diff --git a/containers/amethyst/configuration.nix b/containers/amethyst/configuration.nix new file mode 100644 index 0000000..b9d496d --- /dev/null +++ b/containers/amethyst/configuration.nix @@ -0,0 +1,47 @@ +{ lib, pkgs, ... }: { + system.stateVersion = "23.11"; + systemd.tmpfiles.rules = [ + "d /persist/transmission 755 transmission transmission" + "d /persist/transmission/.config/transmission-daemon 750 transmission transmission" + "d /persist/transmission/.incomplete 750 transmission transmission" + "d /persist/transmission/Downloads 755 transmission transmission" + "d /persist/transmission/watchdir 755 transmission transmission" + ]; + networking.wg-quick.interfaces.wg0 = { + configFile = "/persist/vpn.conf"; + preUp = '' + # Try to access the DNS for up to 300s + for i in {1..60}; do + ${pkgs.iputils}/bin/ping -c1 'google.com' && break + echo "Attempt $i: DNS still not available" + sleep 5s + done + ''; + }; + + # https://github.com/NixOS/nixpkgs/issues/258793 + systemd.services.transmission.serviceConfig = { + BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ]; + RootDirectoryStartOnly = lib.mkForce false; + RootDirectory = lib.mkForce ""; + PrivateMounts = lib.mkForce false; + PrivateUsers = lib.mkForce false; + }; + + networking.firewall.allowedTCPPorts = [ 9091 ]; + services.transmission = { + enable = true; + package = pkgs.transmission_4; + downloadDirPermissions = "775"; + openFirewall = true; + home = "/persist/transmission"; + settings = { + ratio-limit-enabled = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-port = 9091; + rpc-host-whitelist-enabled = false; + rpc-whitelist-enabled = false; + }; + }; +} diff --git a/containers/amethyst/flake.lock b/containers/amethyst/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/amethyst/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/amethyst/flake.nix b/containers/amethyst/flake.nix new file mode 100644 index 0000000..e025a5b --- /dev/null +++ b/containers/amethyst/flake.nix @@ -0,0 +1,38 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + modules = [ ./configuration.nix ]; + }; + nixosModule = { ... }: { + networking.nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-+" ]; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/amethyst 755 root users" ]; + containers.amethyst = { + autoStart = true; + privateNetwork = true; + hostAddress = "10.30.1.1"; + localAddress = "10.30.1.2"; + hostAddress6 = "fd0d:1::1:1"; + localAddress6 = "fd0d:1::1:2"; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = [ ./configuration.nix ]; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/amethyst"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 4eeaaa3..4d2cc7a 100644 --- a/flake.lock +++ b/flake.lock @@ -43,6 +43,20 @@ "type": "github" } }, + "c-amethyst": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "path": "./containers/amethyst", + "type": "path" + }, + "original": { + "path": "./containers/amethyst", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "catppuccin-v1_1": "catppuccin-v1_1", @@ -415,7 +429,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1770778188, @@ -511,6 +525,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -526,7 +556,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1770562336, "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", @@ -601,6 +631,7 @@ "inputs": { "aagl": "aagl", "agenix": "agenix", + "c-amethyst": "c-amethyst", "catppuccin": "catppuccin", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -609,7 +640,7 @@ "linux-tkg": "linux-tkg", "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_2", "nvim-treesitter": "nvim-treesitter", "pure": "pure", diff --git a/flake.nix b/flake.nix index 98a4505..3ee112e 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,9 @@ spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; }; tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; }; wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; }; + + # containers + c-amethyst.url = "path:./containers/amethyst"; }; outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs: diff --git a/hosts/anemone/default.nix b/hosts/anemone/default.nix index aa4c81b..ee08a68 100644 --- a/hosts/anemone/default.nix +++ b/hosts/anemone/default.nix @@ -37,6 +37,8 @@ ../../users/rin modules.services.syncthing + + inputs.c-amethyst.nixosModule ]; me = {