From c6bc9fb3aca863b7cb730c2072ebad3cb6fc8a38 Mon Sep 17 00:00:00 2001 From: Kaybee Date: Mon, 5 May 2025 20:39:01 +0200 Subject: [PATCH] Migrate mow0m to new Repo --- flake.lock | 384 ++++++++++++++++++ flake.nix | 77 ++++ .../nixos/services/binary-cache/default.nix | 35 ++ .../nixos/services/forgejo-runner/default.nix | 87 ++++ .../nixos/services/traefik-proxy/default.nix | 53 +++ modules/nixos/suites/nas/default.nix | 59 +++ modules/nixos/suites/nas/jellyfin.nix | 41 ++ modules/nixos/suites/nas/kavita.nix | 42 ++ systems/x86_64-linux/mow0m/default.nix | 61 +++ systems/x86_64-linux/mow0m/hardware.nix | 83 ++++ 10 files changed, 922 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 modules/nixos/services/binary-cache/default.nix create mode 100644 modules/nixos/services/forgejo-runner/default.nix create mode 100644 modules/nixos/services/traefik-proxy/default.nix create mode 100644 modules/nixos/suites/nas/default.nix create mode 100644 modules/nixos/suites/nas/jellyfin.nix create mode 100644 modules/nixos/suites/nas/kavita.nix create mode 100644 systems/x86_64-linux/mow0m/default.nix create mode 100644 systems/x86_64-linux/mow0m/hardware.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..4f8f9fe --- /dev/null +++ b/flake.lock @@ -0,0 +1,384 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils-plus": { + "inputs": { + "flake-utils": "flake-utils_3" + }, + "locked": { + "lastModified": 1715533576, + "narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1694529238, + "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745256380, + "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1737234286, + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1742943028, + "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", + "rev": "868d97695bab9d21f6070b03957bcace249fbe3c", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz?rev=868d97695bab9d21f6070b03957bcace249fbe3c" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz" + } + }, + "nix-minecraft": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745114634, + "narHash": "sha256-gB63YTgfrX2zH2zFIruRrOrLltjSBoYm2L56yaGo5XM=", + "owner": "Infinidoge", + "repo": "nix-minecraft", + "rev": "92120cad3f2b7c1c326b6ca0b9beda171d6ee6a3", + "type": "github" + }, + "original": { + "owner": "Infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1744633460, + "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "9a049b4a421076d27fee3eec664a18b2066824cb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1742669843, + "narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1e5b653dff12029333a6546c11e108ede13052eb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "lix-module": "lix-module", + "nix-minecraft": "nix-minecraft", + "nixos-generators": "nixos-generators", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_2", + "snowfall-lib": "snowfall-lib", + "sops-nix": "sops-nix" + } + }, + "snowfall-lib": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils-plus": "flake-utils-plus", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736130495, + "narHash": "sha256-4i9nAJEZFv7vZMmrE0YG55I3Ggrtfo5/T07JEpEZ/RM=", + "owner": "snowfallorg", + "repo": "lib", + "rev": "02d941739f98a09e81f3d2d9b3ab08918958beac", + "type": "github" + }, + "original": { + "owner": "snowfallorg", + "repo": "lib", + "type": "github" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744669848, + "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "61154300d945f0b147b30d24ddcafa159148026a", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..3d4c9c0 --- /dev/null +++ b/flake.nix @@ -0,0 +1,77 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + snowfall-lib.url = "github:snowfallorg/lib"; + snowfall-lib.inputs.nixpkgs.follows = "nixpkgs"; + sops-nix.url = "github:Mic92/sops-nix"; + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + lix-module.url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"; + home-manager.url = "github:nix-community/home-manager"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + nix-minecraft.url = "github:Infinidoge/nix-minecraft"; + nix-minecraft.inputs.nixpkgs.follows = "nixpkgs"; + nixos-generators.url = "github:nix-community/nixos-generators"; + nixos-generators.