mirror of
https://git.gay/xqtc/nixos-config
synced 2024-12-29 15:23:44 +01:00
Compare commits
2 commits
8781412520
...
2b5a6f0416
Author | SHA1 | Date | |
---|---|---|---|
xqtc161 | 2b5a6f0416 | ||
xqtc161 | 3678a3f2b6 |
|
@ -26,7 +26,11 @@
|
|||
networking.firewall.allowedTCPPorts = [8384 22000];
|
||||
networking.firewall.allowedUDPPorts = [22000 21027];
|
||||
|
||||
environment.systemPackages = with pkgs; [sops];
|
||||
environment.systemPackages = with pkgs; [
|
||||
sops
|
||||
tldr
|
||||
inputs.compose2nix.packages.${pkgs.system}.default
|
||||
];
|
||||
|
||||
programs.nix-ld = {
|
||||
enable = true;
|
||||
|
@ -37,9 +41,11 @@
|
|||
trusted-users = ["xqtc"];
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.saumon.network/proxmox-nixoshttps://cache.saumon.network/proxmox-nixos"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"proxmox-nixos:nveXDuVVhFDRFx8Dn19f1WDEaNRJjPrF2CPD2D+m1ys="
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
78
flake.lock
78
flake.lock
|
@ -20,6 +20,26 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"compose2nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720032541,
|
||||
"narHash": "sha256-PqBjivVCJS3qUXVBMeTLj03OlY2E5/TfJssd/p2m8js=",
|
||||
"owner": "aksiksi",
|
||||
"repo": "compose2nix",
|
||||
"rev": "923f6bc058118f76e69ed96332e40a472d8fd702",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "aksiksi",
|
||||
"repo": "compose2nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"devshell": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_4",
|
||||
|
@ -49,11 +69,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"dir": "pkgs/firefox-addons",
|
||||
"lastModified": 1720065790,
|
||||
"narHash": "sha256-zZH4PDvXP0yR2b9WN4t1odiP2l/5vhrQHDb1lNLrVbA=",
|
||||
"lastModified": 1720238603,
|
||||
"narHash": "sha256-XWcTKM/uVy7GP7QT8skZ9ywPqIPLhb9Sw7qBH+ZF5YM=",
|
||||
"owner": "rycee",
|
||||
"repo": "nur-expressions",
|
||||
"rev": "b359c6cd1a96f9c0c1325d375ffc7c0ffd8fb31c",
|
||||
"rev": "c8799be7f004121f87ad702d61980d738405a51a",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
|
@ -287,11 +307,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720045378,
|
||||
"narHash": "sha256-lmE7B+QXw7lWdBu5GQlUABSpzPk3YBb9VbV+IYK5djk=",
|
||||
"lastModified": 1720188602,
|
||||
"narHash": "sha256-lC3byBmhVZFzWl/dCic8+cKUEEAXAswWOYjq4paFmbo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "0a30138c694ab3b048ac300794c2eb599dc40266",
|
||||
"rev": "e3582e5151498bc4d757e8361431ace8529e7bb7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -446,13 +466,29 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-master": {
|
||||
"nixpkgs-2405": {
|
||||
"locked": {
|
||||
"lastModified": 1720112438,
|
||||
"narHash": "sha256-oALk4w8/wxwriVLUiAVef2h2rMw8Vzsc3IJmxeY4KgE=",
|
||||
"lastModified": 1720110830,
|
||||
"narHash": "sha256-E5dN9GDV4LwMEduhBLSkyEz51zM17XkWZ3/9luvNOPs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "225b5d75242add18ffaf67579acb6549510ca2f7",
|
||||
"rev": "c0d0be00d4ecc4b51d2d6948e37466194c1e6c51",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-master": {
|
||||
"locked": {
|
||||
"lastModified": 1720263701,
|
||||
"narHash": "sha256-fKYOxXAXAv7zgfPVC1jWPJH6QrJ650IdJpFD9Mm5j0Y=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "731dc15f156f9d28a60bf6b4629994d6bf883975",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -464,16 +500,16 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1719663039,
|
||||
"narHash": "sha256-tXlrgAQygNIy49LDVFuPXlWD2zTQV9/F8pfoqwwPJyo=",
|
||||
"lastModified": 1719720450,
|
||||
"narHash": "sha256-57+R2Uj3wPeDeq8p8un19tzFFlgWiXJ8PbzgKtBgBX8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4a1e673523344f6ccc84b37f4413ad74ea19a119",
