tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity
nix/hardware/alpine.nix
Tristan 128cab7e41 jellyfin
2024-02-17 13:16:23 +00:00

191 lines
5 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
modulesPath,
...
}: let
user = config.user;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/979fe496-10e8-41be-97d1-3d000cd2b384";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D8AA-8602";
fsType = "vfat";
};
fileSystems."/mnt/disk1" = {
device = "/dev/disk/by-uuid/caba0b6c-00d2-495a-8c04-67ea584f1a63";
fsType = "ext4";
};
fileSystems."/mnt/disk2" = {
device = "/dev/disk/by-uuid/e3828580-625e-4f93-974f-9c7fed99dee2";
fsType = "ext4";
};
fileSystems."/mnt/disk3" = {
device = "/dev/disk/by-uuid/28f15a05-d550-4a41-a951-244af6140831";
fsType = "ext4";
};
fileSystems."/mnt/parity1" = {
device = "/dev/disk/by-uuid/09fc062c-1a61-4e1b-802c-60f7178bc713";
fsType = "ext4";
};
environment.systemPackages = with pkgs; [
mergerfs
mergerfs-tools
python3
];
fileSystems."/mnt/storage" = {
device = "/mnt/disk1:/mnt/disk2:/mnt/disk3";
fsType = "fuse.mergerfs";
depends = ["/mnt/disk1" "/mnt/disk2" "/mnt/disk3"];
options = [
"direct_io"
"use_ino"
"allow_other"
"minfreespace=50G"
"fsname=mergerfs"
"category.create=mfs"
"func.mkdir=epall"
];
};
swapDevices = [
{device = "/dev/disk/by-uuid/27ad4809-211f-4ae9-90da-d17d9c1df271";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
networking.firewall.allowedTCPPorts = [ 53 80 443 ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
system.stateVersion = "24.05"; # don't change.
home-manager.users.${user}.imports = [
{
home.stateVersion = "24.05";
}
];
networking.hostName = "alpine";
networking.networkmanager.insertNameservers = ["1.1.1.1" "1.0.0.1"];
services.snapraid = {
enable = true;
contentFiles = [
"/mnt/disk1/SnapRAID.content"
"/mnt/disk2/SnapRAID.content"
"/mnt/disk3/SnapRAID.content"
"/var/snapraid/SnapRAID.content"
];
dataDisks = {
d1 = "/mnt/disk1";
d2 = "/mnt/disk2";
d3 = "/mnt/disk3";
};
exclude = ["/lost+found"];
parityFiles = [
"/mnt/parity1/SnapRAID.parity"
];
};
virtualisation = {
podman = {
enable = true;
};
};
services.openssh = {
enable = true;
openFirewall = true;
};
services.nginx = {
enable = true;
virtualHosts = {
"tristans.cloud" = {
forceSSL = true;
enableACME = true;
root = "/srv/www/tristans.cloud";
};
"git.tristans.cloud" = {
forceSSL = true;
enableACME = true;
locations."~".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
};
"vault.tristans.cloud" = {
forceSSL = true;
enableACME = true;
locations."~".proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
"auth.tristans.cloud" = {
forceSSL = true;
enableACME = true;
locations."~" = {
proxyPass = "http://localhost:8084";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
'';
};
};
"movies.tristans.cloud" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8096";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_buffering off;
'';
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "tristan@tristans.cloud";
};
services.ddclient = {
# enable = true;
protocol = "duckdns";
use = "if, if=enp4s0";
ssl = true;
username = "";
passwordFile = "/home/tristan/duckdnstoken";
domains = ["tlbean"];
};
}
View git blame Copy permalink