diff options
| -rw-r--r-- | archetypes/collections/development/docker.nix | 1 | ||||
| -rw-r--r-- | hosts/poweredge/configuration.nix | 35 | ||||
| -rw-r--r-- | hosts/poweredge/fileshares.nix | 14 | ||||
| -rw-r--r-- | hosts/poweredge/networking.nix | 11 | ||||
| -rw-r--r-- | nixos/default.nix | 3 | ||||
| -rw-r--r-- | nixos/services/immich.nix | 29 | ||||
| -rw-r--r-- | users/timmy/default.nix | 4 |
7 files changed, 77 insertions, 20 deletions
diff --git a/archetypes/collections/development/docker.nix b/archetypes/collections/development/docker.nix index 629dff3..0e09744 100644 --- a/archetypes/collections/development/docker.nix +++ b/archetypes/collections/development/docker.nix @@ -3,6 +3,7 @@ in { options._archetypes.collections.development.docker = { enable = lib.mkEnableOption "enables docker"; + # TODO move to btrfs profile btrfsSupport = lib.mkOption { type = lib.types.bool; default = true; diff --git a/hosts/poweredge/configuration.nix b/hosts/poweredge/configuration.nix index 16a2686..3490589 100644 --- a/hosts/poweredge/configuration.nix +++ b/hosts/poweredge/configuration.nix @@ -1,6 +1,4 @@ -{ config, lib, pkgs, ... }: let - serverEmail = "poweredge@tjkeller.xyz"; -in { +{ config, lib, pkgs, ... }: { imports = [ ./ddns-updater.nix ./fileshares.nix @@ -14,17 +12,38 @@ in { # Enable common options _archetypes = { - profiles.headless = { - enable = true; - home.users.timmy.enable = true; + profiles = { + headless = { + enable = true; + home.users.timmy.enable = true; + }; + zfs.enable = true; + router.enable = true; + }; + collections = { + development.docker.enable = true; + development.docker.btrfsSupport = false; # TODO remove }; - profiles.zfs.enable = true; - profiles.router.enable = true; }; + virtualisation.docker.storageDriver = "zfs"; # TODO move to profile + # Enable smartd services.smartd.enable = true; # TODO move to archetype + # Enable web services + # services = { + # _cgit = { + # enable = true; + # hostAddress = "192.168.1.10"; + # localAddress = "192.168.1.11"; + # rootTitle = "PowerEdge local cgit"; + # # TODO add authorizedKeys + # }; + # }; + # + #services._klipper.enable = true; + # Enable user timmy _users.timmy.enable = true; diff --git a/hosts/poweredge/fileshares.nix b/hosts/poweredge/fileshares.nix index 4593ef8..90b738c 100644 --- a/hosts/poweredge/fileshares.nix +++ b/hosts/poweredge/fileshares.nix @@ -1,9 +1,11 @@ { - # TODO make user for ps2 + # Import zfs pools + boot.zfs.extraPools = [ "ingens" "memoria" ]; + services._fileShares.enable = true; services._fileShares.shares = { PS2 = { - path = "/media/storage/games/ps2"; + path = "/media/ingens/games/ps2"; smb = { enable = true; allowUser = "ps2"; @@ -14,19 +16,19 @@ }; }; WinBackups = { - path = "/media/storage/backups/windows"; + path = "/media/ingens/backups/windows"; smb.enable = true; }; pictures = { - path = "/media/storage/pictures"; + path = "/media/ingens/pictures"; nfs.enable = true; }; tapes = { - path = "/media/storage/tapes"; + path = "/media/ingens/tapes"; nfs.enable = true; }; backups = { - path = "/media/storage/backups"; + path = "/media/ingens/backups"; nfs.enable = true; }; }; diff --git a/hosts/poweredge/networking.nix b/hosts/poweredge/networking.nix index 7632a86..09759ee 100644 --- a/hosts/poweredge/networking.nix +++ b/hosts/poweredge/networking.nix @@ -22,6 +22,9 @@ interfaces.wan0 = { allowedUDPPorts = [ 51820 ]; }; + interfaces.lan0 = { + allowedTCPPorts = [ 2283 80 ]; # FIXME temp + }; }; # Additional advanced rules # TODO add multi NAT feature to router service @@ -54,19 +57,19 @@ staticLeases = { idrac-7N94GK2 = { macAddress = "50:9a:4c:5d:c3:7c"; - staticIp = "192.168.1.3"; + staticIp = "192.168.1.2"; }; OpenWrt-Attic = { macAddress = "34:98:b5:60:5e:be"; - staticIp = "192.168.1.4"; + staticIp = "192.168.1.3"; }; OpenWrt-Basement = { macAddress = "8c:3b:ad:35:c7:8c"; - staticIp = "192.168.1.5"; + staticIp = "192.168.1.4"; }; ArcherC54 = { macAddress = "12:eb:b6:13:f9:e2"; - staticIp = "192.168.1.6"; + staticIp = "192.168.1.5"; }; T495 = { macAddress = "04:33:c2:9d:34:74"; diff --git a/nixos/default.nix b/nixos/default.nix index fb33f1e..53c2411 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -7,6 +7,7 @@ ./services/cgit.nix ./services/fileshares.nix ./services/gitea.nix + ./services/immich.nix ./services/mailer.nix ./services/searxng.nix ./services/router/dns-dhcp.nix @@ -14,6 +15,8 @@ ./services/router/unbound-blocklist.nix ./services/zfs/zed-mailer.nix + #./services/mainsail.nix + ./bootloader.nix ./doas.nix ./filesystems.nix diff --git a/nixos/services/immich.nix b/nixos/services/immich.nix new file mode 100644 index 0000000..283a958 --- /dev/null +++ b/nixos/services/immich.nix @@ -0,0 +1,29 @@ +{ lib, pkgs, config, ... }: +let + cfg = config.services._immich; +in { + + config = { + containers.immich = { + autoStart = true; + privateNetwork = false; + bindMounts = { + "/var/lib/immich" = { + hostPath = "/media/ingens/immich"; + isReadOnly = false; + }; + }; + + config = { lib, config, ... }: { + services.immich = { + enable = true; + host = "0.0.0.0"; + }; + + environment.systemPackages = with pkgs; [ immich immich-cli ]; + + system.stateVersion = "25.11"; + }; + }; + }; +} diff --git a/users/timmy/default.nix b/users/timmy/default.nix index e3950bc..4d75a80 100644 --- a/users/timmy/default.nix +++ b/users/timmy/default.nix @@ -16,7 +16,7 @@ videos = null; }; sshKeyPaths = [ "${home}/.ssh/id_ed25519" ]; - sshPublicKeyPaths = lib.map (keyPath: keyPath + ".pub") sshKeyPaths; + #sshPublicKeyPaths = lib.map (keyPath: keyPath + ".pub") sshKeyPaths; sshPublicKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnsnAWcz46OVi1MWSxpOIUtUvwalijDwvW+oEvNjzep" ]; in { imports = [ @@ -78,7 +78,7 @@ in { # Add authorizedKeys to cgit service services._cgit.ssh.authorizedKeys = { keys = sshPublicKeys; - keyFiles = sshPublicKeyPaths; + #keyFiles = sshPublicKeyPaths; }; # Configure user home |