all/voyager: update to nixos 24.05

voyager: update to nextcloud29
voyager: remove transmission
2025-01-15 06:24:48 +01:00 · 2024-05-31 22:19:23 +02:00 · 2024-05-31 21:54:34 +02:00 · 2024-05-31 20:33:12 +02:00 · 2024-05-31 19:25:39 +02:00
6 changed files with 56 additions and 142 deletions
--- a/flake.lock
+++ b/flake.lock
@ -41,16 +41,16 @@
        ]
      },
      "locked": {
-        "lastModified": 1706981411,
-        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
+        "lastModified": 1716736833,
+        "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
+        "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-23.11",
+        "ref": "release-24.05",
        "repo": "home-manager",
        "type": "github"
      }
@ -163,16 +163,16 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1710695816,
-        "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
+        "lastModified": 1717144377,
+        "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
+        "rev": "805a384895c696f802a9bf5bf4720f37385df547",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-23.11",
+        "ref": "nixos-24.05",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -243,11 +243,11 @@
    },
    "voyager-addons": {
      "locked": {
-        "lastModified": 1707399193,
-        "narHash": "sha256-Q570CBu01ufGMitMQVAgsKoQ7zMEDwqDtqKJ1kyeUjQ=",
+        "lastModified": 1717176924,
+        "narHash": "sha256-pYq/v0RNwHshSZf2OeH3P6Aa4/zHGDAJq7Z2Ah9i700=",
        "ref": "refs/heads/main",
-        "rev": "3d04b4ec9c40948693f4efe919413cce9265bae7",
-        "revCount": 4,
+        "rev": "15f32cc6b828c56cb6a954de0096b81f291100d9",
+        "revCount": 8,
        "type": "git",
        "url": "file:///home/felixalb/voyager-addons"
      },
--- a/flake.nix
+++ b/flake.nix
@ -2,13 +2,13 @@
  description = "Felixalb System flake";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
    unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

    nix-darwin.url = "github:lnl7/nix-darwin/master";
    nix-darwin.inputs.nixpkgs.follows = "nixpkgs";

-    home-manager.url = "github:nix-community/home-manager/release-23.11";
+    home-manager.url = "github:nix-community/home-manager/release-24.05";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";

    matrix-synapse-next.url = "github:dali99/nixos-matrix-modules";
--- a/hosts/voyager/configuration.nix
+++ b/hosts/voyager/configuration.nix
@ -21,7 +21,6 @@
      ./services/postgres.nix
      ./services/snappymail.nix
      ./services/timemachine.nix
-      ./services/transmission.nix
  ];

  networking = {
--- a/hosts/voyager/services/jellyfin.nix
+++ b/hosts/voyager/services/jellyfin.nix
@ -1,61 +1,49 @@
 { config, pkgs, lib, ... }:
-let
-  domainName = "jellyfin.home.feal.no";
-in {
+
+{
  # Jellyfin - Media Streaming platform
  services.jellyfin.enable = true;
+
  users.users.${config.services.jellyfin.user}.extraGroups = [ "video" "render" ];
+
  systemd.services.jellyfin.serviceConfig = {
    DeviceAllow = lib.mkForce [ "/dev/dri/card0" ];
  };

-  services.nginx.virtualHosts."${domainName}" = {
+  services.nginx.virtualHosts."jellyfin.home.feal.no" = {
    serverAliases = [ "jf.feal.no" ];
-    extraConfig = ''
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Content-Type-Options "nosniff";
-    location = / {
-        return 302 http://$host/web/;
-        #return 302 https://$host/web/;
-    }
-    location / {
-        # Proxy main Jellyfin traffic
-        proxy_pass http://127.0.0.1:8096;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Protocol $scheme;
-        proxy_set_header X-Forwarded-Host $http_host;
-        # Disable buffering when the nginx proxy gets very resource heavy upon streaming
-        proxy_buffering off;
-    }
-    # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
-    location = /web/ {
-        # Proxy main Jellyfin traffic
-        proxy_pass http://127.0.0.1:8096/web/index.html;
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Protocol $scheme;
-        proxy_set_header X-Forwarded-Host $http_host;
-    }
-    location /socket {
-        # Proxy Jellyfin Websockets traffic
-        proxy_pass http://127.0.0.1:8096;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Protocol $scheme;
-        proxy_set_header X-Forwarded-Host $http_host;
-    }
-        '';
+    locations = {
+      "= /" = {
+        return = "302 http://$host/web/";
+      };

