makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

emergency commit

Browse source
This commit is contained in:
makefu 2024-08-04 23:31:57 +02:00
parent 296ce20ef6
commit d0d7d8c9a8
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
32 changed files with 149 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
2configs/audio/raop-discover.nix
View file

@ -1,23 +1,27 @@
{
# https://docs.pipewire.org/page_module_raop_discover.html
services.pipewire.extraConfig.pipewire."92-raop-discover" = {
services.pipewire.raopOpenFirewall = true;
hardware.pulseaudio.zeroconf.discovery.enable = true;
services.pipewire.extraConfig.pipewire."zz_raop-discover" = {
"context.modules" = [
{
name = "libpipewire-raop-discover";
args = {
"stream.rules" = [
{ matches = [
{ raop.ip = "~.*";
}
];
actions = {
create-stream = {
stream.props = {};
};
};
}
];
};
name = "libpipewire-module-raop-discover";
#args = {
# #"roap.discover-local" = true;
# #"raop.discover-local" = true;
# "stream.rules" = [
# { matches = [
# { raop.ip = "~.*";
# }
# ];
# actions = {
# create-stream = {
# stream.props = {};
# };
# };
# }
# ];
#};
}
];
};

2
2configs/default.nix
View file

@ -49,7 +49,7 @@ with lib;
nix-output-monitor
];
programs.bash.enableCompletion = true;
#programs.bash.completion.enable = true;
environment.shellAliases = {
# TODO: see .aliases

2
2configs/deployment/nextcloud/screeenly.nix
View file

@ -3,7 +3,7 @@
image = "hadogenes/screeenly";
ports = [ "127.0.0.1:8122:80" ];
environment = {
APP_KEY = "herpderp";
};
};
}

9
2configs/deployment/wiki.euer.nix
View file

@ -1,4 +1,4 @@
{ config,...}:
{ pkgs, lib, config,...}:
let
port = 14322;
fqdn = "wiki.euer.krebsco.de";
@ -9,13 +9,16 @@ in {
locations."/".proxyPass = "http://localhost:${toString port}";
};
sops.secrets.tiddlywiki-creds = { };
systemd.services.tiddlywiki.serviceConfig.LoadCredential= "creds:${config.sops.secrets.tiddlywiki-creds}";
systemd.services.tiddlywiki.path = [ pkgs.coreutils-full ];
systemd.services.tiddlywiki.serviceConfig.LoadCredential= "creds:${config.sops.secrets.tiddlywiki-creds.path}";
services.tiddlywiki = {
enable = true;
listenOptions = {
inherit port;
credentials = "$CREDENTIALS_DIRECTORY/creds";
credentials = "\${CREDENTIALS_DIRECTORY}/creds";
readers = "(anon)";
writers = "makefu,samu";
admin = "makefu";
};
};

4
2configs/editor/neovim/default.nix
View file

@ -50,8 +50,8 @@
ReplaceWithRegister # For better copying/replacing
polyglot # Language pack
vim-indent-guides # for displaying indent levels
deoplete-nvim # general autocompletion
deoplete-go
#deoplete-nvim # general autocompletion
#deoplete-go
ale
molokai # color scheme
];

6
2configs/fs/disko/single-disk-encrypted-zfs.nix
View file

@ -1,4 +1,4 @@
{ disk ? "/dev/nvme0n1", hostId, ... }:
{ config,disk ? "/dev/nvme0n1", hostId, ... }:
{
services.zfs.autoScrub.enable = true;
boot.zfs.requestEncryptionCredentials = true;
@ -6,6 +6,10 @@
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
networking.hostId = hostId;
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
# reduce ARC to 2GB
boot.kernelParams = [ "zfs.zfs_arc_max=2884901888" ];
disko.devices = {
disk = {

1
2configs/home-manager/zsh.nix
View file

@ -10,7 +10,6 @@
imports = [
{
home-manager.users.makefu.home.packages = [
(pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
];
}
{ # bat

2
2configs/home/audio-dl.nix
View file

@ -7,7 +7,7 @@ in
pkg
];
systemd.services.mausdownload = {
startAt = "daily";
startAt = "6:15:00";
path = [ pkg ];
script = "mausdownload.sh /media/silent/music/kinder/hoerbucher";
serviceConfig= {

