nixos-configs/machine/backyard/default.nix

125 lines
3.0 KiB
Nix

{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./filesystems.nix
./fileserver.nix
./immich.nix
./jellyfin.nix
./samba.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# ZFS support
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "64cc144d";
# https://old.reddit.com/r/zfs/comments/1826lgs/psa_its_not_block_cloning_its_a_data_corruption/
boot.kernelParams = [ "zfs.zfs_dmu_offset_next_sync=0" ];
boot.zfs.extraPools = [ "pool" ];
beatific.hostName = "backyard";
# Enable networking
networking.networkmanager.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [
7474 # mirror revproxy
7475 # http serve tvb pool
7476 # tvb catacomb host server
];
};
services.nginx = {
enable = true;
virtualHosts = {
default = {
default = true;
rejectSSL = true;
locations."/".return = "444";
};
"pool.backyard.home" = {
listen = [
{ addr = "10.22.20.8"; }
# Alternative port to ensure the right vhost connects
{ addr = "10.22.20.8"; port = 7475; }
];
root = "/pool/tvb";
locations."/".extraConfig = ''
autoindex on;
autoindex_exact_size off;
'';
};
"mirror.backyard.home" = {
listen = [
{ addr = "10.22.20.8"; }
# Alternative port to ensure the right vhost connects
{ addr = "10.22.20.8"; port = 7474; }
];
root = "/pool/tvb/doc/website/mirror";
};
"files.backyard.home" = {
listen = [
{ addr = "10.22.20.8"; port = 7476; }
];
locations."/" = {
root = "/pool/tvb";
tryFiles = "\$uri @indexer";
};
locations."@indexer".proxyPass = "http://localhost:5000";
};
};
};
environment.systemPackages = with pkgs; [
pv # zfs send progress meter
smartmontools # provides smartctl drive inspector
];
programs.screen.enable = true;
services.zfs = {
autoScrub = {
enable = true;
pools = [ "pool" ];
interval = "monthly";
};
};
services.cron.enable = true;
users.users = {
tvb = {
extraGroups = [ "networkmanager" ];
packages = [
(pkgs.writeShellScriptBin "yt-dlp" ''exec $HOME/.yt-dlp/bin/yt-dlp "$@"'')
];
};
katydid = {
uid = 1102;
isNormalUser = true;
group = "katydid";
initialPassword = "katydid";
};
};
users.groups = {
katydid.gid = 1102;
tvbpoolro = {
gid = 1201;
members = [ "tvb" "jellyfin" "nginx" ];
};
};
# This value governs how some stateful data, like databases, are handled
# across different versions of NixOS. This should not be changed to a new
# release unless the sysadmin has determined that no services would be
# adversely affected by changing this.
system.stateVersion = "23.05";
}