|
||||
"rev": "78f8641796edff3bfabbf1ef5029deadfe4a21d0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-23.11",
|
||||
"ref": "release-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -572,11 +608,11 @@
|
|||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720021470,
|
||||
"narHash": "sha256-wJ8NGzPRkwDao4Om9/P+RLxussLGvtGGH2XdjDgJqRE=",
|
||||
"lastModified": 1720222362,
|
||||
"narHash": "sha256-3chuZmpQDhod758MzQJQQnoa08NalySx6gyv/T6LEIQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixvim",
|
||||
"rev": "9b25eaaa6f64a584ffccdd90b23d0962d9138352",
|
||||
"rev": "edc8602d4723e172405ae00e778c7b407885d6c8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -588,6 +624,7 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"apple-silicon": "apple-silicon",
|
||||
"compose2nix": "compose2nix",
|
||||
"firefox-addons": "firefox-addons",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"home-manager": "home-manager",
|
||||
|
@ -596,6 +633,7 @@
|
|||
"nixos-aarch64-widevine": "nixos-aarch64-widevine",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgs-2405": "nixpkgs-2405",
|
||||
"nixpkgs-master": "nixpkgs-master",
|
||||
"nixvim": "nixvim",
|
||||
"sops-nix": "sops-nix",
|
||||
|
@ -626,11 +664,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1719873517,
|
||||
"narHash": "sha256-D1dxZmXf6M2h5lNE1m6orojuUawVPjogbGRsqSBX+1g=",
|
||||
"lastModified": 1720187017,
|
||||
"narHash": "sha256-Zq+T1Bvd0ShZB9XM+bP0VJK3HjsSVQBLolkaCLBQnfQ=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "a11224af8d824935f363928074b4717ca2e280db",
|
||||
"rev": "1b11e208cee97c47677439625dc22e5289dcdead",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
16
flake.nix
16
flake.nix
|
@ -1,10 +1,15 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
nixpkgs-2405.url = "github:NixOS/nixpkgs/nixos-24.05";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
nixos-aarch64-widevine.url = "github:epetousis/nixos-aarch64-widevine";
|
||||
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
|
||||
apple-silicon.url = "github:tpwrules/nixos-apple-silicon";
|
||||
compose2nix = {
|
||||
url = "github:aksiksi/compose2nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager/master";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -53,15 +58,12 @@
|
|||
};
|
||||
in {
|
||||
nixosConfigurations = {
|
||||
#pkgs.util.mapHostAttrs (host: host) (host:
|
||||
# lib.nixosSystem {
|
||||
# system = "x86_64-linux";
|
||||
# modules = [./hosts/x86_64-linux/${host}];
|
||||
# specialArgs = {inherit inputs;};
|
||||
# });
|
||||
"asmodeus" = lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [./hosts/x86_64-linux/asmodeus lix-module.nixosModules.default];
|
||||
modules = [
|
||||
./hosts/x86_64-linux/asmodeus
|
||||
lix-module.nixosModules.default
|
||||
];
|
||||
specialArgs = {inherit inputs;};
|
||||
};
|
||||
"seraphim" = lib.nixosSystem {
|
||||
|
|
|
@ -8,5 +8,10 @@
|
|||
enable = true;
|
||||
userName = "xqtc161";
|
||||
userEmail = "xqtc@tutanota.com";
|
||||
extraConfig = {
|
||||
init = {
|
||||
defaultBranch = "main";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -42,6 +42,7 @@
|
|||
lsp = {
|
||||
enable = true;
|
||||
servers = {
|
||||
docker-compose-language-service.enable = true;
|
||||
pylsp.enable = true;
|
||||
bashls.enable = true;
|
||||
lua-ls.enable = true;
|
||||
|
|
211
hosts/x86_64-linux/beleth/docker-compose-crime.nix
Normal file
211
hosts/x86_64-linux/beleth/docker-compose-crime.nix
Normal file
|
@ -0,0 +1,211 @@
|
|||
# Auto-generated using compose2nix v0.2.0-pre.
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
# Runtime
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
autoPrune.enable = true;
|
||||
dockerCompat = true;
