materus/nixos-config
1
0
Fork 0
mirror of https://github.com/materusPL/nixos-config synced 2026-06-24 17:36:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

waffentrager: init

Browse Source
This commit is contained in:
Mateusz Słodkowicz
2026-06-24 00:06:21 +02:00
parent 29adb6e6b0
commit fb653eb0f4
30 changed files with 1325 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.nix
+12
View File
@@ -140,6 +140,11 @@
host = "valkyrie"; host = "valkyrie";
stable = true; stable = true;
}; };
waffentrager = makeSystem {
host = "waffentrager";
stable = true;
arch = "aarch64-linux";
};
}; };
homeConfigurations = { homeConfigurations = {
@@ -158,6 +163,13 @@
host = "valkyrie"; host = "valkyrie";
stable = true; stable = true;
}; };
"materus@waffentrager" = makeHome {
user = "materus";
host = "waffentrager";
arch = "aarch64-linux";
stable = true;
};
}; };
}; };
nix-config/home/materus/default.nix
-1
View File
@@ -2,7 +2,6 @@
config, config,
pkgs, pkgs,
lib, lib,
materusArgs,
... ...
}: }:
nix-config/host/materusPC/boot.nix
+1 -2
View File
@@ -1,7 +1,6 @@
{ {
pkgs, pkgs,
lib, lib,
materusArgs,
mkk, mkk,
... ...
}: }:
@@ -83,7 +82,7 @@
ssh = { ssh = {
enable = true; enable = true;
port = 22; port = 22;
authorizedKeyFiles = [ materusArgs.files.ssh-keys.materus ]; authorizedKeyFiles = [ mkk.files.ssh-keys.materus ];
hostKeys = [ hostKeys = [
"/mkk/keys/ssh_host_ed25519_key" "/mkk/keys/ssh_host_ed25519_key"
"/mkk/keys/ssh_host_rsa_key" "/mkk/keys/ssh_host_rsa_key"
nix-config/host/materusPC/configuration.nix
+2 -2
View File
@@ -6,13 +6,13 @@
config, config,
lib, lib,
pkgs, pkgs,
materusArgs, mkk,
... ...
}: }:
let let
patchedBwrap = pkgs.bubblewrap.overrideAttrs (o: { patchedBwrap = pkgs.bubblewrap.overrideAttrs (o: {
patches = (o.patches or [ ]) ++ [ patches = (o.patches or [ ]) ++ [
materusArgs.files.patches.bwrap mkk.files.patches.bwrap
]; ];
}); });
in in
nix-config/host/materusPC/home-manager/materus.nix
-1
View File
@@ -1,6 +1,5 @@
{ {
pkgs, pkgs,
materusArgs,
config, config,
lib, lib,
... ...
nix-config/host/oldie/configuration.nix
-1
View File
@@ -6,7 +6,6 @@
config, config,
lib, lib,
pkgs, pkgs,
materusArgs,
mkk, mkk,
... ...
}: }:
nix-config/host/valkyrie/default.nix
+3 -3
View File
@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ lib, pkgs, materusArgs, config, ... }: { lib, pkgs, mkk, materusArgs, config, ... }:
{ {
imports = imports =
@@ -70,10 +70,10 @@
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = [ packages = [
]; ];
openssh.authorizedKeys.keyFiles = [ "${materusArgs.files.ssh-keys.materus}" ]; openssh.authorizedKeys.keyFiles = [ "${mkk.files.ssh-keys.materus}" ];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
users.users.acme.openssh.authorizedKeys.keyFiles = [ "${materusArgs.files.ssh-keys.waffentrager}" ]; users.users.acme.openssh.authorizedKeys.keyFiles = [ "${mkk.files.ssh-keys.waffentrager}" ];
users.users.acme.shell = pkgs.scponly; users.users.acme.shell = pkgs.scponly;
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
nix-config/host/waffentrager/configuration.nix
+168
View File
@@ -0,0 +1,168 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, mkk, lib, materusArgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.firewall.allowedTCPPorts = [ 1900 ];
networking.firewall.allowedUDPPorts = [ 1900 7359];
environment.etc."current-flake".source = materusArgs.self;
nix.settings = {
experimental-features = lib.mkMerge [
[
"nix-command"
"flakes"
]
];
auto-optimise-store = true;
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE="
];
};
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
git
p7zip
unrar
bzip2
unzip
zstd
xz
zip
gzip
];
boot.tmp.useTmpfs = true;
services.xserver.enable = false;
networking.hostName = "waffentrager";
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keyFiles = [ mkk.files.ssh-keys.materus ];
hashedPasswordFile = config.sops.secrets."users/materus".path;
shell = pkgs.zsh;
};
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
nixpkgs.config.allowUnfree = true;
programs.zsh.enable = true;
system.stateVersion = "23.11"; # Did you read the comment?