31
2configs/home/jellyfin.nix
View file

@ -3,23 +3,24 @@ let
port = 8096;
in
{
services.jellyfin.enable = true;
# services.jellyfin.openFirewall = true;
networking.firewall.interfaces.wiregrill = {
allowedTCPPorts = [ 80 port 8920 ];
allowedUDPPorts = [ 1900 7359 ];
};
state = [ "/var/lib/jellyfin" ];
users.users.${config.services.jellyfin.user}.extraGroups = [ "download" "video" "render" ];
services.jellyfin.enable = true;
services.jellyfin.group = "download";
# services.jellyfin.openFirewall = true;
networking.firewall.interfaces.wiregrill = {
allowedTCPPorts = [ 80 port 8920 ];
allowedUDPPorts = [ 1900 7359 ];
};
state = [ "/var/lib/jellyfin" ];
users.users.${config.services.jellyfin.user}.extraGroups = [ "download" "video" "render" ];
systemd.services.jellyfin = {
after = [ "media-cloud.mount" ];
serviceConfig = rec {
RequiresMountsFor = [ "/media/cloud" ];
SupplementaryGroups = lib.mkForce [ "video" "render" "download" ];
UMask = lib.mkForce "0077";
};
systemd.services.jellyfin = {
after = [ "media-cloud.mount" ];
serviceConfig = rec {
RequiresMountsFor = [ "/media/cloud" ];
SupplementaryGroups = lib.mkForce [ "video" "render" "download" ];
UMask = lib.mkForce "0007";
};
};
services.nginx.virtualHosts."jelly" = {
serverAliases = [
"jelly.lan" "movies.lan"

37
2configs/home/metube.nix
View file

@ -1,37 +1,36 @@
{ pkgs, lib, ...}:
# docker run -d -p 8081:8081 -v /path/to/downloads:/downloads --user 1001:1001 alexta69/metube
with pkgs.stockholm.lib;
{ config, pkgs, lib, ...}:
let
port = "2348";
dl-dir = "/media/cryptX/youtube/music";
music-dir = "/media/silent/music/youtube";
dl-dir = "/media/cryptX/youtube";
uid = 20421;
internal-ip = "192.168.111.11";
in
{
systemd.tmpfiles.rules = [
"d ${dl-dir} metube nogroup - -"
];
services.nginx.virtualHosts."tube" = {
serverAliases = [ "tube.lan" ];
locations."/".proxyPass = "http://localhost:${port}";
serverAliases = [ "tube.lan" "mtube.lan" ];
locations."/" = {
proxyPass = "http://localhost:${port}";
proxyWebsockets = true;
};
};
virtualisation.oci-containers.containers.metube = {
image = "alexta69/metube:latest";
ports = [ "${port}:8081" ];
volumes = [
"${music-dir}:/music"
"${dl-dir}:/downloads"
];
user = "metube";
};
users.users.metube = {
uid = uid;
isSystemUser = true;
};
systemd.services.docker-metube.serviceConfig = {
StandardOutput = lib.mkForce "journal";
StandardError = lib.mkForce "journal";
environment = {
UID = toString config.users.users.download.uid;
GID = toString config.users.groups.download.gid;
DOWNLOAD_DIR = "/downloads";
AUDIO_DOWNLOAD_DIR = "/music";
#PUBLIC_HOST_URL = "tube.lan";
#PUBLIC_HOST_AUDIO_URL = "mtube.lan";
};
#user = "metube";
};
}

20
2configs/home/music.nix
View file

@ -1,19 +1,35 @@
{ config, ... }:
{ config,lib, ... }:
let
internal-ip = "192.168.111.11";
port = 4533;
cfg = config.services.navidrome;
in
{
services.navidrome.enable = true;
services.navidrome.settings = {
#MusicFolder = "/media/cryptX/music/kinder";
MusicFolder = "/media/silent/music/kinder";
MusicFolder = "/media/silent/music";
PlaylistsPath = "/media/silent/playlists";
Address = "0.0.0.0";
};
systemd.services.navidrome = {
serviceConfig = {
Restart = "always";
RestartSec = "15";
BindReadOnlyPaths =
[
# navidrome uses online services to download additional album metadata / covers
"${
config.environment.etc."ssl/certs/ca-certificates.crt".source
}:/etc/ssl/certs/ca-certificates.crt"
builtins.storeDir
"/etc"
]
++ lib.optional (cfg.settings ? MusicFolder) cfg.settings.MusicFolder
++ lib.optionals config.services.resolved.enable [
"/run/systemd/resolve/stub-resolv.conf"
"/run/systemd/resolve/resolv.conf"
];
};
unitConfig.RequiresMountsFor = [ "/media/silent" ];
};

