ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

add various plex/arr services, remove nix-serve, add lynis config

Browse Source 
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
ahuston-0 2025-05-05 17:17:31 -04:00
parent 36479499d6
commit 91a92f82a5
7 changed files with 87 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
systems/artemision/configuration.nix
View File

@ -60,12 +60,13 @@
fwupd = { fwupd = {
enable = true; enable = true;
package = # package =
(import (builtins.fetchTarball { # (import (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz"; # url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz";
sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk"; # sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk";
}) { inherit (pkgs) system; }).fwupd; # }) { inherit (pkgs) system; }).fwupd;
}; };
mullvad-vpn.enable = true;
fprintd.enable = lib.mkForce false; fprintd.enable = lib.mkForce false;
openssh.enable = lib.mkForce false; openssh.enable = lib.mkForce false;

42
systems/palatine-hill/configuration.nix
View File

@ -17,6 +17,7 @@
./minio.nix ./minio.nix
./networking.nix ./networking.nix
./nextcloud.nix ./nextcloud.nix
./plex
./postgresql.nix ./postgresql.nix
./samba.nix ./samba.nix
./zfs.nix ./zfs.nix
@ -57,16 +58,37 @@
}; };
}; };
environment.systemPackages = with pkgs; [ environment = {
chromedriver systemPackages = with pkgs; [
chromium chromedriver
docker-compose chromium
intel-gpu-tools docker-compose
jellyfin-ffmpeg filebot
jq intel-gpu-tools
yt-dlp jellyfin-ffmpeg
yq jq
]; yt-dlp
yq
];
etc = {
# Creates /etc/lynis/custom.prf
"lynis/custom.prf" = {
text = ''
skip-test=BANN-7126
skip-test=BANN-7130
skip-test=DEB-0520
skip-test=DEB-0810
skip-test=FIRE-4513
skip-test=HRDN-7222
skip-test=KRNL-5820
skip-test=LOGG-2190
skip-test=LYNIS
skip-test=TOOL-5002
'';
mode = "0440";
};
};
};
services = { services = {
samba.enable = true; samba.enable = true;

10
systems/palatine-hill/docker/torr.nix
View File

@ -45,7 +45,7 @@ in
]; ];
}; };
delugeVPN = delugeBase // { delugeVPN = delugeBase // {
image = "binhex/arch-delugevpn"; image = "binhex/arch-delugevpn:latest";
extraOptions = [ extraOptions = [
"--privileged=true" "--privileged=true"
"--sysctl" "--sysctl"
@ -57,13 +57,14 @@ in
VPN_PROV = "custom"; VPN_PROV = "custom";
ENABLE_PRIVOXY = "yes"; ENABLE_PRIVOXY = "yes";
LAN_NETWORK = "192.168.0.0/16"; LAN_NETWORK = "192.168.0.0/16";
NAME_SERVERS = "194.242.2.9"; #NAME_SERVERS = "194.242.2.9";
NAME_SERVERS = "9.9.9.9";
# note, delete /config/perms.txt to force a bulk permissions update # note, delete /config/perms.txt to force a bulk permissions update
}; };
volumes = [ volumes = [
"${delugevpn_path}/config:/config" "${delugevpn_path}/config:/config"
"${delugevpn_path}/data:/data" "${deluge_path}/data:/data" # use common torrent path yuck
"/etc/localtime:/etc/localtime:ro" "/etc/localtime:/etc/localtime:ro"
]; ];
ports = [ ports = [
@ -71,6 +72,9 @@ in
"8119:8118" "8119:8118"
"39275:39275" "39275:39275"
"39275:39275/udp" "39275:39275/udp"
"48346:48346"
"48346:48346/udp"
]; ];
}; };
}; };

10
systems/palatine-hill/hydra.nix
View File

@ -82,10 +82,10 @@ in
''; '';
}; };
nix-serve = { # nix-serve = {
enable = true; # enable = true;
secretKeyFile = config.sops.secrets."nix-serve/secret-key".path; # secretKeyFile = config.sops.secrets."nix-serve/secret-key".path;
}; # };
prometheus = { prometheus = {
enable = true; enable = true;
webExternalUrl = "https://prom.alicehuston.xyz"; webExternalUrl = "https://prom.alicehuston.xyz";
@ -134,7 +134,7 @@ in
sops = { sops = {
secrets = { secrets = {
"hydra/environment".owner = "hydra"; "hydra/environment".owner = "hydra";
"nix-serve/secret-key".owner = "root"; # "nix-serve/secret-key".owner = "root";
"alice/gha-hydra-token" = { "alice/gha-hydra-token" = {
sopsFile = ../../users/alice/secrets.yaml; sopsFile = ../../users/alice/secrets.yaml;
owner = "hydra"; owner = "hydra";

28
systems/palatine-hill/plex/default.nix Normal file
View File

@ -0,0 +1,28 @@
{
pkgs,
...
}:
let
vars = import ../vars.nix;
in
{
services.plex = {
enable = true;
dataDir = vars.primary_plex;
};
systemd.services.plex_permission = {
description = "maintains plex permissions";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.bash}/bin/bash ${./plex_permission.sh}";
};
};
systemd.timers.plex_permission = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1h";
OnCalendar = "daily 03:00";
Unit = "plex_permission.service";
};
};
}

7
systems/palatine-hill/plex/plex_permission.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
plex_dir="/ZFS/ZFS-primary/plex"
chown docker-service:users -R "$plex_dir"
find "$plex_dir" -type f -exec chmod 664 {} \;
find "$plex_dir" -type d -exec chmod 775 {} \;

2
systems/palatine-hill/vars.nix
View File

@ -17,4 +17,6 @@ rec {
primary_nextcloud = "${zfs_primary}/nextcloud"; primary_nextcloud = "${zfs_primary}/nextcloud";
primary_redis = "${zfs_primary}/redis"; primary_redis = "${zfs_primary}/redis";
primary_torr = "${zfs_primary}/torr"; primary_torr = "${zfs_primary}/torr";
primary_plex = "${zfs_primary}/plex";
primary_plex_storage = "${zfs_primary}/plex_storage";
} }