aboutsummaryrefslogtreecommitdiff
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to 'hosts')
-rw-r--r--hosts/mantis/configuration.nix260
-rw-r--r--hosts/mantis/hardware-configuration.nix22
-rw-r--r--hosts/mantis/home.nix91
3 files changed, 170 insertions, 203 deletions
diff --git a/hosts/mantis/configuration.nix b/hosts/mantis/configuration.nix
index 8f71964..acc2a49 100644
--- a/hosts/mantis/configuration.nix
+++ b/hosts/mantis/configuration.nix
@@ -1,222 +1,105 @@
1# Edit this configuration file to define what should be installed on
2# your system. Help is available in the configuration.nix(5) man page, on
3# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 1# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
4 2
5{ config, lib, pkgs, self, ... }: 3{ config, lib, pkgs, ... }:
6 4
7{ 5{
8 imports = 6 imports =
9 [ 7 [ # Include the results of the hardware scan.
10 # Include the results of the hardware scan.
11 ./hardware-configuration.nix 8 ./hardware-configuration.nix
12 ]; 9 ];
13 10
14 nixpkgs.overlays = with self.overlays; [
15 flaresolverr
16 ];
17
18 # Use the systemd-boot EFI boot loader. 11 # Use the systemd-boot EFI boot loader.
19 boot.loader.systemd-boot.enable = true; 12 boot.loader.systemd-boot.enable = true;
20 boot.loader.efi.canTouchEfiVariables = true; 13 boot.loader.efi.canTouchEfiVariables = true;
21 14
22 networking.hostName = "mantis"; # Define your hostname. 15 networking.hostName = "mantis"; # Define your hostname.
23 networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant. 16 # Pick only one of the below networking options.
24 networking.firewall.allowedTCPPorts = [ 80 443 ]; 17 # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
18 # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
25 19
20 # Set your time zone.
26 time.timeZone = "Europe/London"; 21 time.timeZone = "Europe/London";
27 i18n.defaultLocale = "en_US.UTF-8";
28 22
29 nixpkgs.config.packageOverrides = pkgs: { 23 # Configure network proxy if necessary
30 vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 24 # networking.proxy.default = "http://user:password@proxy:port/";
31 }; 25 # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
26
27 # Select internationalisation properties.
28 # i18n.defaultLocale = "en_US.UTF-8";
29 # console = {
30 # font = "Lat2-Terminus16";
31 # keyMap = "us";
32 # useXkbConfig = true; # use xkb.options in tty.
33 # };
34
35 # Enable the X11 windowing system.
36 services.xserver.enable = true;
37
38
39 # Enable the GNOME Desktop Environment.
40 services.xserver.displayManager.gdm.enable = true;
41 services.xserver.desktopManager.gnome.enable = true;
42
43
44 # Configure keymap in X11
45 # services.xserver.xkb.layout = "us";
46 # services.xserver.xkb.options = "eurosign:e,caps:escape";
47
48 # Enable CUPS to print documents.
49 # services.printing.enable = true;
32 50
33 # Enable sound. 51 # Enable sound.
34 sound.enable = true; 52 # hardware.pulseaudio.enable = true;
35 hardware.pulseaudio.enable = true; 53 # OR
36 hardware.opengl = { 54 # services.pipewire = {
37 enable = true; 55 # enable = true;
38 extraPackages = with pkgs; [ 56 # pulse.enable = true;
39 intel-media-driver 57 # };
40 vaapiIntel 58
41 vaapiVdpau 59 # Enable touchpad support (enabled default in most desktopManager).
42 libvdpau-va-gl 60 services.xserver.libinput.enable = true;
43 intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) 61 services.tailscale.enable = true;
44 ];
45 };
46 62
47 # Define a user account. Don't forget to set a password with ‘passwd’. 63 # Define a user account. Don't forget to set a password with ‘passwd’.
