From c7f07d8e847d1711708798848ad1b4ccfdfe36c1 Mon Sep 17 00:00:00 2001 From: Akshay Date: Tue, 23 Jul 2024 17:28:28 +0100 Subject: reintro mantis --- hosts/mantis/configuration.nix | 260 ++++++++++++----------------------------- 1 file changed, 72 insertions(+), 188 deletions(-) (limited to 'hosts/mantis/configuration.nix') diff --git a/hosts/mantis/configuration.nix b/hosts/mantis/configuration.nix index 8f71964..acc2a49 100644 --- a/hosts/mantis/configuration.nix +++ b/hosts/mantis/configuration.nix @@ -1,222 +1,105 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, self, ... }: +{ config, lib, pkgs, ... }: { imports = - [ - # Include the results of the hardware scan. + [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; - nixpkgs.overlays = with self.overlays; [ - flaresolverr - ]; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "mantis"; # Define your hostname. - networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant. - networking.firewall.allowedTCPPorts = [ 80 443 ]; + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + # Set your time zone. time.timeZone = "Europe/London"; - i18n.defaultLocale = "en_US.UTF-8"; - nixpkgs.config.packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - }; + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.opengl = { - enable = true; - extraPackages = with pkgs; [ - intel-media-driver - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) - ]; - }; + # hardware.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + services.xserver.libinput.enable = true; + services.tailscale.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.op = { isNormalUser = true; - extraGroups = [ "wheel" "tty" ]; - packages = with pkgs; [ ]; - home = "/home/op"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle" + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + qutebrowser + tree ]; + createHome = true; + home = "/home/op"; }; - users.groups."torrent".members = [ - "op" - "sonarr" - "radarr" - "bazarr" - "jackett" - "lidarr" - "jellyfin" - "transmission" - ]; + # List packages installed in system profile. To search, run: + # $ nix search wget environment.systemPackages = with pkgs; [ - vim + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - - pkgs.htop - pkgs.ripgrep - pkgs.git + git ]; - services.openssh.enable = true; - services.nginx.enable = true; - services.tailscale.enable = true; - - services.jellyfin = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."stream.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:8096"; - proxyWebsockets = true; - }; - }; - - services.navidrome = { - enable = true; - openFirewall = true; - settings = { - MusicFolder = "/servarr/lidarr/"; - DataFolder = "/etc/navidrome/data"; - CacheFolder = "/etc/navidrome/cache"; - Address = "0.0.0.0"; - Port = 4533; - AuthRequestLimit = 0; - EnableTranscodingConfig = true; - }; - }; - services.nginx.virtualHosts."music.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:4533"; - proxyWebsockets = true; - }; - }; - - services.transmission = { - enable = true; - openFirewall = true; - openRPCPort = true; - group = "torrent"; - settings = { - download-dir = "/torrents"; - incomplete-dir = "/.incomplete"; - rpc-bind-address = "0.0.0.0"; - rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*"; - }; - }; - services.nginx.virtualHosts."torrent.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:9091"; - }; - }; - - services.sonarr = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."sonarr.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:8989"; - }; - }; - - services.radarr = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."radarr.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:7878"; - }; - }; - - services.bazarr = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."bazarr.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:6767"; - }; - }; - - services.jackett = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."jackett.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:9117"; - }; - }; - - services.lidarr = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."lidarr.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:8686"; - }; - }; - - services.flaresolverr.enable = true; - - services.radicale = { - enable = true; - settings = { - server.hosts = [ "0.0.0.0:5232" ]; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; - services.nginx.virtualHosts."radicale.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:5232"; - }; - }; + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + # List services that you want to enable: + # Enable the OpenSSH daemon. + services.openssh.enable = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. @@ -229,7 +112,8 @@ # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. @@ -238,7 +122,7 @@ # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "24.05"; # Did you read the comment? } -- cgit v1.2.3