };
-  };
-  services.nginx.virtualHosts."torrent.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:9091";
-    };
  };
-  services.sonarr = {
+  environment = {
-    enable = true;
+    systemPackages = with pkgs; [
-    openFirewall = true;
+      man-pages
-    group = "torrent";
+      man-pages-posix
-  };
+      (lib.hiPrio pkgs.bashInteractive)
-  services.nginx.virtualHosts."sonarr.mantis" = {
+      _2bwm
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
+    ];
-    locations."/" = {
+    variables = {
-      proxyPass = "http://127.0.0.1:8989";
+      QT_SCALE_FACTOR_ROUNDING_POLICY = "RoundPreferFloor";
+      NIXOS_OZONE_WL = "1";
    };
  };
-  services.radarr = {
+  services = {
-    enable = true;
+    openssh = {
-    openFirewall = true;
+      enable = true;
-    group = "torrent";
+      settings = {
-  };
+        X11Forwarding = true;
-  services.nginx.virtualHosts."radarr.mantis" = {
+        PrintMotd = true;
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
+      };
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:7878";
    };
-  };
+    tailscale.enable = true;
+    libinput.enable = true;
-  services.bazarr = {
+    xserver = {
-    enable = true;
+      enable = true;
-    openFirewall = true;
+      displayManager.startx.enable = true;
-    group = "torrent";
-  };
-  services.nginx.virtualHosts."bazarr.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:6767";
    };
  };
-  services.jackett = {
+  hardware.graphics.extraPackages = [
-    enable = true;
+    pkgs.vpl-gpu-rt
-    openFirewall = true;
+  ];
-    group = "torrent";
-  };
-  services.nginx.virtualHosts."jackett.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:9117";
-    };
-  };
-  services.lidarr = {
+  services.pipewire = {
    enable = true;
-    openFirewall = true;
+    alsa.enable = true;
-    group = "torrent";
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
  };
-  services.nginx.virtualHosts."lidarr.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:8686";
-    };
-  };
-  services.flaresolverr.enable = true;
-  services.radicale = {
-    enable = true;
-    settings = {
-      server.hosts = [ "0.0.0.0:5232" ];
-      auth = {
-        type = "htpasswd";
-        htpasswd_filename = "/etc/radicale/users";
-        htpasswd_encryption = "bcrypt";
-      };
-    };
-  };
-  services.nginx.virtualHosts."radicale.mantis" = {
-    listen = [{ port = 80; addr = "0.0.0.0"; }];
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:5232";
-    };
-  };
+  virtualisation.docker.enable = true;
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  # system.copySystemConfiguration = true;
  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
@@ -229,7 +104,8 @@
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
-  # so changing it will NOT upgrade your system.
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
@@ -238,7 +114,7 @@
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }

diff --git a/hosts/mantis/configuration.nix b/hosts/mantis/configuration.nix index 8f71964..d96f321 100644 --- a/hosts/mantis/configuration.nix +++ b/hosts/mantis/configuration.nix
@@ -1,5 +1,3 @@
1	# Edit this configuration file to define what should be installed on
2	# your system. Help is available in the configuration.nix(5) man page, on
3	# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).	1	# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
4		2
5	{ config, lib, pkgs, self, ... }:	3	{ config, lib, pkgs, self, ... }:
@@ -11,217 +9,94 @@
11	./hardware-configuration.nix	9	./hardware-configuration.nix
12	];	10	];
13		11
14	nixpkgs.overlays = with self.overlays; [
15	flaresolverr
16	];
17
18	# Use the systemd-boot EFI boot loader.	12	# Use the systemd-boot EFI boot loader.
19	boot.loader.systemd-boot.enable = true;	13	boot.loader.systemd-boot.enable = true;
20	boot.loader.efi.canTouchEfiVariables = true;	14	boot.loader.efi.canTouchEfiVariables = true;
		15	boot.kernelPackages = pkgs.linuxPackages_latest;
		16	boot.kernelParams = [ "i915.force_probe=4650" ];
21		17
22	networking.hostName = "mantis"; # Define your hostname.	18	networking.hostName = "mantis";
23	networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant.
