diff options
31 files changed, 992 insertions, 763 deletions
diff --git a/checks.nix b/checks.nix index 3261f1a..8ecf45d 100644 --- a/checks.nix +++ b/checks.nix @@ -29,13 +29,12 @@ detect-private-keys.enable = true; editorconfig-checker.enable = true; fix-byte-order-marker.enable = true; - flake-checker.enable = true; - nil.enable = true; + # flake-checker.enable = true; nixfmt-rfc-style.enable = true; prettier.enable = true; shellcheck.enable = true; shfmt.enable = true; - statix.enable = true; + statix.enable = false; # Doesn't support pipes yet. yamllint.enable = true; }; }; diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix index f718135..68cfac4 100644 --- a/configurations/eonwe/default.nix +++ b/configurations/eonwe/default.nix @@ -193,34 +193,7 @@ with lib; cores = 30; }; - # Required[1] for using ZFS kernel modules with "unsupported" kernels. - # - # [1]: https://github.com/NixOS/nixpkgs/pull/121113#issuecomment-830003344 - # [1]: https://github.com/NixOS/nixpkgs/pull/230498#issuecomment-1551328615 - nixpkgs.config.allowBroken = true; - boot = { - kernelPackages = pkgs.linuxPackages_xanmod_latest; - - kernelParams = [ - # Silence benign MCE errors: - # ``` - # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff - # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff - # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201 - # ``` - "mce=nobootlog" - # This disables[1] User Mode Instruction Protection (UMIP)[2]. This is - # required for some games to run via Wine. - # - # [1]: https://docs.kernel.org/x86/cpuinfo.html - # [2]: https://en.wikichip.org/wiki/x86/umip - "clearcpuid=514" - ]; - - # https://wiki.archlinux.org/title/improving_performance#Watchdogs - blacklistedKernelModules = [ "sp5100_tco" ]; - # The boot drive is Samsung SSD 980 PRO 2TB. initrd.kernelModules = [ "nvme" ]; @@ -304,31 +277,28 @@ with lib; # [1]: https://github.com/nix-community/impermanence/issues/22 # [1]: https://github.com/NixOS/nixpkgs/pull/86967#pullrequestreview-667929259 "/home/${my.username}".neededForBoot = true; - }; - systemd.mounts = [ - { - type = "tmpfs"; - what = "tmpfs"; - where = "/var/tmp"; - mountConfig.Options = [ - "huge=within_size" - "mode=1777" - "noatime" - "nodev" - "nosuid" - "rw" - "size=25%" + "/mnt/ydata/music" = { + device = "yavanna.shire.net:/export/music"; + fsType = "nfs"; + options = [ + "ro" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=${5 * 60 |> toString}" ]; - } - ]; + }; + }; zramSwap = { enable = true; - memoryPercent = 25; + memoryPercent = 50; }; - my.extraGroups = [ "corectrl" ]; + my.extraGroups = [ + "corectrl" + config.nixfiles.modules.piracy.group + ]; users = { users.builder = { @@ -339,7 +309,12 @@ with lib; ]; useDefaultShell = true; }; - groups.builder = { }; + groups = { + builder = { }; + piracy = { + inherit (config.nixfiles.modules.piracy) gid; + }; + }; }; nix.settings.trusted-users = [ "builder" ]; diff --git a/configurations/eonwe/ollama.nix b/configurations/eonwe/ollama.nix index 806885b..45e6179 100644 --- a/configurations/eonwe/ollama.nix +++ b/configurations/eonwe/ollama.nix @@ -1,11 +1,11 @@ { - config, lib, ... }: { ark.directories = [ - config.services.ollama.home + "/var/lib/private/open-webui" + "/var/lib/private/ollama" ]; hm.programs.firefox.profiles.default.bookmarks = [ @@ -32,9 +32,6 @@ host = "0.0.0.0"; port = 11434; - user = "ollama"; - group = "ollama"; - acceleration = "rocm"; rocmOverrideGfx = "11.0.0"; @@ -75,23 +72,4 @@ openFirewall = true; }; }; - - systemd.services.ollama.serviceConfig = { - StateDirectory = lib.mkForce config.services.ollama.home; - DynamicUser = lib.mkForce false; - User = config.services.ollama.user; - Group = config.services.ollama.group; - }; - - users = { - users.ollama = { - isSystemUser = true; - group = "ollama"; - inherit (config.services.ollama) home; - uid = 241; # Reuses a removed ID from Nixpkgs. - }; - groups.ollama.gid = 241; - }; - - my.extraGroups = [ "ollama" ]; } diff --git a/configurations/eonwe/vidya.nix b/configurations/eonwe/vidya.nix index a40daa9..0cde57a 100644 --- a/configurations/eonwe/vidya.nix +++ b/configurations/eonwe/vidya.nix @@ -10,34 +10,32 @@ games = { lutris.enable = true; - steam.enable = true; - steam-run.quirks = { - blackIsleStudios = true; - cryptOfTheNecrodancer = true; - mountAndBladeWarband = false; - }; - - minecraft.client.enable = true; + # steam-run.quirks = { + # blackIsleStudios = true; + # cryptOfTheNecrodancer = true; + # mountAndBladeWarband = false; + # }; + # minecraft.client.enable = true; }; }; hm.home.packages = with pkgs; [ - (crawl.override { tileMode = true; }) - (dwarf-fortress-packages.dwarf-fortress-full.override { - dfVersion = "50.13"; - theme = "cla"; - enableIntro = false; - enableFPS = true; - }) - fallout-ce - fallout2-ce - gzdoom - openmw - openttd - qzdl - r2modman + # (crawl.override { tileMode = true; }) + # (dwarf-fortress-packages.dwarf-fortress-full.override { + # dfVersion = "50.13"; + # theme = "cla"; + # enableIntro = false; + # enableFPS = true; + # }) + # fallout-ce + # fallout2-ce + # gzdoom + # openmw + # openttd + # qzdl + # r2modman + # xonotic vcmi - xonotic ]; } diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix index f9cb2be..89b111a 100644 --- a/configurations/manwe/default.nix +++ b/configurations/manwe/default.nix @@ -7,6 +7,9 @@ with lib; { imports = attrValues (modulesIn ./.); + # Something is broken there. Not sure why it affects me tho. + disabledModules = [ "services/networking/wireguard-networkd.nix" ]; + nixfiles.modules = { wireguard.server.enable = true; diff --git a/configurations/yavanna/default.nix b/configurations/yavanna/default.nix index b9de05e..b827dd9 100644 --- a/configurations/yavanna/default.nix +++ b/configurations/yavanna/default.nix @@ -1,4 +1,9 @@ -_: { +{ + config, + lib, + ... +}: +{ nixfiles.modules = { wireguard.client.enable = true; @@ -6,9 +11,31 @@ _: { acme.enable = true; - rtorrent.enable = true; - lidarr.enable = true; - jackett.enable = true; + piracy = { + enable = true; + lidarr.enable = true; + radarr.enable = false; + sonarr.enable = false; + }; + }; + + services.nfs.server = { + enable = true; + exports = + lib.concatMapStringsSep "\n" + ( + dir: + let + target = s: "${s}(insecure,ro,no_subtree_check)"; + v4 = target config.nixfiles.modules.wireguard.ipv4.subnet; + v6 = target config.nixfiles.modules.wireguard.ipv6.subnet; + in + "${dir} ${v4} ${v6}" + ) + [ + "/export/rtorrent" + "/export/music" + ]; }; boot.loader.grub = { @@ -17,10 +44,17 @@ _: { configurationLimit = 5; }; - fileSystems."