jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:a4f2ab59a3f7a8a206bf0f6716e2255fd079d6f0
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
...
compare: jordan:471c46d4cb6a9438d4b2bfe40b7f03a7a7c7740d
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

7 Commits
a4f2ab59a3 ... 471c46d4cb

Author SHA1 Message Date
Jordan Holt
471c46d4cb hosts/library: extract jellyfin config
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m15s
Details
2025-06-02 22:54:54 +01:00
Jordan Holt
2a395d5efb hosts/library: extract nginx config 2025-06-02 22:52:09 +01:00
Jordan Holt
4f49a8da98 hosts/library: extract SSH tunnel config 2025-06-02 22:50:52 +01:00
Jordan Holt
06a48940a9 hosts/library: extract prometheus config 2025-06-02 22:49:53 +01:00
Jordan Holt
b4ef349c9c hosts/library: extract grafana config 2025-06-02 22:48:48 +01:00
Jordan Holt
0cda947ca5 nixpkgs: allow unfree everywhere 2025-06-02 21:14:04 +01:00
Jordan Holt
7569a548e2 flake.lock: Update 
Flake lock file updates:

• Updated input 'nixvim':
    'github:nix-community/nixvim/82fafc9f9f89b54e13cff3c51582b6c228ec8331?narHash=sha256-oztcrhUwXAqPRBqyh9yJo6Ymiu4T94MdPARa/fTw75I%3D' (2025-05-31)
  → 'github:nix-community/nixvim/d14de7a243f9d99d1f48c569e156d756fc0e638d?narHash=sha256-TLRow4rQ5RTVBg5iS779nK4itEmlXjd2GcN7GgMLZ90%3D' (2025-06-02)
• Updated input 'stylix':
    'github:danth/stylix/275e1acae94a1c5495352fd317a87377322a5259?narHash=sha256-GPVR1UT1r0J1Lgux0h28CVCqoh0dJ67qKn2k%2BCTL/TI%3D' (2025-06-01)
  → 'github:danth/stylix/40ed368ca342dfd9a69a3007410be7d20eb04a0c?narHash=sha256-l9F8IGqmkMYlMLABvoQu5QZIzZzzUIM9r0saqAiWi64%3D' (2025-06-02)
 2025-06-02 21:12:07 +01:00
13 changed files with 199 additions and 159 deletions
Expand all files Collapse all files

12
flake.lock generated
View File

@ -755,11 +755,11 @@
"systems": "systems_4"
},
"locked": {
"lastModified": 1748695667,
"narHash": "sha256-oztcrhUwXAqPRBqyh9yJo6Ymiu4T94MdPARa/fTw75I=",
"lastModified": 1748862038,
"narHash": "sha256-TLRow4rQ5RTVBg5iS779nK4itEmlXjd2GcN7GgMLZ90=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "82fafc9f9f89b54e13cff3c51582b6c228ec8331",
"rev": "d14de7a243f9d99d1f48c569e156d756fc0e638d",
"type": "github"
},
"original": {
@ -899,11 +899,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1748798145,
"narHash": "sha256-GPVR1UT1r0J1Lgux0h28CVCqoh0dJ67qKn2k+CTL/TI=",
"lastModified": 1748888559,
"narHash": "sha256-l9F8IGqmkMYlMLABvoQu5QZIzZzzUIM9r0saqAiWi64=",
"owner": "danth",
"repo": "stylix",
"rev": "275e1acae94a1c5495352fd317a87377322a5259",
"rev": "40ed368ca342dfd9a69a3007410be7d20eb04a0c",
"type": "github"
},
"original": {

22
hosts/common.nix
View File

@ -13,13 +13,21 @@
../modules/nixos
];
nixpkgs.overlays = [
inputs.agenix.overlays.default
(import ../overlays/default.nix)
(final: prev: {
unstable = import inputs.nixpkgs-unstable { system = final.system; };
})
];
nixpkgs = {
config.allowUnfree = true;
overlays = [
inputs.agenix.overlays.default
(import ../overlays/default.nix)
(final: prev: {
unstable = import inputs.nixpkgs-unstable {
config = {
allowUnfree = true;
};
system = final.system;
};
})
];
};
time.timeZone = "Europe/London";

4
hosts/desktop.nix
View File

@ -9,10 +9,6 @@
../users/jordan
];
nixpkgs = {
config.allowUnfree = true;
};
services.printing.enable = true;
services.openssh.startWhenNeeded = true;

1
hosts/hypnos/default.nix
View File

@ -16,7 +16,6 @@
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};

