# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, self, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; nixpkgs.overlays = with self.overlays; [ flaresolverr ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "mantis"; # Define your hostname. networking.wireless.iwd.enable = true; # Enables wireless support via wpa_supplicant. networking.firewall.allowedTCPPorts = [ 80 443 ]; time.timeZone = "Europe/London"; i18n.defaultLocale = "en_US.UTF-8"; nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = true; hardware.opengl = { enable = true; extraPackages = with pkgs; [ intel-media-driver vaapiIntel vaapiVdpau libvdpau-va-gl intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) ]; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.op = { isNormalUser = true; extraGroups = [ "wheel" "tty" ]; packages = with pkgs; [ ]; home = "/home/op"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzFK/zY2ZaAftBfFPO+IJAgyD45pe0fXrpF81p8aNIl np@myrtle" ]; }; users.groups."torrent".members = [ "op" "sonarr" "radarr" "bazarr" "jackett" "lidarr" "jellyfin" "transmission" ]; environment.systemPackages = with pkgs; [ vim wget pkgs.jellyfin pkgs.jellyfin-web pkgs.jellyfin-ffmpeg pkgs.htop pkgs.ripgrep pkgs.git ]; services.openssh.enable = true; services.nginx.enable = true; services.tailscale.enable = true; services.jellyfin = { enable = true; openFirewall = true; group = "torrent"; }; services.nginx.virtualHosts."stream.mantis" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:8096"; proxyWebsockets = true; }; }; services.navidrome = { enable = true; openFirewall = true; settings = { MusicFolder = "/servarr/lidarr/"; DataFolder = "/etc/navidrome/data"; CacheFolder = "/etc/navidrome/cache"; Address = "0.0.0.0"; Port = 4533; AuthRequestLimit = 0; EnableTranscodingConfig = true; }; }; services.nginx.virtualHosts."music.mantis" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:4533"; proxyWebsockets = true; }; }; services.transmission = { enable = true; openFirewall = true; openRPCPort = true; group = "torrent"; settings = { download-dir = "/torrents"; incomplete-dir = "/.incomplete"; rpc-bind-address = "0.0.0.0"; rpc-whitelist = "127.0.0.1,10.0.0.1,192.168.*.*,100.64.*.*"; }; }; services.nginx.virtualHosts."torrent.mantis" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:9091"; }; }; services.sonarr = { enable = true; openFirewall = true; group = "torrent"; }; services.nginx.virtualHosts."sonarr.mantis" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:8989"; }; }; services.radarr = { enable = true; openFirewall = true; group = "torrent"; }; services.nginx.virtualHosts."radarr.mantis" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:7878"; }; }; services.bazarr = { enable = true; openFirewall = true; group = "torrent"; }; services.nginx.virtualHosts."bazarr.mantis" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:6767"; }; }; services.jackett = { enable = true; openFirewall = true; group = "torrent"; }; services.nginx.virtualHosts."jackett.mantis" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:9117"; }; }; services.lidarr = { enable = true; openFirewall = true; group = "torrent"; }; services.nginx.virtualHosts."lidarr.mantis" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:8686"; }; }; services.flaresolverr.enable = true; services.radicale = { enable = true; settings = { server.hosts = [ "0.0.0.0:5232" ]; auth = { type = "htpasswd"; htpasswd_filename = "/etc/radicale/users"; htpasswd_encryption = "bcrypt"; }; }; }; services.nginx.virtualHosts."radicale.mantis" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:5232"; }; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? }