swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: work cleanup

Browse source
This commit is contained in:
Swarsel 2024-10-17 10:20:11 +02:00
parent bfc7b89c03
commit 82e6ec9d64
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
34 changed files with 214 additions and 3767 deletions
Download patch file Download diff file Expand all files Collapse all files

135
profiles/TEMPLATE/home.nix
View file

@ -1,135 +0,0 @@
{ config, pkgs, ... }:
{
home = {
username = "TEMPLATE";
homeDirectory = "/home/TEMPLATE";
stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing.
keyboard.layout = "us"; # TEMPLATE
home.packages = with pkgs; [
# ---------------------------------------------------------------
# if schildichat works on this machine, use it, otherwise go for element
# element-desktop
# ---------------------------------------------------------------
];
};
# update path if the sops private key is stored somewhere else
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
#cpu.format = "{icon0} {icon1} {icon2} {icon3}";
cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}";
temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input";
};
# -----------------------------------------------------------------
# is this machine always connected to power? If yes, use this block:
#
# programs.waybar.settings.mainBar."custom/pseudobat" = {
# format = "";
# on-click-right = "wlogout -p layer-shell";
# };
# programs.waybar.settings.mainBar.modules-right = [
# "custom/outer-left-arrow-dark"
# "mpris"
# "custom/left-arrow-light"
# "network"
# "custom/vpn"
# "custom/left-arrow-dark"
# "pulseaudio"
# "custom/left-arrow-light"
# "custom/pseudobat"
# "battery"
# "custom/left-arrow-dark"
# "group/hardware"
# "custom/left-arrow-light"
# "clock#2"
# "custom/left-arrow-dark"
# "clock#1"
# ];
#
# -----------------------------------------------------------------
# -----------------------------------------------------------------
# if not always connected to power (laptop), use this (default):
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/vpn"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
# -----------------------------------------------------------------
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
input = {
"36125:53060:splitkb.com_Kyria_rev3" = {
xkb_layout = "us";
xkb_variant = "altgr-intl";
};
"1:1:AT_Translated_Set_2_keyboard" = {
# TEMPLATE
xkb_layout = "us";
xkb_options = "grp:win_space_toggle";
# xkb_options = "ctrl:nocaps,grp:win_space_toggle";
xkb_variant = "altgr-intl";
};
"type:touchpad" = {
dwt = "enabled";
tap = "enabled";
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
DP-1 = {
mode = "2560x1440"; # TEMPLATE
scale = "1";
bg = "~/.dotfiles/wallpaper/TEMPLATE.png fill";
};
};
keybindings =
let
inherit (config.wayland.windowManager.sway.config) modifier;
in
{
# TEMPLATE
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
# "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
};
startup = [
{ command = "nextcloud --background"; }
{ command = "vesktop --start-minimized"; }
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
{ command = "ANKI_WAYLAND=1 anki"; }
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
{ command = "nm-applet"; }
];
};
};
}

104
profiles/TEMPLATE/nixos.nix
View file

@ -1,104 +0,0 @@
{ pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
services = {
getty.autologinUser = "TEMPLATE";
greetd.settings.initial_session.user = "TEMPLATE";
};
# Bootloader
boot.loader.grub = {
enable = true;
device = "/dev/sda"; # TEMPLATE - if only one disk, this will work
useOSProber = true;
};
# --------------------------------------
# you might need a configuration like this instead:
# Bootloader
# boot = {
# kernelPackages = pkgs.linuxPackages_latest;
# loader.grub = {
# enable = true;
# devices = ["nodev" ];
# useOSProber = true;
# };
# };
# --------------------------------------
networking.hostName = "TEMPLATE"; # Define your hostname.
stylix.image = ../../wallpaper/TEMPLATEwp.png;
enable = true;
base16Scheme = ../../../wallpaper/swarsel.yaml;
# base16Scheme = "${pkgs.base16-schemes}/share/themes/shapeshifter.yaml";
polarity = "dark";
opacity.popups = 0.5;
cursor = {
package = pkgs.capitaine-cursors;
name = "capitaine-cursors";
size = 16;
};
fonts = {
sizes = {
terminal = 10;
applications = 11;
};
serif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
sansSerif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
# package = pkgs.montserrat;
name = "Cantarell";
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
monospace = {
package = pkgs.nerdfonts; # has overrides
name = "FiraCode Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
# Configure keymap in X11 (only used for login)
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
users.users.TEMPLATE = {
isNormalUser = true;
description = "TEMPLATE";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
packages = with pkgs; [ ];
};
environment.systemPackages = with pkgs; [
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
}

