Switch to lix and update the arr stack

2024-08-27 22:00:18 +02:00 · 2024-08-27 22:00:18 +02:00 · 34f11ee2fb
commit 34f11ee2fb
parent e860e4a9bd
6 changed files with 249 additions and 148 deletions
--- a/flake.lock
+++ b/flake.lock
@ -99,6 +99,39 @@
        "type": "github"
      }
    },
    "flake-utils_2": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1710146030,
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "flakey-profile": {
      "locked": {
        "lastModified": 1712898590,
        "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
        "owner": "lf-",
        "repo": "flakey-profile",
        "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
        "type": "github"
      },
      "original": {
        "owner": "lf-",
        "repo": "flakey-profile",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -141,13 +174,48 @@
        "type": "github"
      }
    },
    "lix": {
      "flake": false,
      "locked": {
        "lastModified": 1723503926,
        "narHash": "sha256-Rosl9iA9MybF5Bud4BTAQ9adbY81aGmPfV8dDBGl34s=",
        "rev": "bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2",
        "type": "tarball",
        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2.tar.gz?rev=bcaeb6388b8916ac6d1736e3aa2b13313e6a6bd2"
      },
      "original": {
        "type": "tarball",
        "url": "https://git.lix.systems/lix-project/lix/archive/2.91.0.tar.gz"
      }
    },
    "lix-module": {
      "inputs": {
        "flake-utils": "flake-utils_2",
        "flakey-profile": "flakey-profile",
        "lix": "lix",
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1723510904,
        "narHash": "sha256-zNW/rqNJwhq2lYmQf19wJerRuNimjhxHKmzrWWFJYts=",
        "rev": "622a2253a071a1fb97a4d3c8103a91114acc1140",
        "type": "tarball",
        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/622a2253a071a1fb97a4d3c8103a91114acc1140.tar.gz"
      },
      "original": {
        "type": "tarball",
        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz"
      }
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1724067415,
+        "lastModified": 1724575805,
-        "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=",
+        "narHash": "sha256-OB/kEL3GAhUZmUfkbPfsPhKs0pRqJKs0EEBiLfyKZw8=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2",
+        "rev": "9fc19be21f0807d6be092d70bf0b1de0c00ac895",
        "type": "github"
      },
      "original": {
@ -159,11 +227,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1724316499,
+        "lastModified": 1724531977,
-        "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
+        "narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
+        "rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32",
        "type": "github"
      },
      "original": {
@ -173,30 +241,14 @@
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1724224976,
        "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "colmena": "colmena",
        "home-manager": "home-manager_2",
        "lix-module": "lix-module",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs"
        "nixpkgs-unstable": "nixpkgs-unstable"
      }
    },
    "stable": {
@ -229,6 +281,21 @@
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -1,14 +1,22 @@
 {
  # Source of inspiration:
  # - https://github.com/BonusPlay/sysconf/blob/master/flake.nix
  # - https://github.com/NixOS/infra/blob/master/build/flake.nix
  description = "Pazpi's systems";
  inputs = {
    # NixOS related inputs
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    nixos-hardware.url = "github:NixOS/nixos-hardware/master";
    lix-module = {
      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
@ -29,110 +37,61 @@
    {
      self,
      nixpkgs,
-      nixpkgs-unstable,
+      nixos-hardware,
      lix-module,
      agenix,
      colmena,
      home-manager,
      ...