2
2configs/home/photoprism.nix
View file

@ -21,8 +21,6 @@ let
internal-ip = "192.168.111.11";
in
{
virtualisation.oci-containers.backend = "docker";
services.nginx.virtualHosts."photos" = {
serverAliases = [
"photos.lan"

6
2configs/hw/network-manager.nix
View file

@ -34,9 +34,9 @@
state = [
"/etc/NetworkManager/system-connections" #NM stateful config files
];
networking.networkmanager.dispatcherScripts = [
{ source = "${pkgs.prison-break}/bin/prison-break"; }
];
#networking.networkmanager.dispatcherScripts = [
# { source = "${pkgs.prison-break}/bin/prison-break"; }
#];
# TODO: not sure if this actually works
systemd.services.NetworkManager-dispatcher.environment = {

2
2configs/share/default.nix
View file

@ -16,6 +16,8 @@ in {
};
};
systemd.services.syncthing = lib.mkIf config.services.syncthing.enable { serviceConfig.Group = lib.mkForce "download";};
users.groups = {
download = {
gid = lib.mkDefault (genid "download");

1
2configs/sync/default.nix
View file

@ -24,6 +24,5 @@ in {
cert = config.sops.secrets."${config.clanCore.machineName}-syncthing.cert".path;
};
};
boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
}

7
2configs/sync/share/gum.nix
View file

@ -2,10 +2,15 @@
services.syncthing.user = "download";
services.syncthing.settings.folders = {
manga = {
path = "/media/cloud/download/manga/live/";
path = "/media/cloud/sync/manga/";
id = "makefu-manga";
devices = [ "omo" "makefu-ebook" "makefu-phone" "x" ];
};
audiobooks = {
path = "/media/cloud/sync/audiobooks";
id = "makefu-audiobooks";
devices = [ "omo" "makefu-phone" "x" ];
};
download = {
path = "/media/cloud/download/";
id = "makefu-download";

7
2configs/sync/share/omo.nix
View file

@ -6,10 +6,15 @@
devices = [ "mors" "prism" ];
};
manga = {
path = "/media/crypt1/download/manga/live";
path = "/media/crypt1/sync/manga";
id = "makefu-manga";
devices = [ "gum" "makefu-ebook" "makefu-phone" "x" ];
};
audiobooks = {
path = "/media/crypt1/sync/audiobooks";
id = "makefu-audiobooks";
devices = [ "omo" "gum" "makefu-phone" "x" ];
};
download = {
path = "/media/crypt1/download";
id = "makefu-download";

7
2configs/sync/share/x.nix
View file

@ -2,9 +2,14 @@
services.syncthing.user = "makefu";
services.syncthing.settings.folders = {
manga = {
path = "/home/makefu/manga/live";
path = "/home/makefu/sync/manga";
id = "makefu-manga";
devices = [ "omo" "gum" "makefu-ebook" "makefu-phone" "x" ];
};
audiobooks = {
path = "/home/makefu/sync/audiobooks";
id = "makefu-audiobooks";
devices = [ "omo" "gum" "makefu-phone" "x" ];
};
};
}

1
2configs/tools/core-gui.nix
View file

@ -7,6 +7,7 @@
feh
clipit
# firefox
(pkgs.writers.writeDashBin "privatefox" "exec firefox -P Privatefox")
pcmanfm
evince
# replacement for mirage:

2
2configs/tools/extra-gui.nix
View file

@ -25,6 +25,6 @@
# 3d Modelling
chitubox
freecad
# freecad
];
}

3
2configs/tools/maker.nix
View file

@ -12,7 +12,8 @@
# slicing
#cura
chitubox
cura
# cura
bambu-studio
];
xdg.portal.enable = true;
#xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];

