adriangl
/
nix-dotfiles
mirror of https://github.com/adrlau/nix-dotfiles.git
1
2
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: adriangl:ca1e3458623985be2e298acf303f8e1d2b7769f8
Branches Tags
adriangl:main
adriangl:sway-fixes
..
compare: adriangl:4a3718a8069f7a7720ec875d62a10b2efba4299d
Branches Tags
adriangl:main
adriangl:sway-fixes

No commits in common. "ca1e3458623985be2e298acf303f8e1d2b7769f8" and "4a3718a8069f7a7720ec875d62a10b2efba4299d" have entirely different histories.
ca1e345862 ... 4a3718a806

13 changed files with 661 additions and 114 deletions
Show Stats Expand all files Collapse all files

15
flake.nix
View File

@ -34,7 +34,7 @@
# aragon = nixpkgs.lib.nixosSystem { # aragon = nixpkgs.lib.nixosSystem {
# system = "x83_64-linux"; # system = "x86_64-linux";
# specialArgs = { # specialArgs = {
# inherit inputs; # inherit inputs;
# }; # };
@ -53,19 +53,6 @@
# }; # };
aragon = nixpkgs.lib.nixosSystem {
system = "x84_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
# Overlays-module makes "pkgs.unstable" available in configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./machines/aragon/configuration.nix
sops-nix.nixosModules.sops
];
};
galadriel = nixpkgs.lib.nixosSystem { galadriel = nixpkgs.lib.nixosSystem {

5
home/code.nix
View File

@ -1,7 +1,8 @@
{pkgs, lib, ...}: {pkgs, lib, ...}:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{ {
unstable.config.allowUnfree = true;
home-manager.users.gunalx = { home-manager.users.gunalx = {
#vscode with home manager #vscode with home manager
programs.vscode = { programs.vscode = {

5
home/home.nix
View File

@ -1,4 +1,7 @@
{ config, pkgs, home-manager, ... }: { config, pkgs, ... }:
let
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-23.11.tar.gz";
in
{ {
imports = [ imports = [
(import "${home-manager}/nixos") (import "${home-manager}/nixos")

15
machines/aragon/code.nix Normal file
View File

@ -0,0 +1,15 @@
{pkgs, lib, ...}:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
home-manager.users.gunalx = {
#vscode with home manager
programs.vscode = {
enable = true;
enableUpdateCheck = false;
package = unstable.vscode-fhs;
};
};
}

