logistic-bot/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix/void.nix

394 lines
11 KiB
Nix
Raw Normal View History

refactor: move to a multi-machine configuration
2024-08-23 10:20:05 +02:00
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
install jellyfin
2025-03-26 22:36:11 +01:00
config,
pkgs,
install paperless
2025-03-30 21:38:13 +02:00
lib,
install jellyfin
2025-03-26 22:36:11 +01:00
mms,
...
}: {
refactor: move to a multi-machine configuration
2024-08-23 10:20:05 +02:00
imports = [
./hardware-configuration-void.nix
./common.nix
minecraft: setup minecraft server
2025-03-15 22:23:34 +01:00
mms.module
refactor: move to a multi-machine configuration
2024-08-23 10:20:05 +02:00
];
networking.hostName = "void"; # Define your hostname.
feat(Music): create samba share for music
2024-08-26 14:23:58 +02:00
services.samba = {
fix(void): disable unused samba service
2025-05-03 14:50:34 +02:00
enable = false;
feat(Music): create samba share for music
2024-08-26 14:23:58 +02:00
openFirewall = true;
securityType = "user";
void: upgrade to 24.11
2024-12-11 17:23:34 +01:00
settings.global = {
workgroup = "WORKGROUP";
"server string" = "void";
"netbios name" = "void";
security = "user";
"hosts allow" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"log level" = 4;
#"smb encrypt" = "mandatory";
};
feat(Music): create samba share for music
2024-08-26 14:23:58 +02:00
shares."Music" = {
path = "/pile/Music";
browsable = "yes";
"read only" = "yes";
"guest ok" = "no";
"read list" = "@music";
};
};
users.users.music = {
group = "music";
isNormalUser = true;
};
feat(void): backlight driver for external monitor
2024-10-29 21:01:13 +01:00
# enqble i2c-dev kernel module for control of backlight in external monitor
# https://discourse.nixos.org/t/how-to-enable-ddc-brightness-control-i2c-permissions/20800/3
boot.extraModulePackages = [
config.boot.kernelPackages.ddcci-driver
];
boot.kernelModules = ["i2c-dev" "ddcci_backlight"];
hardware.i2c.enable = true;
feat(void): add brightness control keybinds
2024-10-29 13:47:04 +01:00
# package for controlling brightness on external monitor
environment.systemPackages = [
pkgs.ddcutil
];
feat(void): mount external drive
2024-11-09 16:52:19 +01:00
# mount external drive
fileSystems."/external".label = "external";
borg: update backup settings
2025-03-28 21:27:42 +01:00
fileSystems."/external".options = ["nofail" "x-systemd.automount"];
feat(bluetooth): enable bluetooth
2024-11-17 16:42:31 +01:00
feat(void): backup system with borg
2024-11-09 18:16:00 +01:00
# backup
services.borgbackup.jobs."external" = {
paths = [
"/home"
"/var"
"/pile"
];
exclude = [
"/home/*/.local/share/Steam"
"**/*cache"
"**/*Cache"
"**/*trash"
"**/*Trash"
"/home/*/.mozilla/firefox"
"/home/*/GOG Games"
"**/target"
"**/result"
borg: update backup settings
2025-03-28 21:27:42 +01:00
"/var/log"
feat(void): backup system with borg
2024-11-09 18:16:00 +01:00
];
repo = "/external/voidbackup";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borgbackup/passphrase";
};
compression = "auto,lzma";
startAt = "daily";
persistentTimer = true;
fix(borg): backups failed due to misconfiguration
2025-03-29 00:07:50 +01:00
extraCreateArgs = ["--stats" "--info" "--list" "--filter" "AMEC"];
backup: actually do pruning of data
2025-03-30 15:22:35 +02:00
extraPruneArgs = ["--stats" "--info" "--list"];
