From 4afa641a4d627b8c1a38d9f7c665fa7172187c6e Mon Sep 17 00:00:00 2001 From: reo101 Date: Fri, 17 Nov 2023 16:03:25 +0200 Subject: [PATCH] feat(limonka)!: `jellyfin` and `transmission` config Add config for the `jellyfin` service Add config for the `transmission` service Fix networking issue (DNS died after some time) Rename `jeeves_password` secret Fix deprecated `passwordFile` -> `hashedPasswordFile` --- .../x86_64-linux/jeeves/configuration.nix | 9 +++- machines/nixos/x86_64-linux/jeeves/disko.nix | 3 ++ .../nixos/x86_64-linux/jeeves/jellyfin.nix | 43 +++++++++++++++++++ .../nixos/x86_64-linux/jeeves/network.nix | 1 + .../nixos/x86_64-linux/jeeves/wireguard.nix | 19 ++++++++ 5 files changed, 73 insertions(+), 2 deletions(-) create mode 100644 machines/nixos/x86_64-linux/jeeves/jellyfin.nix diff --git a/machines/nixos/x86_64-linux/jeeves/configuration.nix b/machines/nixos/x86_64-linux/jeeves/configuration.nix index 5129709..759a277 100644 --- a/machines/nixos/x86_64-linux/jeeves/configuration.nix +++ b/machines/nixos/x86_64-linux/jeeves/configuration.nix @@ -1,10 +1,13 @@ { inputs, outputs, lib, pkgs, config, ... }: { imports = [ + inputs.hardware.nixosModules.common-cpu-amd + inputs.hardware.nixosModules.common-gpu-amd (import ./disko.nix { inherit inputs outputs; }) inputs.agenix.nixosModules.default ./network.nix ./wireguard.nix + ./jellyfin.nix ]; nixpkgs = { @@ -57,14 +60,15 @@ ]; # NOTE: made with `mkpasswd -m sha-516` - age.secrets."home/jeeves_password".file = ../../../../secrets/home/jeeves_password.age; + age.secrets."jeeves_password".file = ../../../../secrets/home/jeeves_password.age; + users = { mutableUsers = true; users = { jeeves = { isNormalUser = true; shell = pkgs.zsh; - passwordFile = config.age.secrets."home/jeeves_password".path; + hashedPasswordFile = config.age.secrets."jeeves_password".path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW (none)" ]; @@ -73,6 +77,7 @@ "networkmanager" "audio" "docker" + "transmission" ]; }; }; diff --git a/machines/nixos/x86_64-linux/jeeves/disko.nix b/machines/nixos/x86_64-linux/jeeves/disko.nix index 5cc10db..3aa471e 100644 --- a/machines/nixos/x86_64-linux/jeeves/disko.nix +++ b/machines/nixos/x86_64-linux/jeeves/disko.nix @@ -189,6 +189,9 @@ ]; }; "/data/media" = { }; + "/data/torrents" = { }; + "/data/torrents/download" = { }; + "/data/torrents/incomplete" = { }; "/data/media/jellyfin" = { }; }; }; diff --git a/machines/nixos/x86_64-linux/jeeves/jellyfin.nix b/machines/nixos/x86_64-linux/jeeves/jellyfin.nix new file mode 100644 index 0000000..4a6f30c --- /dev/null +++ b/machines/nixos/x86_64-linux/jeeves/jellyfin.nix @@ -0,0 +1,43 @@ +{ lib, pkgs, config, ... }: +{ + environment.systemPackages = with pkgs; [ + tremc + ]; + + services = { + transmission = { + enable = true; + openRPCPort = true; + settings = { + download-dir = "/data/torrents/download"; + incomplete-dir = "/data/torrents/incomplete"; + incomplete-dir-enabled = true; + rpc-whitelist = "127.0.0.1,192.168.*.*,10.100.0.*"; + }; + }; + jellyfin = { + enable = true; + openFirewall = true; + }; + # sonarr = { + # enable = true; + # openFirewall = true; + # }; + # radarr = { + # enable = true; + # openFirewall = true; + # }; + # bazarr = { + # enable = true; + # openFirewall = true; + # }; + # readarr = { + # enable = true; + # openFirewall = true; + # }; + # prowlarr = { + # enable = true; + # openFirewall = true; + # }; + }; +} diff --git a/machines/nixos/x86_64-linux/jeeves/network.nix b/machines/nixos/x86_64-linux/jeeves/network.nix index aa46231..3de0488 100644 --- a/machines/nixos/x86_64-linux/jeeves/network.nix +++ b/machines/nixos/x86_64-linux/jeeves/network.nix @@ -15,6 +15,7 @@ }; }; + networking.useNetworkd = true; systemd.network = { enable = true; wait-online = { diff --git a/machines/nixos/x86_64-linux/jeeves/wireguard.nix b/machines/nixos/x86_64-linux/jeeves/wireguard.nix index 6fbf4c6..61613fa 100644 --- a/machines/nixos/x86_64-linux/jeeves/wireguard.nix +++ b/machines/nixos/x86_64-linux/jeeves/wireguard.nix @@ -42,6 +42,25 @@ ]; }; } + { + # limonka + wireguardPeerConfig = { + PublicKey = "+x4cKc16KxhW/M3wv64FU1J0AkiLyXT5Oar6I1n1xk4="; + AllowedIPs = [ + "0.0.0.0/0" + # "192.168.1.0/24" + ]; + }; + } + { + # s42 + wireguardPeerConfig = { + PublicKey = "pZF6M8TZ1FSBtTwFz4xzlMqwqRScEqgBfqHBk7ddixc="; + AllowedIPs = [ + "0.0.0.0/0" + ]; + }; + } ]; }; };