59
machines/aragon/configuration.nix
View File

@ -3,23 +3,18 @@
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
#profiles
../../profiles/base.nix
#home manager #home manager
#../../home/home.nix ./home.nix
#customised applications #customised applications
../../home/steam.nix ./steam.nix
../../services/podman.nix ./podman.nix
]; ];
# Bootloader. # Bootloader.
@ -74,7 +69,7 @@
xkbVariant = ""; xkbVariant = "";
}; };
fonts.packages = with pkgs; [ fonts.fonts = with pkgs; [
noto-fonts noto-fonts
noto-fonts-cjk noto-fonts-cjk
noto-fonts-emoji noto-fonts-emoji
@ -102,12 +97,11 @@ fonts.packages = with pkgs; [
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
# If you want to use JACK applications, uncomment this # If you want to use JACK applications, uncomment this
jack.enable = true; #jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default, # use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now) # no need to redefine it in your config for now)
#media-session.enable = true; #media-session.enable = true;
}; };
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
@ -119,15 +113,15 @@ fonts.packages = with pkgs; [
description = "Adrian Gunnar Lauterer"; description = "Adrian Gunnar Lauterer";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [ packages = with pkgs; [
firefox firefox
kate kate
unstable.ollama
python310 python310
python310Packages.scipy python310Packages.scipy
python310Packages.sympy python310Packages.sympy
python310Packages.numpy python310Packages.numpy
python310Packages.matplotlib python310Packages.matplotlib
python310Packages.torchWithRocm python310Packages.torch
python310Packages.torchvision python310Packages.torchvision
gcc gcc
gpp gpp
@ -135,24 +129,11 @@ fonts.packages = with pkgs; [
rustup rustup
rustc rustc
cargo cargo
etcher
rpi-imager
minecraft
prismlauncher
hmcl
appimage-run
#unstable.alvr
easyeffects
]; ];
}; };
#allow electron 19 becasue of etcher
nixpkgs.config.permittedInsecurePackages = [
"electron-19.1.9"
];
# Allow unfree packages # Allow unfree packages
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -174,19 +155,15 @@ fonts.packages = with pkgs; [
python310Packages.sympy python310Packages.sympy
python310Packages.numpy python310Packages.numpy
python310Packages.matplotlib python310Packages.matplotlib
#python310Packages.torch python310Packages.torch
python310Packages.torchvision python310Packages.torchvision
python310Packages.torchWithRocm
gcc gcc
gpp gpp
gdb cmake
cmake
rustup rustup
rustc rustc
cargo cargo
cura cura
prusa-slicer
openscad
htop htop
killall killall
docker-compose docker-compose
@ -218,12 +195,10 @@ fonts.packages = with pkgs; [
services.udev.extraRules = '' services.udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled" ACTION=="add", SUBSYSTEM=="pci", DRIVER=="pcieport", ATTR{power/wakeup}="disabled"
''; '';
# systemd.targets.sleep.enable = false;
#comment out to enable sleep. Uncommented over vacations # systemd.targets.suspend.enable = false;
# systemd.targets.sleep.enable = false; # systemd.targets.hibernate.enable = false;
# systemd.targets.suspend.enable = false; # systemd.targets.hybrid-sleep.enable = false;
# systemd.targets.hibernate.enable = false;
# systemd.targets.hybrid-sleep.enable = false;
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
@ -243,7 +218,7 @@ fonts.packages = with pkgs; [
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
networking.firewall.enable = false; # networking.firewall.enable = false;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

20
machines/aragon/hardware-configuration.nix
View File

@ -9,30 +9,12 @@
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
#boot.initrd.kernelModules = ["amdgou" ];
boot.initrd.kernelModules = ["amdgpu" ]; boot.initrd.kernelModules = ["amdgpu" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
services.xserver.videoDrivers = [ "amdgpu" ];
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
hardware.opengl.extraPackages = with pkgs; [
rocmPackages.clr.icd
#amdvlk
libva-utils
];
#hardware.opengl.extraPackages32 = with pkgs; [
# driversi686Linux.amdvlk
#];
hardware.opengl.driSupport = true; # This is already enabled by default
hardware.opengl.driSupport32Bit = true; # For 32 bit applications
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/8ab16ad5-08d2-44f9-a9e4-2e6240bfd8f8"; { device = "/dev/disk/by-uuid/8ab16ad5-08d2-44f9-a9e4-2e6240bfd8f8";
fsType = "ext4"; fsType = "ext4";

18
machines/aragon/home.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, pkgs, ... }:
let
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz";
in
{
imports = [
(import "${home-manager}/nixos")
./code.nix
];
home-manager.users.gunalx = {
/* The home.stateVersion option does not have a default and must be set */
home.stateVersion = "23.05";
/* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */
};
}

11
machines/aragon/podman.nix Normal file
View File

@ -0,0 +1,11 @@
{
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true ;
autoPrune.flags = ["--all"];
autoPrune.enable = true;
};
}

6
home/steam.nix → machines/aragon/steam.nix
View File

@ -15,12 +15,6 @@
environment.systemPackages = [ environment.systemPackages = [
pkgs.steam-run pkgs.steam-run
pkgs.unstable.alvr
pkgs.openvr
pkgs.openhmd
pkgs.sidequest
pkgs.mplayer
pkgs.appimage-run
]; ];

