diff --git a/common/nix-on-droid.nix b/common/nix-on-droid.nix index b8999209..4189f53e 100644 --- a/common/nix-on-droid.nix +++ b/common/nix-on-droid.nix @@ -57,18 +57,15 @@ # Desktop pc = "ssh -t matt@100.64.0.6 'tmux -2u new -At phone'"; - # Misc Nix servers + # NAS + nos = "ssh -t matt@100.64.0.4 'tmux -2u new -At phone'"; + + # Experimenting server servivi = "ssh -t matt@100.64.0.7 'tmux -2u new -At phone'"; # Cluster nodes thingone = "ssh -t matt@100.64.0.8 'tmux -2u new -At phone'"; thingtwo = "ssh -t matt@100.64.0.9 'tmux -2u new -At phone'"; - - # Proxmox - pve = "ssh -t matt@100.64.0.4 'tmux -2u new -At phone'"; - - # Proxmox LXC instances - jelly = "mosh matt@100.64.0.4 -- ssh -t matt@10.0.0.123 'tmux -2u new -At phone'"; }; } ]; diff --git a/devices/cluster/modules/caddy.nix b/devices/cluster/modules/caddy.nix index 8d15e859..6b43be4c 100644 --- a/devices/cluster/modules/caddy.nix +++ b/devices/cluster/modules/caddy.nix @@ -8,8 +8,6 @@ inherit (config.sops) secrets; caddy = caddy-plugins.packages.${pkgs.system}.default; - - clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip; in { imports = [caddy-plugins.nixosModules.default]; @@ -32,9 +30,8 @@ in { package = caddy; virtualHosts = let - dockerIP = "10.0.0.122"; - jellyIP = "10.0.0.123"; - servivi = "10.0.0.249"; + clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip; + nosIP = "10.0.0.121"; in { "nelim.org" = { serverAliases = ["*.nelim.org"]; @@ -47,17 +44,17 @@ in { subDomains = { # Misc one-liners - vault.reverseProxy = "${servivi}:8781"; - hauk.reverseProxy = "${servivi}:3003"; + vault.reverseProxy = "${nosIP}:8781"; + hauk.reverseProxy = "${nosIP}:3003"; headscale.reverseProxy = "${clusterIP}:8085"; - jelly.reverseProxy = "${jellyIP}:80"; + jelly.reverseProxy = "${nosIP}:8097"; # Resume builder - resume.reverseProxy = "${servivi}:3060"; - resauth.reverseProxy = "${servivi}:3100"; + resume.reverseProxy = "${nosIP}:3060"; + resauth.reverseProxy = "${nosIP}:3100"; # Nextcloud & Co - office.reverseProxy = "http://${servivi}:8055"; + office.reverseProxy = "http://${nosIP}:8055"; nextcloud = { subDomainName = "cloud"; extraConfig = '' @@ -66,81 +63,81 @@ in { redir /.well-known/webfinger /index.php/.well-known/webfinger 301 redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301 ''; - reverseProxy = "${servivi}:8042"; + reverseProxy = "${nosIP}:8042"; }; forgejo = { subDomainName = "git"; - reverseProxy = "${servivi}:3000"; + reverseProxy = "${nosIP}:3000"; }; nix-binary-cache = { subDomainName = "cache"; - reverseProxy = "${servivi}:5000"; + reverseProxy = "${nosIP}:5000"; }; calibre = { subDomainName = "books"; - reverseProxy = "${servivi}:8083"; + reverseProxy = "${nosIP}:8083"; }; immich = { subDomainName = "photos"; - reverseProxy = "${servivi}:2283"; + reverseProxy = "${nosIP}:2283"; }; # FreshRSS & Co - drss.reverseProxy = "${servivi}:3007"; + drss.reverseProxy = "${nosIP}:3007"; freshrss = { subDomainName = "rss"; - reverseProxy = "${servivi}:2800"; + reverseProxy = "${nosIP}:2800"; }; jellyseer = { subDomainName = "seerr"; - reverseProxy = "${servivi}:5055"; + reverseProxy = "${nosIP}:5055"; }; gameyfin = { subDomainName = "games"; - reverseProxy = "${servivi}:8074"; + reverseProxy = "${nosIP}:8074"; }; - wgui.reverseProxy = "${servivi}:51821"; + wgui.reverseProxy = "${nosIP}:51821"; lan = { - reverseProxy = "${servivi}:3020"; + reverseProxy = "${nosIP}:3020"; extraConfig = '' redir /index.html / ''; subDirectories = { - bazarr.reverseProxy = "${servivi}:6767"; + bazarr.reverseProxy = "${nosIP}:6767"; bazarr-french = { subDirName = "bafrr"; - reverseProxy = "${servivi}:6766"; + reverseProxy = "${nosIP}:6766"; }; - prowlarr.reverseProxy = "${servivi}:9696"; - radarr.reverseProxy = "${servivi}:7878"; - sabnzbd.reverseProxy = "${servivi}:8382"; - sonarr.reverseProxy = "${servivi}:8989"; + prowlarr.reverseProxy = "${nosIP}:9696"; + radarr.reverseProxy = "${nosIP}:7878"; + sabnzbd.reverseProxy = "${nosIP}:8382"; + sonarr.reverseProxy = "${nosIP}:8989"; calibre = { experimental = true; - reverseProxy = "${servivi}:8580"; + reverseProxy = "${nosIP}:8580"; }; qbittorent = { subDirName = "qbt"; experimental = true; - reverseProxy = "${servivi}:8080"; + reverseProxy = "${nosIP}:8080"; }; vaultwarden = { subDirName = "vault"; experimental = true; - reverseProxy = "${servivi}:8780"; + reverseProxy = "${nosIP}:8780"; }; }; }; @@ -149,12 +146,12 @@ in { joal.extraConfig = '' route { rewrite * /joal/ui{uri} - reverse_proxy * ${servivi}:5656 + reverse_proxy * ${nosIP}:5656 } ''; joalws.extraConfig = '' route { - reverse_proxy ${servivi}:5656 + reverse_proxy ${nosIP}:5656 } ''; }; diff --git a/devices/nos/default.nix b/devices/nos/default.nix index 65930c11..deaa699b 100644 --- a/devices/nos/default.nix +++ b/devices/nos/default.nix @@ -1,9 +1,50 @@ -# WIP -{...}: { +{config, ...}: let + inherit (config.vars) mainUser hostName; +in { imports = [ + ./hardware-configuration.nix + + ../../modules/kmscon.nix + ../../modules/sshd.nix + ../../modules/tailscale.nix + ./modules/arion ./modules/jellyfin ./modules/mergerfs.nix ./modules/qbittorrent + ./modules/snapraid.nix ]; + + vars = { + mainUser = "matt"; + hostName = "nos"; + #promptMainColor = "?"; + }; + + users.users.${mainUser} = { + isNormalUser = true; + extraGroups = [ + "wheel" + "adm" + ]; + }; + + home-manager.users.${mainUser} = { + imports = []; + + # No touchy + home.stateVersion = "24.05"; + }; + + networking = { + inherit hostName; + resolvconf.enable = true; + firewall.enable = false; + }; + + # Set your time zone. + time.timeZone = "America/Montreal"; + + # No touchy + system.stateVersion = "24.05"; } diff --git a/devices/nos/hardware-configuration.nix b/devices/nos/hardware-configuration.nix new file mode 100644 index 00000000..5f2ff517 --- /dev/null +++ b/devices/nos/hardware-configuration.nix @@ -0,0 +1,55 @@ +{ + config, + modulesPath, + ... +}: { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + + boot = { + kernelModules = ["kvm-intel"]; + + initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; + + loader = { + efi.canTouchEfiVariables = true; + timeout = 2; + + systemd-boot = { + enable = true; + consoleMode = "max"; + configurationLimit = 30; + }; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXROOT"; + fsType = "btrfs"; + }; + + "/boot" = { + device = "/dev/disk/by-label/NIXBOOT"; + fsType = "vfat"; + }; + }; + + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 16 * 1024; + } + ]; + + zramSwap.enable = true; + + hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware; +} diff --git a/devices/nos/modules/arion/default.nix b/devices/nos/modules/arion/default.nix index 729fca9f..297ea7e9 100644 --- a/devices/nos/modules/arion/default.nix +++ b/devices/nos/modules/arion/default.nix @@ -29,8 +29,8 @@ in { rwDataDir = configPath; }; - services.borgbackup.configs.arion = { - paths = [configPath]; - exclude = ["**/lineageos*"]; - }; + #services.borgbackup.configs.arion = { + # paths = [configPath]; + # exclude = ["**/lineageos*"]; + #}; } diff --git a/devices/nos/modules/jellyfin/jfa-go.nix b/devices/nos/modules/jellyfin/jfa-go.nix index 710fd221..c6c0f2a1 100644 --- a/devices/nos/modules/jellyfin/jfa-go.nix +++ b/devices/nos/modules/jellyfin/jfa-go.nix @@ -1,5 +1,8 @@ {...}: { - systemd.services."arion-jfa-go".after = ["jellyfin.service"]; + systemd.services."arion-jfa-go" = { + after = ["jellyfin.service"]; + partOf = ["jellyfin.service"]; + }; arion.projects."jfa-go"."jfa-go" = { image = ./images/jfa-go.nix; diff --git a/devices/nos/modules/jellyfin/nginx.conf b/devices/nos/modules/jellyfin/nginx.conf index 3019cafa..40346c9d 100644 --- a/devices/nos/modules/jellyfin/nginx.conf +++ b/devices/nos/modules/jellyfin/nginx.conf @@ -21,16 +21,13 @@ http { ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc. client_max_body_size 20M; - # use a variable to store the upstream proxy - set $jellyfin 10.0.0.249; - location = / { return 302 https://$host/web/; } location / { # Proxy main Jellyfin traffic - proxy_pass http://$jellyfin:8096; + proxy_pass http://localhost:8096; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -45,7 +42,7 @@ http { # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/ location = /web/ { # Proxy main Jellyfin traffic - proxy_pass http://$jellyfin:8096/web/index.html; + proxy_pass http://localhost:8096/web/index.html; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -56,7 +53,7 @@ http { location /socket { # Proxy Jellyfin Websockets traffic - proxy_pass http://$jellyfin:8096; + proxy_pass http://localhost:8096; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/devices/nos/modules/mergerfs.nix b/devices/nos/modules/mergerfs.nix index d98599a7..fb0992d4 100644 --- a/devices/nos/modules/mergerfs.nix +++ b/devices/nos/modules/mergerfs.nix @@ -4,25 +4,6 @@ in { system.fsPackages = fsPkgs; environment.systemPackages = fsPkgs; - fileSystems."/data" = { - device = "//10.0.0.121/public"; - fsType = "cifs"; - options = [ - "x-systemd.automount" - "noauto" - "x-systemd.idle-timeout=60" - "x-systemd.device-timeout=5s" - "x-systemd.mount-timeout=5s" - "uid=1000" - "gid=1000" - "credentials=${builtins.toFile "creds.txt" '' - username=root - domain=WORKGROUP - ''}" - ]; - }; - - /* fileSystems = { "MergerFS Data" = { mountPoint = "/data"; @@ -90,6 +71,11 @@ in { fsType = "ext4"; device = "/dev/disk/by-id/ata-WDC_WD80EAZZ-00BKLB0_WD-CA1GN0GK-part1"; }; + + "d8 8tb-6" = { + mountPoint = "/mnt/drives/8tb6"; + fsType = "ext4"; + device = "/dev/disk/by-id/ata-ST8000DM004-2U9188_ZR15JMHV-part1"; + }; }; - */ } diff --git a/devices/nos/modules/snapraid.nix b/devices/nos/modules/snapraid.nix index 8fe9b79a..96d67857 100644 --- a/devices/nos/modules/snapraid.nix +++ b/devices/nos/modules/snapraid.nix @@ -36,7 +36,7 @@ in { parityDrives); contentFiles = - ["/var/snapraid/content"] + ["/var/snapraid.content"] ++ map (fs: "${fs.mountPoint}/content") (attrValues dataDrives); exclude = [ diff --git a/devices/servivi/default.nix b/devices/servivi/default.nix index d7a253cd..acf430c1 100644 --- a/devices/servivi/default.nix +++ b/devices/servivi/default.nix @@ -11,9 +11,6 @@ in { ./modules/binary-cache.nix ./modules/minecraft.nix ./modules/nfs.nix - - # WIP - ../nos ]; vars = { diff --git a/flake.lock b/flake.lock index f7194648..097a1291 100644 --- a/flake.lock +++ b/flake.lock @@ -1343,11 +1343,11 @@ "sops-nix": "sops-nix" }, "locked": { - "lastModified": 1709273629, - "narHash": "sha256-VdU3WH3Pv8ai+/X9z1VucGra1YkZPEUjzcO/F/jhguw=", + "lastModified": 1709358901, + "narHash": "sha256-/6XBTAxSATwbCudcqnDyx0yM2ic8ctKxdkp5wvH1VIk=", "ref": "refs/heads/main", - "rev": "e0ab13ca6b37c5e87953a5616f5b0b0f837590c6", - "revCount": 53, + "rev": "d6f17af6dc95428212abb0219195bdab2498fb3a", + "revCount": 54, "type": "git", "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets" }, diff --git a/flake.nix b/flake.nix index 839603a8..83795f77 100644 --- a/flake.nix +++ b/flake.nix @@ -38,6 +38,11 @@ ]; binto = mkNixOS [./devices/binto]; + nos = mkNixOS [ + ./devices/nos + secrets.nixosModules.nos + ]; + servivi = mkNixOS [ ./devices/servivi secrets.nixosModules.servivi diff --git a/modules/tailscale.nix b/modules/tailscale.nix index f9c15cd2..7ae644cc 100644 --- a/modules/tailscale.nix +++ b/modules/tailscale.nix @@ -23,18 +23,15 @@ in { # Desktop pc = "ssh -t matt@binto 'tmux -2u new -At ${hostName}'"; - # Misc Nix servers + # NAS + nos = "ssh -t matt@nos 'tmux -2u new -At ${hostName}'"; + + # Experimenting server servivi = "ssh -t matt@servivi 'tmux -2u new -At ${hostName}'"; # Cluster nodes thingone = "ssh -t matt@thingone 'tmux -2u new -At ${hostName}'"; thingtwo = "ssh -t matt@thingtwo 'tmux -2u new -At ${hostName}'"; - - # Proxmox - pve = "ssh -t matt@pve 'tmux -2u new -At ${hostName}'"; - - # Proxmox LXC instances - jelly = "mosh matt@pve -- ssh -t matt@10.0.0.123 'tmux -2u new -At ${hostName}'"; }; }; }