lyes/nixfiles
1
0
Fork 0
Code Issues Pull requests Activity Actions

Setting up deploy-rs, update & start of tetra

Browse source
This commit is contained in:
Lyes Saadi 2026-01-12 11:39:37 +01:00
parent 5532e9e720
commit 8aca74fc84
Signed by: lyes
GPG key ID: 55A1D803917CF39A
9 changed files with 258 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

208
flake.lock generated
View file

@ -61,6 +61,26 @@
"type": "github"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs",
"utils": "utils"
},
"locked": {
"lastModified": 1766051518,
"narHash": "sha256-znKOwPXQnt3o7lDb3hdf19oDo0BLP4MfBOYiWkEHoik=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "d5eff7f948535b9c723d60cd8239f8f11ddc90fa",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -82,6 +102,22 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1761588595,
@ -173,11 +209,11 @@
]
},
"locked": {
"lastModified": 1767702900,
"narHash": "sha256-xMzHmNytl7JgFRov2jHf2GYsLVp/sAfYO0JvbZt0uDo=",
"lastModified": 1768068402,
"narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "38e187fd2f9efac197e03be0c25f3ee215974144",
"rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c",
"type": "github"
},
"original": {
@ -211,9 +247,9 @@
"mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1766321686,
@ -247,11 +283,11 @@
},
"nix-flatpak": {
"locked": {
"lastModified": 1739444422,
"narHash": "sha256-iAVVHi7X3kWORftY+LVbRiStRnQEob2TULWyjMS6dWg=",
"lastModified": 1767983141,
"narHash": "sha256-7ZCulYUD9RmJIDULTRkGLSW1faMpDlPKcbWJLYHoXcs=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "5e54c3ca05a7c7d968ae1ddeabe01d2a9bc1e177",
"rev": "440818969ac2cbd77bfe025e884d0aa528991374",
"type": "github"
},
"original": {
@ -278,6 +314,54 @@
}
},
"nixpkgs": {
"locked": {
"lastModified": 1743014863,
"narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1768127708,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1764374374,
"narHash": "sha256-naS7hg/D1yLKSZoENx9gvsPLFiNEOTcqamJSu0OEvCA=",
@ -293,55 +377,23 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1767051569,
"narHash": "sha256-0MnuWoN+n1UYaGBIpqpPs9I9ZHW4kynits4mrnh1Pk4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "40ee5e1944bebdd128f9fbada44faefddfde29bd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1767379071,
"narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fb7944c166a3b630f177938e478f0378e64ce108",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1767379071,
"narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fb7944c166a3b630f177938e478f0378e64ce108",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1768127708,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1766902085,
"narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=",
@ -376,13 +428,14 @@
"root": {
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"disko": "disko",
"home-manager": "home-manager_2",
"mailserver": "mailserver",
"mozilla": "mozilla",
"nix-flatpak": "nix-flatpak",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"pin-factorio": "pin-factorio",
@ -404,17 +457,50 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1767568852,
"narHash": "sha256-6s8hL3YX9zAq2T7qvcwwzaEVwc9MEYbW+C2LcAAQfbk=",
"lastModified": 1768183082,
"narHash": "sha256-XsiMOsqRLfmUi+24F7adhb/GAM2dMvplzwaW2Wxg/lo=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "350c729b261e6f5529460140a5f0943dd4c5e156",
"rev": "cdbc300fd89d503a95d1c8564de31a93d7b0a0ae",
"type": "github"
},
"original": {

41
flake.nix
View file

@ -28,12 +28,14 @@
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs.url = "github:serokell/deploy-rs";
# Pins
# Factorio 2.0.72
pin-factorio.url = "github:NixOS/nixpkgs?rev=c5ae371f1a6a7fd27823bc500d9390b38c05fa55";
};
outputs = { self, nixpkgs, mailserver, ... }@inputs: {
outputs = { self, nixpkgs, mailserver, deploy-rs, ... }@inputs: {
nixosConfigurations = {
# Framework Computer
piaf = nixpkgs.lib.nixosSystem {
@ -53,15 +55,40 @@
};
# Desktop ISO
triforce = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules = [ ./hosts/triforce ];
};
# triforce = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# specialArgs = inputs;
# modules = [ ./hosts/triforce ];
# };
};
packages."x86_64-linux" = {
desktop-iso = self.nixosConfigurations.desktop-iso.config.system.build.isoImage;
# desktop-iso = self.nixosConfigurations.desktop-iso.config.system.build.isoImage;
};
deploy = {
interactiveSudo = true;
autoRollback = true;
magicRollback = true;
nodes = {
zora = {
hostname = "zora";
profilesOrder = [ "system" ];
# fastConnection = true;
profiles = {
system = {
sshUser = "lyes";
user = "root";
remoteBuild = true;
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.zora;
};
};
};
};
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
};
}