481
modules/qbittorrent-nox.nix Normal file
View File

@ -0,0 +1,481 @@
{ config, lib, pkgs, options, ... }:
let
cfg = config.services.qbittorrent-nox;
path = "/var/lib/qbittorrent";
cfgPath = "${path}/.config/qBittorrent/qBittorrent.conf";
configurationFile = pkgs.writeText "qbittorrent-nox.conf" ''
[Application]
FileLogger\Age=${toString cfg.Filelogger.age}
FileLogger\AgeType=${toString cfg.Filelogger.ageType}
FileLogger\Backup=${toString cfg.Filelogger.backup}
FileLogger\DeleteOld=${toString cfg.Filelogger.deleteOld}
FileLogger\Enabled=${toString cfg.Filelogger.enable}
FileLogger\MaxSizeBytes=${toString cfg.Filelogger.maxSizeBytes}
FileLogger\Path=${cfg.Filelogger.path}
MemoryWorkingSetLimit=${toString cfg.MemoryWorkingSetLimit}
[BitTorrent]
Session\AddExtensionToIncompleteFiles=${toString cfg.AddExtensionToIncompleteFiles}
Session\AlternativeGlobalDLSpeedLimit=${toString cfg.AlternativeGlobalDLSpeedLimit}
Session\AlternativeGlobalUPSpeedLimit=${toString cfg.AlternativeGlobalUPSpeedLimit}
Session\AnonymousModeEnabled=${toString cfg.AnonymousModeEnabled}
Session\BTProtocol=${cfg.BTProtocol}
Session\BandwidthSchedulerEnabled=${toString cfg.BandwidthSchedulerEnabled}
Session\DefaultSavePath=${cfg.DefaultSavePath}
Session\Encryption=${toString cfg.Encryption }
Session\ExcludedFileNames=${cfg.ExcludedFileNames}
Session\FinishedTorrentExportDirectory=${cfg.FinishedTorrentExportDirectory}
Session\GlobalDLSpeedLimit=${toString cfg.GlobalDLSpeedLimit}
Session\GlobalMaxRatio=${toString cfg.GlobalMaxRatio}
Session\GlobalUPSpeedLimit=${toString cfg.GlobalUPSpeedLimit}
Session\I2P\Enabled=${toString cfg.I2PEnabled}
Session\IgnoreLimitsOnLAN=${toString cfg.IgnoreLimitsOnLAN}
Session\IncludeOverheadInLimits=${toString cfg.IncludeOverheadInLimits}
Session\Interface=${cfg.Interface}
Session\InterfaceAddress=${cfg.InterfaceAddress}
Session\InterfaceName=${cfg.InterfaceName}
Session\LSDEnabled=${toString cfg.LSDEnabled}
Session\MaxActiveCheckingTorrents=${toString cfg.MaxActiveCheckingTorrents}
Session\MaxRatioAction=${toString cfg.MaxRatioAction}
Session\Port=${toString cfg.Port}
Session\Preallocation=${toString cfg.Preallocation}
Session\QueueingSystemEnabled=${toString cfg.QueueingSystemEnabled}
Session\SubcategoriesEnabled=${toString cfg.SubcategoriesEnabled}
Session\Tags=${cfg.Tags}
Session\TempPath=${cfg.TempPath}
Session\TempPathEnabled=${toString cfg.TempPathEnabled}
Session\TorrentExportDirectory=${cfg.TorrentExportDirectory}
Session\UseAlternativeGlobalSpeedLimit=${toString cfg.UseAlternativeGlobalSpeedLimit}
[Core]
AutoDeleteAddedTorrentFile=${cfg.AutoDeleteAddedTorrentFile}
[LegalNotice]
Accepted=${toString cfg.Accepted}
[Meta]
MigrationVersion=${toString cfg.MigrationVersion}
[Network]
PortForwardingEnabled=${toString cfg.PortForwardingEnabled}
[Preferences]
General\Locale=${cfg.GeneralLocale}
MailNotification\req_auth=${toString cfg.MailNotificationReqAuth}
Scheduler\days=${cfg.SchedulerDays}
Scheduler\end_time=${cfg.SchedulerEndTime}
WebUI\AuthSubnetWhitelist=${cfg.WebUIAuthSubnetWhitelist}
WebUI\AuthSubnetWhitelistEnabled=${toString cfg.WebUIAuthSubnetWhitelistEnabled}
WebUI\Port=${toString cfg.WebUIPort}
WebUI\UseUPnP=${toString cfg.WebUIUseUPnP}
[RSS]
AutoDownloader\DownloadRepacks=${toString cfg.AutoDownloaderDownloadRepacks}
AutoDownloader\EnableProcessing=${toString cfg.AutoDownloaderEnableProcessing}
AutoDownloader\SmartEpisodeFilter=${cfg.AutoDownloaderSmartEpisodeFilter}
Session\EnableProcessing=${toString cfg.SessionEnableProcessing}
'';
in
{
options.services.qbittorrent-nox = {
enable = lib.mkEnableOption {
default = false;
description = "Enable qbittorrent-nox service.";
};
openFirewall = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to open the qbittorrent-nox port in the firewall.";
};