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = inputs: inputs.snowfall-lib.mkFlake { + inherit inputs; + src = ./.; + + # Configure Nix + nix.gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + nix.optimise.automatic = true; + channels-config.allowUnfree = false; + + # Configure Flake Utils Plus + supportedSystems = inputs.snowfall-lib.inputs.flake-utils-plus.lib.defaultSystems ++ ["i686-linux"]; + + # Configure Snowfall Lib + snowfall = { + meta.name = "kB01s System Configuration Flake"; + meta.title = "kB01s System Configuration Flake"; + namespace = "kb-one"; + }; + + # Modules for Host HyperC + systems.hosts.HyperC.modules = with inputs; [ + lix-module.nixosModules.default + ]; + + # Modules for Host kb-game-01 + systems.hosts.kb-game-01.modules = with inputs; [ + lix-module.nixosModules.default + ]; + + # Modules for Host LoyAdjo + systems.hosts.LoyAdjo.modules = with inputs; [ + lix-module.nixosModules.default + ]; + + # Modules for Host Rubtrm + systems.hosts.Rubtrm.modules = with inputs; [ + # lix-module.nixosModules.default + ]; + + # Modules that get imported to every NixOS system + systems.modules.nixos = with inputs; [ + sops-nix.nixosModules.sops + ]; + + outputs-builder = channels: { formatter = channels.nixpkgs.nixfmt-rfc-style; }; + + }; + + # outputs = { self, nixpkgs, ... }@inputs: { + # nixosConfigurations."Rubtrm" = nixpkgs.lib.nixosSystem { + # system = "i686-linux"; + # modules = [ ./systems/i686-linux/Rubtrm/default.nix ]; + # }; + # }; + +} + diff --git a/modules/nixos/services/binary-cache/default.nix b/modules/nixos/services/binary-cache/default.nix new file mode 100644 index 0000000..49da36a --- /dev/null +++ b/modules/nixos/services/binary-cache/default.nix @@ -0,0 +1,35 @@ +{ inputs, config, lib, pkgs, ... }: +let + cfg = config.services.binary-cache; +in +{ + imports = [ + ]; + + options.services.binary-cache = { + enable = lib.mkOption { + type = with lib.types; uniq bool; + default = false; + description = "Enable Preconfigured Binary-Cache"; + }; + }; + + config = lib.mkIf cfg.enable { + services.nix-serve = { + enable = true; + secretKeyFile = "/var/secrets/cache-game01-private-key.pem"; + }; + + # Configure Reverse-Proxy + services.traefik.dynamicConfigOptions = { + http.services.nix-cache.loadBalancer.servers = [ { url = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}/"; } ]; + http.routers.nix-cache.entrypoints = "websecure"; + # http.routers.nix-cache.tls = true; + http.routers.nix-cache.tls.certresolver = "letsencrypt"; + http.routers.nix-cache.rule = "Host(`cache.game01.kb-one.de`)"; + http.routers.nix-cache.service = "nix-cache"; + }; + + }; +} + diff --git a/modules/nixos/services/forgejo-runner/default.nix b/modules/nixos/services/forgejo-runner/default.nix new file mode 100644 index 0000000..0888183 --- /dev/null +++ b/modules/nixos/services/forgejo-runner/default.nix @@ -0,0 +1,87 @@ +{ inputs, config, lib, pkgs, ... }: +let + cfg = config.services.forgejo-runner; +in +{ + options.services.forgejo-runner = { + enable = lib.mkOption { + type = with lib.types; uniq bool; + default = false; + description = "Enable Forgejo Runners"; + }; + }; + config = lib.mkIf (cfg.enable) { + # services.gitea-actions-runner.package = pkgs.forgejo-runner; + # services.gitea-actions-runner.instances."kb-one-runner@games-01" = { + # enable = true; + # name = "kb-one-runner@games-01"; + # url = "https://git.kb-one.de/"; + # tokenFile = "/opt/secrets/kb-one-runner@games-01_token"; + # labels = [ + # # provide a debian base with nodejs for actions + # "debian-latest:docker://node:18-bullseye" + # # fake the ubuntu name, because node provides no ubuntu builds + # "ubuntu-latest:docker://node:18-bullseye" + # # provide native execution on the host + # "native:host" + # ]; + # hostPackages = with pkgs; [ + # bash + # coreutils + # curl + # gawk + # gitMinimal + # gnused + # nodejs + # wget + # nix + # ]; + # }; + + # systemd.services.forgejo-runner = { + # wantedBy = [ "multi-user.target" ]; + # after = [ "docker.service" ]; + # description = ""; + # serviceConfig = { + # Type = "notify"; + # User = "runner"; + # WorkingDirectory = "/home/runner"; + # ExecStart = ''${pkgs.forgejo-runner}/bin/forgejo-runner deamon''; + # ExecStop = ''/bin/kill -s HUP $MAINPID''; + # Restart = "on-failure"; + # TimeoutSec = 0; + # RestartSec = 10; + # }; + # }; + + # users.users.runner = { + # isNormalUser = true; + # }; + + # environment.systemPackages = [ pkgs.forgejo-runner ]; + + # virtualisation.podman.enable = true; + # virtualisation.podman.defaultNetwork.settings.dns_enabled = true; + # virtualisation.podman.dockerCompat = true; + + virtualisation.docker.enable = true; + virtualisation.oci-containers.backend = "docker"; + + virtualisation.oci-containers.containers."docker-in-docker" = { + image = "docker:dind"; + hostname = "docker"; + extraOptions = [ "--privileged" "--network=kb-forgejo-runner" ]; + cmd = [ "dockerd" "-H" "tcp://docker:42349" "--tls=false" ]; + }; + virtualisation.oci-containers.containers."forgejo-runner" = { + image = "code.forgejo.org/forgejo/runner:4.0.0"; + hostname = "forgejo-runner"; + extraOptions = [ "--network=kb-forgejo-runner" ]; + environment.DOCKER_HOST = "tcp://docker:42349"; + user = "1001:1001"; + volumes = [ "forgejo-runner-data:/data" ]; + cmd = [ "/bin/sh" "-c" "sleep 5; forgejo-runner daemon" ]; + }; + }; +} + diff --git a/modules/nixos/services/traefik-proxy/default.nix b/modules/nixos/services/traefik-proxy/default.nix new file mode 100644 index 0000000..e4e6f7e --- /dev/null +++ b/modules/nixos/services/traefik-proxy/default.nix @@ -0,0 +1,53 @@ +{ inputs, config, lib, pkgs, ... }: +let + cfg = config.services.traefik-proxy; +in +{ + imports = [ + ]; + + options.services.traefik-proxy = { + enable = lib.mkOption { + type = with lib.types; uniq bool; + default = false; + description = "Enable Pre-Configured Traefik Proxy"; + }; + }; + + config = lib.mkIf (cfg.enable || + config.services.binary-cache.enable || + config.suites.nas.media.enable) { + services.traefik = { + enable = true; + staticConfigOptions = { + entryPoints = { + web = { + address = ":80"; + asDefault = true; + http.redirections.entrypoint = { + to = "websecure"; + scheme = "https"; + }; + }; + websecure = { + address = ":443"; + asDefault = true; + http.tls.certResolver = "letsencrypt"; + }; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + # Configure Letsencrypt + services.traefik.staticConfigOptions = { + certificatesResolvers.letsencrypt.acme = { + email = "kb01@kb-one.de"; + tlsChallenge = {}; + storage = "/var/secrets/traefik/acme.json"; + }; + }; + + }; +} + diff --git a/modules/nixos/suites/nas/default.nix b/modules/nixos/suites/nas/default.nix new file mode 100644 index 0000000..f6ab990 --- /dev/null +++ b/modules/nixos/suites/nas/default.nix @@ -0,0 +1,59 @@ +{ + inputs, + config, + lib, + pkgs, + system, + ... +}: +let + cfg = config.suites.nas; +in +{ + imports = [ + ./jellyfin.nix + ./kavita.nix + ]; + options.suites.nas.enable = lib.mkOption { + type = with lib.types; uniq bool; + default = false; + description = "Enable Preconfigured NAS Config"; + }; + options.suites.nas.domain = lib.mkOption { + type = with lib.types; string; + default = "localhost"; + description = "NAS Reachable Domain Name"; + }; + options.suites.nas.media.enable = lib.mkOption { + type = with lib.types; uniq bool; + default = true; + description = "Enable Media Servers"; + }; + options.suites.nas.media.folder = lib.mkOption { + type = with lib.types; str; + default = "/home/media/media"; + description = "Media Root Directory"; + }; + + # Media Config + config = lib.mkIf (cfg.enable && cfg.media.enable) { + + # Media Defaults + suites.nas.media.jellyfin.enable = true; + suites.nas.media.kavita.enable = false; + + # Create Media User + users.groups.media = {}; + users.users.media = { + isSystemUser = true; + createHome = true; + description = "Media User"; + group = "media"; + home = "/home/media"; + }; + + }; + + +} + diff --git a/modules/nixos/suites/nas/jellyfin.nix b/modules/nixos/suites/nas/jellyfin.nix new file mode 100644 index 0000000..8537137 --- /dev/null +++ b/modules/nixos/suites/nas/jellyfin.nix @@ -0,0 +1,41 @@ +{ + inputs, + config, + lib, + pkgs, + system, + ... +}: +let + cfg = config.suites.nas.media.jellyfin; +in +{ + options.suites.nas.media.jellyfin.enable = lib.mkOption { + type = with lib.types; uniq bool; + default = false; + description = "Enable Preconfigured Jellyfin Config"; + }; + options.suites.nas.media.jellyfin.subdomain = lib.mkOption { + type = with lib.types; string; + default = "watch"; + description = "Subdomain for Jellyfin Server"; + }; + + config = lib.mkIf (cfg.enable) { + + services.jellyfin.enable = true; + services.jellyfin.user = "media"; + + # Configure Reverse-Proxy + services.traefik.dynamicConfigOptions = { + http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ]; + http.routers.jellyfin.entrypoints = "websecure"; + http.routers.jellyfin.tls = true; + #http.routers.jellyfin.tls.certresolver = "letsencrypt"; + http.routers.jellyfin.