From 04ca03e50a3127ab1be7014682b6b44c3338c4ba Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 18:13:53 +1100 Subject: [PATCH 1/3] containers/emerald: init --- containers/emerald/configuration.nix | 21 +++++++++ containers/emerald/flake.lock | 27 +++++++++++ containers/emerald/flake.nix | 57 +++++++++++++++++++++++ flake.lock | 69 ++++++++++++++++++++-------- flake.nix | 1 + 5 files changed, 156 insertions(+), 19 deletions(-) create mode 100644 containers/emerald/configuration.nix create mode 100644 containers/emerald/flake.lock create mode 100644 containers/emerald/flake.nix diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix new file mode 100644 index 0000000..ca7a920 --- /dev/null +++ b/containers/emerald/configuration.nix @@ -0,0 +1,21 @@ +{ fqdn, shareFqdn, ... }: { + system.stateVersion = "25.11"; + systemd.tmpfiles.rules = [ + "d /persist/music 755 navidrome navidrome" + "d /persist/navidrome 755 navidrome navidrome" + ]; + networking.firewall.allowedTCPPorts = [ 4533 ]; + networking.firewall.allowedUDPPorts = [ 4533 ]; + + services.navidrome = { + enable = true; + settings = { + Port = 4533; + Address = "[::]"; + BaseUrl = "https://${fqdn}/"; + ShareURL = shareFqdn; + DataFolder = "/persist/navidrome"; + MusicFolder = "/persist/music"; + }; + }; +} diff --git a/containers/emerald/flake.lock b/containers/emerald/flake.lock new file mode 100644 index 0000000..88ab73f --- /dev/null +++ b/containers/emerald/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/containers/emerald/flake.nix b/containers/emerald/flake.nix new file mode 100644 index 0000000..d9fe5d0 --- /dev/null +++ b/containers/emerald/flake.nix @@ -0,0 +1,57 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + outputs = { nixpkgs, ... }: + let + name = "emerald"; + fqdn = "navia.lava.moe"; + shareFqdn = "share.navia.lava.moe"; + subnetId = "5"; + + subnet = x: "fd0d:1::${subnetId}:${toString x}"; + host = subnet 1; + client = subnet 2; + + modules = [ + ./configuration.nix + ]; + in { + nixosConfigurations.container = nixpkgs.lib.nixosSystem { + inherit modules; + }; + nixosModule = { ... }: { + services.nginx.virtualHosts."${fqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:4533"; + listenAddresses = [ "10.0.0.1" "[fd0d::1]" ]; + }; + services.nginx.virtualHosts."${shareFqdn}" = { + useACMEHost = "lava.moe"; + forceSSL = true; + locations."/".proxyPass = "http://[${client}]:4533/share"; + }; + + systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ]; + containers.${name} = { + autoStart = true; + privateNetwork = true; + hostAddress6 = host; + localAddress6 = client; + # privateUsers = "pick"; + nixpkgs = nixpkgs; + ephemeral = true; + config = { imports = modules; }; + specialArgs = { inherit fqdn shareFqdn; }; + + bindMounts."persist" = { + hostPath = "/persist/containers/${name}"; + mountPoint = "/persist"; + isReadOnly = false; + }; + # flake = "path:" + ./.; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index 5215cc5..305fddb 100644 --- a/flake.lock +++ b/flake.lock @@ -100,6 +100,20 @@ }, "parent": [] }, + "c-emerald": { + "inputs": { + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "path": "./containers/emerald", + "type": "path" + }, + "original": { + "path": "./containers/emerald", + "type": "path" + }, + "parent": [] + }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_5" @@ -505,7 +519,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1770778188, @@ -589,6 +603,22 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -701,6 +731,22 @@ } }, "nixpkgs_8": { + "locked": { + "lastModified": 1773282481, + "narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fe416aaedd397cacb33a610b33d60ff2b431b127", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { "locked": { "lastModified": 1770537093, "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", @@ -716,22 +762,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nuscht-search": { "inputs": { "flake-utils": "flake-utils", @@ -774,7 +804,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -838,6 +868,7 @@ "c-beryllium": "c-beryllium", "c-citrine": "c-citrine", "c-diamond": "c-diamond", + "c-emerald": "c-emerald", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -846,7 +877,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index db68cbd..3746d08 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ c-beryllium.url = "path:./containers/beryllium"; c-citrine.url = "path:./containers/citrine"; c-diamond.url = "path:./containers/diamond"; + c-emerald.url = "path:./containers/emerald"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: From 8dc0f8207c0e103dc760086f0fb365983537e747 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 18:57:18 +1100 Subject: [PATCH 2/3] containers/emerald: enable sharing --- containers/emerald/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/containers/emerald/configuration.nix b/containers/emerald/configuration.nix index ca7a920..b2500a4 100644 --- a/containers/emerald/configuration.nix +++ b/containers/emerald/configuration.nix @@ -14,6 +14,7 @@ Address = "[::]"; BaseUrl = "https://${fqdn}/"; ShareURL = shareFqdn; + EnableSharing = true; DataFolder = "/persist/navidrome"; MusicFolder = "/persist/music"; }; From 4bfb5cd5c6b1cd1ca5603fd348c68e0d98200712 Mon Sep 17 00:00:00 2001 From: Cilly Leang Date: Tue, 17 Mar 2026 18:58:49 +1100 Subject: [PATCH 3/3] hosts/dandelion: add emerald --- hosts/dandelion/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index e7c332a..5174cc7 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -28,6 +28,7 @@ inputs.c-beryllium.nixosModule inputs.c-citrine.nixosModule inputs.c-diamond.nixosModule + inputs.c-emerald.nixosModule ./filesystem.nix ./kernel.nix