2
2configs/tools/media.nix
View file

@ -11,7 +11,7 @@
# quodlibet # exfalso
tinymediamanager
plowshare
# plowshare
streamripper
yt-dlp

3
2configs/virtualisation/docker.nix
View file

@ -2,7 +2,8 @@
{
virtualisation.docker = {
enable = true;
storageDriver = "devicemapper";
# storageDriver = "devicemapper";
storageDriver = "overlay2";
};
environment.systemPackages = with pkgs;[
docker

2
5pkgs/custom/mediawiki-matrix-bot/default.nix
View file

@ -8,7 +8,7 @@ buildPythonApplication rec {
owner = "nix-community";
repo = "mediawiki-matrix-bot";
rev = "refs/heads/custom_api_path";
hash = "sha256-KhXXG9h1GgZfrivtSYa1GL6xpfCuPwreffkhWSw6Kzg";
hash = "sha256-hL03E2afftdccnB72cKKgVvvzNuLY3P33oiXWbvowus=";
};
propagatedBuildInputs = [
feedparser matrix-nio docopt aiohttp aiofiles

4
5pkgs/ns-atmosphere-programmer/default.nix
View file

@ -4,7 +4,7 @@
, xorg
, libpng12
, gtk3
, gnome
, adwaita-icon-theme
}:
stdenv.mkDerivation rec {
name = "ns-atmosphere-programmer-${version}";
@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
installPhase = ''
install -D -m755 NS-Atmosphere $out/bin/NS-Atmosphere
wrapProgram $out/bin/NS-Atmosphere --prefix XDG_DATA_DIRS : "$GSETTINGS_SCHEMAS_PATH" \
--suffix XDG_DATA_DIRS : '${gnome.adwaita-icon-theme}/share'
--suffix XDG_DATA_DIRS : '${adwaita-icon-theme}/share'
'';
dontStrip = true;

2
5pkgs/ratt/default.nix
View file

@ -11,7 +11,7 @@ buildGoModule rec {
};
proxyVendor = true;
vendorHash = "sha256-8iB1+ufoN65n5FnCkLfoVoBXaL3LkNtzgYBF2rPWtGg=";
vendorHash = "sha256-aTsQyN+5OKApGI4ckSrQEkkXpBcvuz1ghQ5FwASNzOs=";
# tests try to access the internet to scrape websites
doCheck = false;

18
flake.lock
View file

@ -365,11 +365,11 @@
]
},
"locked": {
"lastModified": 1718788307,
"narHash": "sha256-SqiOz0sljM0GjyQEVinPXQxaGcbOXw5OgpCWGPgh/vo=",
"lastModified": 1721534365,
"narHash": "sha256-XpZOkaSJKdOsz1wU6JfO59Rx2fqtcarQ0y6ndIOKNpI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d7830d05421d0ced83a0f007900898bdcaf2a2ca",
"rev": "635563f245309ef5320f80c7ebcb89b2398d2949",
"type": "github"
},
"original": {
@ -556,11 +556,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1719895800,
"narHash": "sha256-xNbjISJTFailxass4LmdWeV4jNhAlmJPwj46a/GxE6M=",
"lastModified": 1720737798,
"narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "6e253f12b1009053eff5344be5e835f604bb64cd",
"rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751",
"type": "github"
},
"original": {
@ -571,11 +571,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1719848872,
"narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
"lastModified": 1721379653,
"narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
"rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374",
"type": "github"
},
"original": {

