sorceress
/
nix-infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

last 24.05

This commit is contained in:
Agatha Lovelace 2024-12-22 15:40:39 +01:00
parent efa8532935
commit 5245af2bbe
Signed by: sorceress
GPG Key ID: 01D0B3AB10CED4F8
4 changed files with 76 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
common/fragments/bittorrent/default.nix
View File

@ -1,12 +1,5 @@
{ pkgs, ... }:
{ {
config,
pkgs,
lib,
...
}:
{
imports = [ ./netns.nix ];
system.fsPackages = with pkgs; [ system.fsPackages = with pkgs; [
gocryptfs gocryptfs
cifs-utils cifs-utils
@ -29,63 +22,30 @@
} }
]; ];
systemd.services."container@transmission" = { virtualisation.oci-containers.containers = {
bindsTo = [ "ve-transmission.service" ]; "qbittorrent" = {
after = [ image = "dyonr/qbittorrentvpn";
"ve-transmission.service" autoStart = true;
"mnt-library.mount" volumes = [
]; "/var/lib/qbittorrent:/config"
"/mnt/library:/downloads"
];
environment = {
VPN_TYPE = "wireguard";
LAN_NETWORK = "10.21.0.0/16,10.42.0.0/24,100.64.0.0/24";
};
ports = [ "8080:8080" ];
extraOptions = [
"--cap-add=NET_ADMIN"
"--device=/dev/net/tun"
"--privileged"
];
};
}; };
containers.transmission = { services.flood = {
autoStart = true; enable = true;
extraArgs = [ "--baseuri=/flood" ];
extraFlags = [ "--network-namespace-path=/run/netns/transmission" ];
bindMounts = {
"/var/lib/transmission" = {
hostPath = "/var/lib/transmission";
isReadOnly = false;
};
"/mnt/library" = {
hostPath = "/mnt/library";
isReadOnly = false;
};
"/etc/resolv.conf" = {
hostPath = toString (pkgs.writeText "resolv.conf" "nameserver 74.82.42.42");
};
};
config = {
services.transmission = {
enable = true;
package = pkgs.transmission_4;
webHome = pkgs.flood-for-transmission;
settings = {
rpc-bind-address = "::";
rpc-whitelist-enabled = false;
rpc-host-whitelist-enabled = false;
download-dir = "/mnt/library/Downloads";
incomplete-dir = "/mnt/library/.incomplete";
watch-dir = "/mnt/library/watchdir";
};
openRPCPort = true;
openPeerPorts = true;
};
users.users.transmission.extraGroups = [ "users" ];
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
RootDirectoryStartOnly = lib.mkForce (lib.mkForce false);
RootDirectory = lib.mkForce (lib.mkForce "");
};
system.stateVersion = config.system.stateVersion;
};
}; };
# Jellyfin # Jellyfin
@ -115,4 +75,25 @@
"guest ok" = "yes"; "guest ok" = "yes";
}; };
}; };
services.nginx.enable = true;
# TODO: change when headscale updates
services.nginx.virtualHosts."watchtower.agatha.thorns.home.arpa" = {
locations."/flood/api" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
proxy_cache off;
'';
};
locations."/flood/" = {
alias = "${pkgs.flood}/lib/node_modules/flood/dist/assets/";
tryFiles = "$uri /flood/index.html";
};
extraConfig = ''
rewrite ^/(flood)$ $1/ permanent;
'';
};
} }

13
common/fragments/bittorrent/netns.nix
View File

@ -1,9 +1,4 @@
{ { pkgs, ... }:
config,
pkgs,
lib,
...
}:
# Collectivized from https://gist.github.com/c0deaddict/53aedbb69c8cbfebfec8f4428dc03102 ☭ # Collectivized from https://gist.github.com/c0deaddict/53aedbb69c8cbfebfec8f4428dc03102 ☭
let let
veth = "ve-transmission"; veth = "ve-transmission";
@ -63,7 +58,7 @@ in
ipGuest = "${ipHost} netns exec ${ns} ${pkgs.iproute}/bin/ip"; ipGuest = "${ipHost} netns exec ${ns} ${pkgs.iproute}/bin/ip";
in in
{ {
description = "Veth interface for download"; description = "Veth interface for transmission";
bindsTo = [ "netns@${ns}.service" ]; bindsTo = [ "netns@${ns}.service" ];
after = [ "netns@${ns}.service" ]; after = [ "netns@${ns}.service" ];
wantedBy = [ "network.target" ]; wantedBy = [ "network.target" ];
@ -92,5 +87,9 @@ in
proxyPass = "http://10.0.0.2:9091/transmission"; proxyPass = "http://10.0.0.2:9091/transmission";
proxyWebsockets = true; proxyWebsockets = true;
}; };
locations."/bittorrent" = {
proxyPass = "http://localhost:8080";
proxyWebsockets = true;
};
}; };
} }

3
flake.nix
View File

@ -177,8 +177,11 @@
./common/linux-specific.nix ./common/linux-specific.nix
./hosts/watchtower/configuration.nix ./hosts/watchtower/configuration.nix
(import "${home-manager}/nixos") (import "${home-manager}/nixos")
"${nixpkgs-unstable}/nixos/modules/services/torrent/flood.nix"
]; ];
disabledModules = [ "services/torrent/flood.nix" ];
deployment = { deployment = {
targetUser = "root"; targetUser = "root";
targetHost = "watchtower"; targetHost = "watchtower";

33
hosts/watchtower/hardware-configuration.nix
View File

@ -1,31 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }: { {
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules = [
[ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ]; "nvme"
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ "amd_pstate=guided" ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/eba0bc60-b96f-4b28-9447-f36209410ba3"; device = "/dev/disk/by-uuid/eba0bc60-b96f-4b28-9447-f36209410ba3";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device = boot.initrd.luks.devices."luks-9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d".device = "/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
"/dev/disk/by-uuid/9c33d04a-b7f1-4dec-98a5-f8ec2771ef7d";
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D95C-66EE"; device = "/dev/disk/by-uuid/D95C-66EE";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [
"fmask=0022"
"dmask=0022"
];
}; };
swapDevices = swapDevices = [ { device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; } ];
[{ device = "/dev/disk/by-uuid/8a64d656-8ba2-4c11-87bf-858e1ca3ec7e"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -35,6 +49,5 @@
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true; # networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }