jan/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: Initialise new repository

Browse source
This commit is contained in:
Jan Kremer 2025-07-08 10:05:22 +02:00
commit 1eb25ada72
Signed by: jan
GPG key ID: A7DA689CB3B078EC
41 changed files with 1657 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/nixos/adguardhome.nix Normal file
View file

@ -0,0 +1,6 @@
{
services.adguardhome = {
enable = true;
port = 3000;
};
}

31
modules/nixos/audiobookshelf.nix Normal file
View file

@ -0,0 +1,31 @@
{
containers.audiobooks = {
autoStart = true;
bindMounts = {
"/var/lib/audiobookshelf" = {
hostPath = "/mnt/sdb1/media/audiobooks";
isReadOnly = false;
};
};
config =
{ pkgs, ... }:
{
services = {
audiobookshelf = {
enable = true;
# port = 8000;
# host = "audiobooks.alpine-centauri.ts.net";
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

18
modules/nixos/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
imports = [
# ./adguardhome.nix
./audiobookshelf.nix
./forgejo.nix
# ./freshrss.nix
# ./immich.nix
./jellyfin.nix
./mealie.nix
./minecraft.nix
./navidrome.nix
# ./nextcloud.nix
# ./pinchflat.nix
./samba.nix
./tailscale.nix
# ./vaultwarden.nix
];
}

58
modules/nixos/forgejo.nix Normal file
View file

@ -0,0 +1,58 @@
{ inputs, ... }:
{
containers.git = {
autoStart = true;
bindMounts."/etc/ssh/ssh_host_ed25519_key".hostPath = "/etc/ssh/ssh_host_ed25519_key";
config = {
imports = [ inputs.agenix.nixosModules.default ];
age = {
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."forgejo-runner-token" = {
file = ../secrets/forgejo-runner-token.age;
mode = "400";
owner = "forgejo";
};
};
services = {
forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.alpine-centauri.ts.net";
ROOT_URL = "https://git.alpine-centauri.ts.net/";
HTTP_PORT = 3000;
};
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
};
};
};
# gitea-actions-runner = {
# package = pkgs.forgejo-runner;
# instances.native = {
# enable = true;
# name = "native";
# url = "https://git.alpine-centauri.ts.net";
# tokenFile = config.age.secrets.forgejo-runner-token.path;
# labels = [ "native:host" ];
# };
# };
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

24
modules/nixos/freshrss.nix Normal file
View file

@ -0,0 +1,24 @@
{
containers.freshrss = {
autoStart = true;
config = {
services = {
freshrss = {
enable = true;
language = "de";
authType = "none";
baseUrl = "https://freshrss.alpine-centauri.ts.net";
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

29
modules/nixos/immich.nix Normal file
View file

@ -0,0 +1,29 @@
{
containers.immich = {
autoStart = true;
bindMounts = {
"/var/lib/immich" = {
hostPath = "/mnt/sdb1/photos";
isReadOnly = false;
};
};
config = {
services = {
immich = {
enable = true;
host = "immich.alpine-centauri.ts.net";
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

69
modules/nixos/jellyfin.nix Normal file
View file

@ -0,0 +1,69 @@
{
containers.jellyfin = {
autoStart = true;
bindMounts = {
"/media" = {
hostPath = "/mnt/sdb1/media";
isReadOnly = false;
};
};
config =
{ pkgs, ... }:
{
services = {
jellyfin = {
enable = true; # port = 8096
openFirewall = true;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
environment.systemPackages = with pkgs; [
jellyfin
jellyfin-web
jellyfin-ffmpeg
];
## Hardware transcoding
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
# vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
];
};
## Grab EPG data daily
systemd = {
services.epg = {
script = "${pkgs.nodejs_18}/bin/npm run --prefix /media/TV/epg/ grab -- --channels=custom.channels.xml";
path = [
pkgs.bash
pkgs.nodejs_18
];
serviceConfig = {
Type = "oneshot";
User = "root";
};
startAt = "daily"; # Creates a timer
};
timers.epg.timerConfig.Persistent = true;
};
system.stateVersion = "24.05";
};
};
}

22
modules/nixos/mealie.nix Normal file
View file

@ -0,0 +1,22 @@
{
containers.mealie = {
autoStart = true;
config = {
services = {
mealie = {
enable = true;
port = 9000;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

36
modules/nixos/minecraft.nix Normal file
View file

@ -0,0 +1,36 @@
{ lib, ... }:
{
containers.minecraft = {
autoStart = true;
bindMounts = {
"/var/lib/minecraft" = {
hostPath = "/mnt/sdb1/minecraft";
isReadOnly = false;
};
};
config = {
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"minecraft-server"
];
services = {
minecraft-server = {
enable = true;
eula = true;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

31
modules/nixos/navidrome.nix Normal file
View file

@ -0,0 +1,31 @@
{
containers.music = {
autoStart = true;
bindMounts = {
"/Music" = {
hostPath = "/mnt/sdb1/media/Music";
isReadOnly = false;
};
};
config = {
services = {
navidrome = {
enable = true;
settings = {
MusicFolder = "/Music";
port = 4533;
};
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

86
modules/nixos/nextcloud.nix Normal file
View file

@ -0,0 +1,86 @@
{ inputs, ... }:
{
containers.nextcloud = {
autoStart = true;
bindMounts = {
"/etc/ssh/ssh_host_ed25519_key".hostPath = "/etc/ssh/ssh_host_ed25519_key";
"/var/lib/nextcloud/data" = {
hostPath = "/mnt/sdb1/data";
isReadOnly = false;
};
};
config =
{ pkgs, config, ... }:
{
imports = [ inputs.agenix.nixosModules.default ];
age = {
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets."nextcloud" = {
file = ../secrets/nextcloud.age;
mode = "400";
owner = "nextcloud";
};
};
services = {
nextcloud = {
enable = true;
package = pkgs.nextcloud30;
hostName = "nextcloud";
https = true;
config = {
adminpassFile = config.age.secrets.nextcloud.path;
};
settings = {
trusted_domains = [ "nextcloud.alpine-centauri.ts.net" ];
enabledPreviewProviders = [
"OC\\Preview\\AVI"
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MKV"
"OC\\Preview\\MP3"
"OC\\Preview\\MP4"
"OC\\Preview\\MarkDown"
"OC\\Preview\\Movie"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PDF"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
];
};
database.createLocally = true;
configureRedis = true;
maxUploadSize = "1G";
## Set up non-declaratively for now
# extraAppsEnable = true;
# autoUpdateApps.enable = true;
# extraApps = {
# inherit (config.services.nextcloud.package.packages.apps)
# news
# contacts
# calendar
# tasks
# ;
# };
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

31
modules/nixos/pinchflat.nix Normal file
View file

@ -0,0 +1,31 @@
{
virtualisation.oci-containers = {
containers = {
pinchflat = {
image = "ghcr.io/kieraneglin/pinchflat:latest";
environment.TZ = "Europe/Berlin";
ports = [ "127.0.0.1:8945:8945" ];
volumes = [
"/mnt/sdb1/media/youtube/config:/config"
"/mnt/sdb1/media/youtube/downloads:/downloads"
];
};
};
};
containers.youtube = {
autoStart = true;
config = {
services = {
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}

34
modules/nixos/samba.nix Normal file
View file

@ -0,0 +1,34 @@
{
services.samba = {
enable = true;
settings = {
global = {
"vfs objects" = "catia fruit streams_xattr";
"guest account" = "jan";
"fruit:model" = "MacPro7,1@ECOLOR=226,226,224";
};
Media = {
path = "/mnt/sdb1/media";
writeable = "yes";
};
TimeMachine = {
path = "/mnt/sdb1/timemachine";
writeable = "yes";
"fruit:time machine" = "yes";
};
};
};
## Used to advertise the shares to Windows hosts
services.samba-wsdd = {
enable = true;
};
services.avahi = {
enable = true;
nssmdns4 = true;
};
}

9
modules/nixos/tailscale.nix Normal file
View file

@ -0,0 +1,9 @@
{
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
extraUpFlags = [ "--ssh" ];
};
networking.firewall.checkReversePath = "loose";
}

32
modules/nixos/vaultwarden.nix Normal file
View file

@ -0,0 +1,32 @@
{
containers.vault = {
autoStart = true;
bindMounts = {
"/var/backup/vaultwarden" = {
hostPath = "/mnt/sdb1/vaultwarden";
isReadOnly = false;
};
};
config = {
services = {
vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
dbBackend = "postgresql";
config = {
# SIGNUPS_ALLOWED = false;
};
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
interfaceName = "userspace-networking";
};
};
system.stateVersion = "24.05";
};
};
}