|
||||
defaultNetwork.settings = {
|
||||
# Required for container networking to be able to use names.
|
||||
dns_enabled = true;
|
||||
};
|
||||
};
|
||||
virtualisation.oci-containers.backend = "podman";
|
||||
|
||||
# Containers
|
||||
virtualisation.oci-containers.containers."crime-gluetun" = {
|
||||
image = "qmcgaw/gluetun";
|
||||
environment = {
|
||||
SERVER_CITIES = "Frankfurt";
|
||||
VPN_SERVICE_PROVIDER = "mullvad";
|
||||
VPN_TYPE = "wireguard";
|
||||
WIREGUARD_ADDRESSES = "10.71.178.75/32";
|
||||
WIREGUARD_PRIVATE_KEY = "";
|
||||
};
|
||||
ports = [
|
||||
"6881:6881/tcp"
|
||||
"6881:6881/udp"
|
||||
"8085:8085/tcp"
|
||||
"7878:7878/tcp"
|
||||
"8989:8989/tcp"
|
||||
"9696:9696/tcp"
|
||||
];
|
||||
log-driver = "journald";
|
||||
extraOptions = [
|
||||
"--cap-add=NET_ADMIN"
|
||||
"--network-alias=gluetun"
|
||||
"--network=crime_default"
|
||||
];
|
||||
};
|
||||
systemd.services."podman-crime-gluetun" = {
|
||||
serviceConfig = {
|
||||
Restart = lib.mkOverride 500 "\"no\"";
|
||||
};
|
||||
after = [
|
||||
"podman-network-crime_default.service"
|
||||
];
|
||||
requires = [
|
||||
"podman-network-crime_default.service"
|
||||
];
|
||||
partOf = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
wantedBy = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
};
|
||||
virtualisation.oci-containers.containers."prowlarr" = {
|
||||
image = "lscr.io/linuxserver/prowlarr:latest";
|
||||
environment = {
|
||||
PGID = "1000";
|
||||
PUID = "1000";
|
||||
TZ = "Etc/UTC";
|
||||
};
|
||||
volumes = [
|
||||
"/home/crime/prowlarr/data:/config:rw"
|
||||
];
|
||||
dependsOn = [
|
||||
"crime-gluetun"
|
||||
];
|
||||
log-driver = "journald";
|
||||
extraOptions = [
|
||||
"--network=container:crime-gluetun"
|
||||
];
|
||||
};
|
||||
systemd.services."podman-prowlarr" = {
|
||||
serviceConfig = {
|
||||
Restart = lib.mkOverride 500 "always";
|
||||
};
|
||||
partOf = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
wantedBy = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
};
|
||||
virtualisation.oci-containers.containers."qbittorrent" = {
|
||||
image = "lscr.io/linuxserver/qbittorrent";
|
||||
environment = {
|
||||
PGID = "1000";
|
||||
PUID = "1000";
|
||||
TZ = "Europe/Berlin";
|
||||
WEBUI_PORT = "8085";
|
||||
};
|
||||
volumes = [
|
||||
"/home/crime/qbittorrent:/config:rw"
|
||||
"/home/crime/qbittorrent/downloads:/downloads:rw"
|
||||
];
|
||||
dependsOn = [
|
||||
"crime-gluetun"
|
||||
];
|
||||
log-driver = "journald";
|
||||
extraOptions = [
|
||||
"--network=container:crime-gluetun"
|
||||
];
|
||||
};
|
||||
systemd.services."podman-qbittorrent" = {
|
||||
serviceConfig = {
|
||||
Restart = lib.mkOverride 500 "always";
|
||||
};
|
||||
partOf = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
wantedBy = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
};
|
||||
virtualisation.oci-containers.containers."radarr" = {
|
||||
image = "lscr.io/linuxserver/radarr:latest";
|
||||
environment = {
|
||||
PGID = "1000";
|
||||
PUID = "1000";
|
||||
TZ = "Etc/UTC";
|
||||
};
|
||||
volumes = [
|
||||
"/home/crime/radarr/data:/config:rw"
|
||||
"/home/crime/radarr/downloadclient-downloads:/downloads:rw"
|
||||
"/home/crime/radarr/movies:/movies:rw"
|
||||
];
|
||||
dependsOn = [
|
||||
"crime-gluetun"
|
||||
];
|
||||
log-driver = "journald";
|
||||
extraOptions = [
|
||||
"--network=container:crime-gluetun"
|
||||
];
|
||||
};
|
||||
systemd.services."podman-radarr" = {
|
||||
serviceConfig = {
|
||||
Restart = lib.mkOverride 500 "always";
|
||||
};
|
||||
partOf = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
wantedBy = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
};
|
||||
virtualisation.oci-containers.containers."sonarr" = {
|
||||
image = "lscr.io/linuxserver/sonarr:latest";
|
||||
environment = {
|
||||
PGID = "1000";
|
||||
PUID = "1000";
|
||||
TZ = "Etc/UTC";
|
||||
};
|
||||
volumes = [
|
||||
"/home/crime/sonarr/data:/config:rw"
|
||||
"/home/crime/sonarr/downloadclient-downloads:/downloads:rw"
|
||||
"/home/crime/sonarr/tvseries:/tv:rw"
|
||||
];
|
||||
dependsOn = [
|
||||
"crime-gluetun"
|
||||
];
|
||||
log-driver = "journald";
|
||||
extraOptions = [
|
||||
"--network=container:crime-gluetun"
|
||||
];
|
||||
};
|
||||
systemd.services."podman-sonarr" = {
|
||||
serviceConfig = {
|
||||
Restart = lib.mkOverride 500 "always";
|
||||
};
|
||||
partOf = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
wantedBy = [
|
||||
"podman-compose-crime-root.target"
|
||||
];
|
||||
};
|
||||
|
||||
# Networks
|
||||
systemd.services."podman-network-crime_default" = {
|
||||
path = [pkgs.podman];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStop = "${pkgs.podman}/bin/podman network rm -f crime_default";
|
||||
};
|
||||
script = ''
|
||||
podman network inspect crime_default || podman network create crime_default
|
||||
'';
|
||||
partOf = ["podman-compose-crime-root.target"];
|
||||
wantedBy = ["podman-compose-crime-root.target"];
|
||||
};
