diff --git a/config/hosts/lisa.nix b/config/hosts/lisa.nix index cfd7996..972d95c 100644 --- a/config/hosts/lisa.nix +++ b/config/hosts/lisa.nix @@ -36,7 +36,7 @@ # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - + luj.mediaserver.enable = true; networking.hostName = "lisa"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. diff --git a/configuration.nix b/configuration.nix index 45b811a..0ee5693 100644 --- a/configuration.nix +++ b/configuration.nix @@ -28,7 +28,8 @@ home = "/home/julien"; shell = pkgs.fish; }; - + + boot.kernelPackages = pkgs.linuxPackages_latest; services.openssh.enable = true; diff --git a/flake.lock b/flake.lock index 1c2d698..43288b8 100644 --- a/flake.lock +++ b/flake.lock @@ -38,11 +38,11 @@ ] }, "locked": { - "lastModified": 1638415301, - "narHash": "sha256-iqszstbHaO5PYeBXQf1ukgYj/aq9wznBbZMrtYMZzgI=", + "lastModified": 1638571010, + "narHash": "sha256-KSO7u13VRLdklQTKYJaBSfVcurEvw+HifAsHR7V2i5E=", "owner": "nix-community", "repo": "home-manager", - "rev": "de54d513c74bf8f4f3a58954b80b5f690639fe72", + "rev": "781d25b315def05cd7ede3765226c54216f0b1fe", "type": "github" }, "original": { @@ -54,17 +54,15 @@ "neovim-flake": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { "dir": "contrib", - "lastModified": 1638385790, - "narHash": "sha256-791hsmqwDM5iwWQr4JMtS8D10MAp9bbJ23Sgi0GGkmo=", + "lastModified": 1638557490, + "narHash": "sha256-YzlOQYluPPEnmITALq1rHEI8/LBG7zTnwve6cY7kE88=", "owner": "neovim", "repo": "neovim", - "rev": "73b35ef10f95536874bfa147c44f62c4fea08f0f", + "rev": "419e0d117d61f6d22f696a8833541dd1691c92fb", "type": "github" }, "original": { @@ -78,14 +76,14 @@ "inputs": { "flake-compat": "flake-compat", "neovim-flake": "neovim-flake", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1638432836, - "narHash": "sha256-zWRWheybaMS7/4+1ZZMnjAMW7N6oPUsgG7yFRG65hgA=", + "lastModified": 1638605624, + "narHash": "sha256-T+f6t0fM3GBVih380zBb3tJZSFqZowm6j17p39tQc+k=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "717e854564cb1232d0024b50f4879da0490fcebe", + "rev": "af8e41f174e2e42a642b2d0e10c56b6a87f979bc", "type": "github" }, "original": { @@ -94,6 +92,22 @@ "type": "github" } }, + "nixos": { + "locked": { + "lastModified": 1638371214, + "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a640d8394f34714578f3e6335fc767d0755d78f9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1638376152, @@ -111,6 +125,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1638376152, + "narHash": "sha256-ucgLpVqhFnClH7YRUHBHnmiOd82RZdFR3XJt36ks5fE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6daa4a5c045d40e6eae60a3b6e427e8700f1c07f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1638371214, "narHash": "sha256-0kE6KhgH7n0vyuX4aUoGsGIQOqjIx2fJavpCWtn73rc=", @@ -128,11 +158,11 @@ }, "nur": { "locked": { - "lastModified": 1638435562, - "narHash": "sha256-l7+pHUJ3C2WVEWRDANHuIJ9R4AhxZoAgDC0HbkrjlWI=", + "lastModified": 1638605839, + "narHash": "sha256-f/REgJDMli9MLdvUSU4doYPnKyC8LrAPcj35fwdM5s8=", "owner": "nix-community", "repo": "NUR", - "rev": "68bbcc08934f7185fb39d8abaf9b4dbcadf045bf", + "rev": "3d7aba159607fb9de8f148e86afbaf585bcfa07e", "type": "github" }, "original": { @@ -144,7 +174,8 @@ "inputs": { "home-manager": "home-manager", "neovim-nightly-overlay": "neovim-nightly-overlay", - "nixpkgs": "nixpkgs_2", + "nixos": "nixos", + "nixpkgs": "nixpkgs_3", "nur": "nur" } } diff --git a/flake.nix b/flake.nix index 244b781..ac51696 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,7 @@ description = "A flake for my personnal configurations"; inputs = { nixpkgs.url = github:NixOS/nixpkgs/nixos-21.11; + nixos.url = "github:NixOS/nixpkgs/nixos-21.11"; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -13,15 +14,20 @@ }; -outputs = {home-manager, nixpkgs, neovim-nightly-overlay, nur, ... }@inputs : - +outputs = { self, nixos, home-manager, nixpkgs, neovim-nightly-overlay, nur, ... }@inputs : { + + nixosModules = builtins.listToAttrs (map (x: { + name = x; + value = import (./modules + "/${x}"); + }) (builtins.attrNames (builtins.readDir ./modules))); + nixosConfigurations = { lisa = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - modules = [ ./configuration.nix ./config/hosts/lisa.nix ./config/web-services/lisa-services.nix - home-manager.nixosModules.home-manager { - home-manager.useGlobalPkgs = true; + modules = builtins.attrValues self.nixosModules ++ [./configuration.nix ./config/hosts/lisa.nix + home-manager.nixosModules.home-manager { + home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.julien = import ./config/home/home-lisa.nix; nixpkgs.overlays = [ diff --git a/machines/enigma.nix b/machines/enigma.nix new file mode 100644 index 0000000..e69de29 diff --git a/machines/lisa.nix b/machines/lisa.nix new file mode 100644 index 0000000..e69de29 diff --git a/machines/macintosh.nix b/machines/macintosh.nix new file mode 100644 index 0000000..e69de29 diff --git a/machines/newton.nix b/machines/newton.nix new file mode 100644 index 0000000..e69de29 diff --git a/modules/jackett/default.nix b/modules/jackett/default.nix new file mode 100644 index 0000000..d2697ba --- /dev/null +++ b/modules/jackett/default.nix @@ -0,0 +1,39 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.jackett; + port = 9117; +in { + + options.luj.jackett = { + enable = mkEnableOption "activate jackett service"; + nginx.enable = mkEnableOption "activate nginx"; + nginx.subdomain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable ( + mkMerge [{ + services.jackett = { + enable = true; + }; + networking.firewall = { allowedTCPPorts = [ port ]; }; + } + + (mkIf cfg.nginx.enable { + services.nginx.virtualHosts."${cfg.nginx.subdomain}.julienmalka.me" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + }; + }; + + }) + ]); + + + + +} diff --git a/modules/jellyfin/default.nix b/modules/jellyfin/default.nix new file mode 100644 index 0000000..635c0d0 --- /dev/null +++ b/modules/jellyfin/default.nix @@ -0,0 +1,41 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.jellyfin; + port = 8096; +in { + + options.luj.jellyfin = { + enable = mkEnableOption "activate jellyfin service"; + nginx.enable = mkEnableOption "activate nginx"; + nginx.subdomain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable ( + mkMerge [{ + services.jellyfin = { + enable = true; + group = "tv"; + package = pkgs.jellyfin; + }; + networking.firewall = { allowedTCPPorts = [ port ]; }; + } + + (mkIf cfg.nginx.enable { + services.nginx.virtualHosts."${cfg.nginx.subdomain}.julienmalka.me" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + }; + }; + + }) + ]); + + + + +} diff --git a/modules/mediaserver/default.nix b/modules/mediaserver/default.nix new file mode 100644 index 0000000..54f9873 --- /dev/null +++ b/modules/mediaserver/default.nix @@ -0,0 +1,46 @@ +{ lib, pkgs, config, ... }: +with lib; +let cfg = config.luj.mediaserver; +in { + options.luj.mediaserver = { + enable = mkEnableOption "enable the mediaserver"; + }; + + + config = mkIf cfg.enable { + + luj.nginx.enable = true; + luj.nginx.email = "julien.malka@me.com"; + + luj.sonarr = { + enable = true; + nginx.enable = true; + nginx.subdomain = "series"; + }; + + luj.radarr = { + enable = true; + nginx.enable = true; + nginx.subdomain = "films"; + }; + + luj.jellyfin = { + enable = true; + nginx.enable = true; + nginx.subdomain = "tv"; + }; + + luj.jackett = { + enable = true; + nginx.enable = true; + nginx.subdomain = "jackett"; + }; + + luj.transmission = { + enable = true; + nginx.enable = true; + nginx.subdomain = "downloads"; + }; + }; + +} diff --git a/modules/nginx/default.nix b/modules/nginx/default.nix new file mode 100644 index 0000000..8bb49d8 --- /dev/null +++ b/modules/nginx/default.nix @@ -0,0 +1,30 @@ +{ lib, pkgs, config, ... }: +with lib; +let cfg = config.luj.nginx; +in { + + options.luj.nginx = { + enable = mkEnableOption "activate nginx service"; + email = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + + security.acme.email = "${cfg.email}"; + security.acme.acceptTerms = true; + + services.nginx = { + enable = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + clientMaxBodySize = "128m"; + + commonHttpConfig = '' + server_names_hash_bucket_size 128; + ''; + }; + + }; +} diff --git a/modules/radarr/default.nix b/modules/radarr/default.nix new file mode 100644 index 0000000..5b5d6e2 --- /dev/null +++ b/modules/radarr/default.nix @@ -0,0 +1,43 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.radarr; + port = 7878; +in { + + options.luj.radarr = { + enable = mkEnableOption "activate radarr service"; + nginx.enable = mkEnableOption "activate nginx"; + nginx.subdomain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable ( + mkMerge [{ + services.radarr = { + enable = true; + #user = "transmission"; + #group = "transmission"; + #dataDir = "/var/lib/sonarr/.config/NzbDrone"; + group = "tv"; + }; + networking.firewall = { allowedTCPPorts = [ port ]; }; + } + + (mkIf cfg.nginx.enable { + services.nginx.virtualHosts."${cfg.nginx.subdomain}.julienmalka.me" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + }; + }; + + }) + ]); + + + + +} diff --git a/modules/sonarr/default.nix b/modules/sonarr/default.nix new file mode 100644 index 0000000..b79e570 --- /dev/null +++ b/modules/sonarr/default.nix @@ -0,0 +1,43 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.sonarr; + port = 8989; +in { + + options.luj.sonarr = { + enable = mkEnableOption "activate sonarr service"; + nginx.enable = mkEnableOption "activate nginx"; + nginx.subdomain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable ( + mkMerge [{ + services.sonarr = { + enable = true; + #user = "transmission"; + #group = "transmission"; + #dataDir = "/var/lib/sonarr/.config/NzbDrone"; + group = "tv"; + }; + networking.firewall = { allowedTCPPorts = [ port ]; }; + } + + (mkIf cfg.nginx.enable { + services.nginx.virtualHosts."${cfg.nginx.subdomain}.julienmalka.me" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + }; + }; + + }) + ]); + + + + +} diff --git a/modules/transmission/default.nix b/modules/transmission/default.nix new file mode 100644 index 0000000..1e793f7 --- /dev/null +++ b/modules/transmission/default.nix @@ -0,0 +1,48 @@ +{ lib, pkgs, config, ... }: +with lib; +let + cfg = config.luj.transmission; + port = 9091; +in { + + options.luj.transmission = { + enable = mkEnableOption "activate transmission service"; + nginx.enable = mkEnableOption "activate nginx"; + nginx.subdomain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable ( + mkMerge [{ + services.transmission = { + enable = true; + group = "tv"; + downloadDirPermissions = "774"; + settings = { + rpc-port = 9091; + download-dir = "/home/transmission/Downloads/"; + incomplete-dir = "/home/transmission/Incomplete/"; + incomplete-dir-enable = true; + }; + + }; + networking.firewall = { allowedTCPPorts = [ port ]; }; + } + + (mkIf cfg.nginx.enable { + services.nginx.virtualHosts."${cfg.nginx.subdomain}.julienmalka.me" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString port}"; + }; + }; + + }) + ]); + + + + +} diff --git a/users/julien.nix b/users/julien.nix new file mode 100644 index 0000000..116f95b --- /dev/null +++ b/users/julien.nix @@ -0,0 +1,16 @@ +{ config, pkgs, lib, ... }: { + + users.users.julien = { + isNormalUser = true; + home = "/home/julien"; + shell = pkgs.fish; + openssh.authorizedKeys.keyFiles = [ + (pkgs.fetchurl { + url = "https://github.com/JulienMalka.keys"; + sha256 = "sha256:0lhvhdrzp2vphqhkcgl34xzn0sill6w7mgq8xh1akm1z1rsvd9v4"; + }) + ]; + }; + + nix.allowedUsers = [ "julien" ]; +}