/" = { - device = "/dev/sda2"; - fsType = "ext4"; - options = [ "noatime" ]; + fileSystems = { + "/" = { + device = "/dev/sda2"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + + "/export/music" = { + device = "/var/lib/lidarr/root"; + options = [ "bind" ]; + }; }; swapDevices = [ { device = "/dev/sda3"; } ]; diff --git a/flake.lock b/flake.lock index c4ee276..850db7c 100644 --- a/flake.lock +++ b/flake.lock @@ -229,11 +229,11 @@ ] }, "locked": { - "lastModified": 1734343412, - "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", + "lastModified": 1735468753, + "narHash": "sha256-2dt1nOe9zf9pDkf5Kn7FUFyPRo581s0n90jxYXJ94l0=", "owner": "nix-community", "repo": "disko", - "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", + "rev": "84a5b93637cc16cbfcc61b6e1684d626df61eb21", "type": "github" }, "original": { @@ -285,11 +285,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -361,17 +361,45 @@ "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { + "inputs": { + "flake-compat": [ + "stylix", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "stylix", + "nixpkgs" ], "nixpkgs-stable": [ - "nixpkgs-stable" + "stylix", + "git-hooks", + "nixpkgs" ] }, "locked": { - "lastModified": 1734379367, - "narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=", + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", "type": "github" }, "original": { @@ -401,6 +429,28 @@ "type": "github" } }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "stylix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "gnome-shell": { "flake": false, "locked": { @@ -425,11 +475,11 @@ ] }, "locked": { - "lastModified": 1734344598, - "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", + "lastModified": 1736089250, + "narHash": "sha256-/LPWMiiJGPHGd7ZYEgmbE2da4zvBW0acmshUjYC3WG4=", "owner": "nix-community", "repo": "home-manager", - "rev": "83ecd50915a09dca928971139d3a102377a8d242", + "rev": "172b91bfb2b7f5c4a8c6ceac29fd53a01ef07196", "type": "github" }, "original": { @@ -456,11 +506,11 @@ }, "impermanence": { "locked": { - "lastModified": 1734200366, - "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", + "lastModified": 1734945620, + "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", "owner": "nix-community", "repo": "impermanence", - "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", + "rev": "d000479f4f41390ff7cf9204979660ad5dd16176", "type": "github" }, "original": { @@ -472,11 +522,11 @@ "infuse": { "flake": false, "locked": { - "lastModified": 1732860261, - "narHash": "sha256-xGOVrmZgsi5qAEFrPelsC7DE1Kd9+EJ2oY/gCKD4Diw=", + "lastModified": 1735727689, + "narHash": "sha256-/aTuYtM+ZJovkhJMNYl0sGpYxTBiFfm/hMKo8Nst+jM=", "ref": "refs/heads/trunk", - "rev": "0005869a31b879b57cfc9b216c8cf7f3c710579c", - "revCount": 41, + "rev": "9773c94d65779efb420ed613ba9a7769c978bddd", + "revCount": 46, "type": "git", "url": "https://codeberg.org/amjoseph/infuse.nix" }, @@ -494,14 +544,14 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-24_05": "nixpkgs-24_05" + "nixpkgs-24_11": "nixpkgs-24_11" }, "locked": { - "lastModified": 1734370678, - "narHash": "sha256-a8zkti1QM5Oxkdfnzr/NjrFlyqI36/kYV/X8G1jOmB4=", + "lastModified": 1735230346, + "narHash": "sha256-zgR8NTiNDPVNrfaiOlB9yHSmCqFDo7Ks2IavaJ2dZo4=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "c43d8c4a3ce84a7bebd110b06e69365484db6208", + "rev": "dc0569066e79ae96184541da6fa28f35a33fbf7b", "type": "gitlab" }, "original": { @@ -523,11 +573,11 @@ ] }, "locked": { - "lastModified": 1734314370, - "narHash": "sha256-9PhjDAAuXP4tuJg+kM1AozKwBFyHHJ8ZqhQD+peqGtg=", + "lastModified": 1736128264, + "narHash": "sha256-B2RuVaQBbVChPf9ZqRBEqUA09MCD5P/iBpOokoXd5gM=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "616634de04e87b621bc3d495af114c4e9c6ccd36", + "rev": "eefeae9b72d15f69e7264a6a87fba6ecc9782496", "type": "github" }, "original": { @@ -543,11 +593,11 @@ ] }, "locked": { - "lastModified": 1734234111, - "narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=", + "lastModified": 1736047960, + "narHash": "sha256-hutd85FA1jUJhhqBRRJ+u7UHO9oFGD/RVm2x5w8WjVQ=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d", + "rev": "816a6ae88774ba7e74314830546c29e134e0dffb", "type": "github" }, "original": { @@ -570,11 +620,11 @@ ] }, "locked": { - "lastModified": 1734266385, - "narHash": "sha256-k9P9Sa6jw/Xre8UDp7Ukk75h4Tcq8ZrK+nz6A2MC1IM=", + "lastModified": 1736111688, + "narHash": "sha256-5z1ZgHgrr1qI0ve+mc0SjbL5PGbDLZb/3uijpmLIWT8=", "owner": "oddlama", "repo": "nix-topology", - "rev": "ba6f61e594a85eabebf1c8f373923b59b3b07448", + "rev": "ac1aa5116d858fdff131625dde59a988f74efb11", "type": "github" }, "original": { @@ -585,11 +635,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1734352517, - "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", + "lastModified": 1735388221, + "narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", + "rev": "7c674c6734f61157e321db595dbfcd8523e04e19", "type": "github" }, "original": { @@ -600,32 +650,32 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734126203, - "narHash": "sha256-0XovF7BYP50rTD2v4r55tR5MuBLet7q4xIz6Rgh3BBU=", + "lastModified": 1734978747, + "narHash": "sha256-pf6fuTEgaWhRULssfJuogTV+huMGcj/zCAtvqEWkJcY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "71a6392e367b08525ee710a93af2e80083b5b3e2", + "rev": "1588cc08aff2ccae08ec49a0b8612ff71c5736ac", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "1588cc08aff2ccae08ec49a0b8612ff71c5736ac", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs-24_05": { + "nixpkgs-24_11": { "locked": { - "lastModified": 1731797254, - "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", + "lastModified": 1734083684, + "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", + "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "type": "indirect" } }, @@ -647,23 +697,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1733096140, - "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" } }, "nixpkgs-master": { "locked": { - "lastModified": 1734389326, - "narHash": "sha256-YPjF7N9G9tGjnm630FVaLojjpl+OnWao+UqhprZ29dQ=", + "lastModified": 1736163950, + "narHash": "sha256-w+Kk+zA8R2Oae4i2jC8IflJsfjogOKy8pm3H28k5zY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6ea67fde4864ca2ab720f946e4af74ab2b73e5b9", + "rev": "19ab97dfada0904de0ff1329d93f6bbadf8269f3", "type": "github" }, "original": { @@ -675,11 +725,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1734284970, - "narHash": "sha256-iPXIDT8Rth+fJ9VpeZMu9wgdEEhrUrn77uYNcmtw3s0=", + "lastModified": 1735651292, + "narHash": "sha256-YLbzcBtYo1/FEzFsB3AnM16qFc6fWPMIoOuSoDwvg9g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6903830d1075f13346be0ea9611ae6ef50a472d6", + "rev": "0da3c44a9460a26d2025ec3ed2ec60a895eb1114", "type": "github" }, "original": { @@ -760,11 +810,11 @@ ] }, "locked": { - "lastModified": 1734311023, - "narHash": "sha256-NpiSmBZ4usbCuucwLWKX8TypbP+KfKZB5GOJevdp2rM=", + "lastModified": 1735858634, + "narHash": "sha256-qp83fDr3W5b6QoWSp+vfcH1vFNEhreW98qe9tlhSaXE=", "owner": "nix-community", "repo": "srvos", - "rev": "528f3ec754231bd6dc0113cd3010f66513e957f4", + "rev": "eea4ff2050968da5134788c73d63a2461f9daf27", "type": "github" }, "original": { @@ -783,6 +833,7 @@ "flake-compat" ], "flake-utils": "flake-utils_2", + "git-hooks": "git-hooks_2", "gnome-shell": "gnome-shell", "home-manager": [ "home-manager" @@ -796,11 +847,11 @@ "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1734110168, - "narHash": "sha256-Q0eeLYn45ErXlqGQyXmLLHGe1mqnUiK0Y9wZRa1SNFI=", + "lastModified": 1736011580, + "narHash": "sha256-8gmk/i9ZA5C6LGRnqHb5sZ8UKaqT5GnS6XxeSPMSz+s=", "owner": "danth", "repo": "stylix", - "rev": "a9e3779949925ef22f5a215c5f49cf520dea30b1", + "rev": "7dfcdb410118dcd02ba1d85a2179a6f1c877403f", "type": "github" }, "original": { @@ -917,11 +968,11 @@ ] }, "locked": { - "lastModified": 1734314392, - "narHash": "sha256-EydUadS7omV3SO/4TLeMkLT2JUugvPEtvBoAF43ggWU=", + "lastModified": 1736128196, + "narHash": "sha256-wSVfnO8Hixn767LsdAE/FIHO5IemkfbTEZZ03+HUowM=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "4ef033412f0732794077fcc25af4f79f097ad1e1", + "rev": "ba2fa846fba43fb9c8cd71b1435d227a7925fae0", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 67180ca..3bf2570 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ # # [1]: https://github.com/NixOS/nix/issues/5373 inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs?ref=1588cc08aff2ccae08ec49a0b8612ff71c5736ac"; nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-stable.url = "github:NixOS/nixpkgs/release-24.05"; diff --git a/lib/my.nix b/lib/my.nix index 3a8058e..20f01be 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -178,6 +178,7 @@ with lib; "flood.