|
||||
|
||||
# Root service
|
||||
# When started, this will automatically create all resources and start
|
||||
# the containers. When stopped, this will teardown all resources.
|
||||
systemd.targets."podman-compose-crime-root" = {
|
||||
unitConfig = {
|
||||
Description = "Root target generated by compose2nix.";
|
||||
};
|
||||
wantedBy = ["multi-user.target"];
|
||||
};
|
||||
}
|
|
@ -5,6 +5,7 @@ public_keys:
|
|||
nextcloud_password: ENC[AES256_GCM,data:lwqQio1I1xTv07bLRyrvig1HRyCxcueSPgDpPRhXBqCi8d42OJt7rA==,iv:R0JxpCJz9zycph9p7Ewwt4QTEXQxaxJ691aWCXfEsFE=,tag:Qz3dD2cOkmneEWP7tI54Dg==,type:str]
|
||||
nextcloud_user_password: ENC[AES256_GCM,data:fkX/1pOgRLvhHTtoK9i5F0kO+mRKj40BH2s7VD7ifPEnyJhWqy5mvg==,iv:iEnW4Z8vCY9oapOpVZNuLMa50SXT01clYaScUN+q/k8=,tag:0G0Y8XCSj+dBAy6Cw8YOHg==,type:str]
|
||||
paperless_password: ENC[AES256_GCM,data:OCrc00vUb+lgel8TmFm+9Ee4QJZZV7W6+Jl9+R7AfjfDh6v590ibvw==,iv:emM7g0JRcEH4xuYdvZN64drOhduXyQy6HwF1xByaLvE=,tag:D2O1qAeKtYWGf+Zd3RuBTQ==,type:str]
|
||||
#ENC[AES256_GCM,data:UmGDAz/qalmP6Z2r4VSH802m9ddAoCQ8IaAtAmyQV+Psg0rNpLF7du5ykDepTyHAb6YAG1k2k9ziqfV8P9SUNMvLC7D3TmFk9oZtW8HLrN84tcbp9i4HDFfQ+Q==,iv:PzHlSFj0H4/eSab9j3y9lYAFUPMEb+G74M2/2cmv70A=,tag:GFstk6NgtJCNm207zO1fjQ==,type:comment]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -56,8 +57,8 @@ sops:
|
|||
a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ
|
||||
HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-05T15:42:51Z"
|
||||
mac: ENC[AES256_GCM,data:HKjqJxfseQcrP/hViiY933NQdZQpTYS+wHigWlIOKDUhW4HOjVcRPc/lcbtb/41RBXl5xPKJyYSNzj3AdSM6kMznE0USEmYU9+XHFDd845n1YVg6qRHYUH/fFKsdDF2L5tEZ9DPEZQ6mW2EpxW+9AVVlU1L7wNsm7rtpcPTPcb4=,iv:arNw7DvxMfMBALJjp63bwNrsBedohhVWRJZFboXaZpI=,tag:OKQNf28nm/LrgUueOtwDsg==,type:str]
|
||||
lastmodified: "2024-07-06T14:20:40Z"
|
||||
mac: ENC[AES256_GCM,data:tiYyfsKlYF4j5YqIezO34L8nkGmHTWQeR7y6e3M2PFFujCqw87Q/WdAdKiyErvPmPwMbkyfXQZgIs2fAKx/C6t5lh5TFFQYZyvCV9A17y4vn8f5SK1HFDePQTfaCqQ4IlSXAXZYpBMMFJn+WBVJQUCb3xM5meuVYTTZpqE8dmso=,iv:NwLsBzVa/Kf9YS6lfS+4VpWkYxpqxPEbRHquuNJ0klY=,tag:LgsV5KBk0Dwij4jEbB99xA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
Loading…
Reference in a new issue