diff --git a/flake.lock b/flake.lock index fc3117d..d0801c1 100644 --- a/flake.lock +++ b/flake.lock @@ -99,6 +99,39 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -141,13 +174,48 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1723503926, + "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=", + "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1723510904, + "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=", + "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1724067415, - "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", + "lastModified": 1724575805, + "narHash": "sha256-OB/kEL3GAhUZmUfkbPfsPhKs0pRqJKs0EEBiLfyKZw8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", + "rev": "9fc19be21f0807d6be092d70bf0b1de0c00ac895", "type": "github" }, "original": { @@ -159,11 +227,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "lastModified": 1724531977, + "narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32", "type": "github" }, "original": { @@ -173,30 +241,14 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "colmena": "colmena", "home-manager": "home-manager_2", + "lix-module": "lix-module", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs": "nixpkgs" } }, "stable": { @@ -229,6 +281,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 8042be0..a7503af 100644 --- a/flake.nix +++ b/flake.nix @@ -1,14 +1,22 @@ { + # Source of inspiration: + # - https://github.com/BonusPlay/sysconf/blob/master/flake.nix + # - https://github.com/NixOS/infra/blob/master/build/flake.nix + description = "Pazpi's systems"; inputs = { # NixOS related inputs nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; - nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + lix-module = { + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -29,110 +37,61 @@ { self, nixpkgs, - nixpkgs-unstable, + nixos-hardware, + lix-module, agenix, colmena, home-manager, - ... }@inputs: let system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; }; - myModule = { - imports = [ ./modules ]; - }; - - proxmoxModule = { - imports = [ - "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" - ./modules/virtualisation/proxmox.nix - ]; - }; - + lib = nixpkgs.lib; in { # used with: `nix fmt` formatter.${system} = pkgs.nixfmt-rfc-style; - nixosConfigurations.deadbeef = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - }; - modules = [ - myModule - ./hosts/deadbeef - ]; - }; - - nixosConfigurations.arr = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs; - }; - - modules = [ - myModule - proxmoxModule - ./hosts/arr - ]; - }; + nixosConfigurations = (import ./hosts inputs); colmena = - { - meta = { - description = "pazpi.top infrastructure"; - nixpkgs = import nixpkgs { inherit system; }; + lib.recursiveUpdate + (builtins.mapAttrs (k: v: { imports = v._module.args.modules; }) self.nixosConfigurations) + { + meta = { + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = [ ]; + }; + nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations; + nodeSpecialArgs = builtins.mapAttrs (_: v: v._module.specialArgs) self.nixosConfigurations; + }; + + defaults = { + imports = [ ./modules ]; + deployment.targetUser = "pazpi"; + }; + + arr = { + deployment = { + targetHost = "192.168.1.189"; + targetUser = lib.mkForce "root"; + tags = [ + "lxc" + "bacco" + ]; + }; + }; + + deadbeef.deployment = { + allowLocalDeployment = true; + targetHost = null; + tags = [ "local" ]; + }; + }; - } - // builtins.mapAttrs (name: value: { - nixpkgs.system = value.config.nixpkgs.system; - imports = value._module.args.modules; - deployment = { - targetHost = "${name}.nixos.org"; - }; - }) self.nixosConfigurations; - - # colmena = { - # meta = { - # nixpkgs = pkgs; - # specialArgs = { - # inherit inputs; - # }; - # }; - - # defaults = { - # imports = [ - # "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" - # ./modules - # ./modules/virtualisation/proxmox.nix - # ]; - # }; - - # # childnixos = { - # # deployment = { - # # targetHost = "10.233.244.63"; - # # targetPort = 22; - # # targetUser = "root"; - # # }; - - # # imports = [ ./lxc-nix/configuration.nix ]; - # # }; - - # arr = { - # deployment = { - # targetHost = "192.168.1.189"; - # targetPort = 22; - # targetUser = "pazpi"; - # }; - - # time.timeZone = "Europe/Rome"; - # imports = [ ./hosts/arr ]; - # }; - - # }; devShells.