${shire}" "jackett.${shire}" "lidarr.${shire}" + "prowlarr.${shire}" ]; syncthing.id = "@SYNCTHING_ID@"; diff --git a/modules/beets.nix b/modules/beets.nix index 732f400..c25ad53 100644 --- a/modules/beets.nix +++ b/modules/beets.nix @@ -49,10 +49,17 @@ in original_date = true; import = { write = true; - copy = true; + copy = true; # sshfs mount and `beet import` the required directory. move = false; - bell = true; + link = false; + hardlink = false; + reflink = false; + resume = false; + incremental = true; + incremental_skip_later = false; from_scratch = true; + quiet = false; + bell = true; }; match = { preferred = { diff --git a/modules/common/ark.nix b/modules/common/ark.nix index 007e209..e3ea4c5 100644 --- a/modules/common/ark.nix +++ b/modules/common/ark.nix @@ -47,7 +47,7 @@ in environment.persistence.${cfg.path} = { hideMounts = true; enableDebugging = false; - enableWarnings = false; + enableWarnings = true; inherit (cfg) directories files; }; diff --git a/modules/emacs/doom/config.el b/modules/emacs/doom/config.el index a212e17..be481d4 100644 --- a/modules/emacs/doom/config.el +++ b/modules/emacs/doom/config.el @@ -271,13 +271,14 @@ gptel-backend (gptel-make-ollama "ollama" :host "eonwe.shire.net:11434" :stream t - :models '(dagbs/qwen2.5-coder-7b-instruct-abliterated:latest - qwen2.5-coder:7b - deepseek-coder-v2:16b - codegemma:7b - codellama:7b - llama3.2:3b - mistral:7b)))) + :models '(qwen2.5-coder:32b-instruct-q3_K_M + qwen2.5-coder:14b-instruct-q8_0 + qwen2.5-coder:7b-instruct-fp16 + llama3.2:3b-instruct-fp16 + llama3.1:8b-instruct-fp16 + llama3:8b-instruct-fp16 + gemma:7b-instruct-q8_0 + mistral:7b-instruct-fp16)))) (use-package! ellama :init @@ -288,79 +289,61 @@ :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "llama3.2:3b" + :chat-model "llama3.2:3b-instruct-fp16" :embedding-model "nomic-embed-text:latest") ellama-providers '(("llama" . (make-llm-ollama :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "llama3.2:3b" + :chat-model "llama3.2:3b-instruct-fp16" :embedding-model "nomic-embed-text:latest")) - ("codellama" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "codellama:7b" - :embedding-model "nomic-embed-text:latest")) ("qwen" . (make-llm-ollama :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "qwen2.5:7b" + :chat-model "qwen2:7b-instruct-fp16" :embedding-model "nomic-embed-text:latest")) ("qwen-coder" . (make-llm-ollama :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "qwen2.5-coder:7b" + :chat-model "qwen2.5-coder:14b-instruct-q8_0" :embedding-model "nomic-embed-text:latest")) - ("qwen-coder-instruct" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "dagbs/qwen2.5-coder-7b-instruct-abliterated:latest" - :embedding-model "nomic-embed-text:latest")) ("gemma" . (make-llm-ollama :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "gemma2:9b" + :chat-model "gemma:7b-instruct-q8_0" :embedding-model "nomic-embed-text:latest")) - ("codegemma" . (make-llm-ollama + ("mistral" . (make-llm-ollama + :scheme "http" + :host "eonwe.shire.net" + :port 11434 + :chat-model "mistral:7b-instruct-fp16" + :embedding-model "nomic-embed-text:latest")) + ("opencoder" . (make-llm-ollama :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "codegemma:7b" + :chat-model "opencoder:8b-instruct-fp16" :embedding-model "nomic-embed-text:latest")) - ("mistral" . (make-llm-ollama + ("granite" . (make-llm-ollama :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "mistral:7b" - :embedding-model "nomic-embed-text:latest")) - ("hermes" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "hermes3:8b" - :embedding-model "nomic-embed-text:latest")) - ("deepseek" . (make-llm-ollama - :scheme "http" - :host "eonwe.shire.net" - :port 11434 - :chat-model "deepseek-coder-v2:16b" - :embedding-model "nomic-embed-text:latest"))) + :chat-model "granite3.1-moe:3b-instruct-fp16" + :embedding-model "granite-embedding:278m-fp16"))) ellama-translation-provider (make-llm-ollama :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "qwen2.5:7b" + :chat-model "mistral:7b-instruct-fp16" :embedding-model "nomic-embed-text:latest") ellama-summarization-provider (make-llm-ollama :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "mistral:7b" + :chat-model "mistral:7b-instruct-fp16" :embedding-model "nomic-embed-text:latest"))) (use-package! magit-gptcommit @@ -371,7 +354,7 @@ :scheme "http" :host "eonwe.shire.net" :port 11434 - :chat-model "dagbs/qwen2.5-coder-7b-instruct-abliterated:latest" + :chat-model "qwen2.5-coder:32b-instruct-q3_K_M" :embedding-model "nomic-embed-text:latest")) (magit-gptcommit-status-buffer-setup)) diff --git a/modules/emacs/doom/init.el b/modules/emacs/doom/init.el index 3845fd6..51d4291 100644 --- a/modules/emacs/doom/init.el +++ b/modules/emacs/doom/init.el @@ -26,7 +26,7 @@ file-templates fold (format +onsave) - lispy + ;; lispy ;; multiple-cursors ;; objed parinfer diff --git a/modules/firefox/addons.json b/modules/firefox/addons.json index c194368..55919c3 100644 --- a/modules/firefox/addons.json +++ b/modules/firefox/addons.json @@ -10,6 +10,9 @@ "slug": "furiganaize" }, { + "slug": "indie-wiki-buddy" + }, + { "slug": "ipfs-companion" }, { diff --git a/modules/firefox/addons.nix b/modules/firefox/addons.nix index 5a08549..3bb23d2 100644 --- a/modules/firefox/addons.nix +++ b/modules/firefox/addons.nix @@ -5,10 +5,10 @@ { "bitwarden" = buildFirefoxXpiAddon { pname = "bitwarden"; - version = "2024.10.1"; + version = "2024.11.2"; addonId = "{446900e4-71c2-419f-a6a7-df9c091e268b}"; - url = "https://addons.mozilla.org/firefox/downloads/file/4371752/bitwarden_password_manager-2024.10.1.xpi"; - sha256 = "7b7357ddce2756dc536b86b5c14139ec09731c1c114ac82807c60fba3ced12a5"; + url = "https://addons.mozilla.org/firefox/downloads/file/4392295/bitwarden_password_manager-2024.11.2.xpi"; + sha256 = "38faecbfca76086a54e62b6e2036eae45e9d9f9f3aee4c7a72b652593f51b8e7"; meta = with lib; { homepage = "https://bitwarden.com"; description = "At home, at work, or on the go, Bitwarden easily secures all your passwords, passkeys, and sensitive information."; @@ -74,6 +74,264 @@ platforms = platforms.all; }; }; + "indie-wiki-buddy" = buildFirefoxXpiAddon { + pname = "indie-wiki-buddy"; + version = "3.11.1"; + addonId = "{cb31ec5d-c49a-4e5a-b240-16c767444f62}"; + url = "https://addons.mozilla.org/firefox/downloads/file/4379107/indie_wiki_buddy-3.11.1.xpi"; + sha256 = "2b63271fa42e3d46a683605f719de816195471ccd8654771606d6eb811f7596d"; + meta = with lib; { + homepage = "https://getindie.wiki/"; + description = "Helping you discover quality, independent wikis!