user = lib.mkOption {
type = lib.types.str;
default = "qbittorrent";
description = "User to run qbittorrent-nox as.";
};
group = lib.mkOption {
type = lib.types.str;
default = "qbittorrent";
description = "Group to run qbittorrent-nox as.";
};
# FileLogger
Filelogger.enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable the file logger.";
};
Filelogger.age = lib.mkOption {
type = lib.types.int;
default = 1;
description = "Age of the log file.";
};
Filelogger.ageType = lib.mkOption {
type = lib.types.int;
default = 1;
description = "Age type of the log file.";
};
Filelogger.backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to backup the log file.";
};
Filelogger.deleteOld = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to delete old log files.";
};
Filelogger.maxSizeBytes = lib.mkOption {
type = lib.types.int;
default = 66560;
description = "Max size of the log file in bytes.";
};
Filelogger.path = lib.mkOption {
type = lib.types.str;
default = "${path}/.qbittorrent/logs";
description = "Path to the log file.";
};
MemoryWorkingSetLimit = lib.mkOption {
type = lib.types.int;
default = 8192;
description = "Memory working set limit.";
};
# BitTorrent
AddExtensionToIncompleteFiles = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Add extension to incomplete files.";
};
AlternativeGlobalDLSpeedLimit = lib.mkOption {
type = lib.types.int;
default = 1000;
description = "Alternative global download speed limit.";
};
AlternativeGlobalUPSpeedLimit = lib.mkOption {
type = lib.types.int;
default = 1000;
description = "Alternative global upload speed limit.";
};
AnonymousModeEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable anonymous mode.";
};
BTProtocol = lib.mkOption {
type = lib.types.str;
default = "Both";
description = "BitTorrent protocol.";
};
BandwidthSchedulerEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable bandwidth scheduler.";
};
DefaultSavePath = lib.mkOption {
type = lib.types.str;
default = "${path}";
description = "Default save path.";
};
Encryption = lib.mkOption {
type = lib.types.int;
default = 1;
example = "0";
description = "Enable encryption.";
};
ExcludedFileNames = lib.mkOption {
type = lib.types.str;
default = "";
description = "Excluded file names.";
};
FinishedTorrentExportDirectory = lib.mkOption {
type = lib.types.str;
default = "${path}";
description = "Finished torrent export directory.";
};
GlobalDLSpeedLimit = lib.mkOption {
type = lib.types.int;
default = 0;
description = "Global download speed limit.";
};
GlobalMaxRatio = lib.mkOption {
type = lib.types.float;
default = 0;
description = "Global max ratio.";
};
GlobalUPSpeedLimit = lib.mkOption {
type = lib.types.int;
default = 0;
description = "Global upload speed limit.";
};
I2PEnabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable I2P.";
};
IgnoreLimitsOnLAN = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Ignore limits on LAN.";
};
IncludeOverheadInLimits = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Include overhead in limits.";
};
Interface = lib.mkOption {
type = lib.types.str;
default = "";
example = "tun0";
description = "Interface.";
};
InterfaceAddress = lib.mkOption {
type = lib.types.str;
example = "";
default = "10.0.0.0";
description = "Interface address.";
};
InterfaceName = lib.mkOption {
type = lib.types.str;
default = "";
example = "tun0";
description = "Interface name.";
};
LSDEnabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable LSD.";
};
MaxActiveCheckingTorrents = lib.mkOption {
type = lib.types.int;
default = 15;
description = "Max active checking torrents.";
};
MaxRatioAction = lib.mkOption {
type = lib.types.int;
default = 1;
description = "Max ratio action.";
};
Port = lib.mkOption {
type = lib.types.int;
default = 4132;
description = "Port for bittorrent";
