mirror of
https://github.com/Swarsel/.dotfiles.git
synced 2025-12-06 17:17:22 +01:00
152 lines
3 KiB
Nix
152 lines
3 KiB
Nix
{ config, pkgs, modulesPath, ... }:
|
|
|
|
{
|
|
|
|
imports = [
|
|
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
|
|
|
|
services = {
|
|
xserver = {
|
|
layout = "us";
|
|
xkbVariant = "altgr-intl";
|
|
};
|
|
openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "yes";
|
|
listenAddresses = [{
|
|
port = 22;
|
|
addr = "0.0.0.0";
|
|
}];
|
|
};
|
|
};
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
proxmoxLXC = {
|
|
manageNetwork = true; # manage network myself
|
|
manageHostName = false; # manage hostname myself
|
|
};
|
|
|
|
networking = {
|
|
useDHCP = true;
|
|
enableIPv6 = false;
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
../../../secrets/keys/authorized_keys
|
|
];
|
|
|
|
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
|
|
|
|
environment.shellAliases = {
|
|
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
|
|
};
|
|
|
|
|
|
|
|
proxmoxLXC.privileged = true; # manage hostname myself
|
|
|
|
users = {
|
|
groups = {
|
|
lxc_pshares = {
|
|
gid = 110000;
|
|
members = [
|
|
"navidrome"
|
|
"mpd"
|
|
"root"
|
|
];
|
|
};
|
|
|
|
navidrome = {
|
|
gid = 61593;
|
|
};
|
|
|
|
mpd = { };
|
|
};
|
|
|
|
users = {
|
|
navidrome = {
|
|
isSystemUser = true;
|
|
uid = 61593;
|
|
group = "navidrome";
|
|
extraGroups = [ "audio" "utmp" ];
|
|
};
|
|
|
|
mpd = {
|
|
isSystemUser = true;
|
|
group = "mpd";
|
|
extraGroups = [ "audio" "utmp" ];
|
|
};
|
|
};
|
|
};
|
|
|
|
sound = {
|
|
enable = true;
|
|
};
|
|
|
|
hardware.enableAllFirmware = true;
|
|
networking = {
|
|
hostName = "sound"; # Define your hostname.
|
|
firewall.enable = false;
|
|
};
|
|
environment.systemPackages = with pkgs; [
|
|
git
|
|
gnupg
|
|
ssh-to-age
|
|
pciutils
|
|
alsa-utils
|
|
mpv
|
|
];
|
|
|
|
sops = {
|
|
age.sshKeyPaths = [ "/etc/ssh/sops" ];
|
|
defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
|
|
validateSopsFiles = false;
|
|
secrets.mpdpass = { owner = "mpd"; };
|
|
};
|
|
|
|
services.navidrome = {
|
|
enable = true;
|
|
settings = {
|
|
Address = "0.0.0.0";
|
|
Port = 4040;
|
|
MusicFolder = "/media";
|
|
EnableSharing = true;
|
|
EnableTranscodingConfig = true;
|
|
Scanner.GroupAlbumReleases = true;
|
|
ScanSchedule = "@every 1d";
|
|
# Insert these values locally as sops-nix does not work for them
|
|
LastFM.ApiKey = TEMPLATE;
|
|
LastFM.Secret = TEMPLATE;
|
|
Spotify.ID = TEMPLATE;
|
|
Spotify.Secret = TEMPLATE;
|
|
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
|
|
UIWelcomeMessage = "~SwarselSound~";
|
|
};
|
|
};
|
|
services.mpd = {
|
|
enable = true;
|
|
musicDirectory = "/media";
|
|
user = "mpd";
|
|
group = "mpd";
|
|
network = {
|
|
port = 3254;
|
|
listenAddress = "any";
|
|
};
|
|
credentials = [
|
|
{
|
|
passwordFile = config.sops.secrets.mpdpass.path;
|
|
permissions = [
|
|
"read"
|
|
"add"
|
|
"control"
|
|
"admin"
|
|
];
|
|
}
|
|
];
|
|
};
|
|
}
|