From 2c733de3b3c57ba7636fb320b8afd3438da8a888 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Mon, 8 Aug 2022 18:18:18 +0700 Subject: [PATCH 01/10] flake: create generator for aarch64 sdcard image --- flake.lock | 37 +++++++++++++++++++++++++++++++++ flake.nix | 40 +++++++++++++++++++++++++++++------- hosts/caramel/default.nix | 10 +++++---- hosts/caramel/filesystem.nix | 25 +++++++++++++++++----- hosts/caramel/image.nix | 29 ++++++++++++++++++++++++++ hosts/caramel/kernel.nix | 12 +++++++---- 6 files changed, 133 insertions(+), 20 deletions(-) create mode 100644 hosts/caramel/image.nix diff --git a/flake.lock b/flake.lock index 5f6e968..3b67c44 100644 --- a/flake.lock +++ b/flake.lock @@ -351,6 +351,42 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1636849918, + "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs-porcupine" + ] + }, + "locked": { + "lastModified": 1657748715, + "narHash": "sha256-WecDwDY/hEcDQYzFnccCNa+5Umht0lfjx/d1qGDy/rQ=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "3323b944d99b026aebfd8de439e001409dde067d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1654057797, @@ -610,6 +646,7 @@ "multitask": "multitask", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", + "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nixpkgs-porcupine": "nixpkgs-porcupine", diff --git a/flake.nix b/flake.nix index 7a0dbdb..2824430 100644 --- a/flake.nix +++ b/flake.nix @@ -7,11 +7,13 @@ neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; nixos-hardware.url = "github:NixOS/nixos-hardware"; agenix.url = "github:ryantm/agenix"; + nixos-generators.url = "github:nix-community/nixos-generators"; agenix.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager-porcupine.inputs.nixpkgs.follows = "nixpkgs-porcupine"; neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; + nixos-generators.inputs.nixpkgs.follows = "nixpkgs-porcupine"; nix-gaming.url = "github:fufexan/nix-gaming"; powercord-overlay.url = "github:LavaDesu/powercord-overlay"; @@ -61,7 +63,7 @@ zelk = { url = "github:schnensch0/zelk"; flake = false; }; }; - outputs = { self, agenix, nixpkgs, nixpkgs-porcupine, ... } @ inputs: + outputs = { self, agenix, nixos-generators, nixpkgs, nixpkgs-porcupine, ... } @ inputs: let overlays = (import ./overlays) ++ [inputs.powercord-overlay.overlay] @@ -71,13 +73,13 @@ mkSystem = if !(self ? rev) then throw "Dirty git tree detected." else - nixpkgs: name: arch: enableGUI: nixpkgs.lib.nixosSystem { + nixpkgs: name: arch: enableGUI: extraModules: nixpkgs.lib.nixosSystem { system = arch; modules = [ { nixpkgs.overlays = overlays; } agenix.nixosModules.age (./hosts + "/${name}") - ]; + ] ++ extraModules; specialArgs = { inherit inputs enableGUI; modules = import ./modules { lib = nixpkgs.lib; }; @@ -85,10 +87,10 @@ }; in { - nixosConfigurations."blossom" = mkSystem nixpkgs "blossom" "x86_64-linux" true; + nixosConfigurations."blossom" = mkSystem nixpkgs "blossom" "x86_64-linux" true []; - nixosConfigurations."caramel" = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false; - nixosConfigurations."sugarcane" = mkSystem nixpkgs-porcupine "sugarcane" "x86_64-linux" false; + nixosConfigurations."caramel" = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false []; + nixosConfigurations."sugarcane" = mkSystem nixpkgs-porcupine "sugarcane" "x86_64-linux" false []; packages."x86_64-linux" = let @@ -104,12 +106,36 @@ packages."aarch64-linux" = let pkgs = import nixpkgs-porcupine { - inherit overlays; + overlays = overlays ++ [ + # See