    }@inputs:
    let
      system = "x86_64-linux";
      pkgs = import nixpkgs { inherit system; };
-      myModule = {
+      lib = nixpkgs.lib;
        imports = [ ./modules ];
      };
      proxmoxModule = {
        imports = [
          "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
          ./modules/virtualisation/proxmox.nix
        ];
      };
    in
    {
      # used with: `nix fmt`
      formatter.${system} = pkgs.nixfmt-rfc-style;
-      nixosConfigurations.deadbeef = nixpkgs.lib.nixosSystem {
+      nixosConfigurations = (import ./hosts inputs);
        inherit system;
        specialArgs = {
          inherit inputs;
        };
        modules = [
          myModule
          ./hosts/deadbeef
        ];
      };
      nixosConfigurations.arr = nixpkgs.lib.nixosSystem {
        inherit system;
        specialArgs = {
          inherit inputs;
        };
        modules = [
          myModule
          proxmoxModule
          ./hosts/arr
        ];
      };
      colmena =
        lib.recursiveUpdate
          (builtins.mapAttrs (k: v: { imports = v._module.args.modules; }) self.nixosConfigurations)
          {
            meta = {
-            description = "pazpi.top infrastructure";
+              nixpkgs = import nixpkgs {
-            nixpkgs = import nixpkgs { inherit system; };
+                system = "x86_64-linux";
                overlays = [ ];
              };
-        }
+              nodeNixpkgs = builtins.mapAttrs (_: v: v.pkgs) self.nixosConfigurations;
-        // builtins.mapAttrs (name: value: {
+              nodeSpecialArgs = builtins.mapAttrs (_: v: v._module.specialArgs) self.nixosConfigurations;
-          nixpkgs.system = value.config.nixpkgs.system;
+            };
-          imports = value._module.args.modules;
+
            defaults = {
              imports = [ ./modules ];
              deployment.targetUser = "pazpi";
            };
            arr = {
              deployment = {
-            targetHost = "${name}.nixos.org";
+                targetHost = "192.168.1.189";
                targetUser = lib.mkForce "root";
                tags = [
                  "lxc"
                  "bacco"
                ];
              };
            };
        }) self.nixosConfigurations;
-      # colmena = {
+            deadbeef.deployment = {
-      #   meta = {
+              allowLocalDeployment = true;
-      #     nixpkgs = pkgs;
+              targetHost = null;
-      #     specialArgs = {
+              tags = [ "local" ];
-      #       inherit inputs;
+            };
      #     };
      #   };
-      #   defaults = {
+          };
      #     imports = [
      #       "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
      #       ./modules
      #       ./modules/virtualisation/proxmox.nix
      #     ];
      #   };
      #   # childnixos = {
      #   #   deployment = {
      #   #     targetHost = "10.233.244.63";
      #   #     targetPort = 22;
      #   #     targetUser = "root";
      #   #   };
      #   #   imports = [ ./lxc-nix/configuration.nix ];
      #   # };
      #   arr = {
      #     deployment = {
      #       targetHost = "192.168.1.189";
      #       targetPort = 22;
      #       targetUser = "pazpi";
      #     };
      #     time.timeZone = "Europe/Rome";
      #     imports = [ ./hosts/arr ];
      #   };
      # };
      devShells.${system}.default = pkgs.mkShell {
        buildInputs = with pkgs; [
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -1,23 +1,39 @@
-{ nixpkgs
+{
-, home-manager
+  nixpkgs,
-, nixos-hardware
+  nixos-hardware,
-, agenix
+  agenix,
-, ...
+  home-manager,
  lix-module,
  ...
 }:
 let
-  agenixOverlay = final: prev: {
+  agenixOverlay = final: prev: { agenix = agenix.packages.${prev.system}.default; };
-    agenix = agenix.packages.${prev.system}.default;
+  pkgs =
-  };
+    system:
-  pkgs = system: import nixpkgs {
+    import nixpkgs {
      inherit system;
      overlays = [ agenixOverlay ];
      config.allowUnfree = true;
    };
  myModule = {
    imports = [
      lix-module.nixosModules.default
      ../modules
    ];
  };
  proxmoxModule = {
    imports = [
      "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
      ../modules/virtualisation/proxmox.nix
    ];
  };
 in
 {
  deadbeef = nixpkgs.lib.nixosSystem {
    pkgs = pkgs "x86_64-linux";
    modules = [
      myModule
      ./deadbeef
      nixos-hardware.nixosModules.dell-xps-15-9560
      home-manager.nixosModules.home-manager
@ -31,6 +47,8 @@ in
  arr = nixpkgs.lib.nixosSystem {
    pkgs = pkgs "x86_64-linux";
    modules = [
      myModule
      proxmoxModule
      ./arr
      agenix.nixosModules.default
    ];
--- a/modules/services/download-pod.nix
+++ b/modules/services/download-pod.nix
@ -1,25 +1,66 @@
-{
+{ config
-  config,
+, pkgs
-  pkgs,
+, lib
-  lib,
+, ...
