titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: titaniumtown:4b850af15a795056182dd8002b69416775f57d9a
Branches Tags
titaniumtown:main
..
compare: titaniumtown:2ccf55e92b2793783433b249d5a32163c9961b9e
Branches Tags
titaniumtown:main

4 Commits
4b850af15a ... 2ccf55e92b

Author SHA1 Message Date
Simon Gardling
2ccf55e92b rm NOTES.md 2025-08-20 11:53:47 -04:00
Simon Gardling
162be1bcac heavily simplify list-usb-drives 2025-08-20 11:53:29 -04:00
Simon Gardling
4865e0276b cleanup caddy 2025-08-20 10:41:31 -04:00
Simon Gardling
40729a2597 cleanup 2025-08-20 10:28:42 -04:00
9 changed files with 46 additions and 72 deletions
Expand all files Collapse all files

7
NOTES.md
View File

@@ -1,7 +0,0 @@
## List drives in external usb bay
fish shell script:
```fish
find /dev/disk/by-id -name "usb*" | grep -v "part[0-9]\$" | while read drive; lsblk -no model,serial $drive | head -n1 | tr -d '\n' | tr " " "_" && echo -e " $(echo $drive | cut -d':' -f2-)"; end | column -t --table-columns=DRIVE,BAY | sort -n -k 2
```

10
configuration.nix
View File

@@ -107,6 +107,7 @@
system.activationScripts = { system.activationScripts = {
# extract all my secureboot keys # extract all my secureboot keys
# TODO! awful secrets management, it's globally readable in /nix/store
"secureboot-keys".text = '' "secureboot-keys".text = ''
#!/bin/sh #!/bin/sh
rm -fr ${config.boot.lanzaboote.pkiBundle} || true rm -fr ${config.boot.lanzaboote.pkiBundle} || true
@@ -216,7 +217,7 @@
{ {
description = "disable rgb"; description = "disable rgb";
serviceConfig = { serviceConfig = {
ExecStart = "${lib.getExe no-rgb}"; ExecStart = lib.getExe no-rgb;
Type = "oneshot"; Type = "oneshot";
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@@ -268,7 +269,7 @@
# }; # };
}; };
users.groups.${service_configs.torrent_group} = { }; users.groups.${service_configs.media_group} = { };
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
@@ -276,10 +277,11 @@
"wheel" "wheel"
"video" "video"
"render" "render"
service_configs.torrent_group service_configs.media_group
]; ];
hashedPasswordFile = builtins.toString ./secrets/hashedPass; # TODO! use proper secrets management
# hashedPasswordFile = builtins.toString ./secrets/hashedPass;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop

7
flake.nix
View File

@@ -70,7 +70,7 @@
torrents_path = "/torrents"; torrents_path = "/torrents";
services_dir = "/${zpool_ssds}/services"; services_dir = "/${zpool_ssds}/services";
music_dir = "/${zpool_ssds}/music"; music_dir = "/${zpool_ssds}/music";
torrent_group = "media"; media_group = "media";
ports = { ports = {
https = 443; https = 443;
@@ -148,16 +148,15 @@
in in
{ {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
nixosConfigurations.${hostname} = nixpkgs.lib.nixosSystem { nixosConfigurations.${hostname} = lib.nixosSystem {
inherit system; inherit system;
specialArgs = rec { specialArgs = {
inherit inherit
username username
hostname hostname
eth_interface eth_interface
service_configs service_configs
inputs inputs
lib
; ;
}; };
modules = [ modules = [

20
home.nix
View File

@@ -1,31 +1,27 @@
{ {
pkgs, pkgs,
username, username,
stateVersion, lib,
... ...
}: }:
{ {
home.stateVersion = "24.11"; home.stateVersion = "24.11";
programs.fish = programs.fish = {
let
eza = "${pkgs.eza}/bin/eza --color=always --group-directories-first";
coreutils = "${pkgs.coreutils}/bin";
in
{
enable = true; enable = true;
interactiveShellInit = '' interactiveShellInit = ''
# disable greeting # disable greeting
set fish_greeting set fish_greeting
#fixes gnupg password entry
export GPG_TTY=(${coreutils}/tty)
# pfetch on shell start (disable pkgs because of execution time) # pfetch on shell start (disable pkgs because of execution time)
PF_INFO="ascii title os host kernel uptime memory editor wm" ${pkgs.pfetch-rs}/bin/pfetch PF_INFO="ascii title os host kernel uptime memory editor wm" ${lib.getExe pkgs.pfetch-rs}
''; '';
shellAliases = { shellAliases =
let
eza = "${lib.getExe pkgs.eza} --color=always --group-directories-first";
in
{
# from DistroTube's dot files: Changing "ls" to "eza" # from DistroTube's dot files: Changing "ls" to "eza"
ls = "${eza} -al"; ls = "${eza} -al";
la = "${eza} -a"; la = "${eza} -a";

