nixos-config/machines/omo/config.nix

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, lib, ... }:
let
  primaryInterface = config.makefu.server.primary-itf;
in {
  imports =
    [
      ./hw/omo.nix
      #./hw/tsp.nix
      ../../2configs/default.nix
      ../../2configs/headless.nix
      ../../2configs/support-nixos.nix
      ../../2configs/nur.nix
      {
        services.xserver.enable = true;
        services.xserver.displayManager.sddm.enable = true;
        services.xserver.desktopManager.plasma5.enable = true;

        services.xrdp.enable = true;
        services.xrdp.defaultWindowManager = "startplasma-x11";
        services.xrdp.openFirewall = true;
      }
      # x11 forwarding
      {
        services.openssh.settings.X11Forwarding = true;
        users.users.makefu.packages = [
          pkgs.tinymediamanager
        ];
      }
      { environment.systemPackages = [ pkgs.youtube-dl2kodi pkgs.youtube-dl]; }


      ../../2configs/zsh-user.nix
      ../../2configs/home-manager
      ../../2configs/home-manager/cli.nix
      ../../2configs/editor/neovim
      # ../../2configs/storj/client.nix

      ../../2configs/networking/zerotier.nix
      ../../2configs/backup/state.nix

      { makefu.backup.server.repo = "/media/cryptX/backup/borg"; }
      ../../2configs/backup/server.nix
      ../../2configs/exim-retiolum.nix
      # ../../2configs/smart-monitor.nix
      ../../2configs/mail-client.nix
      ../../2configs/mosh.nix
      ../../2configs/tools/core.nix
      ../../2configs/tools/dev.nix
      ../../2configs/tools/desktop.nix
      ../../2configs/tools/mobility.nix
      ../../2configs/tools/consoles.nix
      #../../2configs/graphite-standalone.nix
      #../../2configs/share-user-sftp.nix

      ../../2configs/urlwatch
      # ../../2configs/legacy_only.nix

      ../../2configs/share
      ../../2configs/share/omo.nix
      ../../2configs/share/gum-client.nix
      ../../2configs/sync
      ../../2configs/sync/share/omo.nix

      ../../2configs/wireguard/wiregrill-client.nix

      #  Community services
      ../../2configs/nix-community/legacy-mediawiki-matrix-bot.nix

      #../../2configs/dcpp/airdcpp.nix
      #{ krebs.airdcpp.dcpp.shares = let
      #    d = path: "/media/cryptX/${path}";
      #  in {
      #    emu.path = d "emu";
      #    audiobooks.path = lib.mkForce (d "audiobooks");
      #    incoming.path = lib.mkForce (d "torrent");
      #    anime.path = d "anime";
      #  };
      #  krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
      #}
      {
        # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
        #services.sabnzbd.enable = true;
        #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
      }
      # ../../2configs/share/omo-timemachine.nix
      ../../2configs/tinc/retiolum.nix

      # statistics
      # ../../2configs/stats/client.nix
      # Logging
      #influx + grafana
      ../../2configs/stats/server.nix
      # ../../2configs/stats/nodisk-client.nix
      # logs to influx
      ../../2configs/stats/external/aralast.nix
      ../../2configs/stats/telegraf
      # ../../2configs/stats/telegraf/europastats.nix
      ../../2configs/stats/telegraf/hamstats.nix
      ../../2configs/hw/cdrip.nix

      # services
      {
        services.nginx.enable = true;
        networking.firewall.allowedTCPPorts = [ 80 8123 ];
      }
      # ../../2configs/syncthing.nix
      ../../2configs/remote-build/slave.nix
      # TODO:
      ../../2configs/virtualisation/docker.nix
      # ../../2configs/bluetooth-mpd.nix

      ../../2configs/home/jellyfin.nix
      ../../2configs/home/music.nix
      ../../2configs/home/photoprism.nix
      # ../../2configs/home/tonie.nix
      ../../2configs/home/ps4srv.nix
      # ../../2configs/home/metube.nix
      # ../../2configs/home/ham
      ../../2configs/home/ham/docker.nix
      ../../2configs/home/zigbee2mqtt
      ../../2configs/home/streams.nix
      ../../2configs/home/esphome.nix
      ../../2configs/home/audio-dl.nix
      {
        makefu.ps3netsrv = {
          enable = true;
          servedir = "/media/cryptX/emu/ps3";
        };
        users.users.makefu.packages = [ pkgs.pkgrename ];
      }

