Reformat + swap odin SSD

2022-09-01 15:11:16 +02:00 · 2022-09-01 15:11:16 +02:00 · 2f3d05a802
commit 2f3d05a802
parent 1bc27dde82
83 changed files with 1448 additions and 931 deletions
--- a/loki/configuration.nix
+++ b/loki/configuration.nix
@ -1,6 +1,5 @@
 { config, pkgs, lib, ... }:
-with lib;
-{
+with lib; {
  boot = {
    binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
    kernelPackages = pkgs.linuxPackages_5_18;
@ -34,7 +33,12 @@ with lib;

    opengl = {
      enable = true;
-      extraPackages = with pkgs; [ intel-media-driver libvdpau-va-gl vaapiIntel vaapiVdpau ];
+      extraPackages = with pkgs; [
+        intel-media-driver
+        libvdpau-va-gl
+        vaapiIntel
+        vaapiVdpau
+      ];
    };

    bluetooth.enable = true;
@ -44,13 +48,22 @@ with lib;

  programs = {
    dconf.enable = true;
-    gnupg.agent = { enable = true; enableSSHSupport = true; };
-    zsh = { enable = true; syntaxHighlighting.enable = true; };
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    zsh = {
+      enable = true;
+      syntaxHighlighting.enable = true;
+    };
  };

  networking = {
    hostName = "loki";
-    interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
+    interfaces = {
+      eno1.useDHCP = true;
+      wlp7s0.useDHCP = true;
+    };
    networkmanager.enable = true;
    useDHCP = false;
  };
@ -73,21 +86,51 @@ with lib;
        ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
      };
    };
-    bazarr = { enable = true; openFirewall = true; group = "users"; };
+    bazarr = {
+      enable = true;
+      openFirewall = true;
+      group = "users";
+    };
    blueman.enable = true;
    dbus.packages = with pkgs; [ dconf ];
-    fail2ban = { enable = true; bantime-increment.enable = true; };
+    fail2ban = {
+      enable = true;
+      bantime-increment.enable = true;
+    };
    gnome.gnome-keyring.enable = true;
-    gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; };
-    jackett = { enable = true; openFirewall = true; group = "users"; };
-    jellyfin = { enable = true; openFirewall = true; group = "users"; };
+    gvfs = {
+      enable = true;
+      package = mkForce pkgs.gnome3.gvfs;
+    };
+    jackett = {
+      enable = true;
+      openFirewall = true;
+      group = "users";
+    };
+    jellyfin = {
+      enable = true;
+      openFirewall = true;
+      group = "users";
+    };
    logind.lidSwitch = "ignore";
    # node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
-    openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; };
+    openssh = {
+      enable = true;
+      openFirewall = true;
+      permitRootLogin = "no";
+      passwordAuthentication = false;
+    };
    # plex = { enable = true; openFirewall = true; group = "users"; };
    power-profiles-daemon.enable = true;
-    radarr = { enable = true; openFirewall = true; group = "users"; };
-    samba-wsdd = { enable = true; discovery = true; };
+    radarr = {
+      enable = true;
+      openFirewall = true;
+      group = "users";
+    };
+    samba-wsdd = {
+      enable = true;
+      discovery = true;
+    };
    samba = {
      enable = true;
      enableNmbd = true;
@ -156,8 +199,15 @@ with lib;
          };
        };
    };
-    smartd = { enable = true; notifications.x11.enable = true; };
-    sonarr = { enable = true; openFirewall = true; group = "users"; };
+    smartd = {
+      enable = true;
+      notifications.x11.enable = true;
+    };
+    sonarr = {
+      enable = true;
+      openFirewall = true;
+      group = "users";
+    };
    thermald.enable = true;
    transmission = {
      enable = true;
@ -181,24 +231,42 @@ with lib;
      openFirewall = true;
      cameras = 3;
      hostname = "0.0.0.0";
-      database = { username = "zoneminder"; createLocally = true; };
+      database = {
+        username = "zoneminder";
+        createLocally = true;
+      };
    };

    mysql = {
      # enable = true;
-      ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }];
+      ensureUsers = [{
+        name = "bertof";
+        ensurePermissions = { "*.*" = "ALL PRIVILEGES"; };
+      }];
    };
  };

  users.users = {
    bertof = {
      isNormalUser = true;
-      extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
+      extraGroups = [
+        "audio"
+        "input"
+        "docker"
+        "libvirtd"
+        "network"
+        "networkmanager"
+        "usb"
+        "video"
+        "wheel"
+      ];
      shell = pkgs.zsh;
    };
    tiziano = {
      isNormalUser = true;
-      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k"
+      ];
    };
    jellyfin.extraGroups = [ "video" ];
  };
@ -237,7 +305,6 @@ with lib;
      };
  };

-
  systemd.packages = with pkgs; [ syncthing ];
  systemd.services =
    let
@ -246,7 +313,10 @@ with lib;
        startLimitIntervalSec = 60;
        startLimitBurst = 4;
        after = [ "network.target" ];
-        environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; };
+        environment = {
+          STNORESTART = "yes";
+          STNOUPGRADE = "yes";
+        };
        wantedBy = [ "default.target" ];
        serviceConfig = {
          Restart = "on-failure";
@ -268,18 +338,34 @@ with lib;
          RestrictNamespaces = true;
          RestrictRealtime = true;
          RestrictSUIDSGID = true;
-          CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ];
+          CapabilityBoundingSet = [
+            "~CAP_SYS_PTRACE"
+            "~CAP_SYS_ADMIN"
+            "~CAP_SETGID"
+            "~CAP_SETUID"
+            "~CAP_SETPCAP"
+            "~CAP_SYS_TIME"
+            "~CAP_KILL"
+          ];
        };
      };
    in
    {
      syncthing-bertof = recursiveUpdate common {
        description = "Syncthing service bertof";
-        serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; };
+        serviceConfig = {
+          User = "bertof";
+          ExecStart =
+            "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config";
+        };
      };
      syncthing-tiziano = recursiveUpdate common {
        description = "Syncthing service tiziano";
-        serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; };
+        serviceConfig = {
+          User = "tiziano";
+          ExecStart =
+            "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config";
+        };
      };
    };

@ -299,7 +385,8 @@ with lib;
      138 # SYNCTHING
      3702 # SAMBA-WSDD
    ];
-    extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
+    extraCommands =
+      "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
  };

  virtualisation = {
@ -312,20 +399,14 @@ with lib;
    oci-containers.containers = {
      hass = {
        image = "ghcr.io/home-assistant/home-assistant:stable";
-        environment = {
-          TZ = "Europe/Rome";
-        };
+        environment = { TZ = "Europe/Rome"; };
        extraOptions = [ "--privileged" "--network=host" "--pull=always" ];
        ports = [ "8123:8123" ];
-        volumes = [
-          "/var/lib/hass:/config"
-          "/mnt/raid0/condiviso:/media"
-        ];
+        volumes = [ "/var/lib/hass:/config" "/mnt/raid0/condiviso:/media" ];
      };
    };
  };

-
  security.sudo.extraConfig = ''
    Defaults pwfeedback
  '';