https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243 + ]; system = "aarch64-linux"; }; + + caramel-sys = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false [{ + nixpkgs.overlays = [ + (self: super: { + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + }]; in { inherit (pkgs) nixUnstable; + + caramel-iso2 = caramel-sys.config.system.build.sdImage; + caramel-iso = nixos-generators.nixosGenerate { + inherit pkgs; + format = "sd-aarch64"; + modules = [ + agenix.nixosModules.age + ./hosts/caramel + ]; + specialArgs = { + inherit inputs; + modules = import ./modules { lib = nixpkgs-porcupine.lib; }; + }; + }; }; # TODO: currently broken diff --git a/hosts/caramel/default.nix b/hosts/caramel/default.nix index 1e3bd35..0dbc148 100644 --- a/hosts/caramel/default.nix +++ b/hosts/caramel/default.nix @@ -1,4 +1,4 @@ -{ config, inputs, modules, overlays, pkgs, ... }: { +{ config, inputs, modules, modulesPath, overlays, pkgs, ... }: { networking.hostName = "caramel"; system.stateVersion = "21.11"; time.timeZone = "Asia/Phnom_Penh"; @@ -12,6 +12,7 @@ }; imports = (with modules.system; [ + "${builtins.toString modulesPath}/installer/sd-card/sd-image-aarch64.nix" inputs.home-manager-porcupine.nixosModule base @@ -23,15 +24,16 @@ ./filesystem.nix ./kernel.nix + ./image.nix ./networking.nix ./packages.nix ../../users/hana ]) ++ (with modules.services; [ - nginx - postgres - synapse +# nginx +# postgres +# synapse tmptsync unbound vaultwarden diff --git a/hosts/caramel/filesystem.nix b/hosts/caramel/filesystem.nix index c03acda..da67f38 100644 --- a/hosts/caramel/filesystem.nix +++ b/hosts/caramel/filesystem.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: let bind = src: { depends = [ "/persist" ]; @@ -9,16 +9,31 @@ let }; in { fileSystems = { - "/" = { + "/" = lib.mkForce { device = "rootfs"; fsType = "tmpfs"; - options = [ "defaults" "size=2G" "mode=755" ]; + options = [ "defaults" "size=1G" "mode=755" ]; }; - "/nix" = { + # "/nix" = { + # device = "overlayfs"; + # fsType = "overlay"; + # options = [ + # "lowerdir=/mnt/image/nix" + # "upperdir=/persist/nix-overlay" + # "workdir=/persist/.overlaytmp" + # ]; + # noCheck = true; + # depends = [ "/mnt/image" "/persist" ]; + # }; + + "/nix" = (bind "/mnt/image/nix") // { depends = [ "/mnt/image" ]; }; + + "/mnt/image" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; options = [ "defaults" "noatime" ]; + neededForBoot = true; }; "/persist" = { @@ -31,6 +46,6 @@ in { "/var/persist" = bind "/persist"; "/var/lib/acme" = bind "/persist/acme"; "/var/log/journal" = bind "/persist/journal"; - "/boot" = (bind "/nix/persist/boot") // { depends = [ "/nix" ]; }; + "/boot" = (bind "/mnt/image/boot") // { depends = [ "/mnt/image" ]; }; }; } diff --git a/hosts/caramel/image.nix b/hosts/caramel/image.nix new file mode 100644 index 0000000..a7e9975 --- /dev/null +++ b/hosts/caramel/image.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: { + sdImage.expandOnBoot = false; + boot.postBootCommands = '' + # On the first boot do some maintenance tasks + if [ -f /mnt/image/nix-path-registration ]; then + set -euo pipefail + set -x + # Figure out device names for the boot device and root filesystem. + rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /mnt/image) + bootDevice=$(lsblk -npo PKNAME $rootPart) + partNum=$(lsblk -npo MAJ:MIN $rootPart | ${pkgs.gawk}/bin/awk -F: '{print $2}') + + # Resize the root partition and the filesystem to fit the disk + echo ",+," | sfdisk -N$partNum --no-reread $bootDevice + ${pkgs.parted}/bin/partprobe + ${pkgs.e2fsprogs}/bin/resize2fs $rootPart + + # Register the contents of the initial Nix store + ${config.nix.package.out}/bin/nix-store --load-db < /mnt/image/nix-path-registration + + # nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag. + touch /etc/NIXOS + ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + + # Prevents this from running on later boots. + rm -f /mnt/image/nix-path-registration + fi + ''; +} diff --git a/hosts/caramel/kernel.nix b/hosts/caramel/kernel.nix index e621ed3..8c8e9a8 100644 --- a/hosts/caramel/kernel.nix +++ b/hosts/caramel/kernel.nix @@ -1,11 +1,15 @@ -{ config, inputs, pkgs, ... }: { +{ config, inputs, lib, pkgs, ... }: { imports = [ inputs.nixos-hardware.nixosModules.raspberry-pi-4 ]; hardware.raspberry-pi."4".fkms-3d.enable = true; - boot.kernel.sysctl = { - "kernel.core_pattern" = "|/bin/false"; - "kernel.sysrq" = 1; + boot = { + initrd.kernelModules = [ "overlay" ]; + supportedFilesystems = lib.mkForce [ "btrfs" "vfat" ]; + kernel.sysctl = { + "kernel.core_pattern" = "|/bin/false"; + "kernel.sysrq" = 1; + }; }; } From 4b1483327b99e7f81f1fb0568773d20f8af2b8e3 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 9 Aug 2022 15:17:30 +0700 Subject: [PATCH 02/10] treewide: persist rework --- hosts/caramel/filesystem.nix | 1 - hosts/sugarcane/filesystem.nix | 2 +- modules/system/base.nix | 10 +++++----- modules/system/security.nix | 4 ++-- res/authorized_keys | 2 ++ users/hana/default.nix | 4 ++-- 6 files changed, 12 insertions(+), 11 deletions(-) create mode 100644 res/authorized_keys diff --git a/hosts/caramel/filesystem.nix b/hosts/caramel/filesystem.nix index da67f38..5cc264c 100644 --- a/hosts/caramel/filesystem.nix +++ b/hosts/caramel/filesystem.nix @@ -43,7 +43,6 @@ in { neededForBoot = true; }; - "/var/persist" = bind "/persist"; "/var/lib/acme" = bind "/persist/acme"; "/var/log/journal" = bind "/persist/journal"; "/boot" = (bind "/mnt/image/boot") // { depends = [ "/mnt/image" ]; }; diff --git a/hosts/sugarcane/filesystem.nix b/hosts/sugarcane/filesystem.nix index c929023..cc3db8e 100644 --- a/hosts/sugarcane/filesystem.nix +++ b/hosts/sugarcane/filesystem.nix @@ -22,7 +22,7 @@ in { neededForBoot = true; }; - "/var/persist" = bind "/nix/persist"; + "/persist" = bind "/nix/persist"; "/var/log/journal" = bind "/nix/persist/journal"; "/boot" = bind "/nix/persist/boot"; }; diff --git a/modules/system/base.nix b/modules/system/base.nix index af1106a..0ca07dc 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -1,10 +1,10 @@ { config, enableGUI, inputs, modules, overlays, ... }: { environment.etc = { - "machine-id".source = "/var/persist/machine-id"; - "ssh/ssh_host_rsa_key".source = "/var/persist/ssh_host_rsa_key"; - "ssh/ssh_host_rsa_key.pub".source = "/var/persist/ssh_host_rsa_key.pub"; - "ssh/ssh_host_ed25519_key".source = "/var/persist/ssh_host_ed25519_key"; - "ssh/ssh_host_ed25519_key.pub".source = "/var/persist/ssh_host_ed25519_key.pub"; + "machine-id".source = "/persist/machine-id"; + "ssh/ssh_host_rsa_key".source = "/persist/ssh_host_rsa_key"; + "ssh/ssh_host_rsa_key.pub".source = "/persist/ssh_host_rsa_key.pub"; + "ssh/ssh_host_ed25519_key".source = "/persist/ssh_host_ed25519_key"; + "ssh/ssh_host_ed25519_key.pub".source = "/persist/ssh_host_ed25519_key.pub"; }; environment.pathsToLink = [ "/share/zsh" ]; diff --git a/modules/system/security.nix b/modules/system/security.nix index eeedda7..a0399f0 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -15,12 +15,12 @@ hostKeys = [ { bits = 4096; - path = "/var/persist/ssh_host_rsa_key"; + path = "/persist/ssh_host_rsa_key"; rounds = 100; type = "rsa"; } { - path = "/var/persist/ssh_host_ed25519_key"; + path = "/persist/ssh_host_ed25519_key"; rounds = 100; type = "ed25519"; } diff --git a/res/authorized_keys b/res/authorized_keys new file mode 100644 index 0000000..9e9178d --- /dev/null +++ b/res/authorized_keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@blossom +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt @strawberry diff --git a/users/hana/default.nix b/users/hana/default.nix index 4bef521..9ccf5e5 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -24,8 +24,8 @@ ]; programs.git.signing.signByDefault = lib.mkForce false; - programs.zsh.history.path = lib.mkForce "/nix/persist/hana/zsh_history"; + programs.zsh.history.path = lib.mkForce "/persist/hana/zsh_history"; - home.file.".ssh/authorized_keys".source = config.lib.file.mkOutOfStoreSymlink "/nix/persist/hana/authorized_keys"; + home.file.".ssh/authorized_keys".source = ../../res/authorized_keys; }; } From 56312d4667af78cad79a0da3f98e05400dca14ad Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 9 Aug 2022 22:03:15 +0700 Subject: [PATCH 03/10] service/jellyfin: init --- hosts/caramel/default.nix | 1 + modules/default.nix | 1 + modules/services/jellyfin.nix | 14 ++++++++++++++ 3 files changed, 16 insertions(+) create mode 100644 modules/services/jellyfin.nix diff --git a/hosts/caramel/default.nix b/hosts/caramel/default.nix index 0dbc148..7f48599 100644 --- a/hosts/caramel/default.nix +++ b/hosts/caramel/default.nix @@ -34,6 +34,7 @@ # nginx # postgres # synapse + jellyfin tmptsync unbound vaultwarden diff --git a/modules/default.nix b/modules/default.nix index ed774ca..e482ef6 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -15,6 +15,7 @@ let ); in { services = mkAttrsFromPaths [ + ./services/jellyfin.nix ./services/nginx.nix ./services/postgres.nix ./services/synapse.nix diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix new file mode 100644 index 0000000..d46cd4e --- /dev/null +++ b/modules/services/jellyfin.nix @@ -0,0 +1,14 @@ +{ ... }: +let + dir = "/persist/jellyfin"; +in +{ + systemd.tmpfiles.rules = [ + "d ${dir} 700 jellyfin jellyfin" + "L /var/lib/jellyfin - - - - ${dir}" + ]; + services.jellyfin = { + enable = true; + openFirewall = true; + }; +} From 2fb0b9c3e99150fde95f29719972b0137901371e Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 9 Aug 2022 22:23:23 +0700 Subject: [PATCH 04/10] caramel: include module overlay for non-image --- flake.nix | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 2824430..209574b 100644 --- a/flake.nix +++ b/flake.nix @@ -89,7 +89,13 @@ { nixosConfigurations."blossom" = mkSystem nixpkgs "blossom" "x86_64-linux" true []; - nixosConfigurations."caramel" = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false []; + nixosConfigurations."caramel" = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false [{ + nixpkgs.overlays = [ + (self: super: { + makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); + }) + ]; + }]; nixosConfigurations."sugarcane" = mkSystem nixpkgs-porcupine "sugarcane" "x86_64-linux" false []; packages."x86_64-linux" = @@ -111,19 +117,11 @@ ]; system = "aarch64-linux"; }; - - caramel-sys = mkSystem nixpkgs-porcupine "caramel" "aarch64-linux" false [{ - nixpkgs.overlays = [ - (self: super: { - makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; }); - }) - ]; - }]; in { inherit (pkgs) nixUnstable; - caramel-iso2 = caramel-sys.config.system.build.sdImage; + caramel-iso2 = self.nixosConfigurations."caramel".config.system.build.sdImage; caramel-iso = nixos-generators.nixosGenerate { inherit pkgs; format = "sd-aarch64"; From 5e6d9034ef47f5fcb657ccc615debae23246b9a6 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 10 Aug 2022 13:52:13 +0700 Subject: [PATCH 05/10] flake: remove nixos-generators --- flake.lock | 37 ------------------------------------- flake.nix | 22 +++------------------- 2 files changed, 3 insertions(+), 56 deletions(-) diff --git a/flake.lock b/flake.lock index 3b67c44..5f6e968 100644 --- a/flake.lock +++ b/flake.lock @@ -351,42 +351,6 @@ "type": "github" } }, - "nixlib": { - "locked": { - "lastModified": 1636849918, - "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs-porcupine" - ] - }, - "locked": { - "lastModified": 1657748715, - "narHash": "sha256-WecDwDY/hEcDQYzFnccCNa+5Umht0lfjx/d1qGDy/rQ=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "3323b944d99b026aebfd8de439e001409dde067d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, "nixos-hardware": { "locked": { "lastModified": 1654057797, @@ -646,7 +610,6 @@ "multitask": "multitask", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", - "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nixpkgs-porcupine": "nixpkgs-porcupine", diff --git a/flake.nix b/flake.nix index 209574b..8743f30 100644 --- a/flake.nix +++ b/flake.nix @@ -7,13 +7,11 @@ neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; nixos-hardware.url = "github:NixOS/nixos-hardware"; agenix.url = "github:ryantm/agenix"; - nixos-generators.url = "github:nix-community/nixos-generators"; agenix.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager-porcupine.inputs.nixpkgs.follows = "nixpkgs-porcupine"; neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; - nixos-generators.inputs.nixpkgs.follows = "nixpkgs-porcupine"; nix-gaming.url = "github:fufexan/nix-gaming"; powercord-overlay.url = "github:LavaDesu/powercord-overlay"; @@ -63,7 +61,7 @@ zelk = { url = "github:schnensch0/zelk"; flake = false; }; }; - outputs = { self, agenix, nixos-generators, nixpkgs, nixpkgs-porcupine, ... } @ inputs: + outputs = { self, agenix, nixpkgs, nixpkgs-porcupine, ... } @ inputs: let overlays = (import ./overlays) ++ [inputs.powercord-overlay.overlay] @@ -112,28 +110,14 @@ packages."aarch64-linux" = let pkgs = import nixpkgs-porcupine { - overlays = overlays ++ [ - # See https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243 - ]; + inherit overlays; system = "aarch64-linux"; }; in { inherit (pkgs) nixUnstable; - caramel-iso2 = self.nixosConfigurations."caramel".config.system.build.sdImage; - caramel-iso = nixos-generators.nixosGenerate { - inherit pkgs; - format = "sd-aarch64"; - modules = [ - agenix.nixosModules.age - ./hosts/caramel - ]; - specialArgs = { - inherit inputs; - modules = import ./modules { lib = nixpkgs-porcupine.lib; }; - }; - }; + caramel-img = self.nixosConfigurations."caramel".config.system.build.sdImage; }; # TODO: currently broken From 13d0e1ddbda46edca78b5c5fe2d51fcc86a7b863 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 10 Aug 2022 15:50:45 +0700 Subject: [PATCH 06/10] services/jellyfin: use bind mounts --- modules/services/jellyfin.nix | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix index d46cd4e..174fb27 100644 --- a/modules/services/jellyfin.nix +++ b/modules/services/jellyfin.nix @@ -3,9 +3,23 @@ let dir = "/persist/jellyfin"; in { + fileSystems."