      ../../2configs/home/paperless.nix

      #{
      #  hardware.pulseaudio.systemWide = true;
      #  makefu.mpd.musicDirectory = "/media/cryptX/music";
      #}

      # security
      ../../2configs/sshd-totp.nix
      # ../../2configs/logging/central-logging-client.nix

      # ../../2configs/torrent.nix
      {
        #krebs.rtorrent = {
        #  downloadDir = lib.mkForce "/media/cryptX/torrent";
        #  extraConfig = ''
        #    upload_rate = 500
        #  '';
        #};
      }

      # ../../2configs/elchos/search.nix
      # ../../2configs/elchos/log.nix
      # ../../2configs/elchos/irc-token.nix

      ## as long as pyload is not in nixpkgs:
      # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload

      # Temporary:
      # ../../2configs/temp/rst-issue.nix
      # ../../2configs/bgt/social-to-irc.nix

    ];
  makefu.full-populate =  true;
  nixpkgs.config.allowUnfree = true;
  users.users.share.isNormalUser = true;
  users.groups.share = {
    gid = pkgs.stockholm.lib.genid "share";
    members = [ "makefu" "misa" ];
  };
  networking.firewall.trustedInterfaces = [ primaryInterface "docker0" ];


  users.users.misa = {
    uid = 9002;
    name = "misa";
    isNormalUser = true;
  };

  zramSwap.enable = true;

  #krebs.Reaktor.reaktor-shack = {
  #  nickname = "Reaktor|shack";
  #  workdir = "/var/lib/Reaktor/shack";
  #  channels = [ "#shackspace" ];
  #  plugins = with pkgs.ReaktorPlugins;
  #  [ shack-correct
  #    # stockholm-issue
  #    sed-plugin
  #    random-emoji ];
  #};
  #krebs.Reaktor.reaktor-bgt = {
  #  nickname = "Reaktor|bgt";
  #  workdir = "/var/lib/Reaktor/bgt";
  #  channels = [ "#binaergewitter" ];
  #  plugins = with pkgs.ReaktorPlugins;
  #  [ titlebot
  #    # stockholm-issue
  #    nixos-version
  #    shack-correct
  #    sed-plugin
  #    random-emoji ];
  #};

  krebs.build.host = config.krebs.hosts.omo;
}
-												m 1 omo: init

											
										
										
											2015-12-16 12:06:44 +01:00
+								# Edit this configuration file to define what should be installed on
 								# your system.  Help is available in the configuration.nix(5) man page
 								# and in the NixOS manual (accessible by running ‘nixos-help’).
-												k 5 snapraid: is part of upstream

											
										
										
											2016-01-05 16:07:13 +01:00
+								{ config, pkgs, lib, ... }:
 								let
-												ma omo.r: split hardware config, use disko for tsp hardware

											
										
										
											2018-09-13 16:17:39 +02:00
+								  primaryInterface = config.makefu.server.primary-itf;
-												k 5 snapraid: is part of upstream

											
										
										
											2016-01-05 16:07:13 +01:00
+								in {
-												m 1 omo: init

											
										
										
											2015-12-16 12:06:44 +01:00
+								  imports =
-												ma 1 omo: actually build the host

											
										
										
											2016-01-03 06:07:35 +01:00
+								    [
-												ma omo.r: enable airdcpp

											
										
										
											2018-10-14 23:46:51 +02:00
+								      ./hw/omo.nix
 								      #./hw/tsp.nix
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      ../../2configs/default.nix
 								      ../../2configs/headless.nix
 								      ../../2configs/support-nixos.nix
 								      ../../2configs/nur.nix
-												machines: remove nixpkgs.config

											
										
										
											2024-01-15 22:35:36 +01:00
+								      {
 								        services.xserver.enable = true;
 								        services.xserver.displayManager.sddm.enable = true;
 								        services.xserver.desktopManager.plasma5.enable = true;
 								        services.xrdp.enable = true;
 								        services.xrdp.defaultWindowManager = "startplasma-x11";
 								        services.xrdp.openFirewall = true;
 								      }
-												ma omo.r: enable ipv6, x11 forwarding

											
										
										
											2020-07-02 08:31:53 +02:00
+								      # x11 forwarding
 								      {
-												mediawiki-matrix-bot: move legacy bot to omo

											
										
										
											2024-05-11 02:06:48 +02:00
+								        services.openssh.settings.X11Forwarding = true;
-												ma omo.r: enable ipv6, x11 forwarding

											
										