+      "/" = {
+        proxyPass = "http://127.0.0.1:8096";
+        extraConfig = ''
+          proxy_buffering off;
+        '';
+      };
+
+      "/socket" = {
+        proxyPass = "http://127.0.0.1:8096";
+        proxyWebsockets = true;
+      };
+    };
+
+    extraConfig = ''
+      add_header X-XSS-Protection "1; mode=block";
+      add_header X-Content-Type-Options "nosniff";
+      add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
+    '';
+  };
+
+  fileSystems."/tank/media/jellyfin/Music" = {
+    depends = [
+      "/tank/media/music"
+      "/tank/media/jellyfin"
+    ];
+    options = [ "bind" ];
+    device = "/tank/media/music";
  };
 }

--- a/hosts/voyager/services/nextcloud.nix
+++ b/hosts/voyager/services/nextcloud.nix
@ -5,7 +5,7 @@ let
 in {
  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud28;
+    package = pkgs.nextcloud29;
    inherit hostName;
    home = "/var/lib/nextcloud";
    https = true;
@ -18,8 +18,11 @@ in {
      dbname = "nextcloud";
      adminuser = "ncadmin";
      adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
-      trustedProxies = [ "192.168.10.175" ]; # defiant
-      defaultPhoneRegion = "NO";
+    };
+
+    settings = {
+      trusted_proxies = [ "192.168.10.175" ]; # defiant
+      default_phone_region = "NO";
    };

    phpOptions = {
--- a/hosts/voyager/services/transmission.nix
+++ b/hosts/voyager/services/transmission.nix
@ -1,76 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  host = "127.0.1.2";
-  port = "5003";
-  uid = config.ids.uids.transmission;
-  gid = config.ids.gids.transmission;
-in {
-  sops.secrets."transmission/vpncreds" = {
-    owner = "transmission";
-    group = "transmission";
-  };
-
-  users.users.transmission = {
-    inherit uid;
-    group = "transmission";
-    isSystemUser = true;
-    useDefaultShell = true;
-    description = "Transmission torrent service";
-  };
-
-  users.groups.transmission = {
-    inherit gid;
-  };
-
-  # Transmission+PIA: Torrent client, Integrated VPN, Web interface
-  virtualisation.oci-containers.containers.transmission = {
-    image = "haugene/transmission-openvpn";
-    ports = [ "${host}:${port}:9091" ];
-    volumes = [
-      "/var/lib/transmission/config:/config"
-      "/tank/media/transmission:/data"
-    ];
-    environment = {
-      OPENVPN_PROVIDER = "PIA";
-      OPENVPN_CONFIG = "sweden,norway,de_frankfurt";
-      LOCAL_NETWORK = "192.168.10.0/24";
-      TRANSMISSION_WEB_UI = "flood-for-transmission";
-      PUID = toString uid;
-      PGID = toString gid;
-    };
-    environmentFiles = [
-      # OPENVPN_USERNAME and password is set here
-      # and optionally TRANSMISSION_RPC_USERNAME and password
-      config.sops.secrets."transmission/vpncreds".path
-    ];
-    extraOptions = [
-      /* "--cap-add=net_admin,net_raw,mknod" */
-      "--cap-add=NET_ADMIN"
-      "--device=/dev/net/tun"
-    ];
-  };
-  services.nginx.virtualHosts."transmission.home.feal.no" = {
-    locations."/" = {
-      proxyPass = "http://${host}:${port}";
-    };
-  };
-
-  fileSystems = {
-    "/tank/media/transmission/jellyfin" = {
-      device = "/tank/media/jellyfin";
-      options = [ "bind" ];
-    };
-    "/tank/media/transmission/music" = {
-      device = "/tank/media/music";
-      options = [ "bind" ];
-    };
-    "/tank/media/transmission/inbox" = {
-      device = "/tank/inbox";
-      options = [ "bind" ];
-    };
-    "/tank/media/transmission/other" = {
-      device = "/tank/media/other";
-      options = [ "bind" ];
-    };
-  };
-}
Author	SHA1	Message	Date
Felix Albrigtsen	1ade601ce9	all/voyager: update to nixos 24.05	2024-05-31 22:19:23 +02:00
Felix Albrigtsen	f2dd1c21e6	voyager: update to nextcloud29	2024-05-31 21:54:34 +02:00
Felix Albrigtsen	9b871249e2	voyager: remove transmission	2024-05-31 20:33:12 +02:00
Felix Albrigtsen	a0c24ff7c3	voyager: cleanup jellyfin config	2024-05-31 19:25:39 +02:00