}
nix-config/host/waffentrager/default.nix
+18
View File
@@ -0,0 +1,18 @@
{ config, pkgs, ... }:
{
imports = [
./configuration.nix
./private
./services
];
virtualisation.podman.autoPrune.enable = true;
virtualisation.podman.autoPrune.dates = "daily";
virtualisation.podman.defaultNetwork.settings = {
default_subnet = "10.88.0.0/16";
};
virtualisation.oci-containers.backend = "podman";
}
nix-config/host/waffentrager/hardware-configuration.nix
+52
View File
@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, materusArgs, ... }:
let
crossPkgs = import pkgs.path {
localSystem = "x86_64-linux";
crossSystem = pkgs.stdenv.hostPlatform.system;
};
rpi4-kernel =
crossPkgs.callPackage (materusArgs.inputs.nixos-hardware.outPath + "/raspberry-pi/common/kernel.nix")
{
rpiVersion = 4;
};
in
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
materusArgs.inputs.nixos-hardware.nixosModules.raspberry-pi-4
];
#boot.kernelPackages = pkgs.linuxPackagesFor materusArgs.inputs.nixos-hardware.packages.aarch64-linux.rpi4-kernel;
boot.kernelPackages = crossPkgs.linuxPackagesFor rpi4-kernel;
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernel.sysctl = {
"vm.swappiness" = 10;
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
swapDevices = [{
device = "/var/.swapfile";
size = 8 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}
nix-config/host/waffentrager/home-manager/materus.nix
+5
View File
@@ -0,0 +1,5 @@
{ config, pkgs, lib, ... }:
{
home.stateVersion = "23.11";
home.homeDirectory = "/home/materus";
}
nix-config/host/waffentrager/private/default.nix
BIN
View File
Binary file not shown.
nix-config/host/waffentrager/private/secrets.yaml
BIN
View File
Binary file not shown.
nix-config/host/waffentrager/services/auth/authelia.nix
+80
View File
@@ -0,0 +1,80 @@
{ config, pkgs, lib, mkk, ... }:
{
options.waffentragerService.auth.authelia.enable = mkk.lib.mkBoolOpt false "Enable authelia";
config =
let
cfg = config.waffentragerService.auth.authelia;
port = 9091;
in
lib.mkIf cfg.enable {
sops.secrets."authelia-storagekey" = { owner = "authelia"; };
sops.secrets."authelia-database" = { owner = "authelia"; };
sops.secrets."ldap-master" = { owner = "authelia"; };
users.users.authelia = {
group = "lldap";
isSystemUser = true;
};
services.authelia.instances.main = {
enable = true;
user = "authelia";
environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.sops.secrets."ldap-master".path;
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = config.sops.secrets."authelia-database".path;
};
secrets = {
jwtSecretFile = config.sops.secrets.jwt.path;
storageEncryptionKeyFile = config.sops.secrets."authelia-storagekey".path;
};
settings = {
access_control = {
default_policy = "one_factor";
};
authentication_backend = {
ldap.url = "ldap://127.0.0.1:3890";
ldap.implementation = "custom";
ldap.base_dn = config.services.lldap.settings.ldap_base_dn;
ldap.user = "CN=master,ou=people,DC=podkos,DC=pl";
ldap.additional_users_dn = "OU=people";
ldap.users_filter = "(&({username_attribute}={input})(objectClass=person))";
ldap.additional_groups_dn = "OU=groups";
ldap.groups_filter = "(&(member={dn})(objectClass=groupOfNames))";
};
storage = {
postgres.host = "/var/run/postgresql";
postgres.port = "5432";
postgres.database = "authelia";
postgres.username = "authelia";
};
notifier = {
disable_startup_check = false;
filesystem.filename = "/tmp/test_notification.txt";
};
session = {
name = "materus-session";
domain = "materus.pl";
};
default_redirection_url = "https://materus.pl";
server.port = port;
};
};
services.nginx.virtualHosts."gatekeeper.materus.pl" = {
forceSSL = true;
http3 = true;
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
}
nix-config/host/waffentrager/services/auth/default.nix
+13
View File
@@ -0,0 +1,13 @@
{ config, lib, pkgs, ... }:
{
imports =
[
./lldap.nix
./authelia.nix
];
config =
{
waffentragerService.auth.lldap.enable = true;
waffentragerService.auth.authelia.enable = true;
};
}
nix-config/host/waffentrager/services/auth/lldap.nix
+87
View File
@@ -0,0 +1,87 @@
{
config,
pkgs,
lib,
mkk,
...
