fuckwit/nix-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Activity

Integrate changes from framework laptop #1

Merged
fuckwit merged 1 commits from fixes into master 2024-10-11 11:12:54 +02:00
Conversation 0 Commits 1 Files Changed 4 +51 -15
4 changed files with 51 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
nixos/celestia/configuration.nix
View File

@ -33,6 +33,8 @@ in {
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."acme.env" = {};
sops.secrets."tailscale-auth-key" = {};
sops.secrets."act-runner-token" = {};
sops.secrets."photoprism-password-file" = {};
imports = [
./hardware-configuration.nix
@ -167,8 +169,8 @@ in {
public = "yes";
"guest only" = "yes";
writable = "yes";
"force create mode" = "0666";
"force directory mode" = "0777";
# "force create mode" = "0666";
# "force directory mode" = "0777";
};
video = {
path = "/tank/video";
@ -176,8 +178,9 @@ in {
public = "yes";
"guest only" = "yes";
writable = "yes";
"force create mode" = "0666";
"force directory mode" = "0777";
"force group" = "nas";
# "force create mode" = "0666";
# "force directory mode" = "0777";
};
};
};
@ -186,8 +189,29 @@ in {
autoScrub.enable = true;
};
gitea-actions-runner.instances = {
runner1 = {
enable = true;
name = "celestia";
url = "https://git.fuckwit.dev";
tokenFile = config.sops.secrets."act-runner-token".path;
labels = [
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
wget
gnused
gitMinimal
];
};
};
nginx = {
enable = true;
clientMaxBodySize = "500m";
virtualHosts = makeVirtualHosts [
{
subdomain = "jdownloader";
@ -217,6 +241,10 @@ in {
subdomain = "homepage";
port = 8082;
}
{
subdomain = "photoprism";
port = 2342;
}
];
};
@ -257,17 +285,21 @@ in {
enable = true;
group = "nas";
dataDir = "/var/lib/sonarr";
# package = pkgs.sonarr.override {
# version = "4.0.0.748";
# src = lib.fetchurl {
# url = "https://download.sonarr.tv/v4/main/${version}/Sonarr.main.${version}.linux-x64.tar.gz";
# hash = "";
# };
# };
};
jellyfin.enable = true;
photoprism = {
enable = true;
originalsPath = "/tank/images/pictures";
importPath = "/tank/images/import";
passwordFile = config.sops.secrets."photoprism-password-file".path;
settings = {
PHOTOPRISM_ADMIN_USER = "root";
PHOTOPRISM_DEFAULT_LOCALE = "de";
};
};
homepage-dashboard = {
enable = true;
@ -419,7 +451,7 @@ in {
script = ''
while read -r evt file; do
${pkgs.coreutils}/bin/chown ${user}:${group} "$file"
${pkgs.coreutils}/bin/chmod 755 "$file"
${pkgs.coreutils}/bin/chmod 775 "$file"
done < <(${pkgs.inotify-tools}/bin/inotifywait -e create,move -m -r --format '%e %w%f' ${path})
'';
};

8
nixos/celestia/secrets.yaml
View File

@ -1,5 +1,7 @@
acme.env: ENC[AES256_GCM,data:VgSJO2Q32csfN0DEH6kTsaN0z/hRa0fRHLUleju+gqBPjoQmZGIQjlLKHzj1Ys3zS591iVRkeYExBGyCPakPIJo=,iv:sOIPofteCvO4Na+z8qw7EjfJ6CEr83kYaonhUCgFwA4=,tag:RhHGyTrmdY4f8QkQ0DhhJw==,type:str]
tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str]
act-runner-token: ENC[AES256_GCM,data:vNYCpt96yFeEUERCXYlk5p1NbVrQOBps7jEUI+4aXonxTDTDfyPZF8tjCjERfg==,iv:hMUz99UdHlXwhTGKr4QlrvkDTfy+jVCSOQlQEENTDI8=,tag:buvPFy10R0BKu4tQBMJhEg==,type:str]
photoprism-password-file: ENC[AES256_GCM,data:a0fqrjRDc2M=,iv:H/kLPIJsti8QsOJjwPGFSELD4LHb8u8dIkq8pd7W61E=,tag:xp/vpqE/n+alm17d9eIRcA==,type:str]
sops:
kms: []
gcp_kms: []
@ -15,8 +17,8 @@ sops:
K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM
wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-21T19:42:27Z"
mac: ENC[AES256_GCM,data:1LZ/jcx2yOW5OgWYmGlu8ySpOLrvLTmyAc8CrK6gKDeoc/VN5RuRapwkGD6XfgDaUvMCccgcRpyL5QDPPdRw6zzwpW4Ce1hreOoC1zV23TNDuAbn1G+gFjlJ2l5IEY6EZeNoWsOC2ID16HRwls1Bau1+hcWKefFYNVjE3+3l16U=,iv:9FFP84Be7UzfuLz/FnFtvOXmudccMq1jFDGXJUN0t48=,tag:U9SOsMUbHm8hzZnS3yK1Lg==,type:str]
lastmodified: "2024-08-26T08:34:59Z"
mac: ENC[AES256_GCM,data:bqt8+j+t4p2T6+y3+GkeZB2DsHpf9ugBNBnnR1+m9nyKRsS1bR7divl0GZyndlmPMEzOxGJSeHjDhTwrQ/w6szmmHFuUEpogkiJUxzZM9UUa/k4zBQlgVliQM/uuAvYEQJgWVwBJgkIEHsn/F3QGFPCOY/9N9epkhqr1BgfkMQo=,iv:3DhlnJQ70blHqK+n1DrV8FdjUj6qDQ7L8t/r7tOkEQY=,tag:exY8TN8XIuLvoRDhEHDWTQ==,type:str]
pgp:
- created_at: "2024-01-25T08:00:56Z"
enc: |-
@ -31,4 +33,4 @@ sops:
-----END PGP MESSAGE-----
fp: 5FA64909521A5C85992F26E0F819AEFF941BB849
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.0

1
nixos/framework/configuration.nix
View File

@ -128,5 +128,6 @@
programs = {
hyprland.enable = true;
gnupg.agent.enable = true;
ssh.enableAskPassword = false; # disable setting of $SSH_ASKPASS
};
}

1
nixos/primordial/configuration.nix
View File

@ -236,6 +236,7 @@ in {
domain = "grafana.fuckwit.dev";
http_addr = "127.0.0.1";
http_port = 8002;
root_url = "https://grafana.fuckwit.dev";
};
};