48 users.users.op = { 64 users.users.op = {
49 isNormalUser = true; 65 isNormalUser = true;
50 extraGroups = [ "wheel" "tty" ]; 66 extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
51 packages = with pkgs; [ ]; 67 packages = with pkgs; [
52 home = "/home/op"; 68 qutebrowser
53 openssh.authorizedKeys.keys = [ 69 tree
54 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle"
55 ]; 70 ];
71 createHome = true;
72 home = "/home/op";
56 }; 73 };
57 users.groups."torrent".members = [
58 "op"
59 "sonarr"
60 "radarr"
61 "bazarr"
62 "jackett"
63 "lidarr"
64 "jellyfin"
65 "transmission"
66 ];
67 74
75 # List packages installed in system profile. To search, run:
76 # $ nix search wget
68 environment.systemPackages = with pkgs; [ 77 environment.systemPackages = with pkgs; [
69 vim 78 vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
70 wget 79 wget
71 pkgs.jellyfin 80 git
72 pkgs.jellyfin-web
73 pkgs.jellyfin-ffmpeg
74
75 pkgs.htop
76 pkgs.ripgrep
77 pkgs.git
78 ]; 81 ];
79 82
80 services.openssh.enable = true; 83 # Some programs need SUID wrappers, can be configured further or are
81 services.nginx.enable = true; 84 # started in user sessions.
82 services.tailscale.enable = true; 85 # programs.mtr.enable = true;
83 86 # programs.gnupg.agent = {
84 services.jellyfin = { 87 # enable = true;
85 enable = true; 88 # enableSSHSupport = true;
86 openFirewall = true; 89 # };
87 group = "torrent";
88 };
89 services.nginx.virtualHosts."stream.mantis" = {
90 listen = [{ port = 80; addr = "0.0.0.0"; }];
91 locations."/" = {
92 proxyPass = "http://127.0.0.1:8096";
93 proxyWebsockets = true;
94 };
95 };
96
97 services.navidrome = {
98 enable = true;
99 openFirewall = true;
100 settings = {
101 MusicFolder = "/servarr/lidarr/";
102 DataFolder = "/etc/navidrome/data";
103 CacheFolder = "/etc/navidrome/cache";
104 Address = "0.0.0.0";
105 Port = 4533;
106 AuthRequestLimit = 0;
107 EnableTranscodingConfig = true;
108 };
109 };
110 services.nginx.virtualHosts."music.mantis" = {
111 listen = [{ port = 80; addr = "0.0.0.0"; }];
112 locations."/" = {
113 proxyPass = "http://127.0.0.1:4533";
114 proxyWebsockets = true;
115 };
116 };
117
118 services.transmission = {
119 enable = true;
120 openFirewall = true;
121 openRPCPort = true;
122 group = "torrent";
123 settings = {
124 download-dir = "/torrents";
125 incomplete-dir = "/.incomplete";
126 rpc-bind-address = "0.0.0.0";
127 rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*";
128 };
129 };
130 services.nginx.virtualHosts."torrent.mantis" = {
131 listen = [{ port = 80; addr = "0.0.0.0"; }];
132 locations."/" = {
133 proxyPass = "http://127.0.0.1:9091";
134 };
135 };
136
137 services.sonarr = {
138 enable = true;
139 openFirewall = true;
140 group = "torrent";
141 };
142 services.nginx.virtualHosts."sonarr.mantis" = {
143 listen = [{ port = 80; addr = "0.0.0.0"; }];
144 locations."/" = {
145 proxyPass = "http://127.0.0.1:8989";
146 };
147 };
148
149 services.radarr = {
150 enable = true;
151 openFirewall = true;
152 group = "torrent";
153 };
154 services.nginx.virtualHosts."radarr.mantis" = {
155 listen = [{ port = 80; addr = "0.0.0.0"; }];
156 locations."/" = {
157 proxyPass = "http://127.0.0.1:7878";
158 };
159 };
160
161 services.bazarr = {