}:
{
options.waffentragerService.auth.lldap.enable = mkk.lib.mkBoolOpt false "Enable lldap";
config =
let
cfg = config.waffentragerService.auth.lldap;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
waffentragerService.nginx.enable = true;
services.nginx.virtualHosts."mamba.podkos.pl" = {
forceSSL = true;
http3 = true;
sslTrustedCertificate = "/var/lib/mnt_acme/mamba.podkos.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/mamba.podkos.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/mamba.podkos.pl/fullchain.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:17170";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
allow ${mkk.wireguard.ip-masks.main};
allow 192.168.100.0/24;
deny all;
'';
};
};
systemd.services.lldap = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
serviceConfig = {
DynamicUser = lib.mkForce false;
WorkingDirectory = lib.mkForce config.waffentragerService.elements.lldapDir;
};
};
users.groups.lldap = { };
users.users.lldap = {
group = "lldap";
isSystemUser = true;
};
sops.secrets.jwt = {
owner = "lldap";
group = "lldap";
mode = "0440";
};
sops.secrets."lldap-database" = {
owner = "lldap";
group = "lldap";
};
services.lldap.enable = true;
services.lldap.environmentFile = config.sops.templates."lldap.env".path;
sops.templates."lldap.env" = {
content = ''
LLDAP_JWT_SECRET_FILE="${config.sops.secrets.jwt.path}"
LLDAP_DATABASE_URL="postgres://lldap:${
config.sops.placeholder."lldap-database"
}@%2Fvar%2Frun%2Fpostgresql/lldap"
'';
owner = "lldap";
group = "lldap";
};
services.lldap.silenceForceUserPassResetWarning = true;
services.lldap.settings = {
ldap_base_dn = "dc=podkos,dc=pl";
ldap_host = "127.0.0.1";
http_url = "https://mamba.podkos.pl";
ldap_user_dn = "master";
ldap_user_email = "materus@podkos.pl";
ldap_port = 3890;
key_seed = mkk.waffentrager.lldap.seed;
ldap_user_pass_file = config.sops.secrets.LLDAP_LDAP_USER_PASS_FILE.path;
};
};
}
nix-config/host/waffentrager/services/default.nix
+30
View File
@@ -0,0 +1,30 @@
{ ... }:
{
imports =
[
./storage/elements.nix
./storage/mount-acme.nix
./storage/gitea.nix
./storage/nextcloud.nix
./storage/samba.nix
./storage/syncthing.nix
./multimedia/jellyfin.nix
./multimedia/scrobbling.nix
./monitoring.nix
./nginx.nix
./postgresql.nix
./auth
];
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.mount-acme.enable = true;
waffentragerService.gitea.enable = true;
waffentragerService.nginx.enable = true;
waffentragerService.nextcloud.enable = true;
waffentragerService.samba.enable = true;
waffentragerService.jellyfin.enable = true;
waffentragerService.scrobbling.enable = true;
waffentragerService.syncthing.enable = true;
waffentragerService.monitoring.enable = false;
}
nix-config/host/waffentrager/services/monitoring.nix
+57
View File
@@ -0,0 +1,57 @@
{ config, lib, mkk, ... }:
{
options.waffentragerService.monitoring.enable = mkk.lib.mkBoolOpt false "Enable monitoring";
config =
let
cfg = config.waffentragerService.monitoring;
in
lib.mkIf cfg.enable {
services.grafana = {
dataDir = "${config.waffentragerService.elements.path}/services/grafana";
enable = true;
settings = {
server = {
http_addr = "127.0.0.1";
http_port = 3232;
domain = "watchman.materus.pl";
serve_from_sub_path = true;
};
};
};
services.prometheus = {
enable = true;
port = 3233;
globalConfig.scrape_interval = "30s";
stateDir = "elements/services/prometheus";
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
];
};
services.prometheus.exporters.node = {
enable = true;
port = 3234;
enabledCollectors = [ "systemd" ];
extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
};
services.nginx.virtualHosts."watchman.materus.pl" = {
addSSL = true;
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
http2 = false;
http3 = true;
