Hide arr
This commit is contained in:
parent
4d719bfbbe
commit
5f63c11c18
4 changed files with 88 additions and 12 deletions
|
@ -26,7 +26,7 @@
|
||||||
# TODO: enable dark theme by default
|
# TODO: enable dark theme by default
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
package = (pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.passff-host ]; });
|
package = (pkgs.firefox-wayland.override { extraNativeMessagingHosts = [ pkgs.passff-host ]; });
|
||||||
|
|
||||||
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
|
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
|
||||||
# ublock-origin
|
# ublock-origin
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
# and in the NixOS manual (accessible by running 'nixos-help').
|
# and in the NixOS manual (accessible by running 'nixos-help').
|
||||||
|
|
||||||
{ modulesPath, config, pkgs, ... }: rec {
|
{ modulesPath, config, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
../modules/intel.nix
|
../modules/intel.nix
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
port = 5757;
|
port = 5757;
|
||||||
stateDir = "/var/lib/api-lyte-dev";
|
stateDir = "/var/lib/api-lyte-dev";
|
||||||
configFile = sops.secrets."api.lyte.dev".path;
|
configFile = config.sops.secrets."api.lyte.dev".path;
|
||||||
user = "api-lyte-dev";
|
user = "api-lyte-dev";
|
||||||
group = user;
|
group = user;
|
||||||
};
|
};
|
||||||
|
@ -83,16 +83,32 @@
|
||||||
# "myservice/my_subdir/my_secret" = { };
|
# "myservice/my_subdir/my_secret" = { };
|
||||||
|
|
||||||
"api.lyte.dev" = {
|
"api.lyte.dev" = {
|
||||||
path = "${services.api-lyte-dev.stateDir}/secrets.json";
|
path = "${config.services.api-lyte-dev.stateDir}/secrets.json";
|
||||||
# TODO: would be cool to assert that it's correctly-formatted JSON?
|
# TODO: would be cool to assert that it's correctly-formatted JSON?
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
owner = services.api-lyte-dev.user;
|
owner = config.services.api-lyte-dev.user;
|
||||||
group = services.api-lyte-dev.group;
|
group = config.services.api-lyte-dev.group;
|
||||||
};
|
};
|
||||||
|
|
||||||
plausible-admin-password = { };
|
plausible-admin-password = {
|
||||||
plausible-erlang-cookie = { };
|
# TODO: path = "${config.systemd.services.plausible.serviceConfig.WorkingDirectory}/plausible-admin-password.txt";
|
||||||
plausible-secret-key-base = { };
|
path = "/var/lib/plausible/plausible-admin-password";
|
||||||
|
mode = "0440";
|
||||||
|
owner = config.systemd.services.plausible.serviceConfig.User;
|
||||||
|
group = config.systemd.services.plausible.serviceConfig.Group;
|
||||||
|
};
|
||||||
|
plausible-erlang-cookie = {
|
||||||
|
path = "/var/lib/plausible/plausible-erlang-cookie";
|
||||||
|
mode = "0440";
|
||||||
|
owner = config.systemd.services.plausible.serviceConfig.User;
|
||||||
|
group = config.systemd.services.plausible.serviceConfig.Group;
|
||||||
|
};
|
||||||
|
plausible-secret-key-base = {
|
||||||
|
path = "/var/lib/plausible/plausible-secret-key-base";
|
||||||
|
mode = "0440";
|
||||||
|
owner = config.systemd.services.plausible.serviceConfig.User;
|
||||||
|
group = config.systemd.services.plausible.serviceConfig.Group;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -123,6 +139,10 @@
|
||||||
|
|
||||||
networking.hostName = "beefcake";
|
networking.hostName = "beefcake";
|
||||||
|
|
||||||
|
users.extraGroups = {
|
||||||
|
"plausible" = { };
|
||||||
|
"lytedev" = { };
|
||||||
|
};
|
||||||
users.groups.daniel.members = [ "daniel" ];
|
users.groups.daniel.members = [ "daniel" ];
|
||||||
users.groups.nixadmin.members = [ "daniel" ];
|
users.groups.nixadmin.members = [ "daniel" ];
|
||||||
|
|
||||||
|
@ -174,6 +194,13 @@
|
||||||
createHome = true;
|
createHome = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
users.users.plausible = {
|
||||||
|
# used for anonymous samba access
|
||||||
|
isSystemUser = true;
|
||||||
|
createHome = false;
|
||||||
|
group = "plausible";
|
||||||
|
};
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.linuxquota ];
|
environment.systemPackages = [ pkgs.linuxquota ];
|
||||||
|
|
||||||
# TODO: make the client declarative? right now I think it's manually git
|
# TODO: make the client declarative? right now I think it's manually git
|
||||||
|
@ -202,11 +229,29 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
adapter = "caddyfile";
|
adapter = "caddyfile";