162 enable = true;
163 openFirewall = true;
164 group = "torrent";
165 };
166 services.nginx.virtualHosts."bazarr.mantis" = {
167 listen = [{ port = 80; addr = "0.0.0.0"; }];
168 locations."/" = {
169 proxyPass = "http://127.0.0.1:6767";
170 };
171 };
172
173 services.jackett = {
174 enable = true;
175 openFirewall = true;
176 group = "torrent";
177 };
178 services.nginx.virtualHosts."jackett.mantis" = {
179 listen = [{ port = 80; addr = "0.0.0.0"; }];
180 locations."/" = {
181 proxyPass = "http://127.0.0.1:9117";
182 };
183 };
184
185 services.lidarr = {
186 enable = true;
187 openFirewall = true;
188 group = "torrent";
189 };
190 services.nginx.virtualHosts."lidarr.mantis" = {
191 listen = [{ port = 80; addr = "0.0.0.0"; }];
192 locations."/" = {
193 proxyPass = "http://127.0.0.1:8686";
194 };
195 };
196
197 services.flaresolverr.enable = true;
198
199 services.radicale = {
200 enable = true;
201 settings = {
202 server.hosts = [ "0.0.0.0:5232" ];
203 auth = {
204 type = "htpasswd";
205 htpasswd_filename = "/etc/radicale/users";
206 htpasswd_encryption = "bcrypt";
207 };
208 };
209 };
210 services.nginx.virtualHosts."radicale.mantis" = {
211 listen = [{ port = 80; addr = "0.0.0.0"; }];
212 locations."/" = {
213 proxyPass = "http://127.0.0.1:5232";
214 };
215 };
216 90
91 # List services that you want to enable:
217 92
93 # Enable the OpenSSH daemon.
94 services.openssh.enable = true;
218 nix.settings.experimental-features = [ "nix-command" "flakes" ]; 95 nix.settings.experimental-features = [ "nix-command" "flakes" ];
219 96
97 # Open ports in the firewall.
98 # networking.firewall.allowedTCPPorts = [ ... ];
99 # networking.firewall.allowedUDPPorts = [ ... ];
100 # Or disable the firewall altogether.
101 # networking.firewall.enable = false;
102
220 # Copy the NixOS configuration file and link it from the resulting system 103 # Copy the NixOS configuration file and link it from the resulting system
221 # (/run/current-system/configuration.nix). This is useful in case you 104 # (/run/current-system/configuration.nix). This is useful in case you
222 # accidentally delete configuration.nix. 105 # accidentally delete configuration.nix.
@@ -229,7 +112,8 @@
229 # even if you've upgraded your system to a new NixOS release. 112 # even if you've upgraded your system to a new NixOS release.
230 # 113 #
231 # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 114 # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
232 # so changing it will NOT upgrade your system. 115 # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
116 # to actually do that.
233 # 117 #
234 # This value being lower than the current NixOS release does NOT mean your system is 118 # This value being lower than the current NixOS release does NOT mean your system is
235 # out of date, out of support, or vulnerable. 119 # out of date, out of support, or vulnerable.
@@ -238,7 +122,7 @@
238 # and migrated your data accordingly. 122 # and migrated your data accordingly.
239 # 123 #
240 # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 124 # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
241 system.stateVersion = "23.11"; # Did you read the comment? 125 system.stateVersion = "24.05"; # Did you read the comment?