13
machines/gum/config.nix
View file

@ -40,16 +40,14 @@ in {
../../2configs/share/hetzner-client.nix
# ../../2configs/stats/netdata-server.nix
../../2configs/headless.nix
# Security
../../2configs/sshd-totp.nix
# Tools
../../2configs/tools/core.nix
../../2configs/tools/dev.nix
../../2configs/tools/sec.nix
#../../2configs/tools/desktop.nix
# ../../2configs/tools/dev.nix
# ../../2configs/tools/sec.nix
# ../../2configs/tools/desktop.nix
../../2configs/zsh-user.nix
../../2configs/mosh.nix
@ -156,7 +154,7 @@ in {
../../2configs/deployment/nextcloud/screeenly.nix
../../2configs/deployment/buildbot/master.nix
../../2configs/deployment/buildbot/worker.nix
# ../../2configs/deployment/buildbot/worker.nix
### Moving owncloud data dir to /media/cloud/nextcloud-data
{
users.users.nextcloud.extraGroups = [ "download" ];
@ -179,7 +177,6 @@ in {
../../2configs/nginx/dl.euer.krebsco.de.nix
#../../2configs/nginx/euer.test.nix
../../2configs/nginx/euer.mon.nix
../../2configs/nginx/euer.wiki.nix
../../2configs/nginx/euer.blog.nix
../../2configs/nginx/music.euer.nix
## ../../2configs/nginx/gum.krebsco.de.nix
@ -201,6 +198,8 @@ in {
../../2configs/bgt/etherpad.euer.krebsco.de.nix
# ../../2configs/deployment/systemdultras-rss.nix
../../2configs/deployment/wiki.euer.nix
../../2configs/shiori.nix
#../../2configs/workadventure

5
machines/gum/hetznercloud/default.nix
View file

@ -5,9 +5,10 @@
[ ./network.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
# Disk
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.uki.tries = 3;
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
@ -33,6 +34,7 @@
};
swapDevices = [ ];
zramSwap.enable = true;
boot.loader.grub.device = "/dev/sda";
networking.hostId = "3150697b"; # required for zfs use
@ -43,6 +45,7 @@
boot.loader.grub.copyKernels = true;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
boot.kernelParams = [
"zfs.zfs_arc_max=1073741824"
"boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
];

7
machines/omo/config.nix
View file

@ -11,7 +11,6 @@ in {
./hw/omo.nix
#./hw/tsp.nix
../../2configs/default.nix
../../2configs/headless.nix
../../2configs/support-nixos.nix
../../2configs/nur.nix
{
@ -30,7 +29,7 @@ in {
pkgs.tinymediamanager
];
}
{ environment.systemPackages = [ pkgs.youtube-dl2kodi pkgs.youtube-dl]; }
{ environment.systemPackages = [ pkgs.youtube-dl2kodi pkgs.yt-dlp]; }
../../2configs/zsh-user.nix
@ -110,7 +109,7 @@ in {
# ../../2configs/syncthing.nix
../../2configs/remote-build/slave.nix
# TODO:
../../2configs/virtualisation/docker.nix
../../2configs/virtualisation/podman.nix
# ../../2configs/bluetooth-mpd.nix
../../2configs/home/jellyfin.nix
@ -118,7 +117,7 @@ in {
../../2configs/home/photoprism.nix
# ../../2configs/home/tonie.nix
../../2configs/home/ps4srv.nix
# ../../2configs/home/metube.nix
../../2configs/home/metube.nix
# ../../2configs/home/ham
../../2configs/home/ham/docker.nix
../../2configs/home/zigbee2mqtt

1
machines/savarcast/config.nix
View file

@ -43,7 +43,6 @@
# misc
../../2configs/support-nixos.nix
../../2configs/headless.nix
];
# TODO: ingo:
# "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5G4SzPWZAJHrxpN2hQ0TzfPz5KO4eZISZxL3j/pkPs+6/YLXwB22AuU5qvNBi5uVIIZNqJBoaAcj/NePkiu6i2iAVzntAVWhBQlCLIlN0YXwXZ7E19fVUxvG65XV8D86YXSKrKkeDqk6SmQhReeWexMxTIKtj9Ipa7i9lPHBsls="

5
machines/x/config.nix
View file

@ -25,6 +25,7 @@
# ../../2configs/hw/droidcam.nix
../../2configs/hw/smartcard.nix
../../2configs/hw/upower.nix
# ../../2configs/audio/raop-discover.nix
#../../2configs/hw/ps4-compat.nix
# base
@ -42,6 +43,10 @@
../../2configs/tools/all.nix
{ programs.adb.enable = true; }
# gui
../../2configs/gui/base.nix
../../2configs/gui/hyprland
# secrets: now deployed once at host provisioning
{ state = [ "/etc/ssh/ssh_host_rsa_key" ]; }
#{