diff --git a/flake.lock b/flake.lock index 50a7f39..e2b462e 100644 --- a/flake.lock +++ b/flake.lock @@ -367,6 +367,27 @@ "type": "github" } }, + "nixarr": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "treefmt-nix": "treefmt-nix", + "vpnconfinement": "vpnconfinement", + "website-builder": "website-builder" + }, + "locked": { + "lastModified": 1777926760, + "narHash": "sha256-kt2MVO9p6OS+cRntlWemfLVTx2zB27epugXLHN+2uJA=", + "owner": "nix-media-server", + "repo": "nixarr", + "rev": "55ce80165e8c2509d4e200daeaa9c2bce039c867", + "type": "github" + }, + "original": { + "owner": "nix-media-server", + "repo": "nixarr", + "type": "github" + } + }, "nixos-vfio": { "inputs": { "flake-parts": "flake-parts", @@ -452,6 +473,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1775595990, + "narHash": "sha256-OEf7YqhF9IjJFYZJyuhAypgU+VsRB5lD4DuiMws5Ltc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "4e92bbcdb030f3b4782be4751dc08e6b6cb6ccf2", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1777578337, "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", @@ -467,7 +504,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1777578337, "narHash": "sha256-fN6ynMvcdwPDB09LpWJNO5ogu+HFydrBWXJywoI/NNg=", @@ -480,7 +517,7 @@ "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1777578337, "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", @@ -524,7 +561,7 @@ "nixpkgs" ], "systems": "systems_3", - "treefmt-nix": "treefmt-nix" + "treefmt-nix": "treefmt-nix_2" }, "locked": { "lastModified": 1777773024, @@ -592,8 +629,9 @@ "disko": "disko", "home-manager": "home-manager_2", "nix-colors": "nix-colors", + "nixarr": "nixarr", "nixos-vfio": "nixos-vfio", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "noctalia": "noctalia", "quickshell": "quickshell", "spicetify-nix": "spicetify-nix", @@ -604,7 +642,7 @@ }, "spicetify-nix": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "systems": "systems_4" }, "locked": { @@ -794,6 +832,27 @@ } }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixarr", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775125835, + "narHash": "sha256-2qYcPgzFhnQWchHo0SlqLHrXpux5i6ay6UHA+v2iH4U=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "75925962939880974e3ab417879daffcba36c4a3", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "noctalia", @@ -833,9 +892,45 @@ "type": "github" } }, + "vpnconfinement": { + "locked": { + "lastModified": 1767604552, + "narHash": "sha256-FddhMxnc99KYOZ/S3YNqtDSoxisIhVtJ7L4s8XD2u0A=", + "owner": "Maroka-chan", + "repo": "VPN-Confinement", + "rev": "a6b2da727853886876fd1081d6bb2880752937f3", + "type": "github" + }, + "original": { + "owner": "Maroka-chan", + "repo": "VPN-Confinement", + "type": "github" + } + }, + "website-builder": { + "inputs": { + "nixpkgs": [ + "nixarr", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1771957511, + "narHash": "sha256-MxpsyVQguwmeN40gblvcYLtL4xiriGYB6UyP+JergpQ=", + "owner": "rasmus-kirk", + "repo": "website-builder", + "rev": "896af41c1a01f934799356f1f51cfddff2abda82", + "type": "github" + }, + "original": { + "owner": "rasmus-kirk", + "repo": "website-builder", + "type": "github" + } + }, "xray-3x-ui": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1761047979, diff --git a/flake.nix b/flake.nix index 380de29..ccd70d1 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; spicetify-nix.url = "github:Gerg-L/spicetify-nix"; xray-3x-ui.url = "github:sunmeplz/xray-3x-ui"; + nixarr.url = "github:nix-media-server/nixarr"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -52,6 +53,7 @@ agenix, xray-3x-ui, deploy-rs, + nixarr, ... } @ inputs: let system = "x86_64-linux"; @@ -152,6 +154,24 @@ path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.kittykat; }; }; + nixosConfigurations.pirate = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/pirate/configuration.nix + nixarr.nixosModules.default + agenix.nixosModules.default + inputs.disko.nixosModules.disko + ]; + }; + deploy.nodes.pirate = { + hostname = "pirate"; + profiles.system = { + sshUser = "root"; + user = "root"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.pirate; + }; + }; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; }; } diff --git a/hosts/pirate/configuration.nix b/hosts/pirate/configuration.nix new file mode 100644 index 0000000..902e7cf --- /dev/null +++ b/hosts/pirate/configuration.