borg: update backup settings
2025-03-28 21:27:42 +01:00
removableDevice = true;
backup: actually do pruning of data
2025-03-30 15:22:35 +02:00
prune.keep = {
within = "1d";
daily = 7;
weekly = 4;
monthly = 12;
};
feat(void): backup system with borg
2024-11-09 18:16:00 +01:00
};
systemd.services."borgbackup-job-external" = {
unitConfig = {
RequiresMountsFor = "/external";
Requires = "external.mount";
};
};
minecraft: setup minecraft server
2025-03-15 22:23:34 +01:00
postgres: backup database daily
2025-03-28 22:41:12 +01:00
# postgresql backup
services.postgresqlBackup = {
enable = true;
backupAll = true;
location = "/var/backup/postgresql";
};
systemd.timers."postgresqlBackup".unitConfig.Persistent = true;
minecraft: setup minecraft server
2025-03-15 22:23:34 +01:00
# minecraft TerraFirmaGreg server
terrafirmagreg: second instance for stable
2025-04-17 19:42:52 +02:00
services.modded-minecraft-servers = let
# "Borrowed" from AllTheMods Discord
jvmOpts = builtins.concatStringsSep " " [
"-XX:+UseG1GC"
"-XX:+ParallelRefProcEnabled"
"-XX:MaxGCPauseMillis=200"
"-XX:+UnlockExperimentalVMOptions"
"-XX:+DisableExplicitGC"
"-XX:+AlwaysPreTouch"
"-XX:G1NewSizePercent=40"
"-XX:G1MaxNewSizePercent=50"
"-XX:G1HeapRegionSize=16M"
"-XX:G1ReservePercent=15"
"-XX:G1HeapWastePercent=5"
"-XX:G1MixedGCCountTarget=4"
"-XX:InitiatingHeapOccupancyPercent=20"
"-XX:G1MixedGCLiveThresholdPercent=90"
"-XX:G1RSetUpdatingPauseTimePercent=5"
"-XX:SurvivorRatio=32"
"-XX:+PerfDisableSharedMem"
"-XX:MaxTenuringThreshold=1"
];
in {
minecraft: setup minecraft server
2025-03-15 22:23:34 +01:00
eula = true;
instances.terrafirmagreg = {
enable = true;
rsyncSSHKeys = [""];
serverConfig = {
server-port = 25565;
mc: correct version of server
2025-07-11 21:03:10 +02:00
motd = "Welcome to logistic-bot's TerraFirmaGreg server (v0.9.11)";
terrafirmagreg: second instance for stable
2025-04-17 19:42:52 +02:00
allow-flight = true;
allow-nether = false;
difficulty = 0;
enable-rcon = false;
level-type = "tfc\:overworld";
view-distance = 24;
};
inherit jvmOpts;
jvmPackage = pkgs.jdk17;
jvmMaxAllocation = "8196M";
jvmInitialAllocation = "2048M";
};
instances.terrafirmagreg-stable = {
mc: correct version of server
2025-07-11 21:03:10 +02:00
enable = false;
terrafirmagreg: second instance for stable
2025-04-17 19:42:52 +02:00
rsyncSSHKeys = [""];
serverConfig = {
server-port = 25566;
motd = "Welcome to logistic-bot's TerraFirmaGreg server (v0.7.19 stable)";
minecraft: setup minecraft server
2025-03-15 22:23:34 +01:00
allow-flight = true;
allow-nether = false;
difficulty = 0;
enable-rcon = false;
level-type = "tfc\:overworld";
view-distance = 24;
};
jvmPackage = pkgs.jdk17;
jvmMaxAllocation = "8196M";
jvmInitialAllocation = "2048M";
# "Borrowed" from AllTheMods Discord
terrafirmagreg: second instance for stable
2025-04-17 19:42:52 +02:00
inherit jvmOpts;
minecraft: setup minecraft server
2025-03-15 22:23:34 +01:00
};
};
install jellyfin
2025-03-26 22:36:11 +01:00
install miniflux feed reader
2025-03-28 23:17:53 +01:00
services.miniflux = {
enable = true;
config = {
LISTEN_ADDR = "localhost:8700";
BASE_URL = "http://miniflux.005540.xyz";
CREATE_ADMIN = 1;
};
adminCredentialsFile = "/home/khais/.miniflux.password";
};
install jellyfin
2025-03-26 22:36:11 +01:00
services.jellyfin = {
enable = true;
openFirewall = true;
user = "khais";
