diff options
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/mantis/configuration.nix | 260 | ||||
-rw-r--r-- | hosts/mantis/hardware-configuration.nix | 22 | ||||
-rw-r--r-- | hosts/mantis/home.nix | 91 |
3 files changed, 170 insertions, 203 deletions
diff --git a/hosts/mantis/configuration.nix b/hosts/mantis/configuration.nix index 8f71964..acc2a49 100644 --- a/hosts/mantis/configuration.nix +++ b/hosts/mantis/configuration.nix | |||
@@ -1,222 +1,105 @@ | |||
1 | # Edit this configuration file to define what should be installed on | ||
2 | # your system. Help is available in the configuration.nix(5) man page, on | ||
3 | # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). | 1 | # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). |
4 | 2 | ||
5 | { config, lib, pkgs, self, ... }: | 3 | { config, lib, pkgs, ... }: |
6 | 4 | ||
7 | { | 5 | { |
8 | imports = | 6 | imports = |
9 | [ | 7 | [ # Include the results of the hardware scan. |
10 | # Include the results of the hardware scan. | ||
11 | ./hardware-configuration.nix | 8 | ./hardware-configuration.nix |
12 | ]; | 9 | ]; |
13 | 10 | ||
14 | nixpkgs.overlays = with self.overlays; [ | ||
15 | flaresolverr | ||
16 | ]; | ||
17 | |||
18 | # Use the systemd-boot EFI boot loader. | 11 | # Use the systemd-boot EFI boot loader. |
19 | boot.loader.systemd-boot.enable = true; | 12 | boot.loader.systemd-boot.enable = true; |
20 | boot.loader.efi.canTouchEfiVariables = true; | 13 | boot.loader.efi.canTouchEfiVariables = true; |
21 | 14 | ||
22 | networking.hostName = "mantis"; # Define your hostname. | 15 | networking.hostName = "mantis"; # Define your hostname. |
23 | networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant. | 16 | # Pick only one of the below networking options. |
24 | networking.firewall.allowedTCPPorts = [ 80 443 ]; | 17 | # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. |
18 | # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. | ||
25 | 19 | ||
20 | # Set your time zone. | ||
26 | time.timeZone = "Europe/London"; | 21 | time.timeZone = "Europe/London"; |
27 | i18n.defaultLocale = "en_US.UTF-8"; | ||
28 | 22 | ||
29 | nixpkgs.config.packageOverrides = pkgs: { | 23 | # Configure network proxy if necessary |
30 | vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; | 24 | # networking.proxy.default = "http://user:password@proxy:port/"; |
31 | }; | 25 | # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; |
26 | |||
27 | # Select internationalisation properties. | ||
28 | # i18n.defaultLocale = "en_US.UTF-8"; | ||
29 | # console = { | ||
30 | # font = "Lat2-Terminus16"; | ||
31 | # keyMap = "us"; | ||
32 | # useXkbConfig = true; # use xkb.options in tty. | ||
33 | # }; | ||
34 | |||
35 | # Enable the X11 windowing system. | ||
36 | services.xserver.enable = true; | ||
37 | |||
38 | |||
39 | # Enable the GNOME Desktop Environment. | ||
40 | services.xserver.displayManager.gdm.enable = true; | ||
41 | services.xserver.desktopManager.gnome.enable = true; | ||
42 | |||
43 | |||
44 | # Configure keymap in X11 | ||
45 | # services.xserver.xkb.layout = "us"; | ||
46 | # services.xserver.xkb.options = "eurosign:e,caps:escape"; | ||
47 | |||
48 | # Enable CUPS to print documents. | ||
49 | # services.printing.enable = true; | ||
32 | 50 | ||
33 | # Enable sound. | 51 | # Enable sound. |
34 | sound.enable = true; | 52 | # hardware.pulseaudio.enable = true; |