${system}.default = pkgs.mkShell { buildInputs = with pkgs; [ diff --git a/hosts/default.nix b/hosts/default.nix index 4c69e99..3d3f4d7 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,23 +1,39 @@ -{ nixpkgs -, home-manager -, nixos-hardware -, agenix -, ... +{ + nixpkgs, + nixos-hardware, + agenix, + home-manager, + lix-module, + ... }: let - agenixOverlay = final: prev: { - agenix = agenix.packages.${prev.system}.default; + agenixOverlay = final: prev: { agenix = agenix.packages.${prev.system}.default; }; + pkgs = + system: + import nixpkgs { + inherit system; + overlays = [ agenixOverlay ]; + config.allowUnfree = true; + }; + myModule = { + imports = [ + lix-module.nixosModules.default + ../modules + ]; }; - pkgs = system: import nixpkgs { - inherit system; - overlays = [ agenixOverlay ]; - config.allowUnfree = true; + + proxmoxModule = { + imports = [ + "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" + ../modules/virtualisation/proxmox.nix + ]; }; in { deadbeef = nixpkgs.lib.nixosSystem { pkgs = pkgs "x86_64-linux"; modules = [ + myModule ./deadbeef nixos-hardware.nixosModules.dell-xps-15-9560 home-manager.nixosModules.home-manager @@ -31,6 +47,8 @@ in arr = nixpkgs.lib.nixosSystem { pkgs = pkgs "x86_64-linux"; modules = [ + myModule + proxmoxModule ./arr agenix.nixosModules.default ]; diff --git a/modules/services/download-pod.nix b/modules/services/download-pod.nix index 9cb6c9b..09ad046 100644 --- a/modules/services/download-pod.nix +++ b/modules/services/download-pod.nix @@ -1,25 +1,66 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: + +with lib; + let cfg = config.my.services.download-pod; containers = { - webserver = { + + jackett = { enable = true; - image = "nginx"; + image = "linuxserver/jackett"; + autoStart = true; + extraOptions = [ "--pod=download" ]; volumes = [ - "aaa:/config" - "bbb:/data" + "jackett_config:/config" + "jackett_data:/data" ]; }; - postgres = { + radarr = { + enable = true; + image = "linuxserver/radarr"; + autoStart = true; + extraOptions = [ "--pod=download" ]; + volumes = [ + "radarr_config:/config" + "radarr_data:/data" + ]; + }; + + sabnzbd = { enable = false; - image = "postgres:13"; + image = "linuxserver/sabnzbd"; + autoStart = true; + extraOptions = [ "--pod=download" ]; + volumes = [ + "sabnzbd_config:/config" + "sabnzbd_data:/data" + ]; + }; + + sonarr = { + enable = false; + image = "linuxserver/sonarr"; + autoStart = true; + extraOptions = [ "--pod=download" ]; + volumes = [ + "sonarr_config:/config" + "sonarr_data:/data" + ]; + }; + + prowlarr = { + enable = true; + image = "linuxserver/prowlarr"; + autoStart = true; + # extraOptions = [ "--pod=download" ]; + volumes = [ "prowlarr_config:/config" ]; }; }; @@ -60,11 +101,14 @@ in config = lib.mkIf cfg.enable { my.virtualisation.podmanPods = { - mywebapp = { - name = "mywebapp"; + download = { + name = "download"; ports = [ - "9090:80" - "9443:443" + "7878:7878" # : Radarr + # "8080:8080" # : Sabnzbd + "8989:8989" # : Sonarr + "9117:9117" # : Jackett + "9696:9696" # : Prowlarr ]; containers = enabledContainers containers; }; diff --git a/modules/utils/commons.nix b/modules/utils/commons.nix index edd8626..1fe69a7 100644 --- a/modules/utils/commons.nix +++ b/modules/utils/commons.nix @@ -37,7 +37,5 @@ in }; }; - nixpkgs.config.allowUnfree = true; - }; } diff --git a/modules/utils/server-node-users.nix b/modules/utils/server-node-users.nix index a3b7945..d5f4bc6 100644 --- a/modules/utils/server-node-users.nix +++ b/modules/utils/server-node-users.nix @@ -1,11 +1,27 @@ -{ - lib, - config, - pkgs, - ... +{ lib +, config +, pkgs +, ... }: let cfg = config.my.utils.serverNodeUsers; + gitlabUsername = "pazpi"; + sshKeys = + let + localKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef" + # Add more local keys as needed + ]; + gitlabKeys = pkgs.lib.splitString "\n" ( + builtins.readFile ( + pkgs.fetchurl { + url = "https://gitlab.com/${gitlabUsername}.keys"; + sha256 = "tHC4DBRO8mXBLFBqGiZlgyY5Pzpl4AMeURCni6H7IjI="; + } + ) + ); + in + localKeys ++ gitlabKeys; in { options.my.utils.serverNodeUsers = { @@ -24,6 +40,7 @@ in users.root = { hashedPassword = "!"; + openssh.authorizedKeys.keys = sshKeys; }; users.pazpi = { @@ -31,9 +48,7 @@ in hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1"; shell = pkgs.bash; extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef" - ]; + openssh.authorizedKeys.keys = sshKeys; }; };