alpine: many changes

- updates - snapserver - graphana dashboards - loki - ddclient - arr suite, jellyseer - mautrix fixes
2025-01-18 00:18:11 +00:00 · 2025-01-18 00:18:11 +00:00 · 123e7088f5
commit 123e7088f5
parent d1772cb4be
58 changed files with 2136 additions and 735 deletions
--- a/hardware/alpine.nix
+++ b/hardware/alpine.nix
@ -59,13 +59,11 @@ in {
    fsType = "fuse.mergerfs";
    depends = ["/mnt/disk1" "/mnt/disk2" "/mnt/disk3"];
    options = [
-      "direct_io"
-      "use_ino"
-      "allow_other"
      "minfreespace=50G"
      "fsname=mergerfs"
      "category.create=mfs"
-      "func.mkdir=epall"
+      "cache.files=auto-all"
+      "dropcacheonclose=true"
    ];
  };

@ -113,9 +111,13 @@ in {
    ];
  };

+  virtualisation.oci-containers.backend = "podman";
+
  virtualisation = {
    podman = {
      enable = true;
+      autoPrune.enable = true;
+      defaultNetwork.settings.dns_enabled = true;
    };
  };

@ -136,18 +138,11 @@ in {
        globalRedirect = "tristans.cloud";
      };
      "tristans.cloud" = {
+        default = true;
        forceSSL = true;
        enableACME = true;
        root = "/srv/www/tristans.cloud";
      };
-      "auth.tristans.cloud" = {
-        forceSSL = true;
-        enableACME = true;
-        locations."~" = {
-          proxyPass = "http://localhost:8084";
-          proxyWebsockets = true;
-        };
-      };
    };
  };
  security.acme = {
@ -155,14 +150,15 @@ in {
    defaults.email = "tristan@tristans.cloud";
  };

+  sops.secrets."namecheap" = {};
  services.ddclient = {
-    # enable = true;
-    protocol = "duckdns";
-    use = "if, if=enp4s0";
-    ssl = true;
-    username = "";
-    passwordFile = "/home/tristan/duckdnstoken";
-    domains = ["tlbean"];
+    enable = true;
+    protocol = "namecheap";
+    usev4 = "webv4, webv4=ipify-ipv4";
+    usev6 = "";
+    username = "tristans.cloud";
+    passwordFile = config.sops.secrets."namecheap".path;
+    domains = ["@" "*"];
  };

  services.mpd = {
@ -172,4 +168,7 @@ in {
  services.grafana.settings.server = {
    http_port = 3001; # forgejo and grafana default to 3000
  };
+
+  systemd.services.NetworkManager-wait-online.enable = false;
+
 }
--- a/hardware/fcs-tristan-nixbook.nix
+++ b/hardware/fcs-tristan-nixbook.nix
@ -23,14 +23,17 @@ in {
    options = ["subvol=@" "compress=zstd" "autodefrag"];
  };

-  boot.initrd.postDeviceCommands = pkgs.lib.mkBefore (decrypt {
-    keydevice = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0";
-    keypartname = "usbkey";
-  });
+  boot.initrd.luks.devices."usbkey" = {
+    device = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0";
+  };

  boot.initrd.luks.devices."cryptroot" = {
    device = "/dev/disk/by-uuid/570cc51f-bd5c-4bee-a18f-f6aabaf60881";
    keyFileSize = 4096;
+    preOpenCommands = ''
+      mkdir -m 0755 -p /key
+      mount -n -t vfat -o ro /dev/mapper/usbkey /key
+    '';
    keyFile = "/key/keyfile";
    preLVM = false;
  };
@ -54,6 +57,11 @@ in {

  swapDevices = [{device = "/swap/swapfile";}];

+  boot.plymouth.enable = true;
+  boot.initrd.verbose = false;
+  boot.consoleLogLevel = 1;
+  boot.kernelParams = ["quiet" "udev.log_level=3"];
+
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
@ -66,7 +74,7 @@ in {
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

-  hardware.opengl = {
+  hardware.graphics = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver # LIBVA_DRIVER_NAME=iHD
@ -102,6 +110,4 @@ in {
      };
    }
  ];
-
-  services.tlp.enable = true;
 }
--- a/hardware/vm.nix
+++ b/hardware/vm.nix
@ -1,7 +1,7 @@
 {config, ...}: let
  user = config.user;
 in {
-  hardware.opengl.enable = true;
+  hardware.graphics.enable = true;
  boot.kernelModules = ["kvm-amd" "qxl" "bochs_drm"];

  system.stateVersion = "24.05";
--- a/hardware/zenix.nix
+++ b/hardware/zenix.nix
@ -17,7 +17,6 @@ in {
  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
  boot.initrd.kernelModules = ["uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"];
  boot.kernelModules = ["kvm-amd"];
-  boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
  boot.extraModulePackages = [];

  fileSystems."/" = {
@ -26,6 +25,13 @@ in {
    options = ["subvol=@" "compress=zstd" "autodefrag"];
  };

+  fileSystems."/nix" = {
+    device = "/dev/disk/by-label/nix";
+    fsType = "f2fs";
+    neededForBoot = true;
+    options = ["noatime"];
+  };
+
  boot.initrd.postDeviceCommands = pkgs.lib.mkBefore (decrypt {
    keydevice = "/dev/disk/by-id/usb-Generic_Flash_Disk_BCC97785-0:0";
    keypartname = "usbkey";