locations."/" = {
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
};
}
nix-config/host/waffentrager/services/multimedia/jellyfin.nix
+150
View File
@@ -0,0 +1,150 @@
{ lib, config, mkk, ... }:
{
options.waffentragerService.jellyfin.enable = mkk.lib.mkBoolOpt false "Enable jellyfin";
config =
let
cfg = config.waffentragerService.jellyfin;
in
lib.mkIf cfg.enable {
services.jellyfin = rec {
enable = true;
openFirewall = true;
user = "materus";
group = "nextcloud";
dataDir = config.waffentragerService.elements.jellyfinDir;
cacheDir = "${dataDir}/cache";
};
/*
services.jellyseerr = {
enable = true;
openFirewall = true;
};*/
services.nginx = {
appendHttpConfig = ''
map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }
'';
proxyCachePath."jellyfin" = {
enable = true;
maxSize = "1g";
levels = "1:2";
keysZoneName = "jellyfin";
keysZoneSize = "100m";
inactive = "1d";
useTempPath = false;
};
virtualHosts = {
"noot.materus.pl" = {
extraConfig = ''
client_max_body_size 20M;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
add_header X-Content-Type-Options "nosniff";
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
'';
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
http3 = true;
locations."~ /Items/(.*)/Images" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_cache jellyfin;
proxy_cache_revalidate on;
proxy_cache_lock on;
'';
};
locations."~ ^/web/htmlVideoPlayer-plugin.[0-9a-z]+.chunk.js$" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
proxy_set_header Accept-Encoding "";
sub_filter_types *;
sub_filter 'return u=30' 'return u=600';
sub_filter 'return u=6' 'return u=60';
sub_filter 'maxBufferLength:u' 'maxBufferLength:u,maxBufferSize:180000000';
sub_filter_once on;
'';
};
locations."~* ^/Videos/(.*)/(?!live)" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
# Set size of a slice (this amount will be always requested from the backend by nginx)
# Higher value means more latency, lower more overhead
# This size is independent of the size clients/browsers can request
slice 2m;
proxy_cache jellyfin;
proxy_cache_valid 200 206 301 302 30d;
proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_connect_timeout 15s;
proxy_http_version 1.1;
proxy_set_header Connection "";
# Transmit slice range to the backend
proxy_set_header Range $slice_range;
# This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time
# The first client will trigger the download, the other clients will have to wait until the slice is cached
# Esp. practical during SyncPlay
proxy_cache_lock on;
proxy_cache_lock_age 60s;
proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=$slice_range";
'';
};
locations."/" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
'';
};
locations."/socket" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
proxy_pass_request_headers on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
};
};
};
};
};
}
nix-config/host/waffentrager/services/multimedia/scrobbling.nix
+240
View File
@@ -0,0 +1,240 @@
{ config, pkgs, lib, mkk, ... }:
{
options.waffentragerService.scrobbling.enable = mkk.lib.mkBoolOpt false "Enable scrobbling";
config =
let
cfg = config.waffentragerService.scrobbling;
in
#### MALOJA --------------------------------------------------------------------
lib.mkIf cfg.enable {
sops.templates."maloja.env".content = ''
MALOJA_DATA_DIRECTORY=/data
MALOJA_DIRECTORY_STATE=/data/state
MALOJA_DIRECTORY_CACHE=/data/cache
MALOJA_SKIP_SETUP=yes
MALOJA_FORCE_PASSWORD=${config.sops.placeholder.maloja}
MALOJA_SPOTIFY_API_ID=${config.sops.placeholder.spotify-client-id}
MALOJA_SPOTIFY_API_SECRET=${config.sops.placeholder.spotify-client-secret}
MALOJA_NAME=Melody
MALOJA_WEEK_OFFSET=1
PUID=${builtins.toString config.users.users.scrobbler.uid}