\n\nWhen visiting a Fandom wiki, Indie Wiki Buddy redirects or alerts you of independent alternatives. It also filters search engine results. BreezeWiki is also supported, to reduce clutter on Fandom."; + license = licenses.mit; + mozPermissions = [ + "storage" + "webRequest" + "notifications" + "scripting" + "https://*.fandom.com/*" + "https://*.fextralife.com/*" + "https://*.neoseeker.com/*" + "https://breezewiki.com/*" + "https://antifandom.com/*" + "https://bw.artemislena.eu/*" + "https://breezewiki.catsarch.com/*" + "https://breezewiki.esmailelbob.xyz/*" + "https://breezewiki.frontendfriendly.xyz/*" + "https://bw.hamstro.dev/*" + "https://breeze.hostux.net/*" + "https://breezewiki.hyperreal.coffee/*" + "https://breeze.mint.lgbt/*" + "https://breezewiki.nadeko.net/*" + "https://nerd.whatever.social/*" + "https://breeze.nohost.network/*" + "https://z.opnxng.com/*" + "https://bw.projectsegfau.lt/*" + "https://breezewiki.pussthecat.org/*" + "https://bw.vern.cc/*" + "https://breeze.whateveritworks.org/*" + "https://breezewiki.woodland.cafe/*" + "https://*.bing.com/search*" + "https://search.brave.com/search*" + "https://*.duckduckgo.com/*" + "https://*.ecosia.org/*" + "https://kagi.com/search*" + "https://*.qwant.com/*" + "https://*.search.yahoo.com/*" + "https://*.startpage.com/*" + "https://*.ya.ru/*" + "https://*.yandex.az/*" + "https://*.yandex.by/*" + "https://*.yandex.co.il/*" + "https://*.yandex.com.am/*" + "https://*.yandex.com.ge/*" + "https://*.yandex.com.tr/*" + "https://*.yandex.com/*" + "https://*.yandex.ee/*" + "https://*.yandex.eu/*" + "https://*.yandex.fr/*" + "https://*.yandex.kz/*" + "https://*.yandex.lt/*" + "https://*.yandex.lv/*" + "https://*.yandex.md/*" + "https://*.yandex.ru/*" + "https://*.yandex.tj/*" + "https://*.yandex.tm/*" + "https://*.yandex.uz/*" + "https://www.google.com/search*" + "https://www.google.ad/search*" + "https://www.google.ae/search*" + "https://www.google.com.af/search*" + "https://www.google.com.ag/search*" + "https://www.google.com.ai/search*" + "https://www.google.al/search*" + "https://www.google.am/search*" + "https://www.google.co.ao/search*" + "https://www.google.com.ar/search*" + "https://www.google.as/search*" + "https://www.google.at/search*" + "https://www.google.com.au/search*" + "https://www.google.az/search*" + "https://www.google.ba/search*" + "https://www.google.com.bd/search*" + "https://www.google.be/search*" + "https://www.google.bf/search*" + "https://www.google.bg/search*" + "https://www.google.com.bh/search*" + "https://www.google.bi/search*" + "https://www.google.bj/search*" + "https://www.google.com.bn/search*" + "https://www.google.com.bo/search*" + "https://www.google.com.br/search*" + "https://www.google.bs/search*" + "https://www.google.bt/search*" + "https://www.google.co.bw/search*" + "https://www.google.by/search*" + "https://www.google.com.bz/search*" + "https://www.google.ca/search*" + "https://www.google.cd/search*" + "https://www.google.cf/search*" + "https://www.google.cg/search*" + "https://www.google.ch/search*" + "https://www.google.ci/search*" + "https://www.google.co.ck/search*" + "https://www.google.cl/search*" + "https://www.google.cm/search*" + "https://www.google.cn/search*" + "https://www.google.com.co/search*" + "https://www.google.co.cr/search*" + "https://www.google.com.cu/search*" + "https://www.google.cv/search*" + "https://www.google.com.cy/search*" + "https://www.google.cz/search*" + "https://www.google.de/search*" + "https://www.google.dj/search*" + "https://www.google.dk/search*" + "https://www.google.dm/search*" + "https://www.google.com.do/search*" + "https://www.google.dz/search*" + "https://www.google.com.ec/search*" + "https://www.google.ee/search*" + "https://www.google.com.eg/search*" + "https://www.google.es/search*" + "https://www.google.com.et/search*" + "https://www.google.fi/search*" + "https://www.google.com.fj/search*" + "https://www.google.fm/search*" + "https://www.google.fr/search*" + "https://www.google.ga/search*" + "https://www.google.ge/search*" + "https://www.google.gg/search*" + "https://www.google.com.gh/search*" + "https://www.google.com.gi/search*" + "https://www.google.gl/search*" + "https://www.google.gm/search*" + "https://www.google.gr/search*" + "https://www.google.com.gt/search*" + "https://www.google.gy/search*" + "https://www.google.com.hk/search*" + "https://www.google.hn/search*" + "https://www.google.hr/search*" + "https://www.google.ht/search*" + "https://www.google.hu/search*" + "https://www.google.co.id/search*" + "https://www.google.ie/search*" + "https://www.google.co.il/search*" + "https://www.google.im/search*" + "https://www.google.co.in/search*" + "https://www.google.iq/search*" + "https://www.google.is/search*" + "https://www.google.it/search*" + "https://www.google.je/search*" + "https://www.google.com.jm/search*" + "https://www.google.jo/search*" + "https://www.google.co.jp/search*" + "https://www.google.co.ke/search*" + "https://www.google.com.kh/search*" + "https://www.google.ki/search*" + "https://www.google.kg/search*" + "https://www.google.co.kr/search*" + "https://www.google.com.kw/search*" + "https://www.google.kz/search*" + "https://www.google.la/search*" + "https://www.google.com.lb/search*" + "https://www.google.li/search*" + "https://www.google.lk/search*" + "https://www.google.co.ls/search*" + "https://www.google.lt/search*" + "https://www.google.lu/search*" + "https://www.google.lv/search*" + "https://www.google.com.ly/search*" + "https://www.google.co.ma/search*" + "https://www.google.md/search*" + "https://www.google.me/search*" + "https://www.google.mg/search*" + "https://www.google.mk/search*" + "https://www.google.ml/search*" + "https://www.google.com.mm/search*" + "https://www.google.mn/search*" + "https://www.google.ms/search*" + "https://www.google.com.mt/search*" + "https://www.google.mu/search*" + "https://www.google.mv/search*" + "https://www.google.mw/search*" + "https://www.google.com.mx/search*" + "https://www.google.com.my/search*" + "https://www.google.co.mz/search*" + "https://www.google.com.na/search*" + "https://www.google.com.ng/search*" + "https://www.google.com.ni/search*" + "https://www.google.ne/search*" + "https://www.google.nl/search*" + "https://www.google.no/search*" + "https://www.google.com.np/search*" + "https://www.google.nr/search*" + "https://www.google.nu/search*" + "https://www.google.co.nz/search*" + "https://www.google.com.om/search*" + "https://www.google.com.pa/search*" + "https://www.google.com.pe/search*" + "https://www.google.com.pg/search*" + "https://www.google.com.ph/search*" + "https://www.google.com.pk/search*" + "https://www.google.pl/search*" + "https://www.google.pn/search*" + "https://www.google.com.pr/search*" + "https://www.google.ps/search*" + "https://www.google.pt/search*" + "https://www.google.com.py/search*" + "https://www.google.com.qa/search*" + "https://www.google.ro/search*" + "https://www.google.ru/search*" + "https://www.google.rw/search*" + "https://www.google.com.sa/search*" + "https://www.google.com.sb/search*" + "https://www.google.sc/search*" + "https://www.google.se/search*" + "https://www.google.com.sg/search*" + "https://www.google.sh/search*" + "https://www.google.si/search*" + "https://www.google.sk/search*" + "https://www.google.com.sl/search*" + "https://www.google.sn/search*" + "https://www.google.so/search*" + "https://www.google.sm/search*" + "https://www.google.sr/search*" + "https://www.google.st/search*" + "https://www.google.com.sv/search*" + "https://www.google.td/search*" + "https://www.google.tg/search*" + "https://www.google.co.th/search*" + "https://www.google.com.tj/search*" + "https://www.google.tl/search*" + "https://www.google.tm/search*" + "https://www.google.tn/search*" + "https://www.google.to/search*" + "https://www.google.com.tr/search*" + "https://www.google.tt/search*" + "https://www.google.com.tw/search*" + "https://www.google.co.tz/search*" + "https://www.google.com.ua/search*" + "https://www.google.co.ug/search*" + "https://www.google.co.uk/search*" + "https://www.google.com.uy/search*" + "https://www.google.co.uz/search*" + "https://www.google.com.vc/search*" + "https://www.google.co.ve/search*" + "https://www.google.vg/search*" + "https://www.google.co.vi/search*" + "https://www.google.com.vn/search*" + "https://www.google.vu/search*" + "https://www.google.ws/search*" + "https://www.google.rs/search*" + "https://www.google.co.za/search*" + "https://www.google.co.zm/search*" + "https://www.google.co.zw/search*" + "https://www.google.cat/search*" + ]; + platforms = platforms.all; + }; + }; "ipfs-companion" = buildFirefoxXpiAddon { pname = "ipfs-companion"; version = "3.1.0"; @@ -102,10 +360,10 @@ }; "languagetool" = buildFirefoxXpiAddon { pname = "languagetool"; - version = "8.11.8"; + version = "8.13.2"; addonId = "languagetool-webextension@languagetool.org"; - url = "https://addons.mozilla.org/firefox/downloads/file/4341696/languagetool-8.11.8.xpi"; - sha256 = "2f1489f7180303be730ff2b16d6a432d07017c6cffd3fbfc39f37dc809a25fc8"; + url = "https://addons.mozilla.org/firefox/downloads/file/4396724/languagetool-8.13.2.xpi"; + sha256 = "e8a93ca046df390aaafeb7ba86254505ed3c593371c1f9e5af6892018d12de66"; meta = with lib; { homepage = "https://languagetool.org"; description = "With this extension you can check text with the free style and grammar checker LanguageTool. It finds many errors that a simple spell checker cannot detect, like mixing up there/their, a/an, or repeating a word."; @@ -118,6 +376,7 @@ "https://*/*" "file:///*" "*://docs.google.com/document/*" + "*://docs.google.com/presentation/*" "*://languagetool.org/*" ]; platforms = platforms.all; @@ -125,30 +384,25 @@ }; "metamask" = buildFirefoxXpiAddon { pname = "metamask"; - version = "12.0.6"; + version = "12.6.2"; addonId = "webextension@metamask.io"; - url = "https://addons.mozilla.org/firefox/downloads/file/4342782/ether_metamask-12.0.6.xpi"; - sha256 = "a66e20bbe5ded1b9408420e4c2ffc82369cc3bfd27350afe25f2c0ef6b26ff3b"; + url = "https://addons.mozilla.org/firefox/downloads/file/4392249/ether_metamask-12.6.2.xpi"; + sha256 = "ca7b385559d7469ccca0454323f92f63d3aef5d68c504a46f818eb59bd735c74"; meta = with lib; { description = "Ethereum Browser Extension"; mozPermissions = [ "storage" "unlimitedStorage" "clipboardWrite" - "http://localhost:8545/" - "https://*.infura.io/" - "https://*.codefi.network/" - "https://*.cx.metamask.io/" - "https://chainid.network/chains.json" - "https://lattice.gridplus.io/*" + "http://*/*" + "https://*/*" "activeTab" "webRequest" + "webRequestBlocking" "*://*.eth/" "notifications" "file://*/*" - "http://*/*" - "https://*/*" - "*://connect.trezor.io/*/popup.html" + "*://connect.trezor.io/*/popup.html*" ]; platforms = platforms.all; }; @@ -290,10 +544,10 @@ }; "ublock-origin" = buildFirefoxXpiAddon { pname = "ublock-origin"; - version = "1.61.0"; + version = "1.61.2"; addonId = "uBlock0@raymondhill.net"; - url = "https://addons.mozilla.org/firefox/downloads/file/4382536/ublock_origin-1.61.0.xpi"; - sha256 = "e6fd55b799a568c66c10892a8f22428e6773fe16d7466ce9dee2952f224b203d"; + url = "https://addons.mozilla.org/firefox/downloads/file/4391011/ublock_origin-1.61.2.xpi"; + sha256 = "ee3a724a46ff32c17d1723077fecc6ede7fdab742154020b51fb6253ddcbba14"; meta = with lib; { homepage = "https://github.com/gorhill/uBlock#ublock-origin"; description = "Finally, an efficient wide-spectrum content blocker. Easy on CPU and memory."; @@ -350,10 +604,10 @@ }; "violentmonkey" = buildFirefoxXpiAddon { pname = "violentmonkey"; - version = "2.28.0"; + version = "2.29.0"; addonId = "{aecec67f-0d10-4fa7-b7c7-609a2db280cf}"; - url = "https://addons.mozilla.org/firefox/downloads/file/4379821/violentmonkey-2.28.0.xpi"; - sha256 = "30bc3db14194a5197e4721d419123f3a02b9c6f3e94646724aa991137121bcba"; + url = "https://addons.mozilla.org/firefox/downloads/file/4398029/violentmonkey-2.29.0.xpi"; + sha256 = "2edf39a824476b8a77a57c7c3abdaf3f685a679486e47450fab837b4bd71d469"; meta = with lib; { homepage = "https://violentmonkey.github.io/"; description = "Userscript support for browsers, open source."; diff --git a/modules/firefox/default.nix b/modules/firefox/default.nix index ee45434..69324b7 100644 --- a/modules/firefox/default.nix +++ b/modules/firefox/default.nix @@ -104,6 +104,7 @@ in [ consent-o-matic furiganaize + indie-wiki-buddy languagetool metamask no-pdf-download diff --git a/modules/firefox/userContent.css b/modules/firefox/userContent.css index a009ad8..f068f20 100644 --- a/modules/firefox/userContent.css +++ b/modules/firefox/userContent.css @@ -248,39 +248,6 @@ } } -@-moz-document regexp("https?://.*\.fandom\.com/wiki/.*") -{ - :root { - --theme-body-background-image-full: none !important; - --theme-body-background-image-desktop: none !important; - --theme-body-background-image-large-desktop: none !important; - } - - #WikiaBar, - #highlight__main-container, - .global-footer, - .global-navigation, - .global-registration-buttons, - .notifications-placeholder { - display: none !important; - } - - .main-container, - body { - background-image: none !important; - background: none !important; - } - - .main-container { - margin-left: none !important; - width: auto !important; - } - - .fandom-sticky-header { - left: 0px !important; - } -} - @-moz-document regexp("https?:\/\/gog\.com.*") { .galaxy-section-wrapper, footer { @@ -306,26 +273,6 @@ } } -@-moz-document regexp("https?://www\.songsterr\.com.*") -{ - #favorite, - #fullscreen, - #logo, - #menu-favorites, - #menu-help, - #menu-plus, - #menu-signin, - #menu-submit, - #promo, - #revisions, - #showroom, - #showroom_sidebar, - #text-showroom, - footer { - display: none !important; - } -} - @-moz-document regexp("https?://developer\.mozilla\.org.*") { #nav-footer, @@ -346,41 +293,6 @@ } } -@-moz-document regexp("https?://(.*\.)?wikipedia\.org/wiki/.*") -{ - #footer, - #mp-topbanner, - #siteNotice, - #siteSub, - #wmde-banner-app, - .mw-footer-container, - .mw-header, - .vector-page-toolbar { - display: none !important; - } - - html, - body { - font-family: var(--sans-serif-font-family) !important; - font-size: var(--sans-serif-font-size) !important; - } - - .k-player, - body.mediawiki, - #dialogEngineContainer #dialogEngineDialog { - background: inherit !important; - } -} - -@-moz-document regexp("https?://open-vsx\.org.*") -{ - MuiCollapse-container, - cc-window.cc-banner, - footer { - display: none !important; - } -} - @-moz-document regexp("https?://duckduckgo\.com.