jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud & jellyfin initial setup

Browse Source 
misc adjustments
This commit is contained in:
Danilo Reyes 2023-08-28 20:38:23 -06:00
parent 811068a7c1
commit 88ae340840
2 changed files with 178 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
configuration.org
View File

@ -76,6 +76,8 @@ cluttered, for example, I may create a module for systemd units.
#+begin_src nix #+begin_src nix
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./nginx.nix
/etc/nixos/cachix.nix
<home-manager/nixos> <home-manager/nixos>
<agenix/modules/age.nix> <agenix/modules/age.nix>
"${nix-gaming}/modules/pipewireLowLatency.nix" "${nix-gaming}/modules/pipewireLowLatency.nix"
@ -174,7 +176,13 @@ latency will require expanding these settings.
#+begin_src nix #+begin_src nix
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
sound.enable = false; sound.enable = false;
security.rtkit.enable = true; security = {
rtkit.enable = true;
acme = {
acceptTerms = true;
defaults.email = "captainjawz@outlook.com";
};
};
services.pipewire = { services.pipewire = {
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
@ -228,6 +236,13 @@ name.
#+begin_src nix #+begin_src nix
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
permittedInsecurePackages = [
"nodejs-14.21.3"
"openssl-1.1.1u"
];
}; };
#+end_src #+end_src
@ -244,6 +259,21 @@ intention of reduce the number of dotfiles, however I will keep it exclusively
as a dotfile and service manager. as a dotfile and service manager.
#+begin_src nix #+begin_src nix
users.groups.nextcloud.gid = 990;
users.users.nextcloud = {
isNormalUser = false;
uid = 990;
extraGroups = [ "nextcloud" ];
packages = (with pkgs; [
nodejs_14
### Currently incompatible with newer versions, and compiling
### an older version takes 7 hours.
# cudatoolkit
# python3Packages.tensorflowWithCuda
# cudaPackages.cudatoolkit
# cudaPackages.cudnn
]);
};
users.users.jawz = { users.users.jawz = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" "scanner" "lp" ]; extraGroups = [ "wheel" "networkmanager" "docker" "scanner" "lp" ];
@ -377,7 +407,6 @@ du-dust # rusty du
gocryptfs # encrypted filesystem! shhh!!! gocryptfs # encrypted filesystem! shhh!!!
exa # like ls but with colors exa # like ls but with colors
trashy # oop! didn't meant to delete that trashy # oop! didn't meant to delete that
ffmpeg # coolest video converter!
# neofetch # use once for brag, never again # neofetch # use once for brag, never again
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
tldr # man for retards tldr # man for retards
@ -441,8 +470,8 @@ poetry # dependency management made easy
# cabal-install # haskell interface # cabal-install # haskell interface
# JS # JS
# jq # linting
nodejs # not as bad as I thought nodejs # not as bad as I thought
# jq # linting
#+end_src #+end_src
** HUNSPELL ** HUNSPELL
@ -464,6 +493,7 @@ main draws of Linux for me.
adw-gtk3 adw-gtk3
# gradience # theme customizer, allows you to modify adw-gtk3 themes # gradience # theme customizer, allows you to modify adw-gtk3 themes
gnome.gnome-tweaks # tweaks for the gnome desktop environment gnome.gnome-tweaks # tweaks for the gnome desktop environment
qgnomeplatform
# Fonts # Fonts
(nerdfonts.override { (nerdfonts.override {
@ -637,13 +667,13 @@ if command -v fzf-share >/dev/null; then
source "$(fzf-share)/completion.bash" source "$(fzf-share)/completion.bash"
fi fi
nixos-magic () { nixos-reload () {
local nix_file="$HOME/Development/NixOS/configuration.nix" local nix_file="$HOME/Development/NixOS/configuration.nix"
local hardware_file="$HOME/Development/NixOS/hardware-configuration.nix" local hardware_file="$HOME/Development/NixOS/hardware-configuration.nix"
nixfmt "$nix_file" && nixfmt "$hardware_file" nixfmt "$nix_file" && nixfmt "$hardware_file"
sudo nixos-rebuild switch -I nixos-config="$nix_file" sudo nixos-rebuild switch -I nixos-config="$nix_file"
sudo systemctl restart docker # sudo systemctl restart docker
sudo systemctl restart docker-compose # sudo systemctl restart docker-compose
} }
#+end_src #+end_src
#+begin_src nix #+begin_src nix
@ -655,7 +685,6 @@ nixos-magic () {
#+begin_src nix #+begin_src nix
programs = { programs = {
starship.enable = true;
direnv = { direnv = {
enable = true; enable = true;
enableBashIntegration = true; enableBashIntegration = true;
@ -733,6 +762,10 @@ may be challenging.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget
docker-compose # easy way to migrate my docker anywhere! docker-compose # easy way to migrate my docker anywhere!
jellyfin-ffmpeg # coolest video converter!
dlib
# nv-codec-headers-11
# cudatoolkit
]; ];
#+end_src #+end_src
@ -847,14 +880,15 @@ snapraid = {
}; };
#+end_src #+end_src
* PROGRAMS & SERVICES * SYSTEM PROGRAMS & SERVICES
Some programs get enabled and installed through here, as well as the activation Some programs get enabled and installed through here, as well as the activation
of some services. of some services.
#+begin_src nix #+begin_src nix
programs = { programs = {
# mtr.enable = true;
starship.enable = true;
fzf.fuzzyCompletion = true; fzf.fuzzyCompletion = true;
mtr.enable = true;
neovim = { neovim = {
enable = true; enable = true;
vimAlias = true; vimAlias = true;
@ -874,6 +908,97 @@ programs = {
}; };
services = { services = {
jellyfin = {
enable = true;
openFirewall = true;
};
nextcloud = {
enable = true;
# package = pkgs.nextcloud27;
maxUploadSize = "50G";
enableImagemagick = true;
appstoreEnable = true;
extraAppsEnable = true;
hostName = "cloud.servidos.lat";
https = true;
caching = {
redis = true;
};
config = {
adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
overwriteProtocol = "https";
trustedProxies = [ "nginx" ];
extraTrustedDomains = [ "localhost:80" "cloud.danilo-reyes.com" "cloud.servidos.lat" ];
defaultPhoneRegion = "MX";
dbtype = "pgsql";
dbuser = "nextcloud";
dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}";
dbtableprefix = "oc_";
dbname = "nextcloud";
};
extraOptions = {
redis = {
host = "localhost";
port = 6379;
};
memcache = {
local = "\\OC\\Memcache\\Redis";
distributed = "\\OC\\Memcache\\Redis";
locking = "\\OC\\Memcache\\Redis";
};
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
"installed" = true;
};
phpOptions = {
display_errors = "stderr";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
expose_php = "Off";
"opcache.enable_cli" = "1";
"opcache.fast_shutdown" = "1";
"opcache.interned_strings_buffer" = "10";
"opcache.max_accelerated_files" = "10000";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "1";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
catch_workers_output = "yes";
short_open_tag = "Off";
# defaults end here
upload_max_filesize = "50G";
post_max_size = "50G";
memory_limit = "2G";
};
phpExtraExtensions = all: [ all.pdlib all.bz2 ];
};
postgresql = {
enable = true;
ensureDatabases = [ "paperless" "nextcloud" "mealie" ];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions = {
"DATABASE nextcloud" = "ALL PRIVILEGES";
};
}
{
name = "paperless";
ensurePermissions = {
"DATABASE paperless" = "ALL PRIVILEGES";
};
}
{
name = "mealie";
ensurePermissions = {
"DATABASE mealie" = "ALL PRIVILEGES";
};
}
];
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
printing = { printing = {
enable = true; enable = true;
drivers = [ pkgs.hplip pkgs.hplipWithPlugin ]; drivers = [ pkgs.hplip pkgs.hplipWithPlugin ];
@ -918,26 +1043,26 @@ the best way to define them for now, is using nix.
#+begin_src nix #+begin_src nix
systemd.services = { systemd.services = {
"docker-compose" = { # "docker-compose" = {
enable = true; # enable = true;
restartIfChanged = true; # restartIfChanged = true;
description = "Start docker-compose servers"; # description = "Start docker-compose servers";
after = [ "docker.service" "docker.socket" ]; # after = [ "docker.service" "docker.socket" ];
requires = [ "docker.service" "docker.socket" ]; # requires = [ "docker.service" "docker.socket" ];
wantedBy = [ "default.target" ]; # wantedBy = [ "default.target" ];
environment = { # environment = {
FILE = "/home/jawz/Development/Docker/docker-compose.yml"; # FILE = "/home/jawz/Development/Docker/docker-compose.yml";
}; # };
path = [ # path = [
pkgs.docker-compose # pkgs.docker-compose
]; # ];
serviceConfig = { # serviceConfig = {
Restart = "on-failure"; # Restart = "on-failure";
RestartSec = 30; # RestartSec = 30;
ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans"; # ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down"; # ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
}; # };
}; # };
"nextcloud_scrapsync" = { "nextcloud_scrapsync" = {
description = "Sync scrapped files with nextcloud"; description = "Sync scrapped files with nextcloud";
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
@ -1084,11 +1209,13 @@ nix = {
"https://nix-gaming.cachix.org" "https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org" "https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org" "https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU=" "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
]; ];
}; };
gc = { gc = {