};
Preallocation = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Preallocation of storage.";
};
QueueingSystemEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable queueing system.";
};
SubcategoriesEnabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable subcategories.";
};
Tags = lib.mkOption {
type = lib.types.str;
default = "";
description = "Tags";
};
TempPath = lib.mkOption {
type = lib.types.str;
default = "${path}/temp";
description = "Temporary path.";
};
TempPathEnabled = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable temporary path.";
};
TorrentExportDirectory = lib.mkOption {
type = lib.types.str;
default = "${path}/torrents";
description = "Torrent export directory.";
};
UseAlternativeGlobalSpeedLimit = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Use alternative global speed limit.";
};
# Core
AutoDeleteAddedTorrentFile = lib.mkOption {
type = lib.types.str;
default = "Never";
description = "Auto delete added torrent file.";
};
# LegalNotice
Accepted = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Accepted legal notice.";
};
# Meta
MigrationVersion = lib.mkOption {
type = lib.types.int;
default = 6;
description = "Migration version.";
};
# Network
PortForwardingEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable port forwarding.";
};
# Preferences
GeneralLocale = lib.mkOption {
type = lib.types.str;
default = "en";
description = "General locale.";
};
MailNotificationReqAuth = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Mail notification requires authentication.";
};
SchedulerDays = lib.mkOption {
type = lib.types.str;
default = "Weekday";
description = "Scheduler days.";
};
SchedulerEndTime = lib.mkOption {
type = lib.types.str;
default = "@Variant(\\0\\0\\0\\xf\\x5%q\\xa0)";
description = "Scheduler end time.";
};
WebUIAuthSubnetWhitelist = lib.mkOption {
type = lib.types.str;
default = "";
example = "192.168.1.0/24, 10.0.0.0/24";
description = "WebUI auth subnet whitelist.";
};
WebUIAuthSubnetWhitelistEnabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "WebUI auth subnet whitelist enabled.";
};
WebUIPort = lib.mkOption {
type = lib.types.int;
default = 8080;
description = "WebUI port.";
};
WebUIUseUPnP = lib.mkOption {
type = lib.types.bool;
default = false;
description = "WebUI use UPnP.";
};
# RSS
AutoDownloaderDownloadRepacks = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Auto downloader download repacks.";
};
AutoDownloaderEnableProcessing = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Auto downloader enable processing.";
};
AutoDownloaderSmartEpisodeFilter = lib.mkOption {
type = lib.types.str;
default = "s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
example = "s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
description = "Auto downloader smart episode filter.";
};
SessionEnableProcessing = lib.mkOption {
type = lib.types.bool;
default = false;
description = "RSS Session enable processing.";
};
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.Port cfg.WebUIPort ];
networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ cfg.Port cfg.WebUIPort];
users.users = lib.mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
isNormalUser = true;
home = path;
group = cfg.group;
};
};
users.groups = lib.mkIf (cfg.group == "qbittorrent") {
qbittorrent = {};
};
systemd.services."qbittorrent-nox" ={
serviceConfig = {
#create the configuration file from string using echo
ExecStartPre = "${pkgs.coreutils}/bin/cat ${configurationFile}";
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --configuration=${configurationFile}";
User = cfg.user;
Group = cfg.group;
Restart = "on-failure";
# Security options
PrivateTmp = true;
ProtectSystem = "full";
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
};
};
};
}

