jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nextcloud & jellyfin initial setup

Browse Source 
misc adjustments
This commit is contained in:
Danilo Reyes 2023-08-28 20:38:23 -06:00
parent 811068a7c1
commit 88ae340840
2 changed files with 178 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
configuration.org
View File

@ -76,6 +76,8 @@ cluttered, for example, I may create a module for systemd units.
#+begin_src nix
imports = [
./hardware-configuration.nix
./nginx.nix
/etc/nixos/cachix.nix
<home-manager/nixos>
<agenix/modules/age.nix>
"${nix-gaming}/modules/pipewireLowLatency.nix"
@ -174,7 +176,13 @@ latency will require expanding these settings.
#+begin_src nix
hardware.pulseaudio.enable = false;
sound.enable = false;
security.rtkit.enable = true;
security = {
rtkit.enable = true;
acme = {
acceptTerms = true;
defaults.email = "captainjawz@outlook.com";
};
};
services.pipewire = {
enable = true;
alsa.enable = true;
@ -228,6 +236,13 @@ name.
#+begin_src nix
nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
permittedInsecurePackages = [
"nodejs-14.21.3"
"openssl-1.1.1u"
];
};
#+end_src
@ -244,6 +259,21 @@ intention of reduce the number of dotfiles, however I will keep it exclusively
as a dotfile and service manager.
#+begin_src nix
users.groups.nextcloud.gid = 990;
users.users.nextcloud = {
isNormalUser = false;
uid = 990;
extraGroups = [ "nextcloud" ];
packages = (with pkgs; [
nodejs_14
### Currently incompatible with newer versions, and compiling
### an older version takes 7 hours.
# cudatoolkit
# python3Packages.tensorflowWithCuda
# cudaPackages.cudatoolkit
# cudaPackages.cudnn
]);
};
users.users.jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" "scanner" "lp" ];
@ -377,7 +407,6 @@ du-dust # rusty du
gocryptfs # encrypted filesystem! shhh!!!
exa # like ls but with colors
trashy # oop! didn't meant to delete that
ffmpeg # coolest video converter!
# neofetch # use once for brag, never again
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
tldr # man for retards
@ -441,8 +470,8 @@ poetry # dependency management made easy
# cabal-install # haskell interface
# JS
# jq # linting
nodejs # not as bad as I thought
# jq # linting
#+end_src
** HUNSPELL
@ -464,6 +493,7 @@ main draws of Linux for me.
adw-gtk3
# gradience # theme customizer, allows you to modify adw-gtk3 themes
gnome.gnome-tweaks # tweaks for the gnome desktop environment
qgnomeplatform
# Fonts
(nerdfonts.override {
@ -637,13 +667,13 @@ if command -v fzf-share >/dev/null; then
source "$(fzf-share)/completion.bash"
fi
nixos-magic () {
nixos-reload () {
local nix_file="$HOME/Development/NixOS/configuration.nix"
local hardware_file="$HOME/Development/NixOS/hardware-configuration.nix"
nixfmt "$nix_file" && nixfmt "$hardware_file"
sudo nixos-rebuild switch -I nixos-config="$nix_file"
sudo systemctl restart docker
sudo systemctl restart docker-compose
# sudo systemctl restart docker
# sudo systemctl restart docker-compose
}
#+end_src
#+begin_src nix
@ -655,7 +685,6 @@ nixos-magic () {
#+begin_src nix
programs = {
starship.enable = true;
direnv = {
enable = true;
enableBashIntegration = true;
@ -733,6 +762,10 @@ may be challenging.
environment.systemPackages = with pkgs; [
wget
docker-compose # easy way to migrate my docker anywhere!
jellyfin-ffmpeg # coolest video converter!
dlib
# nv-codec-headers-11
# cudatoolkit
];
#+end_src
@ -847,14 +880,15 @@ snapraid = {
};
#+end_src
* PROGRAMS & SERVICES
* SYSTEM PROGRAMS & SERVICES
Some programs get enabled and installed through here, as well as the activation
of some services.
#+begin_src nix
programs = {
# mtr.enable = true;
starship.enable = true;
fzf.fuzzyCompletion = true;
mtr.enable = true;
neovim = {
enable = true;
vimAlias = true;
@ -874,6 +908,97 @@ programs = {
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
};
nextcloud = {
enable = true;
# package = pkgs.nextcloud27;
maxUploadSize = "50G";
enableImagemagick = true;
appstoreEnable = true;
extraAppsEnable = true;
hostName = "cloud.servidos.lat";
https = true;
caching = {
redis = true;
};
config = {