PGID=${builtins.toString config.users.groups.scrobbler.gid}
TC=Europe/Warsaw
TIMEZONE=Europe/Warsaw
'';
services.nginx.virtualHosts = {
"melody.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
http3 = true;
locations."/" = {
proxyPass = "http://127.0.0.1:42010";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
virtualisation.oci-containers.containers.maloja =
{
image = "krateng/maloja:latest";
ports = [
"42010:42010"
];
volumes = [
"${config.waffentragerService.elements.malojaDir}:/data"
];
environmentFiles = [
config.sops.templates."maloja.env".path
];
};
systemd.services."${config.virtualisation.oci-containers.backend}-maloja" =
let
malojaCfg = pkgs.writeText "settings.ini" ''[MALOJA]
directory_config = /data
lastfm_api_key = False
audiodb_api_key = False
spotify_api_id = False
spotify_api_secret = False
delimiters_feat = ["ft.","ft","feat.","feat","featuring","Ft.","Ft","Feat.","Feat","Featuring"]
delimiters_informal = ["vs.","vs","&","with"]
delimiters_formal = ["; ",";"]
metadata_providers = ["spotify","deezer","lastfm","audiodb","musicbrainz"]
'';
in
{
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
preStart = ''cp --update=none ${malojaCfg} ${config.waffentragerService.elements.malojaDir}/settings.ini'';
};
#### MULTI SCROBBLER --------------------------------------------------------------------
users.groups.scrobbler = { gid = 3000; };
users.users.scrobbler = {
group = "scrobbler";
uid = 3000;
isSystemUser = true;
};
sops.templates."multi-scrobbler.env".content = ''
TC=Europe/Warsaw
CONFIG_DIR=/config
PUID=${builtins.toString config.users.users.scrobbler.uid}
PGID=${builtins.toString config.users.groups.scrobbler.gid}
'';
sops.templates."multi-scrobbler.json".owner = "scrobbler";
sops.templates."multi-scrobbler.json".group = "scrobbler";
sops.templates."multi-scrobbler.json".content = builtins.toJSON {
baseUrl = "https://scrobbler.materus.pl";
disableWeb = false;
debugMode = false;
sources = [
{
name = "materus-spotify";
enable = true;
clients = [ "maloja" ];
data = {
clientId = "${config.sops.placeholder.spotify-client-id}";
clientSecret = "${config.sops.placeholder.spotify-client-secret}";
redirectUri = "https://scrobbler.materus.pl/callback";
interval = 30;
};
type = "spotify";
}
{
name = "materus-jellyfin";
enable = true;
clients = [ "maloja" ];
data = {
users = [
"materus"
];
servers = [
"waffentrager"
];
};
options = {
logPayload = false;
logFilterFailure = "warn";
};
type = "jellyfin";
}
];
clients = [
{
name = "maloja";
enable = true;
data = {
url = "https://melody.materus.pl/";
apiKey = "${config.sops.placeholder.maloja-api}";
};
type = "maloja";
}
{
name = "materus-brainz";
enable = true;
configureAs = "client";
data = {
token = "${config.sops.placeholder.listenbrainz-api}";
username = "materus";
};
type = "listenbrainz";
}
{
name = "materus-lastfm";
enable = true;
configureAs = "client";
data = {
apiKey = "${config.sops.placeholder.lastfm-api}";
secret = "${config.sops.placeholder.lastfm-secret}";
redirectUri = "https://scrobbler.materus.pl/lastfm/callback";
};
type = "lastfm";
}
];
};
services.nginx.virtualHosts = {
"scrobbler.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
http3 = true;
locations."/" = {
proxyPass = "http://127.0.0.1:42011";
extraConfig = ''
allow ${mkk.wireguard.ip-masks.main};
allow 192.168.100.0/24;
deny all;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
systemd.services."${config.virtualisation.oci-containers.backend}-multi-scrobbler" =
{
preStart = ''cp -f ${config.sops.templates."multi-scrobbler.json".path} ${config.waffentragerService.elements.malojaDir}/multi-scrobbler/config.json'';
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
virtualisation.oci-containers.containers.multi-scrobbler = {
image = "foxxmd/multi-scrobbler:latest";