|
||||||
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||||
|
# TODO: there are some hardcoded ports here!
|
||||||
|
# https://github.com/NixOS/nixpkgs/blob/04af42f3b31dba0ef742d254456dc4c14eedac86/nixos/modules/services/misc/lidarr.nix#L72
|
||||||
configFile = pkgs.writeText "Caddyfile" ''
|
configFile = pkgs.writeText "Caddyfile" ''
|
||||||
video.lyte.dev {
|
video.lyte.dev {
|
||||||
reverse_proxy :8096
|
reverse_proxy :8096
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# lidarr.h.lyte.dev {
|
||||||
|
# reverse_proxy :8686
|
||||||
|
# }
|
||||||
|
|
||||||
|
# radarr.h.lyte.dev {
|
||||||
|
# reverse_proxy :7878
|
||||||
|
# }
|
||||||
|
|
||||||
|
# sonarr.h.lyte.dev {
|
||||||
|
# reverse_proxy :8989
|
||||||
|
# }
|
||||||
|
|
||||||
|
# bazarr.h.lyte.dev {
|
||||||
|
# reverse_proxy :${toString config.services.bazarr.listenPort}
|
||||||
|
# }
|
||||||
|
|
||||||
bw.lyte.dev {
|
bw.lyte.dev {
|
||||||
reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
|
reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
|
||||||
}
|
}
|
||||||
|
@ -295,8 +340,12 @@
|
||||||
# TODO: ensure we're not doing the same dumb thing we were doing on the old host and eating storage
|
# TODO: ensure we're not doing the same dumb thing we were doing on the old host and eating storage
|
||||||
services.clickhouse.enable = true;
|
services.clickhouse.enable = true;
|
||||||
|
|
||||||
|
systemd.services.plausible.serviceConfig.User = "plausible";
|
||||||
|
systemd.services.plausible.serviceConfig.Group = "plausible";
|
||||||
|
|
||||||
services.plausible = {
|
services.plausible = {
|
||||||
enable = true;
|
# TODO: enable
|
||||||
|
enable = false;
|
||||||
releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path;
|
releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path;
|
||||||
database = {
|
database = {
|
||||||
clickhouse.setup = true;
|
clickhouse.setup = true;
|
||||||
|
@ -408,6 +457,26 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.lidarr = {
|
||||||
|
enable = true;
|
||||||
|
dataDir = "/storage/lidarr";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.radarr = {
|
||||||
|
enable = true;
|
||||||
|
dataDir = "/storage/radarr";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.sonarr = {
|
||||||
|
enable = true;
|
||||||
|
dataDir = "/storage/sonarr";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.bazarr = {
|
||||||
|
enable = true;
|
||||||
|
listenPort = 6767;
|
||||||
|
};
|
||||||
|
|
||||||
services.samba-wsdd.enable = true;
|
services.samba-wsdd.enable = true;
|
||||||
|
|
||||||
services.samba = {
|
services.samba = {
|
||||||
|
@ -502,6 +571,7 @@
|
||||||
"/var/lib/bitwarden_rs" # does this need any sqlite preprocessing?
|
"/var/lib/bitwarden_rs" # does this need any sqlite preprocessing?
|
||||||
# https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
|
# https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
|
||||||
# specifically, https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#sqlite-database-files
|
# specifically, https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#sqlite-database-files
|
||||||
|
# TODO: backup lidarr/radarr configs?
|
||||||
|
|
||||||
"/storage/postgres-backups"
|
"/storage/postgres-backups"
|
||||||
];
|
];
|
||||||
|
|
|
@ -192,6 +192,9 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# https://github.com/nix-community/home-manager/issues/3113
|
||||||
|
dconf.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
time = {
|
time = {
|
||||||
|
|
|
@ -47,10 +47,13 @@ nix run nixpkgs#nixos-rebuild -- --flake 'git+https://git.lyte.dev/lytedev/nix#h
|
||||||
# initialize a delayed reboot by a process you can kill later if things look good
|
# initialize a delayed reboot by a process you can kill later if things look good
|
||||||
# note that the amount of time you give it probably needs to be enough time to both complete the upgrade
|
# note that the amount of time you give it probably needs to be enough time to both complete the upgrade
|
||||||
# _and_ perform whatever testing you need
|
# _and_ perform whatever testing you need
|
||||||
ssh root@host bash -c '
|
ssh -t root@host "bash -c '
|
||||||
|
set -m
|
||||||
(sleep 300; reboot;) &
|
(sleep 300; reboot;) &
|
||||||
jobs -p
|
jobs -p
|
||||||
'
|
bg
|
||||||
|
disown
|
||||||
|
'"
|
||||||
|
|
||||||
# build the system and start running it, but do NOT set the machine up to boot to that system yet
|
# build the system and start running it, but do NOT set the machine up to boot to that system yet
|
||||||
# we will test things and make sure it works first
|
# we will test things and make sure it works first
|
||||||
|
|
Loading…
Reference in a new issue