Compare commits

..

No commits in common. "7f55c13245d4549ef8a3acad670a0facc80985fb" and "06195facf3e3230ba04fb6055686b6a223a8f308" have entirely different histories.

7 changed files with 69 additions and 9 deletions

View file

@ -69,6 +69,8 @@
self.nixosModules.base
./droppie
self.nixosModules.yule
self.nixosModules.acme
self.nixosModules.proxy
self.nixosModules.persistence
];
};

View file

@ -20,7 +20,6 @@ in {
boot.kernelParams = [
"boot.shell_on_fail=1"
"nomodeset"
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none"
];

View file

@ -5,5 +5,7 @@
./networking.nix
./backup-autostop.nix
./nginx.nix
./jellyfin.nix
];
}

View file

@ -13,16 +13,16 @@
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.initrd.kernelModules = ["dm-snapshot" "amdgpu"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.luks.devices = {
"cryptroot" = {
device = "/dev/disk/by-uuid/08330ff9-581a-41e1-b8fa-757dc4c90b16";
device = "/dev/sdb2";
allowDiscards = true;
};
"cryptdata".device = "/dev/disk/by-uuid/bc9f00ea-027e-409b-87c9-ab5628683378";
"cryptdata".device = "/dev/sda1";
};
fileSystems."/" = {
@ -51,11 +51,10 @@
device = "/dev/disk/by-uuid/991E-79C1";
fsType = "vfat";
neededForBoot = true;
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/data" = {
device = "/dev/disk/by-uuid/391db8c4-5654-4a5c-a5c8-e34811f54786";
device = "/dev/disk/by-uuid/5fc34ef4-207b-45fb-b846-dbb01080d9fe";
fsType = "ext4";
};

View file

@ -0,0 +1,44 @@
{
flake,
config,
pkgs,
lib,
...
}: {
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
services.jellyfin = {
enable = true;
openFirewall = false;
};
# from https://jellyfin.org/docs/general/networking/index.html
networking.firewall.allowedUDPPorts = [1900 7359];
security.acme.certs = {
"media.b12f.io" = {};
};
services.nginx.virtualHosts = {
"media.b12f.io" = {
forceSSL = true;
useACMEHost = "media.b12f.io";
locations."/".proxyPass = "http://127.0.0.1:8096";
};
};
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
}

15
hosts/droppie/nginx.nix Normal file
View file

@ -0,0 +1,15 @@
{
flake,
config,
pkgs,
lib,
...
}: {
services.nginx = {
defaultListenAddresses = [
"192.168.178.3"
"10.13.12.3"
"[fd00:b12f:acab:1312:acab:3::]"
];
};
}

View file

@ -33,9 +33,8 @@ in {
extraConfig = ''
IdentitiesOnly yes
IdentityFile /home/${psCfg.user.name}/.ssh/id_yubi_gpg.pub
IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_mezza
IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-464
IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-485
IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-464.pub
IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-485.pub
'';
matchBlocks = {
"git.pub.solar" = {