From c7f07d8e847d1711708798848ad1b4ccfdfe36c1 Mon Sep 17 00:00:00 2001 From: Akshay Date: Tue, 23 Jul 2024 17:28:28 +0100 Subject: reintro mantis --- hosts/mantis/configuration.nix | 260 +++++++++----------------------- hosts/mantis/hardware-configuration.nix | 22 +-- hosts/mantis/home.nix | 91 +++++++++++ 3 files changed, 170 insertions(+), 203 deletions(-) create mode 100644 hosts/mantis/home.nix (limited to 'hosts/mantis') diff --git a/hosts/mantis/configuration.nix b/hosts/mantis/configuration.nix index 8f71964..acc2a49 100644 --- a/hosts/mantis/configuration.nix +++ b/hosts/mantis/configuration.nix @@ -1,222 +1,105 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, self, ... }: +{ config, lib, pkgs, ... }: { imports = - [ - # Include the results of the hardware scan. + [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; - nixpkgs.overlays = with self.overlays; [ - flaresolverr - ]; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "mantis"; # Define your hostname. - networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant. - networking.firewall.allowedTCPPorts = [ 80 443 ]; + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + # Set your time zone. time.timeZone = "Europe/London"; - i18n.defaultLocale = "en_US.UTF-8"; - nixpkgs.config.packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - }; + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - hardware.opengl = { - enable = true; - extraPackages = with pkgs; [ - intel-media-driver - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) - ]; - }; + # hardware.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + services.xserver.libinput.enable = true; + services.tailscale.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.op = { isNormalUser = true; - extraGroups = [ "wheel" "tty" ]; - packages = with pkgs; [ ]; - home = "/home/op"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle" + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + qutebrowser + tree ]; + createHome = true; + home = "/home/op"; }; - users.groups."torrent".members = [ - "op" - "sonarr" - "radarr" - "bazarr" - "jackett" - "lidarr" - "jellyfin" - "transmission" - ]; + # List packages installed in system profile. To search, run: + # $ nix search wget environment.systemPackages = with pkgs; [ - vim + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget - pkgs.jellyfin - pkgs.jellyfin-web - pkgs.jellyfin-ffmpeg - - pkgs.htop - pkgs.ripgrep - pkgs.git + git ]; - services.openssh.enable = true; - services.nginx.enable = true; - services.tailscale.enable = true; - - services.jellyfin = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."stream.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:8096"; - proxyWebsockets = true; - }; - }; - - services.navidrome = { - enable = true; - openFirewall = true; - settings = { - MusicFolder = "/servarr/lidarr/"; - DataFolder = "/etc/navidrome/data"; - CacheFolder = "/etc/navidrome/cache"; - Address = "0.0.0.0"; - Port = 4533; - AuthRequestLimit = 0; - EnableTranscodingConfig = true; - }; - }; - services.nginx.virtualHosts."music.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:4533"; - proxyWebsockets = true; - }; - }; - - services.transmission = { - enable = true; - openFirewall = true; - openRPCPort = true; - group = "torrent"; - settings = { - download-dir = "/torrents"; - incomplete-dir = "/.incomplete"; - rpc-bind-address = "0.0.0.0"; - rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*"; - }; - }; - services.nginx.virtualHosts."torrent.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:9091"; - }; - }; - - services.sonarr = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."sonarr.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:8989"; - }; - }; - - services.radarr = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."radarr.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:7878"; - }; - }; - - services.bazarr = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."bazarr.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:6767"; - }; - }; - - services.jackett = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."jackett.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:9117"; - }; - }; - - services.lidarr = { - enable = true; - openFirewall = true; - group = "torrent"; - }; - services.nginx.virtualHosts."lidarr.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:8686"; - }; - }; - - services.flaresolverr.enable = true; - - services.radicale = { - enable = true; - settings = { - server.hosts = [ "0.0.0.0:5232" ]; - auth = { - type = "htpasswd"; - htpasswd_filename = "/etc/radicale/users"; - htpasswd_encryption = "bcrypt"; - }; - }; - }; - services.nginx.virtualHosts."radicale.mantis" = { - listen = [{ port = 80; addr = "0.0.0.0"; }]; - locations."/" = { - proxyPass = "http://127.0.0.1:5232"; - }; - }; + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + # List services that you want to enable: + # Enable the OpenSSH daemon. + services.openssh.enable = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. @@ -229,7 +112,8 @@ # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. @@ -238,7 +122,7 @@ # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "24.05"; # Did you read the comment? } diff --git a/hosts/mantis/hardware-configuration.nix b/hosts/mantis/hardware-configuration.nix index 6afcb08..3f04a4a 100644 --- a/hosts/mantis/hardware-configuration.nix +++ b/hosts/mantis/hardware-configuration.nix @@ -5,35 +5,28 @@ { imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") + [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { - device = "/dev/disk/by-uuid/e3eda8a2-b5fe-4458-988c-48579a7cc6c6"; - fsType = "ext4"; - }; - - fileSystems."/servarr" = - { - device = "/dev/sdb"; + { device = "/dev/disk/by-uuid/efd94de4-c3fa-4a3b-98f9-66ccfb8479b9"; fsType = "ext4"; }; fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/A170-EC57"; + { device = "/dev/disk/by-uuid/5BBB-E6FE"; fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; }; swapDevices = - [{ device = "/dev/disk/by-uuid/61cb6a91-b916-40b9-b231-c04378629d90"; }]; + [ { device = "/dev/disk/by-uuid/65faea2e-c2ce-4ec2-8aca-e09e5073676b"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -41,7 +34,6 @@ # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/mantis/home.nix b/hosts/mantis/home.nix new file mode 100644 index 0000000..84a365f --- /dev/null +++ b/hosts/mantis/home.nix @@ -0,0 +1,91 @@ +{ config +, pkgs +, theme +, self +, ... +}: + +{ + + imports = [ + ../../programs + ../../services + ../../x + # ./mail.nix + ]; + + home.stateVersion = "22.11"; + home.username = "op"; + home.homeDirectory = "/home/op"; + home.extraOutputsToInstall = [ "man" ]; + home.packages = with pkgs; [ + + # essentials + vim + weechat + firefox + qutebrowser + unzip + tmux + xclip + ripgrep + miniserve + pfetch + st + cmus + tree + w3m + noto-fonts-emoji + fd + du-dust + jq + libnotify + inotify-tools + pavucontrol + bc + killall + + wget + curl + + imagemagick + ffmpeg-full + mpv + slop + maim + arandr + + # monitoring + stress + powertop + + # input + xinput_calibrator + libinput + + nixpkgs-fmt + + ] ++ (import ../../scripts { inherit pkgs; }); + + xdg = { + userDirs = { + enable = true; + desktop = "\$HOME/desktop"; + documents = "\$HOME/docs"; + download = "\$HOME/dloads"; + music = "\$HOME/music"; + pictures = "\$HOME/pics"; + videos = "\$HOME/vids"; + }; + }; + + xsession = { + enable = true; + windowManager.command = "2bwm"; + initExtra = '' + ${pkgs.hsetroot}/bin/hsetroot -solid "${theme.base00}" + xrdb -load $HOME/.Xresources + ''; + }; + +} -- cgit v1.2.3