35 | hardware.pulseaudio.enable = true; | 53 | # OR |
36 | hardware.opengl = { | 54 | # services.pipewire = { |
37 | enable = true; | 55 | # enable = true; |
38 | extraPackages = with pkgs; [ | 56 | # pulse.enable = true; |
39 | intel-media-driver | 57 | # }; |
40 | vaapiIntel | 58 | |
41 | vaapiVdpau | 59 | # Enable touchpad support (enabled default in most desktopManager). |
42 | libvdpau-va-gl | 60 | services.xserver.libinput.enable = true; |
43 | intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) | 61 | services.tailscale.enable = true; |
44 | ]; | ||
45 | }; | ||
46 | 62 | ||
47 | # Define a user account. Don't forget to set a password with ‘passwd’. | 63 | # Define a user account. Don't forget to set a password with ‘passwd’. |
48 | users.users.op = { | 64 | users.users.op = { |
49 | isNormalUser = true; | 65 | isNormalUser = true; |
50 | extraGroups = [ "wheel" "tty" ]; | 66 | extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. |
51 | packages = with pkgs; [ ]; | 67 | packages = with pkgs; [ |
52 | home = "/home/op"; | 68 | qutebrowser |
53 | openssh.authorizedKeys.keys = [ | 69 | tree |
54 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle" | ||
55 | ]; | 70 | ]; |
71 | createHome = true; | ||
72 | home = "/home/op"; | ||
56 | }; | 73 | }; |
57 | users.groups."torrent".members = [ | ||
58 | "op" | ||
59 | "sonarr" | ||
60 | "radarr" | ||
61 | "bazarr" | ||
62 | "jackett" | ||
63 | "lidarr" | ||
64 | "jellyfin" | ||
65 | "transmission" | ||
66 | ]; | ||
67 | 74 | ||
75 | # List packages installed in system profile. To search, run: | ||
76 | # $ nix search wget | ||
68 | environment.systemPackages = with pkgs; [ | 77 | environment.systemPackages = with pkgs; [ |
69 | vim | 78 | vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. |
70 | wget | 79 | wget |
71 | pkgs.jellyfin | 80 | git |
72 | pkgs.jellyfin-web | ||
73 | pkgs.jellyfin-ffmpeg | ||
74 | |||
75 | pkgs.htop | ||
76 | pkgs.ripgrep | ||
77 | pkgs.git | ||
78 | ]; | 81 | ]; |
79 | 82 | ||
80 | services.openssh.enable = true; | 83 | # Some programs need SUID wrappers, can be configured further or are |
81 | services.nginx.enable = true; | 84 | # started in user sessions. |
82 | services.tailscale.enable = true; | 85 | # programs.mtr.enable = true; |
83 | 86 | # programs.gnupg.agent = { | |
84 | services.jellyfin = { | 87 | # enable = true; |
85 | enable = true; | 88 | # enableSSHSupport = true; |
86 | openFirewall = true; | 89 | # }; |
87 | group = "torrent"; | ||
88 | }; | ||
89 | services.nginx.virtualHosts."stream.mantis" = { | ||
90 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
91 | locations."/" = { | ||
92 | proxyPass = "http://127.0.0.1:8096"; | ||
93 | proxyWebsockets = true; | ||
94 | }; | ||
95 | }; | ||
96 | |||
97 | services.navidrome = { | ||
98 | enable = true; | ||
99 | openFirewall = true; | ||
100 | settings = { | ||
101 | MusicFolder = "/servarr/lidarr/"; | ||
102 | DataFolder = "/etc/navidrome/data"; | ||
103 | CacheFolder = "/etc/navidrome/cache"; | ||
104 | Address = "0.0.0.0"; | ||
105 | Port = 4533; | ||
106 | AuthRequestLimit = 0; | ||
107 | EnableTranscodingConfig = true; | ||
108 | }; | ||
109 | }; | ||
110 | services.nginx.virtualHosts."music.mantis" = { | ||
111 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
112 | locations."/" = { | ||
113 | proxyPass = "http://127.0.0.1:4533"; | ||
114 | proxyWebsockets = true; | ||