12
services/podman.nix
View File

@ -3,14 +3,10 @@
# Arion works with Docker, but for NixOS-based containers, you need Podman # Arion works with Docker, but for NixOS-based containers, you need Podman
# since NixOS 21.05. # since NixOS 21.05.
virtualisation.docker.enable = false; virtualisation.docker.enable = false;
virtualisation.podman = { virtualisation.podman.enable = true;
enable = true; virtualisation.podman.dockerSocket.enable = true;
dockerCompat = true; virtualisation.podman.defaultNetwork.settings = { dns_enabled = true; };
dockerSocket.enable = true ;
autoPrune.flags = ["--all"];
autoPrune.enable = true;
defaultNetwork.settings = { dns_enabled = true; };
};
# Use your username instead of `myuser`
users.extraUsers.gunalx.extraGroups = ["podman"]; users.extraUsers.gunalx.extraGroups = ["podman"];
} }

83
services/qbittorrent.nix Normal file
View File

@ -0,0 +1,83 @@
{ config, lib, pkgs, options, ... }:
let
port = 8090;
Interface = "tun0";
InterfaceAddress = "";
torrentPort = 44183;
TempPath = "/Main/Data/media/Downloads/temp";
TorrentExportPath = "/Main/Data/media/Downloads/torrents";
FinishedTorrentExportDirectory = "/Main/Data/media/Downloads/torrents-complete";
in
{
imports = [
../modules/qbittorrent-nox.nix
];
environment.systemPackages = [
pkgs.qbittorrent-nox
];
services.qbittorrent-nox = {
enable = true;
Interface = Interface;
openFirewall = true;
user = "qbittorrent";
group = "qbittorrent";
Filelogger = {
enable = true;
age = 1;
ageType = 1;
backup = true;
deleteOld = true;
maxSizeBytes = 66560;
path = "/Main/Data/media/.qbittorrent/logs";
};
MemoryWorkingSetLimit = 8192;
AddExtensionToIncompleteFiles = true;
AlternativeGlobalDLSpeedLimit = 1000;
AlternativeGlobalUPSpeedLimit = 1000;
AnonymousModeEnabled = false;
BTProtocol = "Both";
BandwidthSchedulerEnabled = false;
DefaultSavePath = TorrentExportPath;
Encryption = 1;
ExcludedFileNames = "";
FinishedTorrentExportDirectory = FinishedTorrentExportDirectory;
GlobalDLSpeedLimit = 0;
GlobalMaxRatio = 1.5;
GlobalUPSpeedLimit = 0;
I2PEnabled = true;
IgnoreLimitsOnLAN = true;
IncludeOverheadInLimits = true;
InterfaceAddress = InterfaceAddress;
InterfaceName = Interface;
LSDEnabled = true;
MaxActiveCheckingTorrents = 15;
MaxRatioAction = 1;
Port = torrentPort;
Preallocation = true;
QueueingSystemEnabled = false;
SubcategoriesEnabled = true;
Tags = "movie, anime";
TempPath = TempPath;
TempPathEnabled = true;
TorrentExportDirectory = TorrentExportPath;
UseAlternativeGlobalSpeedLimit = false;
AutoDeleteAddedTorrentFile = "Never";
Accepted = true;
MigrationVersion = 6;
PortForwardingEnabled = true;
GeneralLocale = "en";
MailNotificationReqAuth = true;
SchedulerDays = "Weekday";
SchedulerEndTime = "@Variant(\\0\\0\\0\\xf\\x5%q\\xa0)";
WebUIAuthSubnetWhitelist = "192.168.1.0/24, 100.0.0.0/8";
WebUIAuthSubnetWhitelistEnabled = true;
WebUIPort = port;
WebUIUseUPnP = false;
AutoDownloaderDownloadRepacks = true;
AutoDownloaderEnableProcessing = true;
AutoDownloaderSmartEpisodeFilter = "s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
SessionEnableProcessing = true;
};
}