62
profiles/common/home/ssh.nix
View file

@ -7,69 +7,14 @@ _:
SetEnv TERM=xterm-256color
'';
matchBlocks = {
"nginx" = {
hostname = "192.168.1.14";
user = "root";
};
"jellyfin" = {
hostname = "192.168.1.16";
user = "root";
};
# Local machines
"pfsense" = {
hostname = "192.168.1.1";
user = "root";
};
"proxmox" = {
"winters" = {
hostname = "192.168.1.2";
user = "root";
};
"transmission" = {
hostname = "192.168.1.6";
user = "root";
};
"fetcher" = {
hostname = "192.168.1.7";
user = "root";
};
"omv" = {
hostname = "192.168.1.3";
user = "root";
};
"webbot" = {
hostname = "192.168.1.11";
user = "root";
};
"nextcloud" = {
hostname = "192.168.1.5";
user = "root";
};
"sound" = {
hostname = "192.168.1.13";
user = "root";
};
"spotify" = {
hostname = "192.168.1.17";
user = "root";
};
"wordpress" = {
hostname = "192.168.1.9";
user = "root";
};
"turn" = {
hostname = "192.168.1.18";
user = "root";
};
"hugo" = {
hostname = "192.168.1.19";
user = "root";
};
"matrix" = {
hostname = "192.168.1.23";
user = "root";
};
"scroll" = {
hostname = "192.168.1.22";
user = "root";
user = "swarsel";
};
"minecraft" = {
hostname = "130.61.119.129";
@ -89,7 +34,6 @@ _:
};
"efficient" = {
hostname = "g0.complang.tuwien.ac.at";
forwardAgent = true;
user = "ep01427399";
};
};

12
profiles/mysticant/default.nix
View file

@ -4,7 +4,7 @@
vim
git
openssh
toybox
# toybox
dig
man
gnupg
@ -19,18 +19,10 @@
motd = null;
};
home-manager.config = {
imports = [
../common/home/ssh.nix
];
services.ssh-agent.enable = true;
};
android-integration = {
termux-open.enable = true;
termux-xdg-open.enable = true;
xdg-open.enable = true;
termux-open-url.enable = true;
termux-reload-settings.enable = true;
termux-setup-storage.enable = true;