24	networking.firewall.allowedTCPPorts = [ 80 443 ];
25
26	time.timeZone = "Europe/London";	19	time.timeZone = "Europe/London";
27	i18n.defaultLocale = "en_US.UTF-8";
28		20
29	nixpkgs.config.packageOverrides = pkgs: {	21	nixpkgs.overlays = with self.overlays; [
30	vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };	22	prompt
31	};	23	better-text-objs
		24	vim-colors-plain
		25	];
32		26
33	# Enable sound.	27	nixpkgs.config = {
34	sound.enable = true;	28	"2bwm".patches = [
35	hardware.pulseaudio.enable = true;	29	../../patches/2bwm/nerd-patch.diff
36	hardware.opengl = {
37	enable = true;
38	extraPackages = with pkgs; [
39	intel-media-driver
40	vaapiIntel
41	vaapiVdpau
42	libvdpau-va-gl
43	intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
44	];	30	];
		31
		32	st = {
		33	conf = builtins.readFile ../../programs/st/config.h;
		34	extraLibs = with pkgs; [ harfbuzz ];
		35	patches = [
		36	../../patches/st/xres.diff
		37	../../patches/st/bright.diff
		38	../../patches/st/ligatures.diff
		39	];
		40	};
45	};	41	};
46		42
47	# Define a user account. Don't forget to set a password with ‘passwd’.
48	users.users.op = {	43	users.users.op = {
49	isNormalUser = true;	44	isNormalUser = true;
50	extraGroups = [ "wheel" "tty" ];	45	extraGroups = [ "wheel" "docker" ];
51	packages = with pkgs; [ ];	46	packages = with pkgs; [
52	home = "/home/op";	47	qutebrowser
53	openssh.authorizedKeys.keys = [	48	tree
54	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle"
55	];	49	];
56	};	50	createHome = true;
57	users.groups."torrent".members = [	51	home = "/home/op";
58	"op"
59	"sonarr"
60	"radarr"
61	"bazarr"
62	"jackett"
63	"lidarr"
64	"jellyfin"
65	"transmission"
66	];
67
68	environment.systemPackages = with pkgs; [
69	vim
70	wget
71	pkgs.jellyfin
72	pkgs.jellyfin-web
73	pkgs.jellyfin-ffmpeg
74
75	pkgs.htop
76	pkgs.ripgrep
77	pkgs.git
78	];
79
80	services.openssh.enable = true;
81	services.nginx.enable = true;
82	services.tailscale.enable = true;
83
84	services.jellyfin = {
85	enable = true;
86	openFirewall = true;
87	group = "torrent";
88	};
89	services.nginx.virtualHosts."stream.mantis" = {
90	listen = [{ port = 80; addr = "0.0.0.0"; }];
91	locations."/" = {
92	proxyPass = "http://127.0.0.1:8096";
93	proxyWebsockets = true;
94	};
95	};
96
97	services.navidrome = {
98	enable = true;
99	openFirewall = true;
100	settings = {
101	MusicFolder = "/servarr/lidarr/";
102	DataFolder = "/etc/navidrome/data";
103	CacheFolder = "/etc/navidrome/cache";
104	Address = "0.0.0.0";
105	Port = 4533;
106	AuthRequestLimit = 0;
107	EnableTranscodingConfig = true;
108	};
109	};
110	services.nginx.virtualHosts."music.mantis" = {
111	listen = [{ port = 80; addr = "0.0.0.0"; }];
112	locations."/" = {
113	proxyPass = "http://127.0.0.1:4533";
114	proxyWebsockets = true;
115	};
116	};
117
118	services.transmission = {
119	enable = true;
120	openFirewall = true;
121	openRPCPort = true;
122	group = "torrent";
123	settings = {
124	download-dir = "/torrents";
125	incomplete-dir = "/.incomplete";
126	rpc-bind-address = "0.0.0.0";
127	rpc-whitelist = "127.0.0.1,10.0.0.1,192.168..,100.64..";
128	};
129	};
130	services.nginx.virtualHosts."torrent.mantis" = {
131	listen = [{ port = 80; addr = "0.0.0.0"; }];
132	locations."/" = {
133	proxyPass = "http://127.0.0.1:9091";
134	};
135	};	52	};
136		53
137	services.sonarr = {	54	environment = {
138	enable = true;	55	systemPackages = with pkgs; [
139	openFirewall = true;	56	man-pages
140	group = "torrent";	57	man-pages-posix
141	};	58	(lib.hiPrio pkgs.bashInteractive)
142	services.nginx.virtualHosts."sonarr.mantis" = {	59	_2bwm
143	listen = [{ port = 80; addr = "0.0.0.0"; }];	60	];
144	locations."/" = {	61	variables = {
145	proxyPass = "http://127.0.0.1:8989";	62	QT_SCALE_FACTOR_ROUNDING_POLICY = "RoundPreferFloor";
		63	NIXOS_OZONE_WL = "1";
146	};	64	};
147	};	65	};
148		66
149	services.radarr = {	67	services = {
150	enable = true;	68	openssh = {