115 | }; | ||
116 | }; | ||
117 | |||
118 | services.transmission = { | ||
119 | enable = true; | ||
120 | openFirewall = true; | ||
121 | openRPCPort = true; | ||
122 | group = "torrent"; | ||
123 | settings = { | ||
124 | download-dir = "/torrents"; | ||
125 | incomplete-dir = "/.incomplete"; | ||
126 | rpc-bind-address = "0.0.0.0"; | ||
127 | rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*"; | ||
128 | }; | ||
129 | }; | ||
130 | services.nginx.virtualHosts."torrent.mantis" = { | ||
131 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
132 | locations."/" = { | ||
133 | proxyPass = "http://127.0.0.1:9091"; | ||
134 | }; | ||
135 | }; | ||
136 | |||
137 | services.sonarr = { | ||
138 | enable = true; | ||
139 | openFirewall = true; | ||
140 | group = "torrent"; | ||
141 | }; | ||
142 | services.nginx.virtualHosts."sonarr.mantis" = { | ||
143 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
144 | locations."/" = { | ||
145 | proxyPass = "http://127.0.0.1:8989"; | ||
146 | }; | ||
147 | }; | ||
148 | |||
149 | services.radarr = { | ||
150 | enable = true; | ||
151 | openFirewall = true; | ||
152 | group = "torrent"; | ||
153 | }; | ||
154 | services.nginx.virtualHosts."radarr.mantis" = { | ||
155 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
156 | locations."/" = { | ||
157 | proxyPass = "http://127.0.0.1:7878"; | ||
158 | }; | ||
159 | }; | ||
160 | |||
161 | services.bazarr = { | ||
162 | enable = true; | ||
163 | openFirewall = true; | ||
164 | group = "torrent"; | ||
165 | }; | ||
166 | services.nginx.virtualHosts."bazarr.mantis" = { | ||
167 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
168 | locations."/" = { | ||
169 | proxyPass = "http://127.0.0.1:6767"; | ||
170 | }; | ||
171 | }; | ||
172 | |||
173 | services.jackett = { | ||
174 | enable = true; | ||
175 | openFirewall = true; | ||
176 | group = "torrent"; | ||
177 | }; | ||
178 | services.nginx.virtualHosts."jackett.mantis" = { | ||
179 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
180 | locations."/" = { | ||
181 | proxyPass = "http://127.0.0.1:9117"; | ||
182 | }; | ||
183 | }; | ||
184 | |||
185 | services.lidarr = { | ||
186 | enable = true; | ||
187 | openFirewall = true; | ||
188 | group = "torrent"; | ||
189 | }; | ||
190 | services.nginx.virtualHosts."lidarr.mantis" = { | ||
191 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
192 | locations."/" = { | ||
193 | proxyPass = "http://127.0.0.1:8686"; | ||
194 | }; | ||
195 | }; | ||
196 | |||
197 | services.flaresolverr.enable = true; | ||
198 | |||
199 | services.radicale = { | ||
200 | enable = true; | ||
201 | settings = { | ||
202 | server.hosts = [ "0.0.0.0:5232" ]; | ||
203 | auth = { | ||
204 | type = "htpasswd"; | ||
205 | htpasswd_filename = "/etc/radicale/users"; | ||
206 | htpasswd_encryption = "bcrypt"; | ||
207 | }; | ||
208 | }; | ||
209 | }; | ||
210 | services.nginx.virtualHosts."radicale.mantis" = { | ||
211 | listen = [{ port = 80; addr = "0.0.0.0"; }]; | ||
212 | locations."/" = { | ||
213 | proxyPass = "http://127.0.0.1:5232"; | ||
214 | }; | ||
215 | }; | ||
216 | 90 | ||
91 | # List services that you want to enable: | ||
217 | 92 | ||
93 | # Enable the OpenSSH daemon. | ||
94 | services.openssh.enable = true; | ||
218 | nix.settings.experimental-features = [ "nix-command" "flakes" ]; | 95 | nix.settings.experimental-features = [ "nix-command" "flakes" ]; |