/var/lib/jellyfin" = { + depends = [ "/persist" ]; + device = dir; + fsType = "none"; + options = [ "bind" ]; + }; + system.activationScripts."jellyfin-create-bind-mount" = { + deps = [ "users" "groups" ]; + text = '' + mkdir ${dir} + chown jellyfin:jellyfin ${dir} + chmod 700 ${dir} + ''; + }; systemd.tmpfiles.rules = [ - "d ${dir} 700 jellyfin jellyfin" - "L /var/lib/jellyfin - - - - ${dir}" + "d /tmp/jelly-transcodes 700 jellyfin jellyfin" + "L+ /var/lib/jellyfin/transcodes - - - - /tmp/jelly-transcodes" ]; services.jellyfin = { enable = true; From 2532d32ffd046bac4e9d3041e26e287893ec974d Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 10 Aug 2022 15:51:38 +0700 Subject: [PATCH 07/10] services/sonarr: init --- hosts/caramel/default.nix | 1 + modules/default.nix | 1 + modules/services/sonarr.nix | 11 +++++++++++ 3 files changed, 13 insertions(+) create mode 100644 modules/services/sonarr.nix diff --git a/hosts/caramel/default.nix b/hosts/caramel/default.nix index 7f48599..79fa255 100644 --- a/hosts/caramel/default.nix +++ b/hosts/caramel/default.nix @@ -35,6 +35,7 @@ # postgres # synapse jellyfin + sonarr tmptsync unbound vaultwarden diff --git a/modules/default.nix b/modules/default.nix index e482ef6..5287a7e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -18,6 +18,7 @@ in { ./services/jellyfin.nix ./services/nginx.nix ./services/postgres.nix + ./services/sonarr.nix ./services/synapse.nix ./services/tmptsync.nix ./services/unbound.nix diff --git a/modules/services/sonarr.nix b/modules/services/sonarr.nix new file mode 100644 index 0000000..b64d5ef --- /dev/null +++ b/modules/services/sonarr.nix @@ -0,0 +1,11 @@ +{ ... }: +let + dir = "/persist/sonarr"; +in +{ + services.sonarr = { + enable = true; + dataDir = dir; + openFirewall = true; + }; +} From dc8688e0c27e717054f060aa181669cfc038eab8 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 10 Aug 2022 20:41:03 +0700 Subject: [PATCH 08/10] hosts/caramel: enable transmission --- hosts/caramel/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/caramel/default.nix b/hosts/caramel/default.nix index 79fa255..098042f 100644 --- a/hosts/caramel/default.nix +++ b/hosts/caramel/default.nix @@ -20,6 +20,7 @@ input nix-porcupine security + transmission wireguard ./filesystem.nix From 5eb6f006e29fcf5a15549c621dbb05e8ef2c3d8f Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 10 Aug 2022 20:42:16 +0700 Subject: [PATCH 09/10] services/jellyfin: add -p to mkdir --- modules/services/jellyfin.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix index 174fb27..4a52ed6 100644 --- a/modules/services/jellyfin.nix +++ b/modules/services/jellyfin.nix @@ -12,7 +12,7 @@ in system.activationScripts."jellyfin-create-bind-mount" = { deps = [ "users" "groups" ]; text = '' - mkdir ${dir} + mkdir -p ${dir} chown jellyfin:jellyfin ${dir} chmod 700 ${dir} ''; From ca50525c88718fc74e9fdaf9299a9f96deb68724 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Wed, 10 Aug 2022 20:50:51 +0700 Subject: [PATCH 10/10] system/transmission: persist downloads --- modules/system/transmission.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/transmission.nix b/modules/system/transmission.nix index 9c1d27c..202b5ae 100644 --- a/modules/system/transmission.nix +++ b/modules/system/transmission.nix @@ -12,6 +12,8 @@ alt-speed-time-enabled = true; alt-speed-time-end = 1380; alt-speed-up = 256; + download-dir = "/persist/transmission/Downloads"; + incomplete-dir = "/persist/transmission/.incomplete"; ratio-limit-enabled = true; rpc-bind-address = "0.0.0.0"; rpc-enabled = true;