81
profiles/optional/nixos/work.nix
View file

@ -1,13 +1,45 @@
{ pkgs, ... }:
{ pkgs, config, ... }:
{
# boot.initrd.luks.yubikeySupport = true;
programs.browserpass.enable = true;
programs._1password.enable = true;
programs._1password-gui = {
enable = true;
polkitPolicyOwners = [ "swarsel" ];
sops = {
secrets = {
clad = {
owner = "swarsel";
sopsFile = ../../../secrets/work/secrets.yaml;
};
dcad = {
owner = "swarsel";
sopsFile = ../../../secrets/work/secrets.yaml;
};
wsad = {
owner = "swarsel";
sopsFile = ../../../secrets/work/secrets.yaml;
};
imbad = {
owner = "swarsel";
sopsFile = ../../../secrets/work/secrets.yaml;
};
};
};
# boot.initrd.luks.yubikeySupport = true;
programs = {
zsh.shellInit = ''
export CLAD="$(cat ${config.sops.secrets.clad.path})"
export DCAD="$(cat ${config.sops.secrets.dcad.path})"
export WSAD="$(cat ${config.sops.secrets.wsad.path})"
export IMBAD="$(cat ${config.sops.secrets.imbad.path})"
'';
browserpass.enable = true;
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "swarsel" ];
};
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
# (python39.withPackages (ps: with ps; [
# cryptography
@ -21,27 +53,31 @@
govc
];
services.openssh = {
enable = true;
extraConfig = ''
'';
};
services.syncthing = {
settings = {
"winters" = {
id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
};
folders = {
"Documents" = {
path = "/home/swarsel/Documents";
devices = [ "magicant" "winters" ];
id = "hgr3d-pfu3w";
services = {
openssh = {
enable = true;
extraConfig = ''
'';
};
syncthing = {
settings = {
"winters" = {
id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
};
folders = {
"Documents" = {
path = "/home/swarsel/Documents";
devices = [ "magicant" "winters" ];
id = "hgr3d-pfu3w";
};
};
};
};
};
# cgroups v1 is required for centos7 dockers
specialisation = {
cgroup_v1.configuration = {
boot.kernelParams = [
@ -51,5 +87,4 @@
};
};
}

20
profiles/server/common/transmission.nix
View file

@ -93,32 +93,32 @@
client_max_body_size 0;
'';
};
"/radarr" = {
proxyPass = "http://127.0.0.1:7878";
"= /radarr" = {
proxyPass = "http://127.0.0.1:7878/";
extraConfig = ''
client_max_body_size 0;
'';
};
"/readarr" = {
proxyPass = "http://127.0.0.1:8787";
"= /readarr" = {
proxyPass = "http://127.0.0.1:8787/";
extraConfig = ''
client_max_body_size 0;
'';
};
"/sonarr" = {
proxyPass = "http://127.0.0.1:8989";
"= /sonarr" = {
proxyPass = "http://127.0.0.1:8989/";
extraConfig = ''
client_max_body_size 0;
'';
};
"/lidarr" = {
proxyPass = "http://127.0.0.1:8686";
"= /lidarr" = {
proxyPass = "http://127.0.0.1:8686/";
extraConfig = ''
client_max_body_size 0;
'';
};
"/prowlarr" = {
proxyPass = "http://127.0.0.1:9696";
"= /prowlarr" = {
proxyPass = "http://127.0.0.1:9696/";
extraConfig = ''
client_max_body_size 0;
'';

41
profiles/server1/TEMPLATE/nixos.nix
View file

@ -1,41 +0,0 @@
{ pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
];
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "TEMPLATE"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
# users.users.root.password = "TEMPLATE";
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
}

27
profiles/server1/calibre/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--120--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

70
profiles/server1/calibre/nixos.nix
View file

@ -1,70 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
calibre
];
users.groups.lxc_shares = {
gid = 10000;
members = [
"kavita"
"calibre-web"
"root"
];
};
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
validateSopsFiles = false;
secrets.kavita = { owner = "kavita"; };
};
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "calibre"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
services.kavita = {
enable = true;
user = "kavita";
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
}

32
profiles/server1/jellyfin/hardware-configuration.nix
View file

@ -1,32 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--121--disk--0";
fsType = "ext4";
};
fileSystems."/media/Videos" = {
device = "//192.168.1.3/Eternor";
fsType = "cifs";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

27
profiles/server1/matrix/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--102--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