adminpassFile = "${pkgs.writeText "adminpass" "Overlying-Hatchback-Charting-Encounter-Deface-Gallantly7"}";
overwriteProtocol = "https";
trustedProxies = [ "nginx" ];
extraTrustedDomains = [ "localhost:80" "cloud.danilo-reyes.com" "cloud.servidos.lat" ];
defaultPhoneRegion = "MX";
dbtype = "pgsql";
dbuser = "nextcloud";
dbpassFile = "${pkgs.writeText "dbpass" "sopacerias"}";
dbtableprefix = "oc_";
dbname = "nextcloud";
};
extraOptions = {
redis = {
host = "localhost";
port = 6379;
};
memcache = {
local = "\\OC\\Memcache\\Redis";
distributed = "\\OC\\Memcache\\Redis";
locking = "\\OC\\Memcache\\Redis";
};
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
"installed" = true;
};
phpOptions = {
display_errors = "stderr";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
expose_php = "Off";
"opcache.enable_cli" = "1";
"opcache.fast_shutdown" = "1";
"opcache.interned_strings_buffer" = "10";
"opcache.max_accelerated_files" = "10000";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "1";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
catch_workers_output = "yes";
short_open_tag = "Off";
# defaults end here
upload_max_filesize = "50G";
post_max_size = "50G";
memory_limit = "2G";
};
phpExtraExtensions = all: [ all.pdlib all.bz2 ];
};
postgresql = {
enable = true;
ensureDatabases = [ "paperless" "nextcloud" "mealie" ];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions = {
"DATABASE nextcloud" = "ALL PRIVILEGES";
};
}
{
name = "paperless";
ensurePermissions = {
"DATABASE paperless" = "ALL PRIVILEGES";
};
}
{
name = "mealie";
ensurePermissions = {
"DATABASE mealie" = "ALL PRIVILEGES";
};
}
];
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
};
printing = {
enable = true;
drivers = [ pkgs.hplip pkgs.hplipWithPlugin ];
@ -918,26 +1043,26 @@ the best way to define them for now, is using nix.
#+begin_src nix
systemd.services = {
"docker-compose" = {
enable = true;
restartIfChanged = true;
description = "Start docker-compose servers";
after = [ "docker.service" "docker.socket" ];
requires = [ "docker.service" "docker.socket" ];
wantedBy = [ "default.target" ];
environment = {
FILE = "/home/jawz/Development/Docker/docker-compose.yml";
};
path = [
pkgs.docker-compose
];
serviceConfig = {
Restart = "on-failure";
RestartSec = 30;
ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
};
};
# "docker-compose" = {
# enable = true;
# restartIfChanged = true;
# description = "Start docker-compose servers";
# after = [ "docker.service" "docker.socket" ];
# requires = [ "docker.service" "docker.socket" ];
# wantedBy = [ "default.target" ];
# environment = {
# FILE = "/home/jawz/Development/Docker/docker-compose.yml";
# };
# path = [
# pkgs.docker-compose
# ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 30;
# ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} up --remove-orphans";
# ExecStop = "${pkgs.docker-compose}/bin/docker-compose -f \${FILE} down";
# };
# };
"nextcloud_scrapsync" = {
description = "Sync scrapped files with nextcloud";
wantedBy = [ "default.target" ];
@ -1084,11 +1209,13 @@ nix = {
"https://nix-gaming.cachix.org"
"https://nixpkgs-python.cachix.org"
"https://devenv.cachix.org"
"https://cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
gc = {

22
hardware-configuration.nix
View File

@ -89,6 +89,16 @@ in {
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
fileSystems."/var/lib/nextcloud/data" = {
device = "/mnt/disk1/nextcloud";
options = [ "bind" ];
};
fileSystems."/mnt/jellyfin/media" = {
device = "/mnt/disk1/multimedia/media";
options = [ "bind" "ro" ];
};
fileSystems."/mnt/disk2" = {
device = "/dev/mapper/disk2";
fsType = "btrfs";
@ -107,6 +117,11 @@ in {
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
fileSystems."/mnt/jellyfin/external" = {
device = "/mnt/seedbox/external";
options = [ "bind" "ro" ];
};
fileSystems."/mnt/parity" = {
device = "/dev/disk/by-uuid/643b727a-555d-425c-943c-62f5b93631c9";
fsType = "xfs";
@ -160,8 +175,15 @@ in {
nvidia.modesetting.enable = true;
opengl = {
enable = true;
setLdLibraryPath = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
};
# hardware.cpu.intel.updateMicrocode =