diff --git a/hosts/dadarwin/configuration.nix b/hosts/dadarwin/configuration.nix index 5900950..aefb368 100644 --- a/hosts/dadarwin/configuration.nix +++ b/hosts/dadarwin/configuration.nix @@ -2,12 +2,11 @@ { # List packages installed in system profile. To search by name, run: # $ nix-env -qaP | grep wget - environment.systemPackages = with pkgs; + environment.systemPackages = [ - neovim - kitty - kittysay - terraform + pkgs.neovim + pkgs.kitty + pkgs.kittysay ]; programs.direnv.enable = true; diff --git a/hosts/sisyphe/configuration.nix b/hosts/sisyphe/configuration.nix index 716f722..c673c56 100644 --- a/hosts/sisyphe/configuration.nix +++ b/hosts/sisyphe/configuration.nix @@ -2,17 +2,13 @@ config, lib, pkgs, - secrets, ... }: -let - ip = "192.168.1.177"; - gateway = "192.168.1.1"; - username = "homelab"; -in + { imports = [ ./hardware-configuration.nix + ./server-configuration.nix ./features/default.nix ../../features/shared/ssh.nix ]; @@ -73,57 +69,13 @@ in environment.variables.EDITOR = "nvim"; - # setting up networking!! - networking = { - interfaces = { - ens18.ipv4.addresses = [ - { - address = ip; - prefixLength = 24; - } - ]; - }; - - defaultGateway = gateway; - nameservers = [ - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" - ]; - - nftables.enable = true; - # firewall rules - firewall = { - enable = true; - allowedTCPPorts = [ - 22 # ssh - 80 # http - 443 # ssh - 8080 - ]; - allowedUDPPorts = [ ]; - }; - }; - - users.groups.multimedia = { - members = [ - "slskd" - "radarr" - "readarr" - "sonarr" - "transmission" - "jellyfin" - "bazarr" - "calibre-web" - username - ]; - }; - - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - sops.age.keyFile = "/var/lib/sops-nix/key.txt"; - sops.age.generateKey = true; - sops.defaultSopsFile = "${secrets}/secrets/secrets.yaml"; + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ + 22 + 80 + 443 + 8080 + ]; # reducing disk usage boot.loader.systemd-boot.configurationLimit = 10; @@ -142,7 +94,6 @@ in "dotnet-sdk-wrapped-6.0.428" ]; - # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # diff --git a/hosts/sisyphe/features/multimedia/jellyfin.nix b/hosts/sisyphe/features/multimedia/jellyfin.nix index 7d2a70d..b90b9bb 100644 --- a/hosts/sisyphe/features/multimedia/jellyfin.nix +++ b/hosts/sisyphe/features/multimedia/jellyfin.nix @@ -5,7 +5,7 @@ vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; - hardware.graphics = { + hardware.opengl = { # hardware.opengl in 24.05 enable = true; extraPackages = with pkgs; [ diff --git a/hosts/sisyphe/features/samba-shares.nix b/hosts/sisyphe/features/samba-shares.nix index 66aa8d9..140f449 100644 --- a/hosts/sisyphe/features/samba-shares.nix +++ b/hosts/sisyphe/features/samba-shares.nix @@ -18,43 +18,42 @@ in enable = true; securityType = "user"; openFirewall = true; - settings = { - global = { - security = "user"; - "hosts allow" = "192.168.1. 127.0.0.1 localhost"; - "hosts deny" = "0.0.0.0/0"; - "guest account" = "nobody"; - "map to guest" = "bad user"; - }; - "music" = { + settings = '' + workgroup = WORKGROUP + server string = hyperserver + netbios name = hyperserver + security = user + ''; + shares = { + music = { path = "/srv/media/Music"; browseable = "yes"; "read only" = "no"; "create mask" = "0644"; - "directory mask" = "0755"; + "directory mask" = "0655"; }; - "ebooks" = { + ebooks = { path = "${cfg.dir}/Ebooks"; browseable = "yes"; "read only" = "no"; "create mask" = "0644"; - "directory mask" = "0755"; + "directory mask" = "0655"; }; - "movies" = { + movies = { path = "${cfg.dir}/Films"; browseable = "yes"; "create mask" = "0644"; - "directory mask" = "0755"; + "directory mask" = "0655"; "read only" = "no"; }; - "shows" = { + shows = { path = "${cfg.dir}/SeriesTV"; "read only" = "no"; "create mask" = "0644"; "directory mask" = "0755"; browseable = "yes"; }; - "torrents" = { + torrents = { path = "${cfg.dir}/Torrents"; "read only" = "yes"; "create mask" = "644"; @@ -62,19 +61,6 @@ in }; }; }; - services.samba-wsdd = { - enable = true; - openFirewall = true; }; - - services.avahi = { - enable = true; - publish.enable = true; - publish.userServices = true; - openFirewall = true; - }; - }; - - } diff --git a/hosts/sisyphe/features/services/nextcloud.nix b/hosts/sisyphe/features/services/nextcloud.nix index e96f332..a1dd0ed 100644 --- a/hosts/sisyphe/features/services/nextcloud.nix +++ b/hosts/sisyphe/features/services/nextcloud.nix @@ -71,7 +71,7 @@ ; memories = pkgs.fetchNextcloudApp { - sha256 = "sha256-tzxeffvwMwthvBRG+/cLCXZkVS32rlf5v7XOKTbGoOo="; + sha256 = "sha256-DJPskJ4rTECTaO1XJFeOD1EfA3TQR4YXqG+NIti0UPE="; url = "https://github.com/pulsejet/memories/releases/download/v7.3.1/memories.tar.gz"; license = "agpl3Only"; }; @@ -84,8 +84,8 @@ }; */ facerecognition = pkgs.fetchNextcloudApp { - sha256 = "sha256-FtYItN0Iy2QpSNf0GPs7fIPYgBdEuKHJGwZ7GQNySZE="; - url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.60/facerecognition.tar.gz"; + sha256 = "1dfpmnyyrjyn7wbjfj3w072rzfl7zwm8ppphgsg8ampw2dy7y6yk"; + url = "https://github.com/matiasdelellis/facerecognition/releases/download/v0.9.51/facerecognition.tar.gz"; license = "agpl3Only"; }; diff --git a/hosts/sisyphe/server-configuration.nix b/hosts/sisyphe/server-configuration.nix new file mode 100644 index 0000000..f038092 --- /dev/null +++ b/hosts/sisyphe/server-configuration.nix @@ -0,0 +1,65 @@ +# TODO: move file to configuration.nix +{ + config, + lib, + pkgs, + secrets, + ... +}: +let + ip = "192.168.1.177"; + gateway = "192.168.1.1"; + username = "homelab"; +in +{ + # setting up networking!! + networking = { + interfaces = { + ens18.ipv4.addresses = [ + { + address = ip; + prefixLength = 24; + } + ]; + }; + + defaultGateway = gateway; + nameservers = [ + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + ]; + + nftables.enable = true; + # firewall rules + firewall = { + enable = true; + allowedTCPPorts = [ + 22 # ssh + 80 # http + 443 # ssh + ]; + allowedUDPPorts = [ ]; + }; + }; + + users.groups.multimedia = { + members = [ + "slskd" + "radarr" + "readarr" + "sonarr" + "transmission" + "jellyfin" + "bazarr" + "calibre-web" + username + ]; + }; + + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.age.keyFile = "/var/lib/sops-nix/key.txt"; + sops.age.generateKey = true; + sops.defaultSopsFile = "${secrets}/secrets/secrets.yaml"; +} diff --git a/hosts/strawberry/configuration.nix b/hosts/strawberry/configuration.nix deleted file mode 100644 index e844cd0..0000000 --- a/hosts/strawberry/configuration.nix +++ /dev/null @@ -1,20 +0,0 @@ -{pkgs, username, ...}: { - services.samba = { - enable = true; - openFirewall = true; - }; - - users.users.nas = { - - }; - - users.users.${username} = { - isNormalUser = true; - }; - - systemd.tempfiles.rules = [ - "d /srv/files 0755 nas nas" - ]; - - system.stateVersion = "24.11"; -} \ No newline at end of file diff --git a/terraform/main.tf b/terraform/main.tf deleted file mode 100644 index 925bdb2..0000000 --- a/terraform/main.tf +++ /dev/null @@ -1,35 +0,0 @@ -provider "proxmox" { - pm_api_url = "https://your-proxmox-server:8006/api2/json" - pm_tls_insecure = true -} - -resource "proxmox_vm_qemu" "nixos-services-vm" { - name = "nixos-services-vm" - target_node = "pve" - clone = "template-name" - os_type = "cloud-init" - cores = 2 - memory = 2048 - disk { - size = "10G" - } - network { - model = "virtio" - bridge = "vmbr0" - } - sshkeys = file("~/.ssh/id_rsa.pub") - ipconfig0 = "ip=dhcp" - cloud_init { - user_data = <