308
profiles/server1/matrix/nixos.nix
View file

@ -1,308 +0,0 @@
{ config, pkgs, modulesPath, sops, ... }:
let
matrixDomain = "matrix2.swarsel.win";
in
{
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
# we import here a service that is not available yet on normal nixpkgs
# this module is hence not in the modules list, we add it ourselves
];
networking = {
hostName = "matrix"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
matrix-synapse
lottieconverter
ffmpeg
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
validateSopsFiles = false;
secrets = {
matrixsharedsecret = { owner = "matrix-synapse"; };
mautrixtelegram_as = { owner = "matrix-synapse"; };
mautrixtelegram_hs = { owner = "matrix-synapse"; };
mautrixtelegram_api_id = { owner = "matrix-synapse"; };
mautrixtelegram_api_hash = { owner = "matrix-synapse"; };
};
templates = {
"matrix_user_register.sh".content = ''
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
matrixshared = {
owner = "matrix-synapse";
content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
'';
};
mautrixtelegram = {
owner = "matrix-synapse";
content = ''
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
};
};
};
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
services.matrix-synapse = {
enable = true;
settings = {
app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
"/var/lib/matrix-synapse/signal-registration.yaml"
"/var/lib/matrix-synapse/doublepuppet.yaml"
];
server_name = matrixDomain;
public_baseurl = "https://${matrixDomain}";
listeners = [
{
port = 8008;
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
};
extraConfigFiles = [
config.sops.templates.matrixshared.path
];
};
services.mautrix-telegram = {
enable = true;
environmentFile = config.sops.templates.mautrixtelegram.path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29317";
hostname = "0.0.0.0";
port = "29317";
provisioning.enabled = true;
id = "telegram";
# ephemeral_events = true; # not needed due to double puppeting
public = {
enabled = false;
};
database = "postgresql:///mautrix-telegram?host=/run/postgresql";
};
bridge = {
relaybot.authless_portals = true;
allow_avatar_remove = true;
allow_contact_info = true;
sync_channel_members = true;
startup_sync = true;
sync_create_limit = 0;
sync_direct_chats = true;
telegram_link_preview = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
animated_sticker = {
target = "gif";
args = {
width = 256;
height = 256;
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
};
};
};
};
};
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
services.mautrix-whatsapp = {
enable = true;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29318";
hostname = "0.0.0.0";
port = 29318;
database = {
type = "postgres";
uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .FullName .PushName .JID}} (WA)";
history_sync = {
backfill = true;
max_initial_conversations = -1;
message_count = -1;
request_full_sync = true;
full_sync_config = {
days_limit = 900;
size_mb_limit = 5000;
storage_quota_mb = 5000;
};
};
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
sync_manual_marked_unread = true;
send_presence_on_typing = true;
parallel_member_sync = true;
url_previews = true;
caption_in_message = true;
extev_polls = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
services.mautrix-signal = {
enable = true;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
database = {
type = "postgres";
uri = "postgresql:///mautrix-signal?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)";
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
caption_in_message = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
# restart the bridges daily. this is done for the signal bridge mainly which stops carrying
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
Unit = "restart-bridges.service";
};
};
systemd.services."restart-bridges" = {
script = ''
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}

27
profiles/server1/nginx/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--119--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

205
profiles/server1/nginx/nixos.nix
View file

@ -1,205 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
lego
nginx
];
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
validateSopsFiles = false;
secrets.dnstokenfull = { owner = "acme"; };
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
};
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "nginx"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
# users.users.root.password = "TEMPLATE";
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
security.acme = {
acceptTerms = true;
preliminarySelfsigned = false;
defaults.email = "mrswarsel@gmail.com";
defaults.dnsProvider = "cloudflare";
defaults.environmentFile = "${config.sops.templates."certs.secret".path}";
};
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"stash.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "https://192.168.1.5";
extraConfig = ''
client_max_body_size 0;
'';
};
# "/push/" = {
# proxyPass = "http://192.168.2.5:7867";
# };
"/.well-known/carddav" = {
return = "301 $scheme://$host/remote.php/dav";
};
"/.well-known/caldav" = {
return = "301 $scheme://$host/remote.php/dav";
};
};
};
"matrix2.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.23:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.13:4040";
proxyWebsockets = true;
extraConfig = ''
proxy_redirect http:// https://;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
'';
};
};
};
"scan.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.24:28981";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"screen.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.16:8096";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"matrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.20:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"scroll.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.22:8080";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"blog.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "https://192.168.1.7";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
};
}

27
profiles/server1/paperless/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--117--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

