fuckwit/nix-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Activity
nix-config/nixos/celestia/configuration.nix

305 lines
7.3 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}: let
makeVirtualHost = {
subdomain,
port,
}: {
name = "${subdomain}.fuckwit.dev";
value = {
forceSSL = true;
enableACME = true;
acmeRoot = null;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true;
};
};
};
makeVirtualHosts = sites: builtins.listToAttrs (builtins.map makeVirtualHost sites);
disks = [
"/dev/disk/by-id/ata-ST14000NM000G-2KG103_ZL232MW7"
"/dev/disk/by-id/ata-ST14000NM000G-2KG103_ZL22L00W"
"/dev/disk/by-id/ata-ST14000NM000G-2KG103_ZL23J3P2"
"/dev/disk/by-id/ata-ST14000NM000G-2KG103_ZL22LCB4"
"/dev/disk/by-id/ata-ST14000NM000G-2KG103_ZL22PG6W"
"/dev/disk/by-id/ata-ST14000NM000G-2KG103_ZL20KVKP"
];
in {
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."acme.env" = {};
imports = [
./hardware-configuration.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelParams = [
"initcall_blacklist=acpi_cpufreq_init"
"amd_pstate=passive"
"libata.force=noncq"
];
boot.kernelModules = ["amd-pstate"];
system.stateVersion = "23.11"; # Did you read the comment?
networking = {
hostName = "celestia";
interfaces.enp5s0f0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "10.1.1.11";
prefixLength = 24;
}
];
};
firewall = {
enable = true;
allowedTCPPorts = [22 111 443 2049 4000 4001 4002 20048];
allowedUDPPorts = [53 111 2049 4000 4001 4002 20048];
};
};
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
environment.systemPackages = with pkgs; [
vim
wget
htop
bash
zfs
lm_sensors
ffmpeg
];
users.users."root".openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8zNAXScQ4FoWNxF4+ALJXMSi3EbpqZP5pO9kfg9t8o patrick@NBG1-DC3-PC20-2017-10-24"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPflDQOANGhgtfo2psRwSFtY5ETHX/bsDmqrho3iX9jt root@arschlinux"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6oGHBFD3wo16buPtdYDat911gydOw2oFj80fTXL1xo batzi@DESKTOP-8A2VTHL"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICK3otGMe8umxxJX5BbbBQ/+PQg37Puh0qjH8IILL95T patrick@mi"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDl3vLxNpinilTJp1rGsSYlVi+hIa+oECtge1i8bwz33AAAACHNzaDptYWlu"
];
users.groups.nas.gid = 2000;
environment = {
etc = {
"sysconfig/lm_sensors".text = ''
HWMON_MODULES="nct6775"
'';
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@fuckwit.dev";
dnsProvider = "cloudflare";
environmentFile = config.sops.secrets."acme.env".path;
dnsPropagationCheck = true;
};
};
services = {
dnscrypt-proxy2 = {
enable = true;
settings = {
listen_addresses = ["0.0.0.0:53"];
ipv6_servers = false;
dnscrypt_servers = true;
cloaking_rules = "/var/lib/dnscrypt-proxy/cloaking";
sources.dnscry-pt-resolvers = {
urls = ["https://www.dnscry.pt/resolvers.md"];
minisign_key = "RWQM31Nwkqh01x88SvrBL8djp1NH56Rb4mKLHz16K7qsXgEomnDv6ziQ";
cache_file = "/var/lib/dnscrypt-proxy/dnscry.pt-resolvers.md";
refresh_delay = 72;
prefix = "dnscry.pt-";
};
};
};
openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
};
};
nfs.server = {
enable = true;
lockdPort = 4001;
mountdPort = 4002;
statdPort = 4000;
extraNfsdConfig = '''';
};
samba = {
enable = true;
openFirewall = true;
extraConfig = "map to guest = bad user";
shares = {
dump = {
path = "/tank/dump";
browsable = "yes";
public = "yes";
"guest only" = "yes";
writable = "yes";
"force create mode" = "0666";
"force directory mode" = "0777";
};
video = {
path = "/tank/video";
browsable = "yes";
public = "yes";
"guest only" = "yes";
writable = "yes";
"force create mode" = "0666";
"force directory mode" = "0777";
};
};
};
zfs = {
autoScrub.enable = true;
};
nginx = {
enable = true;
virtualHosts = makeVirtualHosts [
{
subdomain = "jdownloader";
port = 8000;
}
{
subdomain = "jellyfin";
port = 8096;
}
{
subdomain = "sonarr";
port = 8989;
}
{
subdomain = "radarr";
port = 7878;
}
{
subdomain = "lidarr";
port = 8686;
}
{
subdomain = "paperless";
port = 28981;
}
];
};
paperless = {
enable = true;
mediaDir = "/tank/documents";
consumptionDir = "/tank/dump/paperless_consume";
consumptionDirIsPublic = true;
extraConfig = {
PAPERLESS_URL = "https://paperless.fuckwit.dev";
PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [
".DS_STORE/*"
"desktop.ini"
];
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
lidarr = {
enable = true;
group = "nas";
dataDir = "/var/lib/lidarr";
};
radarr = {
enable = true;
group = "nas";
dataDir = "/var/lib/radarr";
};
sonarr = {
enable = true;
group = "nas";
dataDir = "/var/lib/sonarr";
# package = pkgs.sonarr.override {
# version = "4.0.0.748";
# src = lib.fetchurl {
# url = "https://download.sonarr.tv/v4/main/${version}/Sonarr.main.${version}.linux-x64.tar.gz";
# hash = "";
# };
# };
};
jellyfin.enable = true;
};
hardware = {
fancontrol = {
enable = true;
config = ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/platform/nct6775.656
DEVNAME=hwmon0=nct6779
FCTEMPS=hwmon0/pwm5=hwmon0/temp2_input hwmon0/pwm3=hwmon0/temp2_input
FCFANS=hwmon0/pwm5=hwmon0/fan5_input hwmon0/pwm3=hwmon0/fan3_input
MINTEMP=hwmon0/pwm5=40 hwmon0/pwm3=40
MAXTEMP=hwmon0/pwm5=80 hwmon0/pwm3=80
MINSTART=hwmon0/pwm5=150 hwmon0/pwm3=150
MINSTOP=hwmon0/pwm5=0 hwmon0/pwm3=0
MAXPWM=hwmon0/pwm5=150 hwmon0/pwm3=150
'';
};
};
virtualisation = {
podman = {
enable = true;
};
oci-containers = {
backend = "podman";
containers = {
jdownloader = {
image = "docker.io/jlesage/jdownloader-2:latest";
autoStart = true;
ports = ["0.0.0.0:8000:5800"];
volumes = [
"jdownloader_config:/config"
"/tank/dump:/output"
];
};
};
};
};
powerManagement = {
enable = true;
powerUpCommands = lib.strings.concatMapStringsSep "\n" (disk: "${pkgs.hdparm}/sbin/hdparm -S 241 " + disk) disks;
};
}
Reference in New Issue View Git Blame Copy Permalink