diff options
Diffstat (limited to 'hosts/mantis')
-rw-r--r-- | hosts/mantis/configuration.nix | 200 | ||||
-rw-r--r-- | hosts/mantis/hardware-configuration.nix | 40 |
2 files changed, 240 insertions, 0 deletions
diff --git a/hosts/mantis/configuration.nix b/hosts/mantis/configuration.nix new file mode 100644 index 0000000..8b5b489 --- /dev/null +++ b/hosts/mantis/configuration.nix | |||
@@ -0,0 +1,200 @@ | |||
1 | # Edit this configuration file to define what should be installed on | ||
2 | # your system. Help is available in the configuration.nix(5) man page, on | ||
3 | # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). | ||
4 | |||
5 | { config, lib, pkgs, self, ... }: | ||
6 | |||
7 | { | ||
8 | imports = | ||
9 | [ | ||
10 | # Include the results of the hardware scan. | ||
11 | ./hardware-configuration.nix | ||
12 | ]; | ||
13 | |||
14 | nixpkgs.overlays = with self.overlays; [ | ||
15 | flaresolverr | ||
16 | ]; | ||
17 | |||
18 | # Use the systemd-boot EFI boot loader. | ||
19 | boot.loader.systemd-boot.enable = true; | ||
20 | boot.loader.efi.canTouchEfiVariables = true; | ||
21 | |||
22 | networking.hostName = "mantis"; # Define your hostname. | ||
23 | networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant. | ||
24 | networking.firewall.allowedTCPPorts = [ 80 443 ]; | ||
25 | |||
26 | time.timeZone = "Europe/London"; | ||
27 | i18n.defaultLocale = "en_US.UTF-8"; | ||
28 | |||
29 | nixpkgs.config.packageOverrides = pkgs: { | ||
30 | vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; | ||
31 | }; | ||
32 | |||
33 | # Enable sound. | ||
34 | sound.enable = true; | ||
35 | hardware.pulseaudio.enable = true; | ||
36 | hardware.opengl = { | ||
37 | enable = true; | ||
38 | extraPackages = with pkgs; [ | ||
39 | intel-media-driver | ||
40 | vaapiIntel | ||
41 | vaapiVdpau | ||
42 | libvdpau-va-gl | ||
43 | intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) | ||
44 | ]; | ||
45 | }; | ||
46 | |||
47 | # Define a user account. Don't forget to set a password with ‘passwd’. | ||
48 | users.users.op = { | ||
49 | isNormalUser = true; | ||
50 | extraGroups = [ "wheel" "tty" ]; | ||
51 | packages = with pkgs; [ ]; | ||
52 | home = "/home/op"; | ||
53 | openssh.authorizedKeys.keys = [ | ||
54 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle" | ||
55 | ]; | ||
56 | }; | ||
57 | users.groups."torrent".members = [ | ||
58 | "sonarr" | ||
59 | "radarr" | ||
60 | "bazarr" | ||
61 | "jackett" | ||
62 | "lidarr" | ||
63 | "jellyfin" | ||
64 | "transmission" | ||
65 | ]; | ||
66 | |||
67 | environment.systemPackages = with pkgs; [ | ||
68 | vim | ||
69 | wget | ||
70 | pkgs.jellyfin | ||
71 | pkgs.jellyfin-web | ||
72 | pkgs.jellyfin-ffmpeg | ||
73 | |||
74 | pkgs.htop | ||
75 | pkgs.ripgrep | ||
76 | ]; | ||
77 | |||
78 | services.openssh.enable = true; | ||
79 | services.nginx.enable = true; | ||
80 | services.tailscale.enable = true; | ||
81 | |||
82 | services.jellyfin = { | ||
83 | enable = true; | ||
84 | openFirewall = true; | ||
85 | group = "torrent"; | ||
86 | }; | ||
87 | services.nginx.virtualHosts."stream.mantis" = { | ||
88 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
89 | locations."/" = { | ||
90 | proxyPass = "http://127.0.0.1:8096"; | ||
91 | proxyWebsockets = true; | ||
92 | }; | ||
93 | }; | ||
94 | |||
95 | services.transmission = { | ||
96 | enable = true; | ||
97 | openFirewall = true; | ||
98 | openRPCPort = true; | ||
99 | group = "torrent"; | ||
100 | settings = { | ||
101 | download-dir = "/torrents"; | ||
102 | incomplete-dir = "/.incomplete"; | ||
103 | rpc-bind-address = "0.0.0.0"; | ||
104 | rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*"; | ||
105 | }; | ||
106 | }; | ||
107 | services.nginx.virtualHosts."torrent.mantis" = { | ||
108 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
109 | locations."/" = { | ||
110 | proxyPass = "http://127.0.0.1:9091"; | ||
111 | }; | ||
112 | }; | ||
113 | |||
114 | services.sonarr = { | ||
115 | enable = true; | ||
116 | openFirewall = true; | ||
117 | group = "torrent"; | ||
118 | }; | ||
119 | services.nginx.virtualHosts."sonarr.mantis" = { | ||
120 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
121 | locations."/" = { | ||
122 | proxyPass = "http://127.0.0.1:8989"; | ||
123 | }; | ||
124 | }; | ||
125 | |||
126 | services.radarr = { | ||
127 | enable = true; | ||
128 | openFirewall = true; | ||
129 | group = "torrent"; | ||
130 | }; | ||
131 | services.nginx.virtualHosts."radarr.mantis" = { | ||
