aboutsummaryrefslogtreecommitdiff
path: root/hosts/mantis
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/mantis')
-rw-r--r--hosts/mantis/configuration.nix200
-rw-r--r--hosts/mantis/hardware-configuration.nix40
2 files changed, 240 insertions, 0 deletions
diff --git a/hosts/mantis/configuration.nix b/hosts/mantis/configuration.nix
new file mode 100644
index 0000000..8b5b489
--- /dev/null
+++ b/hosts/mantis/configuration.nix
@@ -0,0 +1,200 @@
1# Edit this configuration file to define what should be installed on
2# your system. Help is available in the configuration.nix(5) man page, on
3# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
4
5{ config, lib, pkgs, self, ... }:
6
7{
8 imports =
9 [
10 # Include the results of the hardware scan.
11 ./hardware-configuration.nix
12 ];
13
14 nixpkgs.overlays = with self.overlays; [
15 flaresolverr
16 ];
17
18 # Use the systemd-boot EFI boot loader.
19 boot.loader.systemd-boot.enable = true;
20 boot.loader.efi.canTouchEfiVariables = true;
21
22 networking.hostName = "mantis"; # Define your hostname.
23 networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant.
24 networking.firewall.allowedTCPPorts = [ 80 443 ];
25
26 time.timeZone = "Europe/London";
27 i18n.defaultLocale = "en_US.UTF-8";
28
29 nixpkgs.config.packageOverrides = pkgs: {
30 vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
31 };
32
33 # Enable sound.
34 sound.enable = true;
35 hardware.pulseaudio.enable = true;
36 hardware.opengl = {
37 enable = true;
38 extraPackages = with pkgs; [
39 intel-media-driver
40 vaapiIntel
41 vaapiVdpau
42 libvdpau-va-gl
43 intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
44 ];
45 };
46
47 # Define a user account. Don't forget to set a password with ‘passwd’.
48 users.users.op = {
49 isNormalUser = true;
50 extraGroups = [ "wheel" "tty" ];
51 packages = with pkgs; [ ];
52 home = "/home/op";
53 openssh.authorizedKeys.keys = [
54 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle"
55 ];
56 };
57 users.groups."torrent".members = [
58 "sonarr"
59 "radarr"
60 "bazarr"
61 "jackett"
62 "lidarr"
63 "jellyfin"
64 "transmission"
65 ];
66
67 environment.systemPackages = with pkgs; [
68 vim
69 wget
70 pkgs.jellyfin
71 pkgs.jellyfin-web
72 pkgs.jellyfin-ffmpeg
73
74 pkgs.htop
75 pkgs.ripgrep
76 ];
77
78 services.openssh.enable = true;
79 services.nginx.enable = true;
80 services.tailscale.enable = true;
81
82 services.jellyfin = {
83 enable = true;
84 openFirewall = true;
85 group = "torrent";
86 };
87 services.nginx.virtualHosts."stream.mantis" = {
88 listen = [{ port = 80; addr = "0.0.0.0"; }];
89 locations."/" = {
90 proxyPass = "http://127.0.0.1:8096";
91 proxyWebsockets = true;
92 };
93 };
94
95 services.transmission = {
96 enable = true;
97 openFirewall = true;
98 openRPCPort = true;
99 group = "torrent";
100 settings = {
101 download-dir = "/torrents";
102 incomplete-dir = "/.incomplete";
103 rpc-bind-address = "0.0.0.0";
104 rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*";
105 };
106 };
107 services.nginx.virtualHosts."torrent.mantis" = {
108 listen = [{ port = 80; addr = "0.0.0.0"; }];
109 locations."/" = {
110 proxyPass = "http://127.0.0.1:9091";
111 };
112 };
113
114 services.sonarr = {
115 enable = true;
116 openFirewall = true;
117 group = "torrent";
118 };
119 services.nginx.virtualHosts."sonarr.mantis" = {
120 listen = [{ port = 80; addr = "0.0.0.0"; }];
121 locations."/" = {
122 proxyPass = "http://127.0.0.1:8989";
123 };
124 };
125
126 services.radarr = {
127 enable = true;
128 openFirewall = true;
129 group = "torrent";
130 };
131 services.nginx.virtualHosts."radarr.mantis" = {
132 listen = [{ port = 80; addr = "0.0.0.0"; }];