11
overlays.nix
View File

@@ -48,20 +48,11 @@ final: prev: {
name = "list-usb-drives"; name = "list-usb-drives";
runtimeInputs = with prev; [ runtimeInputs = with prev; [
findutils findutils
gawk
coreutils coreutils
gnugrep
util-linux
];
excludeShellChecks = [
"SC2086"
"SC2157"
"SC2155"
]; ];
text = '' text = ''
find "$DISK_BY_ID_DIR" -name "usb*" | grep -v "part[0-9]\$" | while read -r drive; do lsblk -no model,serial "$drive" | head -n1 | tr -d '\n' | tr " " "_" && echo -e " $(echo \"$drive\" | cut -d':' -f2-)"; done | column -t --table-columns=DRIVE,BAY | sort -n -k 2 find "/dev/disk/by-id" -name "usb*" -not -name "*-part[0-9]" -printf "%f\n" | sed 's/^usb\-//g' | sed 's/\-[0-9]*\:/ /g' | column -t --table-columns=DRIVE,BAY | sort -n -k 2
''; '';
}; };
} }

6
services/caddy.nix
View File

@@ -9,7 +9,7 @@
{ {
imports = [ imports = [
(lib.serviceMountDeps "caddy" [ (lib.serviceMountDeps "caddy" [
"/var/lib/caddy" config.services.caddy.dataDir
service_configs.https.data_dir service_configs.https.data_dir
]) ])
]; ];
@@ -30,8 +30,8 @@
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${service_configs.https.data_dir} 750 ${config.services.caddy.user} ${config.services.caddy.group}" "d ${service_configs.https.data_dir} 770 ${config.services.caddy.user} ${config.services.caddy.group}"
"d /var/lib/caddy 750 ${config.services.caddy.user} ${config.services.caddy.group}" "d ${config.services.caddy.dataDir} 700 ${config.services.caddy.user} ${config.services.caddy.group}"
]; ];
systemd.packages = with pkgs; [ nssTools ]; systemd.packages = with pkgs; [ nssTools ];

6
services/jellyfin.nix
View File

@@ -20,8 +20,7 @@
openFirewall = true; openFirewall = true;
package = pkgs.jellyfin.override { jellyfin-ffmpeg = (lib.optimizePackage pkgs.jellyfin-ffmpeg); }; package = pkgs.jellyfin.override { jellyfin-ffmpeg = (lib.optimizePackage pkgs.jellyfin-ffmpeg); };
dataDir = service_configs.jellyfin.dataDir; inherit (service_configs.jellyfin) dataDir cacheDir;
cacheDir = service_configs.jellyfin.cacheDir;
}; };
services.caddy.virtualHosts."jellyfin.${service_configs.https.domain}".extraConfig = '' services.caddy.virtualHosts."jellyfin.${service_configs.https.domain}".extraConfig = ''
@@ -39,8 +38,7 @@
users.users.${config.services.jellyfin.user}.extraGroups = [ users.users.${config.services.jellyfin.user}.extraGroups = [
"video" "video"
"render" "render"
service_configs.torrent_group service_configs.media_group
"media"
]; ];
users.users.${username}.extraGroups = [ users.users.${username}.extraGroups = [

14
services/minecraft.nix
View File

@@ -116,21 +116,21 @@
}; };
}; };
services.caddy.virtualHosts."map.${service_configs.https.domain}".extraConfig = '' services.caddy.virtualHosts = lib.mkIf (config.services.caddy.enable) {
"map.${service_configs.https.domain}".extraConfig = ''
root * ${service_configs.minecraft.parent_dir}/${service_configs.minecraft.server_name}/squaremap/web root * ${service_configs.minecraft.parent_dir}/${service_configs.minecraft.server_name}/squaremap/web
file_server browse file_server browse
''; '';
};
users.users.${config.services.caddy.user}.extraGroups = [ users.users = lib.mkIf (config.services.caddy.enable) {
${config.services.caddy.user}.extraGroups = [
# for `map.gardling.com` # for `map.gardling.com`
"minecraft" "minecraft"
]; ];
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${service_configs.minecraft.parent_dir}/${service_configs.minecraft.server_name} 0750 minecraft minecraft" "d ${service_configs.minecraft.parent_dir}/${service_configs.minecraft.server_name} 0750 ${config.services.minecraft-servers.user} ${config.services.minecraft-servers.group}"
];
users.users.${username}.extraGroups = [
"minecraft"
]; ];
} }

11
services/qbittorrent.nix
View File

@@ -215,8 +215,8 @@
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.torrent_group}" "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
"d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0750 ${config.services.qbittorrent.user} ${service_configs.torrent_group}" "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}"
]; ];
# make qbittorrent use a vpn # make qbittorrent use a vpn
@@ -231,11 +231,6 @@
''; '';
users.users.${config.services.qbittorrent.user}.extraGroups = [ users.users.${config.services.qbittorrent.user}.extraGroups = [
service_configs.torrent_group service_configs.media_group
]; ];
users.users.${username}.extraGroups = [
config.services.qbittorrent.group
];
} }