242 126
243} 127}
244 128
diff --git a/hosts/mantis/hardware-configuration.nix b/hosts/mantis/hardware-configuration.nix
index 6afcb08..3f04a4a 100644
--- a/hosts/mantis/hardware-configuration.nix
+++ b/hosts/mantis/hardware-configuration.nix
@@ -5,35 +5,28 @@
5 5
6{ 6{
7 imports = 7 imports =
8 [ 8 [ (modulesPath + "/installer/scan/not-detected.nix")
9 (modulesPath + "/installer/scan/not-detected.nix")
10 ]; 9 ];
11 10
12 boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; 11 boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
13 boot.initrd.kernelModules = [ ]; 12 boot.initrd.kernelModules = [ ];
14 boot.kernelModules = [ "kvm-intel" ]; 13 boot.kernelModules = [ "kvm-intel" ];
15 boot.extraModulePackages = [ ]; 14 boot.extraModulePackages = [ ];
16 15
17 fileSystems."/" = 16 fileSystems."/" =
18 { 17 { device = "/dev/disk/by-uuid/efd94de4-c3fa-4a3b-98f9-66ccfb8479b9";
19 device = "/dev/disk/by-uuid/e3eda8a2-b5fe-4458-988c-48579a7cc6c6";
20 fsType = "ext4";
21 };
22
23 fileSystems."/servarr" =
24 {
25 device = "/dev/sdb";
26 fsType = "ext4"; 18 fsType = "ext4";
27 }; 19 };
28 20
29 fileSystems."/boot" = 21 fileSystems."/boot" =
30 { 22 { device = "/dev/disk/by-uuid/5BBB-E6FE";
31 device = "/dev/disk/by-uuid/A170-EC57";
32 fsType = "vfat"; 23 fsType = "vfat";
24 options = [ "fmask=0022" "dmask=0022" ];
33 }; 25 };
34 26
35 swapDevices = 27 swapDevices =
36 [{ device = "/dev/disk/by-uuid/61cb6a91-b916-40b9-b231-c04378629d90"; }]; 28 [ { device = "/dev/disk/by-uuid/65faea2e-c2ce-4ec2-8aca-e09e5073676b"; }
29 ];
37 30
38 # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 31 # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
39 # (the default) this is the recommended approach. When using systemd-networkd it's 32 # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -41,7 +34,6 @@
41 # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 34 # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
42 networking.useDHCP = lib.mkDefault true; 35 networking.useDHCP = lib.mkDefault true;
43 # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; 36 # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
44 # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
45 37
46 nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 38 nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
47 hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 39 hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
diff --git a/hosts/mantis/home.nix b/hosts/mantis/home.nix
new file mode 100644
index 0000000..84a365f
--- /dev/null
+++ b/hosts/mantis/home.nix
@@ -0,0 +1,91 @@
1{ config
2, pkgs
3, theme
4, self
5, ...
6}:
7
8{
9
10 imports = [
11 ../../programs
12 ../../services
13 ../../x
14 # ./mail.nix
15 ];
16
17 home.stateVersion = "22.11";
18 home.username = "op";
19 home.homeDirectory = "/home/op";
20 home.extraOutputsToInstall = [ "man" ];
21 home.packages = with pkgs; [
22
23 # essentials
24 vim
25 weechat
26 firefox
27 qutebrowser
28 unzip
29 tmux
30 xclip
31 ripgrep
32 miniserve
33 pfetch
34 st
35 cmus
36 tree
37 w3m
38 noto-fonts-emoji
39 fd
40 du-dust
41 jq
42 libnotify
43 inotify-tools
44 pavucontrol
45 bc
46 killall
47
48 wget
49 curl
50
51 imagemagick
52 ffmpeg-full
53 mpv
54 slop
55 maim
56 arandr
57
58 # monitoring
59 stress
60 powertop
61
62 # input
63 xinput_calibrator
64 libinput
65
66 nixpkgs-fmt
67
68 ] ++ (import ../../scripts { inherit pkgs; });
69
70 xdg = {
71 userDirs = {
72 enable = true;
73 desktop = "\$HOME/desktop";
74 documents = "\$HOME/docs";
75 download = "\$HOME/dloads";
76 music = "\$HOME/music";
77 pictures = "\$HOME/pics";
78 videos = "\$HOME/vids";
79 };
80 };
81
82 xsession = {
83 enable = true;
84 windowManager.command = "2bwm";
85 initExtra = ''
86 ${pkgs.hsetroot}/bin/hsetroot -solid "${theme.base00}"
87 xrdb -load $HOME/.Xresources
88 '';
89 };
90
91}