22
hardware-configuration.nix
View File

@ -89,6 +89,16 @@ in {
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
}; };
fileSystems."/var/lib/nextcloud/data" = {
device = "/mnt/disk1/nextcloud";
options = [ "bind" ];
};
fileSystems."/mnt/jellyfin/media" = {
device = "/mnt/disk1/multimedia/media";
options = [ "bind" "ro" ];
};
fileSystems."/mnt/disk2" = { fileSystems."/mnt/disk2" = {
device = "/dev/mapper/disk2"; device = "/dev/mapper/disk2";
fsType = "btrfs"; fsType = "btrfs";
@ -107,6 +117,11 @@ in {
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ]; options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
}; };
fileSystems."/mnt/jellyfin/external" = {
device = "/mnt/seedbox/external";
options = [ "bind" "ro" ];
};
fileSystems."/mnt/parity" = { fileSystems."/mnt/parity" = {
device = "/dev/disk/by-uuid/643b727a-555d-425c-943c-62f5b93631c9"; device = "/dev/disk/by-uuid/643b727a-555d-425c-943c-62f5b93631c9";
fsType = "xfs"; fsType = "xfs";
@ -160,8 +175,15 @@ in {
nvidia.modesetting.enable = true; nvidia.modesetting.enable = true;
opengl = { opengl = {
enable = true; enable = true;
setLdLibraryPath = true;
driSupport = true; driSupport = true;
driSupport32Bit = true; driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
}; };
}; };
# hardware.cpu.intel.updateMicrocode = # hardware.cpu.intel.updateMicrocode =