cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

containers/amethyst: init

Browse source
This commit is contained in:
Cilly Leang 2026-03-15 15:53:14 +11:00
parent 12681f2087
commit e2832de968
Signed by: cilly
GPG key ID: 6500251E087653C9
6 changed files with 151 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

47
containers/amethyst/configuration.nix Normal file
View file

@ -0,0 +1,47 @@
{ lib, pkgs, ... }: {
system.stateVersion = "23.11";
systemd.tmpfiles.rules = [
"d /persist/transmission 755 transmission transmission"
"d /persist/transmission/.config/transmission-daemon 750 transmission transmission"
"d /persist/transmission/.incomplete 750 transmission transmission"
"d /persist/transmission/Downloads 755 transmission transmission"
"d /persist/transmission/watchdir 755 transmission transmission"
];
networking.wg-quick.interfaces.wg0 = {
configFile = "/persist/vpn.conf";
preUp = ''
# Try to access the DNS for up to 300s
for i in {1..60}; do
${pkgs.iputils}/bin/ping -c1 'google.com' && break
echo "Attempt $i: DNS still not available"
sleep 5s
done
'';
};
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
RootDirectoryStartOnly = lib.mkForce false;
RootDirectory = lib.mkForce "";
PrivateMounts = lib.mkForce false;
PrivateUsers = lib.mkForce false;
};
networking.firewall.allowedTCPPorts = [ 9091 ];
services.transmission = {
enable = true;
package = pkgs.transmission_4;
downloadDirPermissions = "775";
openFirewall = true;
home = "/persist/transmission";
settings = {
ratio-limit-enabled = true;
rpc-bind-address = "0.0.0.0";
rpc-enabled = true;
rpc-port = 9091;
rpc-host-whitelist-enabled = false;
rpc-whitelist-enabled = false;
};
};
}

27
containers/amethyst/flake.lock generated Normal file
View file

@ -0,0 +1,27 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

38
containers/amethyst/flake.nix Normal file
View file

@ -0,0 +1,38 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }: {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
modules = [ ./configuration.nix ];
};
nixosModule = { ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-+" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/amethyst 755 root users" ];
containers.amethyst = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.30.1.1";
localAddress = "10.30.1.2";
hostAddress6 = "fd0d:1::1:1";
localAddress6 = "fd0d:1::1:2";
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = [ ./configuration.nix ]; };
bindMounts."persist" = {
hostPath = "/persist/containers/amethyst";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

37
flake.lock generated
View file

@ -43,6 +43,20 @@
"type": "github"
}
},
"c-amethyst": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"path": "./containers/amethyst",
"type": "path"
},
"original": {
"path": "./containers/amethyst",
"type": "path"
},
"parent": []
},
"catppuccin": {
"inputs": {
"catppuccin-v1_1": "catppuccin-v1_1",
@ -415,7 +429,7 @@
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1770778188,
@ -511,6 +525,22 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1770537093,
"narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=",
@ -526,7 +556,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1770562336,
"narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
@ -601,6 +631,7 @@
"inputs": {
"aagl": "aagl",
"agenix": "agenix",
"c-amethyst": "c-amethyst",
"catppuccin": "catppuccin",
"catppuccin-palette": "catppuccin-palette",
"fast-syntax-highlighting": "fast-syntax-highlighting",
@ -609,7 +640,7 @@
"linux-tkg": "linux-tkg",
"neovim-nightly": "neovim-nightly",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable_2",
"nvim-treesitter": "nvim-treesitter",
"pure": "pure",

3
flake.nix
View file

@ -37,6 +37,9 @@
spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; };
tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; };
wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; };
# containers
c-amethyst.url = "path:./containers/amethyst";
};
outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs:

2
hosts/anemone/default.nix
View file

@ -37,6 +37,8 @@
../../users/rin
modules.services.syncthing
inputs.c-amethyst.nixosModule
];
me = {