};
install nginx as reverse-proxy
2025-03-27 20:14:41 +01:00
install graylog
2025-03-29 00:53:52 +01:00
services.forgejo = {
install forgejo
2025-03-27 22:06:49 +01:00
enable = true;
database.type = "postgres";
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "forgejo.005540.xyz";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://forgejo.005540.xyz/";
HTTP_PORT = 3000;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = false;
forgejo: new accouts require manual confirmation
2025-04-12 16:21:27 +02:00
service.REGISTER_MANUAL_CONFIRM = true;
install forgejo
2025-03-27 22:06:49 +01:00
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
};
};
install paperless
2025-03-30 21:38:13 +02:00
services.paperless = {
enable = true;
address = "localhost";
port = 28981;
passwordFile = "/etc/nixos/secrets/paperless-password";
consumptionDir = "/var/lib/paperless-upload";
settings = {
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBPASS = "paperless";
PAPERLESS_OCR_LANGUAGE = "fra+eng+deu";
PAPERLESS_FILENAME_FORMAT = "{created_year}/{correspondent}/{title}";
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
# do not fail to import documents that have a digital signature
# https://github.com/paperless-ngx/paperless-ngx/discussions/4047#discussioncomment-7019544
invalidate_digital_signatures = true;
};
PAPERLESS_TIME_ZONE = "Europe/Paris";
PAPERLESS_CONSUMER_ENABLE_BARCODES = "true";
PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE = "true";
PAPERLESS_CONSUMER_BARCODE_SCANNER = "ZXING";
PAPERLESS_TASK_WORKERS = "4";
PAPERLESS_THREADS_PER_WORKER = "1";
PAPERLESS_WORKER_TIMEOUT = "18000";
};
};
users.groups.paperless-upload = {};
users.users.paperless = {
terrafirmagreg: second instance for stable
2025-04-17 19:42:52 +02:00
extraGroups = ["paperless-upload"];
install paperless
2025-03-30 21:38:13 +02:00
};
users.users.paperless-upload = {
isNormalUser = true;
homeMode = "770";
terrafirmagreg: second instance for stable
2025-04-17 19:42:52 +02:00
extraGroups = ["paperless"];
install paperless
2025-03-30 21:38:13 +02:00
};
terrafirmagreg: second instance for stable
2025-04-17 19:42:52 +02:00
system.activationScripts.makePaperlessUploadDir = lib.stringAfter ["var"] ''
install paperless
2025-03-30 21:38:13 +02:00
mkdir -m 775 -p /var/lib/paperless-upload
chown paperless:paperless /var/lib/paperless-upload/
'';
immich: install immich
2025-04-02 22:41:43 +02:00
# immich
services.immich = {
enable = true;
port = 2283;
mediaLocation = "/pile/Photos/immich";
settings.server.externalDomain = "http://immich.005540.xyz";
};
terrafirmagreg: second instance for stable
2025-04-17 19:42:52 +02:00
system.activationScripts.makeImmichMediaDir = lib.stringAfter ["var"] ''
immich: install immich
2025-04-02 22:41:43 +02:00
mkdir -m 775 -p /pile/Photos/immich
chown immich:immich /pile/Photos/immich
'';
users.users.immich.extraGroups = ["video" "render"];
setup dynamic dns
2025-04-06 15:46:19 +02:00
# dynamic dns
services.ddclient = {
enable = true;
protocol = "namecheap";
passwordFile = "/etc/nixos/secrets/ddclient/password";
server = "dynamicdns.park-your-domain.com";
username = "005540.xyz";
domains = ["@" "*"];
use = "web";
extraConfig = ''
web=dynamicdns.park-your-domain.com/getip
'';
};
net: set static ipv6
2025-07-11 21:09:56 +02:00
# static ipv6
networking.interfaces.wlo1.ipv6.addresses = [