219 | 96 | ||
97 | # Open ports in the firewall. | ||
98 | # networking.firewall.allowedTCPPorts = [ ... ]; | ||
99 | # networking.firewall.allowedUDPPorts = [ ... ]; | ||
100 | # Or disable the firewall altogether. | ||
101 | # networking.firewall.enable = false; | ||
102 | |||
220 | # Copy the NixOS configuration file and link it from the resulting system | 103 | # Copy the NixOS configuration file and link it from the resulting system |
221 | # (/run/current-system/configuration.nix). This is useful in case you | 104 | # (/run/current-system/configuration.nix). This is useful in case you |
222 | # accidentally delete configuration.nix. | 105 | # accidentally delete configuration.nix. |
@@ -229,7 +112,8 @@ | |||
229 | # even if you've upgraded your system to a new NixOS release. | 112 | # even if you've upgraded your system to a new NixOS release. |
230 | # | 113 | # |
231 | # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, | 114 | # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, |
232 | # so changing it will NOT upgrade your system. | 115 | # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how |
116 | # to actually do that. | ||
233 | # | 117 | # |
234 | # This value being lower than the current NixOS release does NOT mean your system is | 118 | # This value being lower than the current NixOS release does NOT mean your system is |
235 | # out of date, out of support, or vulnerable. | 119 | # out of date, out of support, or vulnerable. |
@@ -238,7 +122,7 @@ | |||
238 | # and migrated your data accordingly. | 122 | # and migrated your data accordingly. |
239 | # | 123 | # |
240 | # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . | 124 | # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . |
241 | system.stateVersion = "23.11"; # Did you read the comment? | 125 | system.stateVersion = "24.05"; # Did you read the comment? |
242 | 126 | ||
243 | } | 127 | } |
244 | 128 | ||
diff --git a/hosts/mantis/hardware-configuration.nix b/hosts/mantis/hardware-configuration.nix index 6afcb08..3f04a4a 100644 --- a/hosts/mantis/hardware-configuration.nix +++ b/hosts/mantis/hardware-configuration.nix | |||
@@ -5,35 +5,28 @@ | |||
5 | 5 | ||
6 | { | 6 | { |
7 | imports = | 7 | imports = |
8 | [ | 8 | [ (modulesPath + "/installer/scan/not-detected.nix") |
9 | (modulesPath + "/installer/scan/not-detected.nix") | ||
10 | ]; | 9 | ]; |
11 | 10 | ||
12 | boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; | 11 | boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; |
13 | boot.initrd.kernelModules = [ ]; | 12 | boot.initrd.kernelModules = [ ]; |
14 | boot.kernelModules = [ "kvm-intel" ]; | 13 | boot.kernelModules = [ "kvm-intel" ]; |
15 | boot.extraModulePackages = [ ]; | 14 | boot.extraModulePackages = [ ]; |
16 | 15 | ||
17 | fileSystems."/" = | 16 | fileSystems."/" = |
18 | { | 17 | { device = "/dev/disk/by-uuid/efd94de4-c3fa-4a3b-98f9-66ccfb8479b9"; |
19 | device = "/dev/disk/by-uuid/e3eda8a2-b5fe-4458-988c-48579a7cc6c6"; | ||
20 | fsType = "ext4"; | ||
21 | }; | ||
22 | |||
23 | fileSystems."/servarr" = | ||
24 | { | ||
25 | device = "/dev/sdb"; | ||
26 | fsType = "ext4"; | 18 | fsType = "ext4"; |
27 | }; | 19 | }; |
28 | 20 | ||
29 | fileSystems."/boot" = | 21 | fileSystems."/boot" = |
30 | { | 22 | { device = "/dev/disk/by-uuid/5BBB-E6FE"; |
31 | device = "/dev/disk/by-uuid/A170-EC57"; | ||
32 | fsType = "vfat"; | 23 | fsType = "vfat"; |
