Home

dotnix @main - refs - log -
-
https://git.jolheiser.com/dotnix.git
My nix dotfiles
dotnix / machines / gunpowder / default.nix
- raw
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
{ pkgs, ... }:
let
  username = "jolheiser";
  key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj";
in
{
  imports = [ ./hardware.nix ];

  boot = {
    kernelPackages = pkgs.linuxPackages_latest;
    kernelParams = [
      "quiet"
      "splash"
    ];
    loader.grub = {
      enable = true;
      device = "/dev/sda";
      useOSProber = true;
      enableCryptodisk = true;
    };
  };

  boot.initrd.secrets = {
    "/crypto_keyfile.bin" = null;
  };

  boot.initrd.luks.devices = {
    "luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
    "luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
      device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
      keyFile = "/crypto_keyfile.bin";
    };
  };

  networking = {
    hostName = "gunpowder";
    networkmanager.enable = true;
    firewall.enable = true;
  };

  services = {
    xserver = {
      enable = true;
      displayManager.lightdm.enable = true;
      desktopManager.xfce.enable = true;
    };
    openssh.enable = true;
    tailscale.enable = true;
    mullvad-vpn = {
      enable = true;
      package = pkgs.mullvad-vpn;
    };
    resolved.enable = true;

    # media
    jellyfin = {
      enable = true;
      openFirewall = true;
    };
    tailproxy.jellyfin = {
      enable = true;
      hostname = "jellyfin";
      port = 8096;
      authKey = "tskey-auth-khZwt3ASDX11CNTRL-jYDAVuX7VVLCebLUGdvnVLLoUkeEevXEV"; # One-time key
    };
    sonarr = {
      enable = true;
      openFirewall = true;
    };
    tailproxy.sonarr = {
      enable = true;
      hostname = "sonarr";
      port = 8989;
      authKey = "tskey-auth-k1mZ4587A511CNTRL-uxq54KBAvb6YuhvZbxscb6rf7x8UwNiP"; # One-time key
    };
    radarr = {
      enable = true;
      openFirewall = true;
    };
    tailproxy.radarr = {
      enable = true;
      hostname = "radarr";
      port = 7878;
      authKey = "tskey-auth-kjuWphWmFp11CNTRL-dcpVCTbdPTAAiqQHaKVhTA27uNQeHxmq5"; # One-time key
    };
    bazarr = {
      enable = true;
      openFirewall = true;
    };
    tailproxy.bazarr = {
      enable = true;
      hostname = "bazarr";
      port = 6767;
      authKey = "tskey-auth-kydeAt7KDA21CNTRL-bLfZMG4ip4i4a91DX1b85ipjnZi9KgoN9"; # One-time key
    };
    prowlarr = {
      enable = true;
      openFirewall = true;
    };
    tailproxy.prowlarr = {
      enable = true;
      hostname = "prowlarr";
      port = 9696;
      authKey = "tskey-auth-koCbGEVEvh11CNTRL-7pxqVBdP4v5xNvsPP5mMv5oW8PrgVQmb"; # One-time key
    };
  };

  users = {
    users = {
      "${username}" = {
        extraGroups = [
          "wheel"
          "docker"
          "storage"
        ];
        isNormalUser = true;
        openssh.authorizedKeys.keys = [ key ];
      };
      "root".openssh.authorizedKeys.keys = [ key ];
    };
    groups.media.members = [
      "jolheiser"
      "olheiser"
      "jellyfin"
      "radarr"
      "sonarr"
    ];
  };

  environment.systemPackages = with pkgs; [ qbittorrent ];

  system.stateVersion = "22.11";
}