*") { .badge-link, /* Annoying DuckDuckGo extension ads. */ diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix index a3e57d3..164ac5d 100644 --- a/modules/monitoring/default.nix +++ b/modules/monitoring/default.nix @@ -189,6 +189,14 @@ in ]; inherit (config.services.endlessh-go.prometheus) port; }; + exportarr-prowlarr = { + hosts = [ yavanna ]; + inherit (config.services.prometheus.exporters.exportarr-prowlarr) port; + }; + exportarr-lidarr = { + hosts = [ yavanna ]; + inherit (config.services.prometheus.exporters.exportarr-lidarr) port; + }; nginx = { hosts = [ manwe @@ -221,10 +229,6 @@ in hosts = [ manwe ]; inherit (config.services.prometheus.exporters.wireguard) port; }; - exportarr-lidarr = { - hosts = [ yavanna ]; - inherit (config.services.prometheus.exporters.exportarr-lidarr) port; - }; }; ruleFiles = [ diff --git a/modules/nsd.nix b/modules/nsd.nix index acf7e27..13cebe9 100644 --- a/modules/nsd.nix +++ b/modules/nsd.nix @@ -103,7 +103,7 @@ in SOA = { nameServer = "${cfg.fqdn}."; adminEmail = "admin+dns@${my.domain.shire}"; - serial = 2022091601; # Don't forget to bump the revision! + serial = 2024010301; # Don't forget to bump the revision! }; NS = with my.domain; [ @@ -163,6 +163,7 @@ in flood = yavanna; jackett = yavanna; lidarr = yavanna; + prowlarr = yavanna; }; } ]; diff --git a/modules/piracy/default.nix b/modules/piracy/default.nix new file mode 100644 index 0000000..be957f0 --- /dev/null +++ b/modules/piracy/default.nix @@ -0,0 +1,177 @@ +{ + config, + lib, + libNginx, + pkgs, + ... +}: +let + cfg = config.nixfiles.modules.piracy; +in +{ + imports = lib.attrValues (lib.modulesIn ./.); + + options.nixfiles.modules.piracy = { + enable = lib.mkEnableOption "tools for working with the BitTorrent protocol"; + + group = lib.mkOption { + type = lib.types.str; + default = "piracy"; + }; + gid = lib.mkOption { + type = lib.types.int; + default = 210; # Unused UID from Nixpkgs. + }; + + flood = { + enable = lib.mkEnableOption "Flood" // { + default = cfg.enable; + }; + + domain = lib.mkOption { + description = "Domain name sans protocol scheme."; + type = lib.types.str; + default = "flood.${config.networking.domain}"; + }; + }; + }; + + config = + let + files = "/export/rtorrent"; + socket = "/run/rtorrent/rpc.sock"; + in + lib.mkIf cfg.enable ( + lib.mkMerge [ + { + ark.directories = [ + config.services.rtorrent.dataDir + files + ]; + + services.rtorrent = { + enable = true; + + user = "rtorrent"; + inherit (cfg) group; + + rpcSocket = socket; + configText = + with config.services.rtorrent; + lib.mkForce '' + directory.default.set = ${files} + session.path.set = ${dataDir}/session + + network.port_range.set = ${toString port}-${toString port} + network.port_random.set = no + + dht.mode.set = disable + protocol.pex.set = no + + trackers.use_udp.set = no + + protocol.encryption.set = allow_incoming,try_outgoing,enable_retry + + pieces.memory.max.set = ${toString (lib.pow 2 11)}M + pieces.preload.type.set = 2 + + network.max_open_files.set = ${toString (lib.pow 2 13)} + network.max_open_sockets.set = ${toString (lib.pow 2 13)} + + network.http.max_open.set = ${toString (lib.pow 2 10)} + + throttle.global_down.max_rate.set_kb = 0 + throttle.global_up.max_rate.set_kb = 0 + + network.scgi.open_local = ${socket} + network.xmlrpc.size_limit.set = ${toString (lib.pow 2 17)} + + encoding.add = utf8 + system.umask.set = 0007 + + log.open_file = "log", "/var/log/rtorrent/log" + log.add_output = "info", "log" + ''; + }; + + systemd = { + sockets.rtorrent = { + socketConfig.ListenStream = socket; + wantedBy = [ "sockets.target" ]; + }; + + services.rtorrent = { + serviceConfig = { + UMask = "0007"; + RuntimeDirectory = "rtorrent"; + LogsDirectory = "rtorrent"; + ReadWritePaths = [ files ]; + }; + after = [ "rtorrent.socket" ]; + requires = [ "rtorrent.socket" ]; + }; + + tmpfiles.rules = with config.services.rtorrent; [ + "d '${files}' 0750 ${user} ${cfg.group} -" + ]; + }; + + users = { + users.${config.services.rtorrent.user}.uid = cfg.gid; + groups.${config.services.rtorrent.group}.gid = cfg.gid; + }; + my.extraGroups = [ cfg.group ]; + + boot.kernel.sysctl = { + "net.core.rmem_max" = lib.mkOverride 500 (lib.pow 2 24); + "net.core.wmem_max" = lib.mkOverride 500 (lib.pow 2 24); + "net.ipv4.tcp_fin_timeout" = lib.mkOverride 500 30; + "net.ipv4.tcp_rmem" = lib.mkOverride 500 (lib.mkTcpMem 12 23 24); + "net.ipv4.tcp_slow_start_after_idle" = 0; + "net.ipv4.tcp_tw_recycle" = lib.mkOverride 500 1; + "net.ipv4.tcp_tw_reuse" = lib.mkOverride 500 1; + "net.ipv4.tcp_wmem" = lib.mkOverride 500 (lib.mkTcpMem 12 23 24); + }; + } + (lib.mkIf cfg.flood.enable { + ark.directories = [ "/var/lib/private/flood" ]; + + nixfiles.modules.nginx = with config.services.flood; { + enable = true; + upstreams.flood.servers."${host}:${toString port}" = { }; + virtualHosts.${cfg.flood.domain} = { + root = "${package}/lib/node_modules/flood/dist/assets"; + locations = { + "/".tryFiles = "$uri /index.html"; + "/api" = { + proxyPass = "http://flood"; + extraConfig = libNginx.config.noProxyBuffering; + }; + }; + extraConfig = libNginx.config.internalOnly; + }; + }; + + services.flood = { + enable = true; + extraArgs = [ + "--auth=none" + "--assets=false" + "--allowedpath=${files}" + "--rtsocket=${socket}" + ]; + }; + + systemd.services.flood = { + path = [ pkgs.mediainfo ]; + serviceConfig = { + Group = cfg.group; + ReadOnlyPaths = [ files ]; + }; + after = [ "rtorrent.socket" ]; + requires = [ "rtorrent.socket" ]; + }; + }) + ] + ); +} diff --git a/modules/jackett.nix b/modules/piracy/jackett.nix index 5b0b2c0..7ef9311 100644 --- a/modules/jackett.nix +++ b/modules/piracy/jackett.nix @@ -7,10 +7,10 @@ ... }: let - cfg = config.nixfiles.modules.jackett; + cfg = config.nixfiles.modules.piracy.jackett; in { - options.nixfiles.modules.jackett = { + options.nixfiles.modules.piracy.jackett = { enable = lib.mkEnableOption "Jackett"; domain = lib.mkOption { diff --git a/modules/lidarr.nix b/modules/piracy/lidarr.nix index 127e8d9..a905d8e 100644 --- a/modules/lidarr.nix +++ b/modules/piracy/lidarr.nix @@ -8,10 +8,12 @@ }: with lib; let - cfg = config.nixfiles.modules.lidarr; + cfg = config.nixfiles.modules.piracy.lidarr; + + port = 8686; in { - options.nixfiles.modules.lidarr = { + options.nixfiles.modules.piracy.lidarr = { enable = mkEnableOption "Lidarr"; domain = mkOption { @@ -26,27 +28,33 @@ in ark.directories = [ "/var/lib/lidarr" ]; - nixfiles.modules.nginx = { - enable = true; - upstreams.lidarr.servers."127.0.0.1:8686" = { }; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://lidarr"; - extraConfig = libNginx.config.internalOnly; + nixfiles.modules = { + nginx = { + enable = true; + upstreams.lidarr.servers."127.0.0.1:${toString port}" = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://lidarr"; + extraConfig = libNginx.config.internalOnly; + }; + }; + + piracy = { + enable = true; + jackett.enable = true; }; }; services = { lidarr = { enable = true; - user = "rtorrent"; - group = "rtorrent"; + group = "piracy"; }; prometheus.exporters.exportarr-lidarr = { enable = true; url = "http://127.0.0.1"; + port = port + 10000; apiKeyFile = config.secrets.lidarr-api-key.path; - port = mkDefault 9708; inherit (config.services.lidarr) user; inherit (config.services.lidarr) group; listenAddress = this.wireguard.ipv4.address; @@ -54,14 +62,22 @@ in }; }; - systemd.tmpfiles.rules = with config.services.lidarr; [ - "d /var/lib/lidarr/root 0755 ${user} ${group} - -" - ]; + systemd = { + tmpfiles.rules = with config.services.lidarr; [ + "d /var/lib/lidarr/root 0755 ${user} ${group} - -" + ]; + + services.lidarr.after = [ + "flood.service" + "jackett.service" + "local-fs.target" + ]; + }; topology = with cfg; { nodes.