  ...
 }:
 with lib;
 let
  cfg = config.my.services.download-pod;
  containers = {
-    webserver = {
+
    jackett = {
      enable = true;
-      image = "nginx";
+      image = "linuxserver/jackett";
      autoStart = true;
      extraOptions = [ "--pod=download" ];
      volumes = [
-        "aaa:/config"
+        "jackett_config:/config"
-        "bbb:/data"
+        "jackett_data:/data"
      ];
    };
-    postgres = {
+    radarr = {
      enable = true;
      image = "linuxserver/radarr";
      autoStart = true;
      extraOptions = [ "--pod=download" ];
      volumes = [
        "radarr_config:/config"
        "radarr_data:/data"
      ];
    };
    sabnzbd = {
      enable = false;
-      image = "postgres:13";
+      image = "linuxserver/sabnzbd";
      autoStart = true;
      extraOptions = [ "--pod=download" ];
      volumes = [
        "sabnzbd_config:/config"
        "sabnzbd_data:/data"
      ];
    };
    sonarr = {
      enable = false;
      image = "linuxserver/sonarr";
      autoStart = true;
      extraOptions = [ "--pod=download" ];
      volumes = [
        "sonarr_config:/config"
        "sonarr_data:/data"
      ];
    };
    prowlarr = {
      enable = true;
      image = "linuxserver/prowlarr";
      autoStart = true;
      # extraOptions = [ "--pod=download" ];
      volumes = [ "prowlarr_config:/config" ];
    };
  };
@ -60,11 +101,14 @@ in
  config = lib.mkIf cfg.enable {
    my.virtualisation.podmanPods = {
-      mywebapp = {
+      download = {
-        name = "mywebapp";
+        name = "download";
        ports = [
-          "9090:80"
+          "7878:7878" # : Radarr
-          "9443:443"
+          # "8080:8080" # : Sabnzbd
          "8989:8989" # : Sonarr
          "9117:9117" # : Jackett
          "9696:9696" # : Prowlarr
        ];
        containers = enabledContainers containers;
      };
--- a/modules/utils/commons.nix
+++ b/modules/utils/commons.nix
@ -37,7 +37,5 @@ in
      };
    };
    nixpkgs.config.allowUnfree = true;
  };
 }
--- a/modules/utils/server-node-users.nix
+++ b/modules/utils/server-node-users.nix
@ -1,11 +1,27 @@
-{
+{ lib
-  lib,
+, config
-  config,
+, pkgs
-  pkgs,
+, ...
  ...
 }:
 let
  cfg = config.my.utils.serverNodeUsers;
  gitlabUsername = "pazpi";
  sshKeys =
    let
      localKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
        # Add more local keys as needed
      ];
      gitlabKeys = pkgs.lib.splitString "\n" (
        builtins.readFile (
          pkgs.fetchurl {
            url = "https://gitlab.com/${gitlabUsername}.keys";
            sha256 = "tHC4DBRO8mXBLFBqGiZlgyY5Pzpl4AMeURCni6H7IjI=";
          }
        )
      );
    in
    localKeys ++ gitlabKeys;
 in
 {
  options.my.utils.serverNodeUsers = {
@ -24,6 +40,7 @@ in
      users.root = {
        hashedPassword = "!";
        openssh.authorizedKeys.keys = sshKeys;
      };
      users.pazpi = {
@ -31,9 +48,7 @@ in
        hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1";
        shell = pkgs.bash;
        extraGroups = [ "wheel" ];
-        openssh.authorizedKeys.keys = [
+        openssh.authorizedKeys.keys = sshKeys;
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef"
        ];
      };
    };