133 locations."/" = {
134 proxyPass = "http://127.0.0.1:7878";
135 };
136 };
137
138 services.bazarr = {
139 enable = true;
140 openFirewall = true;
141 group = "torrent";
142 };
143 services.nginx.virtualHosts."bazarr.mantis" = {
144 listen = [{ port = 80; addr = "0.0.0.0"; }];
145 locations."/" = {
146 proxyPass = "http://127.0.0.1:6767";
147 };
148 };
149
150 services.jackett = {
151 enable = true;
152 openFirewall = true;
153 group = "torrent";
154 };
155 services.nginx.virtualHosts."jackett.mantis" = {
156 listen = [{ port = 80; addr = "0.0.0.0"; }];
157 locations."/" = {
158 proxyPass = "http://127.0.0.1:9117";
159 };
160 };
161
162 services.lidarr = {
163 enable = true;
164 openFirewall = true;
165 group = "torrent";
166 };
167 services.nginx.virtualHosts."lidarr.mantis" = {
168 listen = [{ port = 80; addr = "0.0.0.0"; }];
169 locations."/" = {
170 proxyPass = "http://127.0.0.1:8686";
171 };
172 };
173
174 nix.settings.experimental-features = [ "nix-command" "flakes" ];
175
176 # Copy the NixOS configuration file and link it from the resulting system
177 # (/run/current-system/configuration.nix). This is useful in case you
178 # accidentally delete configuration.nix.
179 # system.copySystemConfiguration = true;
180
181 # This option defines the first version of NixOS you have installed on this particular machine,
182 # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
183 #
184 # Most users should NEVER change this value after the initial install, for any reason,
185 # even if you've upgraded your system to a new NixOS release.
186 #
187 # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
188 # so changing it will NOT upgrade your system.
189 #
190 # This value being lower than the current NixOS release does NOT mean your system is
191 # out of date, out of support, or vulnerable.
192 #
193 # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
194 # and migrated your data accordingly.
195 #
196 # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
197 system.stateVersion = "23.11"; # Did you read the comment?
198
199}
200
diff --git a/hosts/mantis/hardware-configuration.nix b/hosts/mantis/hardware-configuration.nix
new file mode 100644
index 0000000..8d7f39a
--- /dev/null
+++ b/hosts/mantis/hardware-configuration.nix
@@ -0,0 +1,40 @@
1# Do not modify this file! It was generated by ‘nixos-generate-config’
2# and may be overwritten by future invocations. Please make changes
3# to /etc/nixos/configuration.nix instead.
4{ config, lib, pkgs, modulesPath, ... }:
5
6{
7 imports =
8 [ (modulesPath + "/installer/scan/not-detected.nix")
9 ];
10
11 boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
12 boot.initrd.kernelModules = [ ];
13 boot.kernelModules = [ "kvm-intel" ];
14 boot.extraModulePackages = [ ];
15
16 fileSystems."/" =
17 { device = "/dev/disk/by-uuid/e3eda8a2-b5fe-4458-988c-48579a7cc6c6";
18 fsType = "ext4";
19 };
20
21 fileSystems."/boot" =
22 { device = "/dev/disk/by-uuid/A170-EC57";
23 fsType = "vfat";
24 };
25
26 swapDevices =
27 [ { device = "/dev/disk/by-uuid/61cb6a91-b916-40b9-b231-c04378629d90"; }
28 ];
29
30 # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
31 # (the default) this is the recommended approach. When using systemd-networkd it's
32 # still possible to use this option, but it's recommended to use it in conjunction
33 # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
34 networking.useDHCP = lib.mkDefault true;
35 # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
36 # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
37
38 nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
39 hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
40}