ports = [
"127.0.0.1:42011:9078"
];
volumes = [
"${config.waffentragerService.elements.malojaDir}/multi-scrobbler:/config"
];
environmentFiles = [
config.sops.templates."multi-scrobbler.env".path
];
};
};
}
nix-config/host/waffentrager/services/nginx.nix
+39
View File
@@ -0,0 +1,39 @@
{ config, lib, pkgs, mkk, ... }:
{
options.waffentragerService.nginx.enable = mkk.lib.mkBoolOpt false "Enable nginx";
config =
let
cfg = config.waffentragerService.nginx;
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
package = pkgs.tengine;
virtualHosts."default" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
forceSSL = true;
http2 = false;
default = true;
locations."/" = { extraConfig = ''deny all;''; };
};
};
systemd.services.nginx = {
requires = [ "var-lib-mnt_acme.mount" ];
after = [ "var-lib-mnt_acme.mount" ];
serviceConfig = {
restart = "always";
restartSec = 60;
};
};
};
}
nix-config/host/waffentrager/services/postgresql.nix
+27
View File
@@ -0,0 +1,27 @@
{ config, lib, pkgs, mkk, ... }:
{
options.waffentragerService.postgresql.enable = mkk.lib.mkBoolOpt false "Enable postgresql";
options.waffentragerService.postgresql.version = lib.mkOption { default = "16"; };
config =
let
cfg = config.waffentragerService.postgresql;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
services.postgresql.enable = true;
services.postgresql.package = pkgs."postgresql_${cfg.version}";
services.postgresql.dataDir = "${config.waffentragerService.elements.postgresqlDir}/${cfg.version}";
services.postgresql.enableJIT = true;
services.postgresql.authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256
'';
systemd.services.postgresql = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
};
}
nix-config/host/waffentrager/services/storage/elements.nix
+65
View File
@@ -0,0 +1,65 @@
{ mkk, config, lib, pkgs, ... }:
{
options.waffentragerService.elements.enable = mkk.lib.mkBoolOpt false "Enable elements drive";
options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; };
options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; };
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
options.waffentragerService.elements.lldapDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/lldap"; };
options.waffentragerService.elements.jellyfinDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/jellyfin"; };
options.waffentragerService.elements.malojaDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/maloja"; };
config =
let
cfg = config.waffentragerService.elements;
in
lib.mkIf cfg.enable {
systemd.services.elements-mount = {
description = "Decrypt and mount elements drive";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
mkdir -p ${cfg.path}
cryptsetup luksOpen /dev/disk/by-uuid/${cfg.uuid} elements -d ${config.sops.secrets.elements.path}
mount /dev/mapper/elements ${cfg.path}
''
;
preStop = ''
umount ${cfg.path}
cryptsetup luksClose elements
'';
};
systemd.services.elements-dirmake = {
description = "Create dirs in elements drive";
path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = lib.optionalString config.waffentragerService.postgresql.enable ''
mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version}
chown -R postgres:postgres ${cfg.postgresqlDir}
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
mkdir -p ${cfg.nextcloudDir}
chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
'' + lib.optionalString config.waffentragerService.auth.lldap.enable ''
mkdir -p ${cfg.lldapDir}
chown -R lldap:lldap ${cfg.lldapDir}
'' + lib.optionalString config.waffentragerService.jellyfin.enable ''
mkdir -p ${cfg.jellyfinDir}
chown -R materus:nextcloud ${cfg.jellyfinDir}
'' + lib.optionalString config.waffentragerService.scrobbling.enable ''
mkdir -p ${cfg.malojaDir}/multi-scrobbler