132 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
133 | locations."/" = { | ||
134 | proxyPass = "http://127.0.0.1:7878"; | ||
135 | }; | ||
136 | }; | ||
137 | |||
138 | services.bazarr = { | ||
139 | enable = true; | ||
140 | openFirewall = true; | ||
141 | group = "torrent"; | ||
142 | }; | ||
143 | services.nginx.virtualHosts."bazarr.mantis" = { | ||
144 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
145 | locations."/" = { | ||
146 | proxyPass = "http://127.0.0.1:6767"; | ||
147 | }; | ||
148 | }; | ||
149 | |||
150 | services.jackett = { | ||
151 | enable = true; | ||
152 | openFirewall = true; | ||
153 | group = "torrent"; | ||
154 | }; | ||
155 | services.nginx.virtualHosts."jackett.mantis" = { | ||
156 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
157 | locations."/" = { | ||
158 | proxyPass = "http://127.0.0.1:9117"; | ||
159 | }; | ||
160 | }; | ||
161 | |||
162 | services.lidarr = { | ||
163 | enable = true; | ||
164 | openFirewall = true; | ||
165 | group = "torrent"; | ||
166 | }; | ||
167 | services.nginx.virtualHosts."lidarr.mantis" = { | ||
168 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
169 | locations."/" = { | ||
170 | proxyPass = "http://127.0.0.1:8686"; | ||
171 | }; | ||
172 | }; | ||
173 | |||
174 | nix.settings.experimental-features = [ "nix-command" "flakes" ]; | ||
175 | |||
176 | # Copy the NixOS configuration file and link it from the resulting system | ||
177 | # (/run/current-system/configuration.nix). This is useful in case you | ||
178 | # accidentally delete configuration.nix. | ||
179 | # system.copySystemConfiguration = true; | ||
180 | |||
181 | # This option defines the first version of NixOS you have installed on this particular machine, | ||
182 | # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. | ||
183 | # | ||
184 | # Most users should NEVER change this value after the initial install, for any reason, | ||
185 | # even if you've upgraded your system to a new NixOS release. | ||
186 | # | ||
187 | # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, | ||
188 | # so changing it will NOT upgrade your system. | ||
189 | # | ||
190 | # This value being lower than the current NixOS release does NOT mean your system is | ||
191 | # out of date, out of support, or vulnerable. | ||
192 | # | ||
193 | # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, | ||
194 | # and migrated your data accordingly. | ||
195 | # | ||
196 | # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . | ||
197 | system.stateVersion = "23.11"; # Did you read the comment? | ||
198 | |||
199 | } | ||
200 | |||
diff --git a/hosts/mantis/hardware-configuration.nix b/hosts/mantis/hardware-configuration.nix new file mode 100644 index 0000000..8d7f39a --- /dev/null +++ b/hosts/mantis/hardware-configuration.nix | |||
@@ -0,0 +1,40 @@ | |||
1 | # Do not modify this file! It was generated by ‘nixos-generate-config’ | ||
2 | # and may be overwritten by future invocations. Please make changes | ||
3 | # to /etc/nixos/configuration.nix instead. | ||
4 | { config, lib, pkgs, modulesPath, ... }: | ||
5 | |||
6 | { | ||
7 | imports = | ||
8 | [ (modulesPath + "/installer/scan/not-detected.nix") | ||
9 | ]; | ||
10 | |||
11 | boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; | ||
12 | boot.initrd.kernelModules = [ ]; | ||
13 | boot.kernelModules = [ "kvm-intel" ]; | ||
14 | boot.extraModulePackages = [ ]; | ||
15 | |||
16 | fileSystems."/" = | ||
17 | { device = "/dev/disk/by-uuid/e3eda8a2-b5fe-4458-988c-48579a7cc6c6"; | ||
18 | fsType = "ext4"; | ||
19 | }; | ||
20 | |||
21 | fileSystems."/boot" = | ||
22 | { device = "/dev/disk/by-uuid/A170-EC57"; | ||
23 | fsType = "vfat"; | ||
24 | }; | ||
25 | |||
26 | swapDevices = | ||
27 | [ { device = "/dev/disk/by-uuid/61cb6a91-b916-40b9-b231-c04378629d90"; } | ||
28 | ]; | ||
29 | |||
30 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking | ||
31 | # (the default) this is the recommended approach. When using systemd-networkd it's | ||
32 | # still possible to use this option, but it's recommended to use it in conjunction | ||
33 | # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. | ||
34 | networking.useDHCP = lib.mkDefault true; | ||
35 | # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; | ||
36 | # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; | ||
37 | |||
38 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; | ||
39 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; | ||
40 | } | ||