2
hosts/piaf/hardware.nix
View file

@ -8,7 +8,7 @@
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 10;
# boot.loader.efi.canTouchEfiVariables = true;
# boot.kernelParams = [ "quiet" ];
boot.kernelParams = [ "amdgpu.abmlevel=0" "amdgpu.sg_display=0" "amdgpu.dcdebugmask=0x410" ];
boot.initrd.systemd = {
enable = true;
# network.enable = true;

15
hosts/zora/default.nix
View file

@ -16,16 +16,17 @@
../../modules
../../modules/server
../../modules/server/link
../../modules/server/taf
../../modules/server/giovanni
../../modules/server/baba
../../modules/server/nayru
../../modules/server/kalif
../../modules/server/maistro
../../modules/server/mikau
../../modules/server/biggoron
../../modules/server/biggoron/runner.nix
../../modules/server/giovanni
../../modules/server/kalif
../../modules/server/link
../../modules/server/maistro
../../modules/server/mikau
../../modules/server/nayru
../../modules/server/taf
../../modules/server/tetra
# disko.nixosModules.disko
agenix.nixosModules.default

27
hosts/zora/reverse-proxy.nix
View file

@ -59,17 +59,6 @@
'';
locations."/".proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
};
# 9980
"collabora.lyes.eu" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.collabora-online.port}";
proxyWebsockets = true; # collabora a besoin des websockets
};
};
# 8096
"media.lyes.eu" = {
forceSSL = true;
@ -90,6 +79,22 @@
};
};
};
# 44304
"torrent.lyes.eu" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${toString config.services.qbittorrent.webuiPort}";
};
# 9980
"collabora.lyes.eu" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.collabora-online.port}";
proxyWebsockets = true; # collabora a besoin des websockets
};
};
};
};
}

1
modules/server/README.md
View file

@ -8,3 +8,4 @@
- `mikau` : Jellyfin (`media.lyes.eu`)
- `nayru` : Komga/Manga (`manga.lyes.eu`)
- `taf` : Mail (`taf.lyes.eu`/`mail.lyes.eu`)
- `tetra` : Torrent (`torrent.lyes.eu`)

2
modules/server/link/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, ... }:
let
hostname = "auth.${config.networking.domain}";

46
modules/server/tetra/default.nix Normal file
View file

@ -0,0 +1,46 @@
{ ... }:
{
services.qbittorrent = {
enable = false;
user = "qbittorrent";
group = "media";
webuiPort = 44303;
serverConfig = {
LegalNotice.Accepted = true;
General.Locale = "fr";
BitTorrent = {
Session = {
DefaultSavePath = "/var/data/media/torrent/";
AnonymousModeEnabled=true;
GlobalDLSpeedLimit=1250;
GlobalUPSpeedLimit=125;
AlternativeGlobalDLSpeedLimit=2500;
AlternativeGlobalUPSpeedLimit=125;
# BandwidthSchedulerEnabled=true;
UseAlternativeGlobalSpeedLimit=false;
QueueingSystemEnabled=true;
MaxActiveDownloads = 7;
MaxActiveTorrents = 7;
MaxActiveUploads = 3;
GlobalMaxSeedingMinutes=1440;
};
};
Preferences = {
WebUI = {
Username = "lyes";
Password_PBKDF2 = "@ByteArray(5UU0KdjkWdtIdml1aQVDOQ==:qs0cVTkuQzbHA3EmF9++MK9eJstbx95hIR52amh2PSSgmQxrXavu0oxUZdUMWnaIRKkUuq18o9GV+DMb7T99NA==)";
AuthSubnetWhitelistEnabled = true;
# AuthSubnetWhitelist = "192.168.2.2/32";
StatusbarExternalIPDisplayed = true;
};
};
};
};
# users.users.qbittorrent.extraGroups = [ "media" ];
users.users.qbittorrent.isSystemUser = true;
users.users.qbittorrent.group = "media";
}

5
users/lyes/common/packages.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, deploy-rs, ... }:
{
# Packages
@ -9,5 +9,8 @@
sl
jq
pass
# NixOS-related
deploy-rs.packages."${stdenv.hostPlatform.system}".default
];
}