From 2718a905c98ff1c01e498a0e63ead9c8f8a9228e Mon Sep 17 00:00:00 2001 From: tootbrute Date: Fri, 20 Mar 2026 18:09:47 +0800 Subject: [PATCH 1/2] test --- FUTURE-SERVER.md | 1 + README.md | 4 +-- TEST.md | 1 + configuration.nix | 24 +++++++++++++++-- flake.lock | 27 +++++++++++++++++++ flake.nix | 19 +++++++++++++ nix-upgrade.sh | 2 +- rebuild.sh | 3 ++- services/authentik.nix | 55 ++++++++++++++++++++++++++++++++++++++ services/jellyfin-pass.txt | 2 ++ services/jellyfin.nix | 3 +-- 11 files changed, 133 insertions(+), 8 deletions(-) create mode 100644 TEST.md create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 services/authentik.nix create mode 100644 services/jellyfin-pass.txt diff --git a/FUTURE-SERVER.md b/FUTURE-SERVER.md index 0cbf148..fba357b 100644 --- a/FUTURE-SERVER.md +++ b/FUTURE-SERVER.md @@ -25,3 +25,4 @@ Steps I would need to take. # Other Considerations - where to setup docker stuff? +- look at this [nix setup](https://github.com/rwiankowski/homeserver-nixos) and look how they use vars and SOPS diff --git a/README.md b/README.md index 3d46cd1..60696ec 100644 --- a/README.md +++ b/README.md @@ -6,10 +6,10 @@ My test system. - Learn NixOS. - Attempt to make basic media homelab, a la [Yunohost](https://yunohost.org/)[^1]...but declarative, reproducable - Try to avoid Docker -- No flakes +- ~~No flakes~~ ## Tasks -- [X] ZFS for root file system +- [ ] ZFS for root file system (removed because I didn't want to deal with initrd and wifi) - [X] Tailscale - [X] VPS Caddy reverse proxy --> NixOS machine - [X] Setup Jellyfin diff --git a/TEST.md b/TEST.md new file mode 100644 index 0000000..d3ab1f2 --- /dev/null +++ b/TEST.md @@ -0,0 +1 @@ +lkskljkj hello diff --git a/configuration.nix b/configuration.nix index c796cbd..5640f3e 100644 --- a/configuration.nix +++ b/configuration.nix @@ -11,7 +11,8 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix -# ./services/jellyfin.nix + ./services/jellyfin.nix + ./services/authentik.nix # ./services/calibre-web.nix # ./services/glances.nix # ./services/fail2ban.nix @@ -22,11 +23,13 @@ boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; boot.loader.grub.useOSProber = true; + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.extraPools = [ "plakias" ]; # Nix settings nix = { settings = { - #experimental-features = [ "nix-command" "flakes" ]; +# experimental-features = [ "nix-command" "flakes" ]; download-buffer-size = "4G"; warn-dirty = false; }; @@ -42,12 +45,24 @@ # Networking networking.hostName = "knossos"; # Define your hostname. networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.hostId = "f8f05846"; networking.wireless.networks = { # SSID with spaces and/or special characters "Suntek_188" = { psk = "0226203850"; }; + "Suntek_288" = { + psk = "0226203850"; + }; + "Pixel_9407" = { + psk = "dieai888"; + }; + "hercules" = { + psk = "0531thewire"; + }; + + }; # Enable networking @@ -86,6 +101,9 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv96m1nCz3D0lzjzeGa+n4m3krEyl7KZ0tstjIZdTkq elias@bluefin" #acer "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8zlxSVOTCnAgb4U5vkC3ietH3Jd9gLE+FA6UOZp64J elias@arkadi.one" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWN6eeLFbtRJDEebSjoI8FaDOA5bmIzbyTUvX/hPWdh elias@greynix" #asus - greynix + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/akM7XlILO499DvQhDa2+UnbbwaXB76a+XDxr8Yvdw elias@aspire" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFa3Gk2C2HmniiwMyYQ3HFs9M4W+obz2y3HNsEo6DA0c macbookpro" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyRtSVEpOZ08QoOhwfMizYXJxLFCJ/jfIlP4FMD1zga elias@bluefin" #framework ]; linger = true; packages = with pkgs; []; @@ -122,6 +140,7 @@ git neovim emacs + vim tmux #like screen wiper #like ncdu @@ -129,6 +148,7 @@ tcpdump #for wireguard test + ncdu ]; # List services that you want to enable: diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..5e20cab --- /dev/null +++ b/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1766622938, + "narHash": "sha256-Eovt/DOCYjFFBZuYbbG9j5jhklzxdNbUGVYYxh3lG3s=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5900a0a8850cbba98e16d5a7a6ed389402dfcf4f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..15a5423 --- /dev/null +++ b/flake.nix @@ -0,0 +1,19 @@ +{ + description = "NixOS configuration"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; + }; + + outputs = inputs@{ nixpkgs, ... }: { + nixosConfigurations = { + knossos = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + + ]; + }; + }; + }; +} diff --git a/nix-upgrade.sh b/nix-upgrade.sh index 4f07418..ce9b4a1 100755 --- a/nix-upgrade.sh +++ b/nix-upgrade.sh @@ -1,4 +1,4 @@ #!/run/current-system/sw/bin/bash -sudo nixos-rebuild switch -I nixos-config=/home/elias/nixos-knossos/configuration.nix --upgrade +sudo nixos-rebuild switch --flake .# --upgrade diff --git a/rebuild.sh b/rebuild.sh index d8b87db..090f590 100755 --- a/rebuild.sh +++ b/rebuild.sh @@ -1,3 +1,4 @@ #!/run/current-system/sw/bin/bash -sudo nixos-rebuild switch -I nixos-config=/home/elias/nixos-config/configuration.nix +#sudo nixos-rebuild switch -I nixos-config=/home/elias/nixos-knossos/configuration.nix +sudo nixos-rebuild switch --flake .# diff --git a/services/authentik.nix b/services/authentik.nix new file mode 100644 index 0000000..d25f45a --- /dev/null +++ b/services/authentik.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, ... }: + + + +{ + + config = { + + systemd.services.authentik = { + + description = "Run Docker Compose for authentik"; + + after = [ "network.target" "docker.service" ]; + + requires = [ "docker.service" ]; + + wantedBy = [ "multi-user.target" ]; + + + + serviceConfig = { + + Type = "exec"; + + + + # Pull the latest image before running + + ExecStartPre = "/run/current-system/sw/bin/docker compose -f /home/nix/docker/authentik/compose.yaml pull"; + + + + # Bring the service up + + ExecStart = "/run/current-system/sw/bin/docker compose -f /home/nix/docker/authentik/compose.yaml up"; + + + + # Take it down gracefully + + ExecStop = "/run/current-system/sw/bin/docker compose -f /home/nix/docker/authentik/compose.yaml down"; + + + + WorkingDirectory = "/home/nix/docker/authentik"; + + Restart = "on-failure"; + + }; + + }; + + }; + +} diff --git a/services/jellyfin-pass.txt b/services/jellyfin-pass.txt new file mode 100644 index 0000000..a2ccd7a --- /dev/null +++ b/services/jellyfin-pass.txt @@ -0,0 +1,2 @@ +elias +XWEUt0afZmntvdRCkM7X diff --git a/services/jellyfin.nix b/services/jellyfin.nix index 18cee76..b87d371 100644 --- a/services/jellyfin.nix +++ b/services/jellyfin.nix @@ -4,7 +4,7 @@ services.jellyfin = { enable = true; openFirewall = true; - dataDir = "/var/lib/jellyfin"; #default + dataDir = "/mnt/plakias/enc/jellyfin"; #default }; environment.systemPackages = [ @@ -12,5 +12,4 @@ pkgs.jellyfin-web pkgs.jellyfin-ffmpeg ]; - } From ff99902baefa7e79c53c780ee3605d7e19cc9c25 Mon Sep 17 00:00:00 2001 From: tootbrute Date: Fri, 20 Mar 2026 18:11:00 +0800 Subject: [PATCH 2/2] remove some stuff from readme --- README.md | 4 ++-- TEST.md | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) delete mode 100644 TEST.md diff --git a/README.md b/README.md index 60696ec..569d2d2 100644 --- a/README.md +++ b/README.md @@ -9,12 +9,12 @@ My test system. - ~~No flakes~~ ## Tasks -- [ ] ZFS for root file system (removed because I didn't want to deal with initrd and wifi) +- [ ] ~~ZFS for root file system (removed because I didn't want to deal with initrd and wifi)~~ - [X] Tailscale - [X] VPS Caddy reverse proxy --> NixOS machine - [X] Setup Jellyfin - [X] Setup calibre-web -- [X] Setup Transmission +- [] Setup Transmission - [ ] Setup Nextcloud - [ ] Setup systemwide auth system - LDAP? OAuth? OR don't do this diff --git a/TEST.md b/TEST.md deleted file mode 100644 index d3ab1f2..0000000 --- a/TEST.md +++ /dev/null @@ -1 +0,0 @@ -lkskljkj hello