144
hosts/library/default.nix
View File

@ -1,8 +1,15 @@
{ config, pkgs, ... }:
{
...
}:
{
imports = [
./hardware-configuration.nix
./grafana.nix
./jellyfin.nix
./nginx.nix
./prometheus.nix
./tunnel.nix
../server.nix
];
@ -46,147 +53,12 @@
enable = true;
};
services.grafana = {
enable = true;
settings = {
server = {
domain = "library.mesh.vimium.net";
http_addr = "0.0.0.0";
http_port = 3000;
};
};
};
services.prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
zfs = {
enable = true;
port = 9003;
};
};
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}"
];
}
];
}
];
};
systemd.services.vps1-tunnel = {
enable = true;
description = "vps1.mesh.vimium.net SSH tunnel";
after = [
"network-online.target"
"jellyfin.service"
];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "simple";
ExecStart = pkgs.lib.mkForce ''
${pkgs.openssh}/bin/ssh \
-NT \
-o ExitOnForwardFailure=yes \
-o ServerAliveInterval=60 \
-o TCPKeepAlive=no \
-i %h/.ssh/id_jellyfin \
-R localhost:8000:localhost:8000 \
jellyfin@vps1.mesh.vimium.net
'';
Restart = "always";
RestartSec = 20;
};
wantedBy = [ "default.target" ];
};
services.nginx =
let
proxyConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
in
{
enable = true;
package = pkgs.openresty;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
clientMaxBodySize = "2G";
virtualHosts = {
"library.mesh.vimium.net" = {
locations."/" = {
root = "/mnt/library";
extraConfig = ''
autoindex on;
'';
};
};
"jellyfin.vimium.com" = {
default = true;
listen = [
{
addr = "127.0.0.1";
port = 8000;
}
];
locations."/" = {
proxyPass = "http://localhost:8096";
extraConfig = proxyConfig;
};
locations."/metrics" = {
return = "404";
};
};
};
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
];
};
users.users.jellyfin.extraGroups = [
"video"
"render"
];
services.jellyfin = {
enable = true;
package = pkgs.unstable.jellyfin;
cacheDir = "/var/cache/jellyfin";
dataDir = "/var/lib/jellyfin";
};
modules = {
podman.enable = true;
services = {
borgmatic = {
enable = true;
directories = [
config.services.jellyfin.dataDir
"/home/jordan"
];
repoPath = "ssh://b61758r4@b61758r4.repo.borgbase.com/./repo";

16
hosts/library/grafana.nix Normal file
View File

@ -0,0 +1,16 @@
{
...
}:
{
services.grafana = {
enable = true;
settings = {
server = {
domain = "library.mesh.vimium.net";
http_addr = "0.0.0.0";
http_port = 3000;
};
};
};
}

30
hosts/library/jellyfin.nix Normal file
View File

@ -0,0 +1,30 @@
{
config,
pkgs,
...
}:
{
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
vaapiVdpau
];
};
users.users.jellyfin.extraGroups = [
"video"
"render"
];
services.jellyfin = {
enable = true;
package = pkgs.unstable.jellyfin;
cacheDir = "/var/cache/jellyfin";
dataDir = "/var/lib/jellyfin";
};
modules.services.borgmatic.directories = [
config.services.jellyfin.dataDir
];
}

57
hosts/library/nginx.nix Normal file
View File

@ -0,0 +1,57 @@
{
pkgs,
...
}:
{
services.nginx =
let
proxyConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
in
{
enable = true;
package = pkgs.openresty;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
clientMaxBodySize = "2G";
virtualHosts = {
"library.mesh.vimium.net" = {
locations."/" = {
root = "/mnt/library";
extraConfig = ''
autoindex on;
'';
};
};
"jellyfin.vimium.com" = {
default = true;
listen = [
{
addr = "127.0.0.1";
port = 8000;
}
];
locations."/" = {
proxyPass = "http://localhost:8096";
extraConfig = proxyConfig;
};
locations."/metrics" = {
return = "404";
};
};
};
};
}

35
hosts/library/prometheus.nix Normal file
View File

@ -0,0 +1,35 @@
{
config,
...
}:
{
services.prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
zfs = {
enable = true;
port = 9003;
};
};
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}"
];
}
];
}
];
};
}

32
hosts/library/tunnel.nix Normal file
View File

@ -0,0 +1,32 @@
{
pkgs,
...
}:
{
systemd.services.vps1-tunnel = {
enable = true;
description = "vps1.mesh.vimium.net SSH tunnel";
after = [
"network-online.target"
"jellyfin.service"
];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "simple";
ExecStart = pkgs.lib.mkForce ''
${pkgs.openssh}/bin/ssh \
-NT \
-o ExitOnForwardFailure=yes \
-o ServerAliveInterval=60 \
-o TCPKeepAlive=no \
-i %h/.ssh/id_jellyfin \
-R localhost:8000:localhost:8000 \
jellyfin@vps1.mesh.vimium.net
'';
Restart = "always";
RestartSec = 20;
};
wantedBy = [ "default.target" ];
};
}

1
hosts/odyssey/default.nix
View File

@ -15,7 +15,6 @@
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};

2
hosts/vps1/outline.nix
View File

@ -7,8 +7,6 @@ let
domain = "outline.vimium.com";
in
{
nixpkgs.config.allowUnfree = true;
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;

2
modules/nixos/system/desktop/hyprland.nix
View File

@ -23,8 +23,6 @@ in
withUWSM = true;
};
nixpkgs.config.allowUnfree = true;
stylix = {
enable = true;
autoEnable = false;