From f251a891fb44bf43e4e96d7c94a8622b526c2854 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Sat, 23 Sep 2023 16:36:53 +0200 Subject: [PATCH] frumar: split out home-automation and media --- nixos/machines/frumar/default.nix | 126 +--------------------- nixos/machines/frumar/home-automation.nix | 71 ++++++++++++ nixos/machines/frumar/media.nix | 44 ++++++++ nixos/machines/frumar/torrent.nix | 13 --- 4 files changed, 120 insertions(+), 134 deletions(-) create mode 100644 nixos/machines/frumar/home-automation.nix create mode 100644 nixos/machines/frumar/media.nix delete mode 100644 nixos/machines/frumar/torrent.nix diff --git a/nixos/machines/frumar/default.nix b/nixos/machines/frumar/default.nix index 8005da3..385c5f6 100644 --- a/nixos/machines/frumar/default.nix +++ b/nixos/machines/frumar/default.nix @@ -4,7 +4,8 @@ ../../roles/server.nix ../../roles/homeserver.nix ./paperless.nix - ./torrent.nix + ./media.nix + ./home-automation.nix ]; system.stateVersion = "15.09"; @@ -31,30 +32,12 @@ ''; }; }; - virtualHosts."home-assistant.yori.cc" = { - onlySSL = true; - useACMEHost = "wildcard.yori.cc"; - locations."/" = { - proxyPass = "http://[::1]:8123"; - proxyWebsockets = true; - }; - }; virtualHosts."frumar.yori.cc" = { enableACME = lib.mkForce false; inherit (config.security.y-selfsigned) sslCertificate sslCertificateKey; }; }; boot.supportedFilesystems = [ "zfs" ]; - services.yorick.torrent-vpn = { - enable = true; - name = "mullvad-nl4"; - namespace = "torrent"; - }; - services.plex = { - enable = true; - openFirewall = true; - }; - systemd.services.plex.after = [ "data-plexmedia.mount" ]; services.iperf3 = { enable = true; openFirewall = true; @@ -128,7 +111,7 @@ settings = { server.http_addr = "0.0.0.0"; server.domain = "grafana.yori.cc"; - server.rootUrl = "https://grafana.yori.cc/"; + server.root_url = "https://grafana.yori.cc/"; "auth.basic".enabled = false; "auth.google" = { enabled = true; @@ -137,67 +120,6 @@ auth.disable_login_form = true; }; }; - services.zigbee2mqtt = { - enable = true; - settings.availability = true; - settings.device_options = { - retain = true; - legacy = false; - }; - settings.serial.port = "/dev/ttyUSB0"; - }; - services.home-assistant = { - enable = true; - openFirewall = true; - extraComponents = [ - "default_config" - "androidtv" - "esphome" - "met" - "unifi" "yeelight" "plex" "frontend" - "tado" - "automation" "device_automation" - "homewizard" - "github" "backup" - "mqtt" - "brother" - "spotify" - "yamaha_musiccast" - "ipp" - "homekit_controller" - #"unifiprotect" - ]; - config = { - media_player = [ - { - platform = "androidtv"; - host = "192.168.2.181"; - name = "shield"; - device_class = "androidtv"; - } - ]; - mobile_app = {}; - default_config = {}; - system_log = {}; - "map" = {}; - - frontend.themes = "!include_dir_merge_named themes"; - automation = "!include automations.yaml"; - homeassistant = { - name = "Home"; - latitude = "51.84"; - longitude = "5.85"; - elevation = "0"; - unit_system = "metric"; - time_zone = "Europe/Amsterdam"; - country = "NL"; - }; - http = { - use_x_forwarded_for = true; - trusted_proxies = [ "::1" ]; - }; - }; - }; age.secrets = { grafana.file = ../../../secrets/grafana.env.age; frumar-mail-pass.file = ../../../secrets/frumar-mail-pass.age; @@ -208,41 +130,9 @@ }; }; systemd.services.grafana.serviceConfig.EnvironmentFile = config.age.secrets.grafana.path; - services.zfs = { - autoScrub = { - enable = true; - interval = "*-*-01 02:00:00"; # monthly + 2 hours - }; - }; - services.samba = { - enable = false; - openFirewall = false; - shares.public = { - path = "/data/plexmedia"; - browseable = "yes"; - "guest ok" = "yes"; - "hosts allow" = "192.168.178.0/255.255.255.0"; - "writeable" = "yes"; - "force user" = "nobody"; - "force directory mode" = "2777"; - }; - }; - services.samba-wsdd = { + services.zfs.autoScrub = { enable = true; - interface = "eno1"; - hostname = "NAS"; - }; - services.sonarr = { - enable = true; - group = "plex"; - user = "plex"; - openFirewall = true; - }; - services.radarr = { - enable = true; - group = "plex"; - user = "plex"; - openFirewall = true; + interval = "*-*-01 02:00:00"; # monthly + 2 hours }; services.znapzend = { enable = true; @@ -270,9 +160,6 @@ }; }; }; - users.users.plex.packages = with pkgs; [ - ffmpeg - ]; users.users.yorick.packages = with pkgs; [ borgbackup bup @@ -281,13 +168,10 @@ magic-wormhole python3 ranger - pyrosimple - rtorrent jq mcrcon jdk17_headless unzip - yscripts.absorb ]; security.acme.certs."wildcard.yori.cc" = { domain = "*.yori.cc"; diff --git a/nixos/machines/frumar/home-automation.nix b/nixos/machines/frumar/home-automation.nix new file mode 100644 index 0000000..eb27a4f --- /dev/null +++ b/nixos/machines/frumar/home-automation.nix @@ -0,0 +1,71 @@ +{ config, pkgs, lib, ... }: { + services.nginx.virtualHosts."home-assistant.yori.cc" = { + onlySSL = true; + useACMEHost = "wildcard.yori.cc"; + locations."/" = { + proxyPass = "http://[::1]:8123"; + proxyWebsockets = true; + }; + }; + services.zigbee2mqtt = { + enable = true; + settings.availability = true; + settings.device_options = { + retain = true; + legacy = false; + }; + settings.serial.port = "/dev/ttyUSB0"; + }; + services.home-assistant = { + enable = true; + openFirewall = true; + extraComponents = [ + "default_config" + "androidtv" + "esphome" + "met" + "unifi" "yeelight" "plex" "frontend" + "tado" + "automation" "device_automation" + "homewizard" + "github" "backup" + "mqtt" + "brother" + "spotify" + "yamaha_musiccast" + "ipp" + "homekit_controller" + #"unifiprotect" + ]; + config = { + media_player = [ + { + platform = "androidtv"; + host = "192.168.2.181"; + name = "shield"; + device_class = "androidtv"; + } + ]; + mobile_app = {}; + default_config = {}; + system_log = {}; + "map" = {}; + + frontend.themes = "!include_dir_merge_named themes"; + automation = "!include automations.yaml"; + homeassistant = { + name = "Home"; + latitude = "51.84"; + longitude = "5.85"; + elevation = "0"; + unit_system = "metric"; + time_zone = "Europe/Amsterdam"; + country = "NL"; + }; + http = { + use_x_forwarded_for = true; + trusted_proxies = [ "::1" ]; + }; + }; + }; +} diff --git a/nixos/machines/frumar/media.nix b/nixos/machines/frumar/media.nix new file mode 100644 index 0000000..bd70fe2 --- /dev/null +++ b/nixos/machines/frumar/media.nix @@ -0,0 +1,44 @@ +{ config, pkgs, lib, ... }: { + users.users.torrent = { + isSystemUser = true; + createHome = false; + group = "torrent"; + home = "/torrent"; + }; + users.groups.torrent = {}; + systemd.tmpfiles.rules = [ + "d /torrent 770 torrent torrent" + ]; + users.users.yorick.extraGroups = [ "torrent" ]; + + services.yorick.torrent-vpn = { + enable = true; + name = "mullvad-nl4"; + namespace = "torrent"; + }; + services.plex = { + enable = true; + openFirewall = true; + }; + systemd.services.plex.after = [ "data-plexmedia.mount" ]; + services.sonarr = { + enable = true; + group = "plex"; + user = "plex"; + openFirewall = true; + }; + services.radarr = { + enable = true; + group = "plex"; + user = "plex"; + openFirewall = true; + }; + users.users.plex.packages = with pkgs; [ + ffmpeg + ]; + users.users.yorick.packages = with pkgs; [ + pyrosimple + rtorrent + yscripts.absorb + ]; +} diff --git a/nixos/machines/frumar/torrent.nix b/nixos/machines/frumar/torrent.nix deleted file mode 100644 index df4d80b..0000000 --- a/nixos/machines/frumar/torrent.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, lib, ... }: { - users.users.torrent = { - isSystemUser = true; - createHome = false; - group = "torrent"; - home = "/torrent"; - }; - users.groups.torrent = {}; - systemd.tmpfiles.rules = [ - "d /torrent 770 torrent torrent" - ]; - users.users.yorick.extraGroups = [ "torrent" ]; -}