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)"; + http.routers.jellyfin.service = "jellyfin"; + }; + + }; +} + diff --git a/modules/nixos/suites/nas/kavita.nix b/modules/nixos/suites/nas/kavita.nix new file mode 100644 index 0000000..d6d9a24 --- /dev/null +++ b/modules/nixos/suites/nas/kavita.nix @@ -0,0 +1,42 @@ +{ + inputs, + config, + lib, + pkgs, + system, + ... +}: +let + cfg = config.suites.nas.media.kavita; +in +{ + options.suites.nas.media.kavita.enable = lib.mkOption { + type = with lib.types; uniq bool; + default = false; + description = "Enable Preconfigured kavita Config"; + }; + options.suites.nas.media.kavita.subdomain = lib.mkOption { + type = with lib.types; string; + default = "read"; + description = "Kavita Subdomain"; + }; + + config = lib.mkIf (cfg.enable) { + + services.kavita.enable = true; + services.kavita.user = "media"; + services.kavita.tokenKeyFile = "/home/media/secrets/kavita-secret"; + + # Configure Reverse-Proxy + services.traefik.dynamicConfigOptions = { + http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ]; + http.routers.kavita.entrypoints = "websecure"; + http.routers.kavita.tls = true; + #http.routers.kavita.tls.certresolver = "letsencrypt"; + http.routers.kavita.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)"; + http.routers.kavita.service = "kavita"; + }; + + }; +} + diff --git a/systems/x86_64-linux/mow0m/default.nix b/systems/x86_64-linux/mow0m/default.nix new file mode 100644 index 0000000..73a733b --- /dev/null +++ b/systems/x86_64-linux/mow0m/default.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware.nix + ]; + + + # Networking + networking.hostName = "mow0m"; + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "de"; + }; + + users.users.master = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ + tree + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+qnaWHrGk+DHz5I3L8wK5MPVzjck9LTuctnzK55WJs kb@LoyAdjo" + ]; + + }; + + # programs.firefox.enable = true; + + # System Packages: (search via $ nix search wget) + environment.systemPackages = with pkgs; [ + vim + tree + wget + ]; + + # SSH and Mosh + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + ports = [ 9553 ]; + openFirewall = true; + }; + programs.mosh.enable = true; + + + # Firewall + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + + system.stateVersion = "24.11"; # NEVER CHANGE THIS!!! +} + diff --git a/systems/x86_64-linux/mow0m/hardware.nix b/systems/x86_64-linux/mow0m/hardware.nix new file mode 100644 index 0000000..afe072e --- /dev/null +++ b/systems/x86_64-linux/mow0m/hardware.nix @@ -0,0 +1,83 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.kernelParams = [ "elevator=noop" "boot.shell_on_fail" "ip=dhcp" ]; + boot.extraModulePackages = [ ]; + boot.supportedFilesystems = [ "zfs" ]; + networking.hostId = "c61a0c21"; + networking.useDHCP = lib.mkDefault true; + + # Bootloader + boot.loader = { + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot"; # use the same mount point here. + }; + grub = { + enable = true; + version = 2; + copyKernels = true; + efiSupport = true; + mirroredBoots = [ + {devices = [ "/dev/nvme0n1" ]; path = "/boot";} + {devices = [ "/dev/nvme1n1" ]; path = "/boot1";} + ]; + }; + }; + # Uncomment [on a working system] to ensure extra safeguards are active that zfs uses to protect zfs pools: + #boot.zfs.forceImportAll = false; + #boot.zfs.forceImportRoot = false; + + # Remote Filesystem(s) unlocking + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 2550; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPKorzbCjRROOmFpiEfbH2mmLJ8qACUUt7pln87PgkA kb@LoyAdjo" + ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + }; + boot.initrd.network.postCommands = '' + zpool import -a + echo "zfs load-key -a; killall zfs" >> /root/.profile + ''; + + # Filesystems + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7C96-7E8A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + fileSystems."/boot1" = { + device = "/dev/disk/by-uuid/7C97-3483"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + fileSystems."/" = { + device = "mow0m/root"; + fsType = "zfs"; + }; + fileSystems."/nix" = { + device = "mow0m/root/nix"; + fsType = "zfs"; + }; + fileSystems."/home" = { + device = "mow0m/root/home"; + fsType = "zfs"; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} +