spoody/server-configuration
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

finally, this shit works in a vm

Browse source
This commit is contained in:
baritone 2025-03-04 21:34:39 +01:00
parent 209e5f2a8f
commit e74377e6c4
7 changed files with 101 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
configuration.nix
View file

@ -11,6 +11,7 @@
./services/sonarr.nix
./services/misc.nix
./modules/microvm.nix
./modules/git.nix
./modules/nix-settings.nix
./modules/zfs.nix
@ -31,6 +32,9 @@
programs.zsh = {
enable = true;
enableGlobalCompInit = true;
shellAliases = {
"nrb" = "sudo nixos-rebuild switch --flake /etc/nixos";
};
};
programs.ssh.startAgent = true;

6
disko.nix
View file

@ -64,7 +64,11 @@
zpool = {
zroot = {
type = "zpool";
rootFsOptions.mountpoint = "none";
rootFsOptions = {
mountpoint = "none";
acltype = "posixacl";
xattr = "sa";
};
datasets = {
root = {

45
modules/microvm.nix
View file

@ -3,36 +3,35 @@
lib,
...
}: let
attrSets = lib.lists.imap1 (i: v: {
attrSet = lib.lists.imap1 (i: v: {
name = v;
index = i;
}) (builtins.attrNames config.microvm.vms);
in {
config.microvm.hyprvisor = "cloud-hyprvisor";
systemd.network.networks = builtins.listToAttrs attrSet ({
name,
index,
}: {
name = "30-vm${name}";
value = {
matchConfig.Name = "vm${name}";
address = [
"10.0.0.0/32"
];
routes = [
{
Destination = "10.0.0.${toString index}/32";
}
];
networkConfig = {IPv4Forwarding = true;};
};
});
config.systemd.network.networks = builtins.listToAttrs (builtins.map ({
name,
index,
}: {
name = "30-vm${toString index}";
value = {
matchConfig.Name = "vm${toString index}";
address = [
"10.0.0.0/32"
];
routes = [
{
Destination = "10.0.0.${toString index}/32";
}
];
networkConfig = {IPv4Forwarding = true;};
};
})
attrSet);
# NAT (make vms accessible in host)
networking.nat = {
config.networking.nat = {
enable = true;
internalIps = ["10.0.0.0/24"];
internalIPs = ["10.0.0.0/24"];
externalInterface = "enp2s0";
};
}

1
modules/users.nix
View file

@ -17,6 +17,7 @@
"networkmanager"
"audio"
"wheel"
"jellyfin"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux"

26
services/jellyfin.nix
View file

@ -1,12 +1,17 @@
{pkgs, ...}: let
{
lib,
pkgs,
config,
...
}: let
host = "127.0.0.1";
port = 8096;
in {
# Enable VAAPI
nixpkgs.config.packageOverrides = pkgs: {
config.nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
hardware.graphics = {
config.hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
@ -17,8 +22,15 @@ in {
];
};
# Create folder for media
config.system.activationScripts."jellyfinMediaFolder" = lib.stringAfter ["var"] ''
mkdir -p /media
chmod -R 775 /media
chown -R jellyfin:jellyfin /media
'';
# Enable Jellyfin
services.jellyfin = {
config.services.jellyfin = {
enable = true;
openFirewall = false; # We want jellyfin behind a reverse proxy
};
@ -31,7 +43,7 @@ in {
# '';
# };
services.nginx.
config.services.nginx.
virtualHosts."media.spoodythe.one" = {
addSSL = true;
enableACME = true;
@ -41,6 +53,6 @@ in {
};
# Open port 80 and 443 for reverse proxy
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [80 443];
config.networking.firewall.allowedTCPPorts = [80 443];
config.networking.firewall.allowedUDPPorts = [80 443];
}

7
services/nginx.nix
View file

@ -5,6 +5,13 @@
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."_" = {
default = true;
locations."/" = {
return = 404;
};
};
};
security.acme.acceptTerms = true;

50
services/sonarr.nix
View file

@ -1,17 +1,23 @@
{lib, ...}: let
{
pkgs,
lib,
...
}: let
host = "127.0.0.1";
port = 8989;
vm-index = 1;
vm-mac = "00:00:00:00:00:01";
vm-name = "sonarr";
in {
config.microvm.autostart = ["sonarr"];
config.microvm.autostart = [vm-name];
config.system.activationScripts.makeSonarrDir = lib.stringAfter ["var"] ''
mkdir -p /var/lib/sonarr
chmod -R microvm /var/lib/sonarr
config.system.activationScripts."make${vm-name}DataDir" = lib.stringAfter ["var"] ''
mkdir -p /var/lib/${vm-name}
chmod -R 777 /var/lib/${vm-name}
chown -R microvm /var/lib/${vm-name}
'';
config.microvm.vms."sonarr" = {
config.microvm.vms.${vm-name} = {
config = {
system.stateVersion = "24.11";
# Storage share configuration
@ -23,12 +29,23 @@ in {
}
{
tag = "data-dir";
source = "/var/lib/sonarr";
source = "/var/lib/${vm-name}";
mountPoint = "/var/lib/sonarr";
proto = "virtiofs";
}
];
# Allow the service to use the share
system.activationScripts."chownDataDir" = lib.stringAfter ["var"] ''
mkdir -p /var/lib/sonarr
chmod -R 770 /var/lib/sonarr
chown -R sonarr:sonarr /var/lib/sonarr
'';
systemd.services.sonarr.serviceConfig.ExecStartPre = "/run/current-system/sw/bin/sleep 5";
microvm.hypervisor = "qemu";
# VM Networking
microvm.interfaces = [
{
@ -65,6 +82,13 @@ in {
};
};
networking.useDHCP = false;
networking.nameservers = [
"10.0.101.1"
"8.8.8.8"
"8.8.4.4"
];
# Service
services.sonarr = {
enable = true;
@ -75,6 +99,18 @@ in {
users.users."root" = {
password = "1234";
};
environment.systemPackages = [pkgs.dig];
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
AllowUsers = null;
PasswordAuthentication = true;
KbdInteractiveAuthentication = true;
};
};
};
};
}