${this.hostname}.services.lidarr = { info = domain; - details.listen.text = "127.0.0.1:8686"; + details.listen.text = "127.0.0.1:${toString port}"; }; }; }; diff --git a/modules/piracy/radarr.nix b/modules/piracy/radarr.nix new file mode 100644 index 0000000..ac2fe7f --- /dev/null +++ b/modules/piracy/radarr.nix @@ -0,0 +1,84 @@ +{ + config, + inputs, + lib, + libNginx, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.piracy.radarr; + + port = 7878; +in +{ + options.nixfiles.modules.piracy.radarr = { + enable = mkEnableOption "Radarr"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "radarr.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + secrets.radarr-api-key.file = "${inputs.self}/secrets/radarr-api-key"; + + ark.directories = [ "/var/lib/radarr" ]; + + nixfiles.modules = { + nginx = { + enable = true; + upstreams.radarr.servers."127.0.0.1:${toString port}" = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://radarr"; + extraConfig = libNginx.config.internalOnly; + }; + }; + + piracy = { + enable = true; + jackett.enable = true; + }; + }; + + services = { + radarr = { + enable = true; + group = "piracy"; + }; + + prometheus.exporters.exportarr-radarr = { + enable = true; + url = "http://127.0.0.1"; + port = port + 10000; + apiKeyFile = config.secrets.radarr-api-key.path; + inherit (config.services.radarr) user; + inherit (config.services.radarr) group; + listenAddress = this.wireguard.ipv4.address; + environment.CONFIG = "/var/lib/radarr/.config/Radarr/config.xml"; + }; + }; + + systemd = { + tmpfiles.rules = with config.services.radarr; [ + "d /var/lib/radarr/root 0755 ${user} ${group} - -" + ]; + + services.lidarr.after = [ + "flood.service" + "jackett.service" + "local-fs.target" + ]; + }; + + topology = with cfg; { + nodes.${this.hostname}.services.radarr = { + info = domain; + details.listen.text = "127.0.0.1:${toString port}"; + }; + }; + }; +} diff --git a/modules/piracy/sonarr.nix b/modules/piracy/sonarr.nix new file mode 100644 index 0000000..8715a12 --- /dev/null +++ b/modules/piracy/sonarr.nix @@ -0,0 +1,84 @@ +{ + config, + inputs, + lib, + libNginx, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.piracy.sonarr; + + port = 8989; +in +{ + options.nixfiles.modules.piracy.sonarr = { + enable = mkEnableOption "Sonarr"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "sonarr.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + secrets.sonarr-api-key.file = "${inputs.self}/secrets/sonarr-api-key"; + + ark.directories = [ "/var/lib/sonarr" ]; + + nixfiles.modules = { + nginx = { + enable = true; + upstreams.sonarr.servers."127.0.0.1:${toString port}" = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://sonarr"; + extraConfig = libNginx.config.internalOnly; + }; + }; + + piracy = { + enable = true; + jackett.enable = true; + }; + }; + + services = { + sonarr = { + enable = true; + group = "piracy"; + }; + + prometheus.exporters.exportarr-sonarr = { + enable = true; + url = "http://127.0.0.1"; + port = port + 10000; + apiKeyFile = config.secrets.sonarr-api-key.path; + inherit (config.services.sonarr) user; + inherit (config.services.sonarr) group; + listenAddress = this.wireguard.ipv4.address; + environment.CONFIG = "/var/lib/sonarr/.config/Sonarr/config.xml"; + }; + }; + + systemd = { + tmpfiles.rules = with config.services.sonarr; [ + "d /var/lib/sonarr/root 0755 ${user} ${group} - -" + ]; + + services.sonarr.after = [ + "flood.service" + "jackett.service" + "local-fs.target" + ]; + }; + + topology = with cfg; { + nodes.${this.hostname}.services.sonarr = { + info = domain; + details.listen.text = "127.0.0.1:${toString port}"; + }; + }; + }; +} diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix index ae03bcc..34093d0 100644 --- a/modules/profiles/default.nix +++ b/modules/profiles/default.nix @@ -29,13 +29,13 @@ in } ]; - ark.directories = [ "/var/log" ]; + ark.directories = [ + "/var/lib/nixos" + "/var/log" + ]; nixfiles.modules = { - bat.enable = true; - eza.enable = true; htop.enable = true; - tmux.enable = true; vim.enable = true; }; diff --git a/modules/profiles/headful.nix b/modules/profiles/headful.nix index e2ed1df..d7f1876 100644 --- a/modules/profiles/headful.nix +++ b/modules/profiles/headful.nix @@ -21,9 +21,11 @@ in alacritty.enable = mkDefault true; aria2.enable = true; + bat.enable = true; chromium.enable = true; dwm.enable = mkDefault false; emacs.enable = true; + eza.enable = true; firefox.enable = true; foot.enable = mkDefault true; kde.enable = mkDefault true; @@ -54,9 +56,11 @@ in audacity byedpi eaglemode + easyeffects element-desktop fd gimp + helvum imv kdenlive libreoffice-fresh diff --git a/modules/prowlarr.nix b/modules/prowlarr.nix new file mode 100644 index 0000000..c5bf5c0 --- /dev/null +++ b/modules/prowlarr.nix @@ -0,0 +1,65 @@ +{ + config, + inputs, + lib, + libNginx, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.prowlarr; + + port = 9696; +in +{ + options.nixfiles.modules.prowlarr = { + enable = mkEnableOption "Prowlarr"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "prowlarr.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + # secrets.prowlarr-api-key.file = "${inputs.self}/secrets/prowlarr-api-key"; + + ark.directories = [ "/var/lib/private/prowlarr" ]; + + nixfiles.modules.nginx = { + enable = true; + upstreams.prowlarr.servers."127.0.0.1:${toString port}" = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://prowlarr"; + extraConfig = libNginx.config.internalOnly; + }; + }; + + services = { + prowlarr.enable = true; + + prometheus.exporters.exportarr-prowlarr = { + enable = true; + url = "http://127.0.0.1"; + port = port + 10000; + apiKeyFile = config.secrets.lidarr-api-key.path; + listenAddress = this.wireguard.ipv4.address; + environment = { + PROWLARR__BACKFILL = "true"; + PROWLARR__BACKFILL_DATE_SINCE = "2025-01-01"; + }; + }; + }; + + topology = with cfg; { + nodes.${this.hostname}.services.prowlarr = { + name = "Prowlarr"; + icon = "${inputs.homelab-svg-assets}/assets/prowlarr.svg"; + info = domain; + details.listen.text = "127.0.0.1:${toString port}"; + }; + }; + }; +} diff --git a/modules/radarr.nix b/modules/radarr.nix deleted file mode 100644 index 9e4e13f..0000000 --- a/modules/radarr.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - config, - lib, - libNginx, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.radarr; -in -{ - options.nixfiles.modules.radarr = { - enable = mkEnableOption "Radarr"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "radarr.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - ark.directories = [ "/var/lib/radarr" ]; - - nixfiles.modules.nginx = { - enable = true; - upstreams.radarr.servers."127.0.0.1:7878" = { }; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://radarr"; - extraConfig = libNginx.config.internalOnly; - }; - }; - - services.radarr = { - enable = true; - user = "rtorrent"; - group = "rtorrent"; - }; - }; -} diff --git a/modules/rtorrent.nix b/modules/rtorrent.nix deleted file mode 100644 index 82ef1b2..0000000 --- a/modules/rtorrent.nix +++ /dev/null @@ -1,328 +0,0 @@ -{ - config, - lib, - libNginx, - pkgs, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.rtorrent; -in -{ - options.nixfiles.modules.rtorrent = { - enable = mkEnableOption "rTorrent"; - - flood = { - enable = mkEnableOption "Flood" // { - default = cfg.enable; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "flood.