										
											2020-07-02 08:31:53 +02:00
+								        users.users.makefu.packages = [
 								          pkgs.tinymediamanager
 								        ];
 								      }
 								      { environment.systemPackages = [ pkgs.youtube-dl2kodi pkgs.youtube-dl]; }
-												ma omo.r: enable home-manager zsh config

											
										
										
											2020-05-28 16:06:05 +02:00
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      ../../2configs/zsh-user.nix
 								      ../../2configs/home-manager
 								      ../../2configs/home-manager/cli.nix
 								      ../../2configs/editor/neovim
 								      # ../../2configs/storj/client.nix
-												ma omo.r: enable home-manager zsh config

											
										
										
											2020-05-28 16:06:05 +02:00
-												omo/gum: add zerotier secrets

											
										
										
											2024-02-14 23:44:28 +01:00
+								      ../../2configs/networking/zerotier.nix
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      ../../2configs/backup/state.nix
-												ma backup: update backup files for bgt,gum,omo

											
										
										
											2021-04-04 08:45:15 +02:00
 								      { makefu.backup.server.repo = "/media/cryptX/backup/borg"; }
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      ../../2configs/backup/server.nix
 								      ../../2configs/exim-retiolum.nix
 								      # ../../2configs/smart-monitor.nix
 								      ../../2configs/mail-client.nix
 								      ../../2configs/mosh.nix
 								      ../../2configs/tools/core.nix
 								      ../../2configs/tools/dev.nix
 								      ../../2configs/tools/desktop.nix
 								      ../../2configs/tools/mobility.nix
 								      ../../2configs/tools/consoles.nix
 								      #../../2configs/graphite-standalone.nix
 								      #../../2configs/share-user-sftp.nix
 								      ../../2configs/urlwatch
 								      # ../../2configs/legacy_only.nix
 								      ../../2configs/share
 								      ../../2configs/share/omo.nix
 								      ../../2configs/share/gum-client.nix
-												mediawiki-matrix-bot: move legacy bot to omo

											
										
										
											2024-05-11 02:06:48 +02:00
+								      ../../2configs/sync
 								      ../../2configs/sync/share/omo.nix
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
-												machines: remove nixpkgs.config

											
										
										
											2024-01-15 22:35:36 +01:00
+								      ../../2configs/wireguard/wiregrill-client.nix
-												mediawiki-matrix-bot: move legacy bot to omo

											
										
										
											2024-05-11 02:06:48 +02:00
 								      #  Community services
 								      ../../2configs/nix-community/legacy-mediawiki-matrix-bot.nix
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      #../../2configs/dcpp/airdcpp.nix
-												ma omo.r: apply deployment changes

											
										
										
											2023-06-03 15:41:49 +02:00
+								      #{ krebs.airdcpp.dcpp.shares = let
 								      #    d = path: "/media/cryptX/${path}";
 								      #  in {
 								      #    emu.path = d "emu";
 								      #    audiobooks.path = lib.mkForce (d "audiobooks");
 								      #    incoming.path = lib.mkForce (d "torrent");
 								      #    anime.path = d "anime";
 								      #  };
 								      #  krebs.airdcpp.dcpp.DownloadDirectory = "/media/cryptX/torrent/dcpp";
 								      #}
-												ma omo.r: enable airdcpp

											
										
										
											2018-10-14 23:46:51 +02:00
+								      {
 								        # copy config from <secrets/sabnzbd.ini> to /var/lib/sabnzbd/
 								        #services.sabnzbd.enable = true;
 								        #systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
 								      }
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      # ../../2configs/share/omo-timemachine.nix
 								      ../../2configs/tinc/retiolum.nix
-												m 2: rename stats and share

											
										
										
											2017-05-25 23:19:36 +02:00
-												ma omor: move homeautomation, add google-muell

											
										
										
											2018-12-13 01:31:17 +01:00
+								      # statistics
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      # ../../2configs/stats/client.nix
-												m 2: rename stats and share

											
										
										
											2017-05-25 23:19:36 +02:00
+								      # Logging
-												ma omo: enable sshd-totp

											
										
										
											2017-07-21 10:49:11 +02:00
+								      #influx + grafana
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      ../../2configs/stats/server.nix
 								      # ../../2configs/stats/nodisk-client.nix
-												ma omo: enable sshd-totp

											
										
										
											2017-07-21 10:49:11 +02:00
+								      # logs to influx
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      ../../2configs/stats/external/aralast.nix
 								      ../../2configs/stats/telegraf
 								      # ../../2configs/stats/telegraf/europastats.nix
 								      ../../2configs/stats/telegraf/hamstats.nix
 								      ../../2configs/hw/cdrip.nix
-												m 1 omo: add mqtt