94
profiles/server1/paperless/nixos.nix
View file

@ -1,94 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
users.groups.lxc_shares = {
gid = 10000;
members = [
"paperless"
"root"
];
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
];
networking = {
hostName = "paperless"; # Define your hostname.
firewall.enable = false;
};
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
validateSopsFiles = false;
secrets.admin = { owner = "paperless"; };
};
services.paperless = {
enable = true;
mediaDir = "/media";
user = "paperless";
port = 28981;
passwordFile = config.sops.secrets.admin.path;
address = "0.0.0.0";
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_URL = "scan.swarsel.win";
PAPERLESS_OCR_USER_ARGS = builtins.toJSON {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
}

33
profiles/server1/sound/hardware-configuration.nix
View file

@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/mnt/data/images/118/vm-118-disk-0.raw";
fsType = "ext4";
options = [ "loop" ];
};
fileSystems."/media" = {
device = "//192.168.1.3/Eternor";
fsType = "cifs";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

152
profiles/server1/sound/nixos.nix
View file

@ -1,152 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
users = {
groups = {
lxc_pshares = {
gid = 110000;
members = [
"navidrome"
"mpd"
"root"
];
};
navidrome = {
gid = 61593;
};
mpd = { };
};
users = {
navidrome = {
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = [ "audio" "utmp" ];
};
mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = [ "audio" "utmp" ];
};
};
};
sound = {
enable = true;
};
hardware.enableAllFirmware = true;
networking = {
hostName = "sound"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
pciutils
alsa-utils
mpv
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
validateSopsFiles = false;
secrets.mpdpass = { owner = "mpd"; };
};
services.navidrome = {
enable = true;
settings = {
Address = "0.0.0.0";
Port = 4040;
MusicFolder = "/media";
EnableSharing = true;
EnableTranscodingConfig = true;
Scanner.GroupAlbumReleases = true;
ScanSchedule = "@every 1d";
# Insert these values locally as sops-nix does not work for them
LastFM.ApiKey = TEMPLATE;
LastFM.Secret = TEMPLATE;
Spotify.ID = TEMPLATE;
Spotify.Secret = TEMPLATE;
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~";
};
};
services.mpd = {
enable = true;
musicDirectory = "/media";
user = "mpd";
group = "mpd";
network = {
port = 3254;
listenAddress = "any";
};
credentials = [
{
passwordFile = config.sops.secrets.mpdpass.path;
permissions = [
"read"
"add"
"control"
"admin"
];
}
];
};
}

27
profiles/server1/spotifyd/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--123--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

93
profiles/server1/spotifyd/nixos.nix
View file

@ -1,93 +0,0 @@
{ pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
users.groups.spotifyd = {
gid = 65136;
};
users.users.spotifyd = {
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = [ "audio" "utmp" ];
};
sound = {
enable = true;
};
hardware.enableAllFirmware = true;
networking = {
hostName = "spotifyd"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
];
services.spotifyd = {
enable = true;
settings = {
global = {
dbus_type = "session";
use_mpris = false;
device = "default:CARD=PCH";
device_name = "SwarselSpot";
mixer = "alsa";
zeroconf_port = 1025;
};
};
};
}

27
profiles/server1/transmission/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }: {
imports = [ ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--122--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