${config.networking.domain}"; - }; - }; - }; - - config = - let - user = "rtorrent"; - group = "rtorrent"; - baseDir = "/var/lib/rtorrent"; - rpcSocket = "${baseDir}/rpc.socket"; - in - mkIf cfg.enable (mkMerge [ - ( - let - port = 50000; - in - { - ark.directories = [ baseDir ]; - - systemd = { - services.rtorrent = { - description = "rTorrent"; - after = [ - "network.target" - "local-fs.target" - ]; - serviceConfig = - let - leechDir = "${baseDir}/leech"; - seedDir = "${baseDir}/seed"; - sessionDir = "${baseDir}/session"; - logDir = "${baseDir}/log"; - configFile = - let - moveCompleted = getExe ( - pkgs.writeShellApplication { - name = "move-completed"; - runtimeInputs = with pkgs; [ - coreutils-full - gnused - findutils - ]; - text = '' - set -x - - leech_path="$1" - seed_path="$2" - # seed_path="$(echo "$2" | sed 's@+@ @g;s@%@\\x@g' | xargs -0 printf '%b')" - - mkdir -pv "$seed_path" - mv -fv "$leech_path" "$seed_path" - ''; - } - ); - in - pkgs.writeText "rtorrent.rc" '' - method.insert = cfg.leech, private|const|string, (cat, "${leechDir}") - method.insert = cfg.seed, private|const|string, (cat, "${seedDir}") - method.insert = cfg.session, private|const|string, (cat, "${sessionDir}") - method.insert = cfg.log, private|const|string, (cat, "${logDir}") - method.insert = cfg.rpcsocket, private|const|string, (cat, "${rpcSocket}") - - directory.default.set = (cat, (cfg.leech)) - session.path.set = (cat, (cfg.session)) - - network.port_range.set = ${toString port}-${toString port} - network.port_random.set = no - - dht.mode.set = disable - protocol.pex.set = no - - trackers.use_udp.set = no - - protocol.encryption.set = allow_incoming,try_outgoing,enable_retry - - pieces.memory.max.set = ${toString (pow 2 11)}M - pieces.preload.type.set = 2 - - network.xmlrpc.size_limit.set = ${toString (pow 2 17)} - - network.max_open_files.set = ${toString (pow 2 10)} - network.max_open_sockets.set = ${toString (pow 2 10)} - - network.http.max_open.set = ${toString (pow 2 8)} - - throttle.global_down.max_rate.set_kb = 0 - throttle.global_up.max_rate.set_kb = 0 - - encoding.add = UTF-8 - system.umask.set = 0027 - system.cwd.set = (directory.default) - - network.scgi.open_local = (cat, (cfg.rpcsocket)) - - method.insert = d.move_completed, simple, "\ - d.directory.set=$argument.1=;\ - execute=${moveCompleted}, $argument.0=, $argument.1=;\ - d.save_full_session=\ - " - method.insert = d.leech_path, simple, "\ - if=(d.is_multi_file),\ - (cat, (d.directory), /),\ - (cat, (d.directory), /, (d.name))\ - " - method.insert = d.seed_path, simple, "\ - cat=$cfg.seed=, /, $d.custom1=\ - " - method.set_key = event.download.finished, move_complete, "\ - d.move_completed=$d.leech_path=, $d.seed_path=\ - " - - log.open_file = "log", (cat, (cfg.log), "/", "default.log") - log.add_output = "info", "log" - log.execute = (cat, (cfg.log), "/", "execute.log") - ''; - in - { - Restart = "on-failure"; - RestartSec = 3; - - KillMode = "process"; - KillSignal = "SIGHUP"; - - User = user; - Group = group; - - ExecStartPre = concatStringsSep " " [ - "${pkgs.coreutils-full}/bin/mkdir -p" - leechDir - seedDir - sessionDir - logDir - ]; - ExecStart = concatStringsSep " " [ - (getExe pkgs.rtorrent) - "-n" - "-o system.daemon.set=true" - "-o network.bind_address.set=0.0.0.0" - "-o import=${configFile}" - ]; - ExecStop = concatStringsSep " " [ - "${pkgs.coreutils-full}/bin/rm -rf" - rpcSocket - ]; - - RuntimeDirectory = "rtorrent"; - RuntimeDirectoryMode = 750; - UMask = 27; - AmbientCapabilities = [ "" ]; - CapabilityBoundingSet = [ "" ]; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProcSubset = "pid"; - RemoveIPC = true; - RestrictAddressFamilies = [ - "AF_UNIX" - "AF_INET" - "AF_INET6" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@resources" - "~@privileged" - ]; - }; - wantedBy = [ "multi-user.target" ]; - }; - - tmpfiles.rules = [ "d '${baseDir}' 0750 ${user} ${group} -" ]; - }; - - users = { - users.${user} = { - inherit group; - shell = pkgs.bashInteractive; - home = baseDir; - description = "rTorrent"; - isSystemUser = true; - }; - groups.${group} = { }; - }; - my.extraGroups = [ group ]; - - networking.firewall.allowedTCPPorts = [ port ]; - - boot.kernel.sysctl = { - "net.core.rmem_max" = mkOverride 500 (pow 2 24); - "net.core.wmem_max" = mkOverride 500 (pow 2 24); - "net.ipv4.tcp_fin_timeout" = mkOverride 500 30; - "net.ipv4.tcp_rmem" = mkOverride 500 (mkTcpMem 12 23 24); - "net.ipv4.tcp_slow_start_after_idle" = 0; - "net.ipv4.tcp_tw_recycle" = mkOverride 500 1; - "net.ipv4.tcp_tw_reuse" = mkOverride 500 1; - "net.ipv4.tcp_wmem" = mkOverride 500 (mkTcpMem 12 23 24); - }; - } - ) - ( - let - port = 50001; - pkg = pkgs.nodePackages.flood; - in - mkIf cfg.flood.enable { - nixfiles.modules.nginx = { - enable = true; - upstreams.flood.servers."127.0.0.1:${toString port}" = { }; - virtualHosts.${cfg.flood.domain} = { - root = "${pkg}/lib/node_modules/flood/dist/assets"; - locations = { - "/".tryFiles = "$uri /index.html"; - "/api" = { - proxyPass = "http://flood"; - extraConfig = libNginx.config.noProxyBuffering; - }; - }; - extraConfig = libNginx.config.internalOnly; - }; - }; - - systemd.services.flood = { - description = "Flood"; - after = [ - "network.target" - "rtorrent.service" - ]; - path = with pkgs; [ mediainfo ]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 3; - - User = user; - Group = group; - - ExecStart = concatStringsSep " " [ - (getExe pkg) - "--allowedpath=${baseDir}" - "--baseuri=/" - "--rundir=${baseDir}/flood" - "--host=127.0.0.1" - "--port=${toString port}" - "--rtsocket=${rpcSocket}" - "--ssl=false" - "--auth=none" - ]; - - RuntimeDirectory = "rtorrent"; - RuntimeDirectoryMode = 750; - UMask = 27; - AmbientCapabilities = [ "" ]; - CapabilityBoundingSet = [ "" ]; - LockPersonality = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProcSubset = "pid"; - ProtectProc = "invisible"; - RemoveIPC = true; - RestrictAddressFamilies = [ - "AF_UNIX" - "AF_INET" - "AF_INET6" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "~@cpu-emulation" - "~@debug" - "~@mount" - "~@obsolete" - "~@privileged" - "~@resources" - ]; - }; - wantedBy = [ "multi-user.target" ]; - }; - } - ) - ]); -} diff --git a/modules/sonarr.nix b/modules/sonarr.nix deleted file mode 100644 index b11dda0..0000000 --- a/modules/sonarr.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - config, - lib, - libNginx, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.sonarr; -in -{ - options.nixfiles.modules.sonarr = { - enable = mkEnableOption "Sonarr"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "sonarr.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - ark.directories = [ "/var/lib/sonarr" ]; - - nixfiles.modules.nginx = { - enable = true; - upstreams.sonarr.servers."127.0.0.1:8989" = { }; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://sonarr"; - extraConfig = libNginx.config.internalOnly; - }; - }; - - services.sonarr = { - enable = true; - user = "rtorrent"; - group = "rtorrent"; - }; - }; -} diff --git a/overlays.nix b/overlays.nix index 71735cc..020c6b2 100644 --- a/overlays.nix +++ b/overlays.nix @@ -101,5 +101,8 @@ ''; }; }; + + rtorrent = + _: (lib.packages.fromPR 368724 "sha256-99C1bOu6L5UMia0zqR3258HO+MS7Jq89KQE6oycFsvc=").rtorrent; }; } |