											
										
										
											2017-05-02 14:04:39 +02:00
 								      # services
-												ma omo.r: enable airdcpp

											
										
										
											2018-10-14 23:46:51 +02:00
+								      {
 								        services.nginx.enable = true;
-												ma omo.r: apply deployment changes

											
										
										
											2023-06-03 15:41:49 +02:00
+								        networking.firewall.allowedTCPPorts = [ 80 8123 ];
-												ma omo.r: enable airdcpp

											
										
										
											2018-10-14 23:46:51 +02:00
+								      }
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      # ../../2configs/syncthing.nix
 								      ../../2configs/remote-build/slave.nix
-												ma omo.r,wbob.r: allow insecure home-assistant

											
										
										
											2018-11-21 08:24:35 +01:00
+								      # TODO:
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      ../../2configs/virtualisation/docker.nix
-												machines: remove nixpkgs.config

											
										
										
											2024-01-15 22:35:36 +01:00
+								      # ../../2configs/bluetooth-mpd.nix
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
 								      ../../2configs/home/jellyfin.nix
 								      ../../2configs/home/music.nix
 								      ../../2configs/home/photoprism.nix
 								      # ../../2configs/home/tonie.nix
 								      ../../2configs/home/ps4srv.nix
 								      # ../../2configs/home/metube.nix
 								      # ../../2configs/home/ham
 								      ../../2configs/home/ham/docker.nix
 								      ../../2configs/home/zigbee2mqtt
-												nixos-config: push dirty laundry

											
										
										
											2023-09-20 16:54:07 +02:00
+								      ../../2configs/home/streams.nix
-												mediawiki-matrix-bot: move legacy bot to omo

											
										
										
											2024-05-11 02:06:48 +02:00
+								      ../../2configs/home/esphome.nix
-												machines: remove grub.version

											
										
										
											2024-05-30 18:12:55 +02:00
+								      ../../2configs/home/audio-dl.nix
-												ma omo.r: enable airdcpp

											
										
										
											2018-10-14 23:46:51 +02:00
+								      {
 								        makefu.ps3netsrv = {
 								          enable = true;
 								          servedir = "/media/cryptX/emu/ps3";
 								        };
-												ma omo.r: enable more services

											
										
										
											2022-02-28 21:31:52 +01:00
+								        users.users.makefu.packages = [ pkgs.pkgrename ];
-												ma omo.r: enable airdcpp

											
										
										
											2018-10-14 23:46:51 +02:00
+								      }
-												ma omo.r: deploy airsonic,photoprism,metube

											
										
										
											2021-03-12 20:10:27 +01:00
-												machines: remove nixpkgs.config

											
										
										
											2024-01-15 22:35:36 +01:00
+								      ../../2configs/home/paperless.nix
-												ma omo.r: deploy airsonic,photoprism,metube

											
										
										
											2021-03-12 20:10:27 +01:00
-												machines: remove nixpkgs.config

											
										
										
											2024-01-15 22:35:36 +01:00
+								      #{
 								      #  hardware.pulseaudio.systemWide = true;
 								      #  makefu.mpd.musicDirectory = "/media/cryptX/music";
 								      #}
-												ma: enable remote-build on gum,omo - x is master

											
										
										
											2017-09-29 21:37:24 +02:00
-												ma omo: enable sshd-totp

											
										
										
											2017-07-21 10:49:11 +02:00
+								      # security
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      ../../2configs/sshd-totp.nix
 								      # ../../2configs/logging/central-logging-client.nix
-												Apply stashed changes

sorry

											
										
										
											2017-02-04 14:35:29 +01:00
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      # ../../2configs/torrent.nix
-												ma omo.r: deploy airsonic,photoprism,metube

											
										
										
											2021-03-12 20:10:27 +01:00
+								      {
 								        #krebs.rtorrent = {
 								        #  downloadDir = lib.mkForce "/media/cryptX/torrent";
 								        #  extraConfig = ''
 								        #    upload_rate = 500
 								        #  '';
 								        #};
 								      }
-												m 1 omo: be more permissive with mergerfs

											
										
										
											2016-12-24 23:39:23 +01:00
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      # ../../2configs/elchos/search.nix
 								      # ../../2configs/elchos/log.nix
 								      # ../../2configs/elchos/irc-token.nix
-												ma 1 omo: finish hw merge for omo

											
										