151	openFirewall = true;	69	enable = true;
152	group = "torrent";	70	settings = {
153	};	71	X11Forwarding = true;
154	services.nginx.virtualHosts."radarr.mantis" = {	72	PrintMotd = true;
155	listen = [{ port = 80; addr = "0.0.0.0"; }];	73	};
156	locations."/" = {
157	proxyPass = "http://127.0.0.1:7878";
158	};	74	};
159	};	75	tailscale.enable = true;
160		76	libinput.enable = true;
161	services.bazarr = {	77	xserver = {
162	enable = true;	78	enable = true;
163	openFirewall = true;	79	displayManager.startx.enable = true;
164	group = "torrent";
165	};
166	services.nginx.virtualHosts."bazarr.mantis" = {
167	listen = [{ port = 80; addr = "0.0.0.0"; }];
168	locations."/" = {
169	proxyPass = "http://127.0.0.1:6767";
170	};	80	};
171	};	81	};
172		82
173	services.jackett = {	83	hardware.graphics.extraPackages = [
174	enable = true;	84	pkgs.vpl-gpu-rt
175	openFirewall = true;	85	];
176	group = "torrent";
177	};
178	services.nginx.virtualHosts."jackett.mantis" = {
179	listen = [{ port = 80; addr = "0.0.0.0"; }];
180	locations."/" = {
181	proxyPass = "http://127.0.0.1:9117";
182	};
183	};
184		86
185	services.lidarr = {	87	services.pipewire = {
186	enable = true;	88	enable = true;
187	openFirewall = true;	89	alsa.enable = true;
188	group = "torrent";	90	alsa.support32Bit = true;
		91	pulse.enable = true;
		92	jack.enable = true;
189	};	93	};
190	services.nginx.virtualHosts."lidarr.mantis" = {
191	listen = [{ port = 80; addr = "0.0.0.0"; }];
192	locations."/" = {
193	proxyPass = "http://127.0.0.1:8686";
194	};
195	};
196
197	services.flaresolverr.enable = true;
198		94
199	services.radicale = {
200	enable = true;
201	settings = {
202	server.hosts = [ "0.0.0.0:5232" ];
203	auth = {
204	type = "htpasswd";
205	htpasswd_filename = "/etc/radicale/users";
206	htpasswd_encryption = "bcrypt";
207	};
208	};
209	};
210	services.nginx.virtualHosts."radicale.mantis" = {
211	listen = [{ port = 80; addr = "0.0.0.0"; }];
212	locations."/" = {
213	proxyPass = "http://127.0.0.1:5232";
214	};
215	};
216		95
		96	virtualisation.docker.enable = true;
217		97
218	nix.settings.experimental-features = [ "nix-command" "flakes" ];	98	nix.settings.experimental-features = [ "nix-command" "flakes" ];
219		99
220	# Copy the NixOS configuration file and link it from the resulting system
221	# (/run/current-system/configuration.nix). This is useful in case you
222	# accidentally delete configuration.nix.
223	# system.copySystemConfiguration = true;
224
225	# This option defines the first version of NixOS you have installed on this particular machine,	100	# This option defines the first version of NixOS you have installed on this particular machine,
226	# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.	101	# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
227	#	102	#
@@ -229,7 +104,8 @@
229	# even if you've upgraded your system to a new NixOS release.	104	# even if you've upgraded your system to a new NixOS release.
230	#	105	#
231	# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,	106	# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
232	# so changing it will NOT upgrade your system.	107	# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
		108	# to actually do that.
233	#	109	#
234	# This value being lower than the current NixOS release does NOT mean your system is	110	# This value being lower than the current NixOS release does NOT mean your system is
235	# out of date, out of support, or vulnerable.	111	# out of date, out of support, or vulnerable.
@@ -238,7 +114,7 @@
238	# and migrated your data accordingly.	114	# and migrated your data accordingly.
239	#	115	#
240	# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .	116	# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
241	system.stateVersion = "23.11"; # Did you read the comment?	117	system.stateVersion = "24.05"; # Did you read the comment?
242		118
243	}	119	}
244		120