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + ./hardware-configuration.nix + ./disko.nix + ./nixarr.nix + ../../modules/nixos/networking/ssh.nix + ../../modules/nixos/users/tulg.nix + ]; + + networking.hostName = "pirate"; + environment.systemPackages = with pkgs; [ + nano + fastfetch + kitty + ]; + services.openssh = { + settings = { + AllowTcpForwarding = true; + X11Forwarding = true; + GatewayPorts = "yes"; + }; + }; + programs.bash.interactiveShellInit = '' + PS1="\[\e[38;5;177m\]\u\[\e[0m\]@\[\e[38;5;220m\]\h\[\e[0m\] \[\e[38;5;33m\]\w\[\e[0m\] \$ " + ''; + + nixpkgs.config.allowUnfree = true; + nix.settings.experimental-features = ["nix-command" "flakes"]; + system.stateVersion = "25.05"; +} diff --git a/hosts/pirate/disko.nix b/hosts/pirate/disko.nix new file mode 100644 index 0000000..d439fcc --- /dev/null +++ b/hosts/pirate/disko.nix @@ -0,0 +1,37 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + priority = 1; + }; + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/pirate/hardware-configuration.nix b/hosts/pirate/hardware-configuration.nix new file mode 100644 index 0000000..7db19c8 --- /dev/null +++ b/hosts/pirate/hardware-configuration.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + boot.loader.grub = { + enable = true; + efiSupport = true; + }; + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/pirate/nixarr.nix b/hosts/pirate/nixarr.nix new file mode 100644 index 0000000..01629d0 --- /dev/null +++ b/hosts/pirate/nixarr.nix @@ -0,0 +1,65 @@ +{ + nixarr = { + enable = true; + # These two values are also the default, but you can set them to whatever + # else you want + # WARNING: Do _not_ set them to `/home/user/whatever`, it will not work! + mediaDir = "/data/media"; + stateDir = "/data/media/.state/nixarr"; + + vpn = { + enable = false; + # WARNING: This file must _not_ be in the config git directory + # You can usually get this wireguard file from your VPN provider + wgConf = "/data/.secret/wg.conf"; + }; + + jellyfin = { + enable = true; + # These options set up a nginx HTTPS reverse proxy, so you can access + # Jellyfin on your domain with HTTPS + expose.https = { + enable = true; + domainName = "your.domain.com"; + acmeMail = "your@email.com"; # Required for ACME-bot + }; + }; + + qbittorrent = { + enable = true; + #peerPort = 50000; # Set this to the port forwarded by your VPN + webuiPort = 5252; # Port for the qui WebUI (default) + openFirewall = true; + + # Disable DHT/PeX for private trackers (optional) + # privateTrackers.disableDhtPex = true; + + # Extra qBittorrent configuration (optional) + # See: https://github.com/qbittorrent/qBittorrent/wiki/Explanation-of-Options-in-qBittorrent + extraConfig = { + BitTorrent = { + "Session\\MaxActiveDownloads" = 3; + "Session\\MaxActiveTorrents" = 5; + }; + }; + }; + prowlarr = { + enable = true; + openFirewall = true; + + settings-sync.enable-nixarr-apps = true; + + # Define tags for organizing indexers + }; + + # It is possible for this module to run the *Arrs through a VPN, but it + # is generally not recommended, as it can cause rate-limiting issues. + bazarr.enable = false; + lidarr.enable = false; + #prowlarr.enable = true; + radarr.enable = false; + sonarr.enable = false; + }; + services.prowlarr.settings.auth.required = "DisabledForLocalAddresses"; + networking.firewall.allowedTCPPorts = [6881]; +} diff --git a/hosts/virgil/hardware-configuration.nix b/hosts/virgil/hardware-configuration.nix index e98cde2..c63286d 100644 --- a/hosts/virgil/hardware-configuration.nix +++ b/hosts/virgil/hardware-configuration.nix @@ -58,15 +58,15 @@ swapDevices = []; - #fileSystems."/mnt/backup" = { - # device = "/dev/disk/by-uuid/4242ad6b-4b5e-4990-bcf7-501f6099b429"; - # fsType = "ext4"; - # options = [ - # "nofail" # don’t block boot if missing - # # "x-systemd.automount" # mount on first access - # "noatime" - # ]; - # }; + fileSystems."/mnt/backup" = { + device = "/dev/disk/by-uuid/4242ad6b-4b5e-4990-bcf7-501f6099b429"; + fsType = "ext4"; + options = [ + "nofail" # don’t block boot if missing + # "x-systemd.automount" # mount on first access + "noatime" + ]; + }; fileSystems."/mnt/hdd1tb" = { device = "/dev/disk/by-uuid/790092e5-074b-4007-a511-cbd8aa8cc1a7";