										
											2016-06-12 19:43:50 +02:00
 								      ## as long as pyload is not in nixpkgs:
 								      # docker run -d -v /var/lib/pyload:/opt/pyload/pyload-config -v /media/crypt0/pyload:/opt/pyload/Downloads --name pyload --restart=always -p 8112:8000 -P writl/pyload
-												ma omo.r: enable telegraf

											
										
										
											2017-09-19 16:39:58 +02:00
 								      # Temporary:
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								      # ../../2configs/temp/rst-issue.nix
-												omo/gum: add zerotier secrets

											
										
										
											2024-02-14 23:44:28 +01:00
+								      # ../../2configs/bgt/social-to-irc.nix
-												ma omo.r: split hardware config, use disko for tsp hardware

											
										
										
											2018-09-13 16:17:39 +02:00
-												m 1 omo: init

											
										
										
											2015-12-16 12:06:44 +01:00
+								    ];
-												ma homeautomation: add mqtt broker with acl

											
										
										
											2018-09-18 02:16:12 +02:00
+								  makefu.full-populate =  true;
-												ma omo.r,wbob.r: allow insecure home-assistant

											
										
										
											2018-11-21 08:24:35 +01:00
+								  nixpkgs.config.allowUnfree = true;
-												ma treewide: make 21.05 compatible (is*User, other fixes)

											
										
										
											2021-06-05 15:52:06 +02:00
+								  users.users.share.isNormalUser = true;
-												m 1 omo: configure deluge

											
										
										
											2016-08-22 18:43:38 +02:00
+								  users.groups.share = {
-systems: stockholm/lib -> stockholm.lib

											
										
										
											2023-07-02 16:14:53 +02:00
+								    gid = pkgs.stockholm.lib.genid "share";
-												m 1 omo: configure deluge

											
										
										
											2016-08-22 18:43:38 +02:00
+								    members = [ "makefu" "misa" ];
 								  };
-												ma 2/homeautomation -> 2/ham

avoid overlapping autocomplete with home-manager

											
										
										
											2020-02-05 17:34:44 +01:00
+								  networking.firewall.trustedInterfaces = [ primaryInterface "docker0" ];
-												ma 1 omo: add sabnzbd;

											
										
										
											2016-01-08 03:37:38 +01:00
-												ma 1 omo: init share user

											
										
										
											2016-07-11 20:45:34 +02:00
+								  users.users.misa = {
 								    uid = 9002;
 								    name = "misa";
-												ma treewide: make 21.05 compatible (is*User, other fixes)

											
										
										
											2021-06-05 15:52:06 +02:00
+								    isNormalUser = true;
-												ma 1 omo: init share user

											
										
										
											2016-07-11 20:45:34 +02:00
+								  };
-												m 1 omo: init

											
										
										
											2015-12-16 12:06:44 +01:00
-												ma 1 omo: add sabnzbd;

											
										
										
											2016-01-08 03:37:38 +01:00
+								  zramSwap.enable = true;
-												ma 1 omo: actually build the host

											
										
										
											2016-01-03 06:07:35 +01:00
-												ma omo,x.r: disable ipv6 until studio-link issue is resolved

											
										
										
											2020-05-21 11:03:32 +02:00
+								  #krebs.Reaktor.reaktor-shack = {
 								  #  nickname = "Reaktor|shack";
 								  #  workdir = "/var/lib/Reaktor/shack";
 								  #  channels = [ "#shackspace" ];
 								  #  plugins = with pkgs.ReaktorPlugins;
 								  #  [ shack-correct
 								  #    # stockholm-issue
 								  #    sed-plugin
 								  #    random-emoji ];
 								  #};
-												ma 2/homeautomation -> 2/ham

avoid overlapping autocomplete with home-manager

											
										
										
											2020-02-05 17:34:44 +01:00
+								  #krebs.Reaktor.reaktor-bgt = {
 								  #  nickname = "Reaktor|bgt";
 								  #  workdir = "/var/lib/Reaktor/bgt";
 								  #  channels = [ "#binaergewitter" ];
 								  #  plugins = with pkgs.ReaktorPlugins;
 								  #  [ titlebot
 								  #    # stockholm-issue
 								  #    nixos-version
 								  #    shack-correct
 								  #    sed-plugin
 								  #    random-emoji ];
 								  #};
-												m 1 wry: mv Reaktor to omo

											
										
										
											2017-03-24 13:03:46 +01:00
-												ma 1 omo: add samba share

											
										
										
											2016-01-27 22:00:50 +01:00
+								  krebs.build.host = config.krebs.hosts.omo;
-												m 1 omo: init

											
										
										
											2015-12-16 12:06:44 +01:00
+								}