275
profiles/server1/transmission/nixos.nix
View file

@ -1,275 +0,0 @@
{ config, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
# ./openvpn.nix #this file holds the vpn login data
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
openvpn
jq
iptables
busybox
wireguard-tools
];
users.groups.lxc_shares = {
gid = 10000;
members = [
"vpn"
"radarr"
"sonarr"
"lidarr"
"readarr"
"root"
];
};
users.groups.vpn = { };
users.users.vpn = {
isNormalUser = true;
group = "vpn";
home = "/home/vpn";
};
services.xserver.xkb = {
layout = "us";
variant = "altgr-intl";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
validateSopsFiles = false;
};
boot.kernelModules = [ "tun" ];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "transmission"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services = {
radarr = {
enable = true;
};
readarr = {
enable = true;
};
sonarr = {
enable = true;
};
lidarr = {
enable = true;
};
prowlarr = {
enable = true;
};
};
networking.iproute2 = {
enable = true;
rttablesExtraConfig = ''
200 vpn
'';
};
environment.etc = {
"openvpn/iptables.sh" =
{
source = ../../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" =
{
source = ../../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" =
{
source = ../../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" =
{
source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" =
{
source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
# users.users.root.password = "TEMPLATE";
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
sops = {
templates = {
"transmission-rpc" = {
owner = "vpn";
content = builtins.toJSON {
rpc-username = config.sops.placeholder.rpcuser;
rpc-password = config.sops.placeholder.rpcpass;
};
};
pia.content = ''
${config.sops.placeholder.vpnuser}
${config.sops.placeholder.vpnpass}
'';
vpn.content = ''
client
dev tun
proto ${config.sops.placeholder.vpnprot}
remote ${config.sops.placeholder.vpnloc}
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass ${config.sops.templates.pia.path}
compress
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
dhcp-option DNS 209.222.18.222
dhcp-option DNS 209.222.18.218
dhcp-option DNS 8.8.8.8
route-noexec
'';
};
secrets = {
vpnuser = { };
rpcuser = { owner = "vpn"; };
vpnpass = { };
rpcpass = { owner = "vpn"; };
vpnprot = { };
vpnloc = { };
};
};
services.openvpn.servers = {
pia = {
autoStart = false;
updateResolvConf = true;
config = "config ${config.sops.templates.vpn.path}";
};
};
services.transmission = {
enable = true;
credentialsFile = config.sops.templates."transmission-rpc".path;
user = "vpn";
group = "lxc_shares";
settings = {
alt-speed-down = 8000;
alt-speed-enabled = false;
alt-speed-time-begin = 0;
alt-speed-time-day = 127;
alt-speed-time-enabled = true;
alt-speed-time-end = 360;
alt-speed-up = 2000;
bind-address-ipv4 = "0.0.0.0";
bind-address-ipv6 = "::";
blocklist-enabled = false;
blocklist-url = "http://www.example.com/blocklist";
cache-size-mb = 4;
dht-enabled = false;
download-dir = "/media/Eternor/New";
download-limit = 100;
download-limit-enabled = 0;
download-queue-enabled = true;
download-queue-size = 5;
encryption = 2;
idle-seeding-limit = 30;
idle-seeding-limit-enabled = false;
incomplete-dir = "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled = false;
lpd-enabled = false;
max-peers-global = 200;
message-level = 1;
peer-congestion-algorithm = "";
peer-id-ttl-hours = 6;
peer-limit-global = 100;
peer-limit-per-torrent = 40;
peer-port = 22371;
peer-port-random-high = 65535;
peer-port-random-low = 49152;
peer-port-random-on-start = false;
peer-socket-tos = "default";
pex-enabled = false;
port-forwarding-enabled = false;
preallocation = 1;
prefetch-enabled = true;
queue-stalled-enabled = true;
queue-stalled-minutes = 30;
ratio-limit = 2;
ratio-limit-enabled = false;
rename-partial-files = true;
rpc-authentication-required = true;
rpc-bind-address = "0.0.0.0";
rpc-enabled = true;
rpc-host-whitelist = "";
rpc-host-whitelist-enabled = true;
rpc-port = 9091;
rpc-url = "/transmission/";
rpc-whitelist = "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled = true;
scrape-paused-torrents-enabled = true;
script-torrent-done-enabled = false;
seed-queue-enabled = false;
seed-queue-size = 10;
speed-limit-down = 6000;
speed-limit-down-enabled = true;
speed-limit-up = 500;
speed-limit-up-enabled = true;
start-added-torrents = true;
trash-original-torrent-files = false;
umask = 2;
upload-limit = 100;
upload-limit-enabled = 0;
upload-slots-per-torrent = 14;
utp-enabled = false;
};
};
}