43
services/torrent.nix
View File

@ -4,10 +4,9 @@ let
torrentPort = 44183; torrentPort = 44183;
savePath = "/Main/Data/media/Downloads/"; savePath = "/Main/Data/media/Downloads/";
path = "/var/lib/qbittorrent"; path = "/var/lib/qbittorrent";
interfaceAddress = pkgs.coreutils + "/bin/cat ${config.sops.secrets."qbittorrent/interfaceAddress".path}";
contentLayout = "Subfolder"; configurationFile = pkgs.writeText "qbittorrent.conf" ''
configurationFile = ''
[Application] [Application]
FileLogger\Age=1 FileLogger\Age=1
FileLogger\AgeType=1 FileLogger\AgeType=1
@ -36,7 +35,7 @@ Session\I2P\Enabled=true
Session\IgnoreLimitsOnLAN=true Session\IgnoreLimitsOnLAN=true
Session\IncludeOverheadInLimits=true Session\IncludeOverheadInLimits=true
Session\Interface=tun0 Session\Interface=tun0
Session\InterfaceAddress=${config.sops.placeholder."qbittorrent/interfaceAddress"} Session\InterfaceAddress=${interfaceAddress}
Session\InterfaceName=tun0 Session\InterfaceName=tun0
Session\LSDEnabled=true Session\LSDEnabled=true
Session\MaxActiveCheckingTorrents=15 Session\MaxActiveCheckingTorrents=15
@ -48,7 +47,6 @@ Session\SubcategoriesEnabled=true
Session\Tags=movie, anime Session\Tags=movie, anime
Session\TempPath=/Main/Data/media/Downloads/temp Session\TempPath=/Main/Data/media/Downloads/temp
Session\TempPathEnabled=true Session\TempPathEnabled=true
Session\TorrentContentLayout=${contentLayout}
Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
Session\UseAlternativeGlobalSpeedLimit=false Session\UseAlternativeGlobalSpeedLimit=false
@ -62,6 +60,7 @@ Accepted=true
MigrationVersion=6 MigrationVersion=6
[Network] [Network]
Cookies="__ddg1_=taU4w9Chkfjo3Llq2wDx; HttpOnly; expires=Sun, 09-Feb-2025 16:45:23 GMT; domain=.nyaa.si; path=/"
PortForwardingEnabled=true PortForwardingEnabled=true
[Preferences] [Preferences]
@ -89,39 +88,41 @@ in
../profiles/sops.nix ../profiles/sops.nix
]; ];
sops.secrets."qbittorrent/interfaceAddress" = {};
networking.firewall.allowedTCPPorts = [ port torrentPort]; networking.firewall.allowedTCPPorts = [ port torrentPort];
networking.firewall.allowedUDPPorts = [ port torrentPort]; networking.firewall.allowedUDPPorts = [ port torrentPort];
sops.secrets."qbittorrent/interfaceAddress" = {
};
sops.templates."qbittorrent/configuration" = {
content = configurationFile;
path = "${path}/.config/qBittorrent/qBittorrent.conf";
};
users.users.qbittorrent = { users.users.qbittorrent = {
isNormalUser = true; #make this a normal user to be able to make files isNormalUser = true; #make this a normal user to be able to make files
home = path; home = path;
group = "media"; group = "qbittorrent";
}; };
users.groups.qbittorrent = {}; users.groups.qbittorrent = {};
systemd.services."qbittorrent-nox" = { systemd.services."qbittorrent-nox" = {
after = [ "network.target" ]; after = [ "network.target" ];
wants = [ "network.target" ]; #environment.HOME = "/var/lib/qbittorrent";
wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chown -R qbittorrent:qbittorrent ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${configurationFile} ${path}/.config/qBittorrent/qBittorrent.conf'";
ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox";
User = "qbittorrent"; User = "qbittorrent";
Group = "media"; Group = "qbittorrent";
Restart = "on-failure"; Restart = "on-failure";
ProtectKernelModules = true; #DynamicUser = true;
NoNewPrivileges = true; #InaccessiblePaths = [ "/home" "/root" "/boot" "/etc" "/proc" "/sys" "/usr" "/lib" "/bin" "/sbin" "/srv" "/opt" ];
};
# Security options
#PrivateTmp = true;
#ProtectSystem = "full";
#ProtectKernelTunables = true;
#ProtectKernelModules = true;
#ProtectControlGroups = true;
#NoNewPrivileges = true;
#ProtectHome = true;
#PrivateDevices = true;
};
}; };
} }