24 | options = [ "fmask=0022" "dmask=0022" ]; | ||
33 | }; | 25 | }; |
34 | 26 | ||
35 | swapDevices = | 27 | swapDevices = |
36 | [{ device = "/dev/disk/by-uuid/61cb6a91-b916-40b9-b231-c04378629d90"; }]; | 28 | [ { device = "/dev/disk/by-uuid/65faea2e-c2ce-4ec2-8aca-e09e5073676b"; } |
29 | ]; | ||
37 | 30 | ||
38 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking | 31 | # Enables DHCP on each ethernet and wireless interface. In case of scripted networking |
39 | # (the default) this is the recommended approach. When using systemd-networkd it's | 32 | # (the default) this is the recommended approach. When using systemd-networkd it's |
@@ -41,7 +34,6 @@ | |||
41 | # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. | 34 | # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. |
42 | networking.useDHCP = lib.mkDefault true; | 35 | networking.useDHCP = lib.mkDefault true; |
43 | # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; | 36 | # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; |
44 | # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; | ||
45 | 37 | ||
46 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; | 38 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; |
47 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; | 39 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; |
diff --git a/hosts/mantis/home.nix b/hosts/mantis/home.nix new file mode 100644 index 0000000..84a365f --- /dev/null +++ b/hosts/mantis/home.nix | |||
@@ -0,0 +1,91 @@ | |||
1 | { config | ||
2 | , pkgs | ||
3 | , theme | ||
4 | , self | ||
5 | , ... | ||
6 | }: | ||
7 | |||
8 | { | ||
9 | |||
10 | imports = [ | ||
11 | ../../programs | ||
12 | ../../services | ||
13 | ../../x | ||
14 | # ./mail.nix | ||
15 | ]; | ||
16 | |||
17 | home.stateVersion = "22.11"; | ||
18 | home.username = "op"; | ||
19 | home.homeDirectory = "/home/op"; | ||
20 | home.extraOutputsToInstall = [ "man" ]; | ||
21 | home.packages = with pkgs; [ | ||
22 | |||
23 | # essentials | ||
24 | vim | ||
25 | weechat | ||
26 | firefox | ||
27 | qutebrowser | ||
28 | unzip | ||
29 | tmux | ||
30 | xclip | ||
31 | ripgrep | ||
32 | miniserve | ||
33 | pfetch | ||
34 | st | ||
35 | cmus | ||
36 | tree | ||
37 | w3m | ||
38 | noto-fonts-emoji | ||
39 | fd | ||
40 | du-dust | ||
41 | jq | ||
42 | libnotify | ||
43 | inotify-tools | ||
44 | pavucontrol | ||
45 | bc | ||
46 | killall | ||
47 | |||
48 | wget | ||
49 | curl | ||
50 | |||
51 | imagemagick | ||
52 | ffmpeg-full | ||
53 | mpv | ||
54 | slop | ||
55 | maim | ||
56 | arandr | ||
57 | |||
58 | # monitoring | ||
59 | stress | ||
60 | powertop | ||
61 | |||
62 | # input | ||
63 | xinput_calibrator | ||
64 | libinput | ||
65 | |||
66 | nixpkgs-fmt | ||
67 | |||
68 | ] ++ (import ../../scripts { inherit pkgs; }); | ||
69 | |||
70 | xdg = { | ||
71 | userDirs = { | ||
72 | enable = true; | ||
73 | desktop = "\$HOME/desktop"; | ||
74 | documents = "\$HOME/docs"; | ||
75 | download = "\$HOME/dloads"; | ||
76 | music = "\$HOME/music"; | ||
77 | pictures = "\$HOME/pics"; | ||
78 | videos = "\$HOME/vids"; | ||
79 | }; | ||
80 | }; | ||
81 | |||
82 | xsession = { | ||
83 | enable = true; | ||
84 | windowManager.command = "2bwm"; | ||
85 | initExtra = '' | ||
86 | ${pkgs.hsetroot}/bin/hsetroot -solid "${theme.base00}" | ||
87 | xrdb -load $HOME/.Xresources | ||
88 | ''; | ||
89 | }; | ||
90 | |||
91 | } | ||