diff --git a/configuration.nix b/configuration.nix index d7553df..eae3e8d 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,32 +1,45 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + config, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + services.postgresql = { + dataDir = "/pool/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; + }; + + nix.settings.experimental-features = ["nix-command" "flakes"]; powerManagement.enable = false; # Bootloader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sdc"; boot.loader.grub.useOSProber = true; + networking = { + hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.hostName = "nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + # Enable networking + networkmanager.enable = true; - # Enable networking - networking.networkmanager.enable = true; + # Open ports in the firewall. + firewall.allowedTCPPorts = [80 443]; + + extraHosts = '' + 192.168.1.88 nas + ''; + }; # Set your time zone. time.timeZone = "Europe/Stockholm"; @@ -94,10 +107,10 @@ users.users.sondell = { isNormalUser = true; description = "sondell"; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = ["networkmanager" "wheel"]; packages = with pkgs; [ firefox - # thunderbird + # thunderbird ]; }; @@ -106,15 +119,14 @@ openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMYGJCpFIiWqzy8YbfWh7+i52XVwyhUu+P0rUglVR5uV gws@nixos"]; }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget htop cloudflared filebrowser @@ -126,18 +138,21 @@ nil starship tailscale + alejandra ]; - - programs.fish= { - enable=true; - shellInit = "starship init fish | source"; - }; - programs.starship.enable = true; - programs.starship.settings = { - shell = { - disabled = false; - fish_indicator = ""; - bash_indicator = "BASH"; + programs = { + ssh.startAgent = true; + fish = { + enable = true; + shellInit = "starship init fish | source"; + }; + starship.enable = true; + starship.settings = { + shell = { + disabled = false; + fish_indicator = ""; + bash_indicator = "BASH"; + }; }; }; @@ -160,14 +175,11 @@ defaults = { email = "glennpub@proton.me"; dnsProvider = "cloudflare"; - # # location of your CLOUDFLARE_DNS_API_TOKEN=[value] - # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile= + # # location of your CLOUDFLARE_DNS_API_TOKEN=[value] + # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile= environmentFile = "/etc/nixos/.secrets/cloudflare_dns_tokend"; }; }; - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 80 443 ]; # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. @@ -180,5 +192,4 @@ # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.11"; # Did you read the comment? - } diff --git a/filebrowser.nix b/filebrowser.nix index 293f0be..f4408ec 100644 --- a/filebrowser.nix +++ b/filebrowser.nix @@ -12,7 +12,7 @@ in After="network-online.target"; }; serviceConfig = { - ExecStart = "${filebrowser}/bin/filebrowser -r /mnt/movie_drive -d /var/lib/filebrowser/filebrowser.db"; + ExecStart = "${filebrowser}/bin/filebrowser -r /pool/media/ -d /var/lib/filebrowser/filebrowser.db"; User= "jellyfin"; Type= "simple"; }; diff --git a/flake.lock b/flake.lock index 4c362ce..f632184 100644 --- a/flake.lock +++ b/flake.lock @@ -58,11 +58,11 @@ ] }, "locked": { - "lastModified": 1712745070, - "narHash": "sha256-75kSMjyCD5/IliSPkBcBSBamwPYF30Ddr8Ef2XxDfiE=", + "lastModified": 1713880523, + "narHash": "sha256-/dMwfs3toYi2SzrItwpTLKWMSIquAptdCClC2FB608Y=", "ref": "refs/heads/main", - "rev": "c2650ecab1c7b9b2e10d690b40e82817d257b53a", - "revCount": 28, + "rev": "5e986b284d6a7b81fd437822f6279dd915494c54", + "revCount": 29, "type": "git", "url": "https://git.sondell.org/glennwso/home.git" }, diff --git a/flake.nix b/flake.nix index 217f656..aa86fed 100644 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,7 @@ ./tail.nix ./matrix.nix ./coturn.nix + ./vaultwarden.nix (import ./mail.nix {inherit mailserver;}) (import ./homepage.nix {inherit homepage;}) ]; diff --git a/forgejo.nix b/forgejo.nix index aa7e852..8ecb51d 100644 --- a/forgejo.nix +++ b/forgejo.nix @@ -7,6 +7,7 @@ in { services.forgejo = { enable = true; + stateDir = "/pool/var/lib/forgejo"; settings = { service = { # DISABLE_REGISTRATION = true; diff --git a/hardware-configuration.nix b/hardware-configuration.nix index eb96fdf..ea97e53 100644 --- a/hardware-configuration.nix +++ b/hardware-configuration.nix @@ -21,7 +21,10 @@ { device = "/dev/disk/by-uuid/f3463885-fde8-4488-9442-37ced2b2c8f3"; fsType = "ext4"; }; - + fileSystems."/pool" = { + device = "/dev/pool1/vol1"; + fsType = "ext4"; + }; swapDevices = [ ]; diff --git a/nextcloud.nix b/nextcloud.nix index 20916c6..5a34596 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -8,6 +8,27 @@ in environment.systemPackages = [ nextcloud ]; + systemd.timers."nextcloud-backup" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + # OnBootSec = "5m"; + # OnUnitActiveSec = "5m"; + OnCalendar="*-*-* 2:00:00"; + Unit = "nextcloud-backup.service"; + }; + }; + + systemd.services."nextcloud-backup" = { + script = with pkgs; '' + set -eu + ${postgresql}/bin/pg_dump "nextcloud" | ${openssh}/bin/ssh -i /etc/nixos/.secrets/tulpan Glenn@nas "cat - > back/nextcloud/dump.sql" + ''; + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + }; + }; + services = { nginx.virtualHosts = { ${domain} = { diff --git a/vaultwarden.nix b/vaultwarden.nix new file mode 100644 index 0000000..104f1f7 --- /dev/null +++ b/vaultwarden.nix @@ -0,0 +1,22 @@ +{ ... }: + +let + domain = "pw.sondell.org"; + port = "8222"; +in +{ + # + services.vaultwarden = { + enable = true; + }; + + + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; +} +