chown -R scrobbler:scrobbler ${cfg.malojaDir}
''
;
};
};
}
nix-config/host/waffentrager/services/storage/gitea.nix
+62
View File
@@ -0,0 +1,62 @@
{ config, lib, mkk, ... }:
{
options.waffentragerService.gitea.enable = mkk.lib.mkBoolOpt false "Enable gitea";
config =
let
cfg = config.waffentragerService.gitea;
in
lib.mkMerge
[
(lib.mkIf cfg.enable {
waffentragerService.postgresql.enable = true;
waffentragerService.elements.enable = true;
services.gitea.enable = true;
services.gitea.lfs.enable = true;
services.gitea.stateDir = "${config.waffentragerService.elements.path}/services/gitea";
services.gitea.settings.service.DISABLE_REGISTRATION = true;
services.gitea.settings.server.DOMAIN = "baka.materus.pl";
services.gitea.settings.server.ROOT_URL = lib.mkForce "https://baka.materus.pl/";
services.gitea.settings.server.PROTOCOL = "fcgi+unix";
services.gitea.settings.cors = {
ENABLED = true;
X_FRAME_OPTIONS = "ALLOW-FROM https://*.materus.pl/";
};
services.gitea.database.type = "postgres";
services.gitea.database.socket = "/var/run/postgresql/";
})
(lib.mkIf (cfg.enable && config.waffentragerService.nginx.enable) {
services.nginx.virtualHosts = {
"baka.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
locations."/" = {
extraConfig = ''
client_max_body_size 2G;
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_pass unix:/var/run/gitea/gitea.sock;
'';
};
};
};
}
)
];
}
nix-config/host/waffentrager/services/storage/mount-acme.nix
+29
View File
@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
mkk,
...
}:
{
options.waffentragerService.mount-acme.enable = mkk.lib.mkBoolOpt false "Enable mount-acme";
config =
let
cfg = config.waffentragerService.mount-acme;
in
lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ sshfs ];
systemd.mounts = [
{
description = "Mount remote acme dir from valkyrie";
what = "acme@valkyrie:/var/lib/acme";
where = "/var/lib/mnt_acme";
type = "fuse.sshfs";
options = "reconnect,gid=${toString config.ids.gids.nginx},_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,idmap=user,compression=yes,identityfile=/materus/root/ssh_host_ed25519_key";
wantedBy = [ "multi-user.target" ];
after = [ "wg-quick-wg0.service" ];
}
];
};
}
nix-config/host/waffentrager/services/storage/nextcloud.nix
+100
View File
@@ -0,0 +1,100 @@
{ config, lib, pkgs, mkk, ... }:
{
options.waffentragerService.nextcloud.enable = mkk.lib.mkBoolOpt false "Enable nextcloud";
config =
let
cfg = config.waffentragerService.nextcloud;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.nginx.enable = true;
environment.systemPackages = [ pkgs.samba pkgs.exiftool pkgs.ffmpeg-headless ];
sops.secrets.nextcloud-adminpass.owner = config.users.users.nextcloud.name;
sops.secrets.nextcloud-adminpass.group = config.users.users.nextcloud.group;
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [{
name = "nextcloud";
ensureDBOwnership = true;
}];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud33;
hostName = "waffentrager.materus.pl";
home = config.waffentragerService.elements.nextcloudDir;
config.adminuser = "nextcloud-master";
config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
config.dbtype = "pgsql";
extraAppsEnable = true;
maxUploadSize = "8G";
https = true;
enableImagemagick = true;
configureRedis = true;
webfinger = true;
appstoreEnable = true;
database.createLocally = true;
extraApps = with pkgs.nextcloud33Packages.apps; {
inherit notify_push previewgenerator;
};
settings = {
log_type = "file";
"profile.enabled" = true;
default_phone_region = "PL";
trusted_proxies = [ mkk.network.valkyrie.ip mkk.wireguard.peers.valkyrie.ip mkk.wireguard.peers.waffentrager.ip ];
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
enable_previews = true;
preview_format = "webp";