{
address = "2a01:cb06:101:e100:e052:b96a:4ea7:5fa0";
prefixLength = 64;
}
];
setup lets'encrypt
2025-04-06 20:29:45 +02:00
security.acme = {
acceptTerms = true;
defaults = {
email = "khais.colin+letsencrypt@gmail.com";
dnsProvider = "namecheap";
};
};
setup audiobookshelf
2025-04-12 16:37:21 +02:00
services.audiobookshelf = {
enable = true;
};
setup lets'encrypt
2025-04-06 20:29:45 +02:00
install victorialogs
2025-04-13 12:21:13 +02:00
services.victorialogs = {
enable = true;
extraOptions = ["-memory.allowedBytes=100MB"];
};
services.journald.upload = {
enable = true;
settings.Upload.URL = "http://localhost:9428/insert/journald";
};
setup lets'encrypt
2025-04-06 20:29:45 +02:00
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [
80
443
];
install graylog
2025-03-29 00:53:52 +01:00
# reverse proxy
install nginx as reverse-proxy
2025-03-27 20:14:41 +01:00
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
setup lets'encrypt
2025-04-06 20:29:45 +02:00
logError = "stderr info";
nginx: log access to journald
2025-04-12 19:25:09 +02:00
appendHttpConfig = ''
access_log syslog:server=unix:/dev/log combined;
'';
install nginx as reverse-proxy
2025-03-27 20:14:41 +01:00
virtualHosts = {
"void.hummingbird-stork.ts.net" = {
locations."/".proxyPass = "http://localhost:8096";
};
"jellyfin.005540.xyz" = {
locations."/".proxyPass = "http://localhost:8096";
setup lets'encrypt
2025-04-06 20:29:45 +02:00
enableACME = true;
addSSL = true;
install nginx as reverse-proxy
2025-03-27 20:14:41 +01:00
};
install forgejo
2025-03-27 22:06:49 +01:00
"forgejo.005540.xyz" = {
locations."/".proxyPass = "http://localhost:3000";
setup lets'encrypt
2025-04-06 20:29:45 +02:00
enableACME = true;
addSSL = true;
install forgejo
2025-03-27 22:06:49 +01:00
};
install miniflux feed reader
2025-03-28 23:17:53 +01:00
"miniflux.005540.xyz" = {
locations."/".proxyPass = "http://localhost:8700";
setup lets'encrypt
2025-04-06 20:29:45 +02:00
enableACME = true;
addSSL = true;
install miniflux feed reader
2025-03-28 23:17:53 +01:00
};
paperless: setup as primary instance
2025-04-06 16:22:04 +02:00
"paperless.005540.xyz" = {
install paperless
2025-03-30 21:38:13 +02:00
locations."/".proxyPass = "http://localhost:28981";
setup lets'encrypt
2025-04-06 20:29:45 +02:00
enableACME = true;
addSSL = true;
install paperless
2025-03-30 21:38:13 +02:00
};
immich: install immich
2025-04-02 22:41:43 +02:00
"immich.005540.xyz" = {
locations."/".proxyPass = "http://localhost:2283";
locations."/".proxyWebsockets = true;
extraConfig = ''
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
setup lets'encrypt
2025-04-06 20:29:45 +02:00
enableACME = true;
addSSL = true;
immich: install immich
2025-04-02 22:41:43 +02:00
};
setup audiobookshelf
2025-04-12 16:37:21 +02:00
"audiobookshelf.005540.xyz" = {
locations."/".proxyPass = "http://localhost:8000";
locations."/".proxyWebsockets = true;
enableACME = true;
addSSL = true;
};
install victorialogs
2025-04-13 12:21:13 +02:00
"victorialogs.005540.xyz" = {
locations."/".proxyPass = "http://localhost:9428";
locations."/".basicAuthFile = "/etc/nixos/secrets/victorialogs/basicauth";
enableACME = true;
addSSL = true;
};
install nginx as reverse-proxy
2025-03-27 20:14:41 +01:00
};
};
refactor: move to a multi-machine configuration
2024-08-23 10:20:05 +02:00
}
Reference in a new issue Copy permalink