enabledPreviewProviders = [
''OC\Preview\Movie''
''OC\Preview\PNG''
''OC\Preview\JPEG''
''OC\Preview\GIF''
''OC\Preview\BMP''
''OC\Preview\XBitmap''
''OC\Preview\MP3''
''OC\Preview\OGG''
''OC\Preview\OPUS''
''OC\Preview\MP4''
''OC\Preview\TXT''
''OC\Preview\MarkDown''
''OC\Preview\PDF''
''OC\Preview\WebP''
''OC\Preview\OpenDocument''
''OC\Preview\Krita''
''OC\Preview\AVIF''
];
"overwrite.cli.url" = "https://${config.services.nextcloud.hostName}";
};
phpOptions = {
"opcache.memory_consumption" = "512";
"opcache.interned_strings_buffer" = "64";
"opcache.max_accelerated_files"="50000";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "128M";
"opcache.validate_timestamps" = "0";
"opcache.revalidate_freq" = "0";
"opcache.fast_shutdown" = "1";
"opcache.save_comments" = "1";
};
phpExtraExtensions = ex: [ ex.zip ex.zlib ex.tidy ex.smbclient ex.sodium ];
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
http3 = true;
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
create_full_put_path on;
dav_access user:rw group:rw all:r;
'';
};
};
}
nix-config/host/waffentrager/services/storage/samba.nix
+57
View File
@@ -0,0 +1,57 @@
{ lib, pkgs, config, mkk, ... }:
{
options.waffentragerService.samba.enable = mkk.lib.mkBoolOpt false "Enable samba";
config =
let
cfg = config.waffentragerService.samba;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
systemd.services.samba-nmbd = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
systemd.services.samba-wsdd = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
services.samba-wsdd.enable = true;
services.samba-wsdd.openFirewall = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
securityType = "user";
openFirewall = true;
settings =
{
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbwaffentrager";
"netbios name" = "smbwaffentrager";
"security" = "user";
"hosts allow" = "${mkk.wireguard.sambaIp} 192.168.100. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"mangled names" = "no";
"dos charset" = "CP850";
"unix charset" = "UTF-8";
"display charset" = "UTF-8";
"catia:mappings" = "0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6";
};
materus = {
"path" = "${config.waffentragerService.elements.path}/storage/materus";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0770";
"directory mask" = "0770";
"force user" = "materus";
"force group" = "nextcloud";
};
};
};
};
}
nix-config/host/waffentrager/services/storage/syncthing.nix
+26
View File
@@ -0,0 +1,26 @@
{ lib, config, mkk, ... }:
{
options.waffentragerService.syncthing.enable = mkk.lib.mkBoolOpt false "Enable syncthing";
config =
let
cfg = config.waffentragerService.syncthing;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true; networking.firewall.allowedTCPPorts = [ 22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port];
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
systemd.services.syncthing = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
services = {
syncthing = {
enable = true;
user = "materus";
group = "nextcloud";
dataDir = "${config.waffentragerService.elements.path}/storage/materus";
configDir = "${config.waffentragerService.elements.path}/storage/materus/Inne/Config/Syncthing/waffentrager/";
};
};
};
}
nix-config/shared/default.nix
+2 -1
View File
@@ -27,6 +27,7 @@ isHm:
config._module.args.mkk = rec { config._module.args.mkk = rec {
nixerus.pkgs = materusArgs.inputs.nixerus.packages."${config.nixpkgs.hostPlatform.system}"; nixerus.pkgs = materusArgs.inputs.nixerus.packages."${config.nixpkgs.hostPlatform.system}";
lib = nixerus.pkgs.lib; lib = nixerus.pkgs.lib;
files = materusArgs.files;
args = materusArgs;
} // config.mkk.var; } // config.mkk.var;
} }
nix-config/shared/private/variables.nix
BIN
View File
Binary file not shown.