some stuff

2024-05-10 19:39:17 +02:00 · 2024-05-10 19:39:17 +02:00 · cd8343c0c4
commit cd8343c0c4
parent 68bee9a3aa
38 changed files with 992 additions and 206 deletions
--- a/hosts/nixdesk/default.nix
+++ b/hosts/nixdesk/default.nix
@ -1,13 +1,10 @@
 {
  pkgs,
  inputs,
+  lib,
  ...
 }: {
  imports = [
-    inputs.hardware.nixosModules.common-cpu-amd
-    inputs.hardware.nixosModules.common-gpu-amd
-    inputs.hardware.nixosModules.common-pc-ssd
-
    ./hardware.nix
  ];

--- a/hosts/nixdesk/gigabyte-b550-fix.nix
+++ b/hosts/nixdesk/gigabyte-b550-fix.nix
@ -0,0 +1,37 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  # From https://github.com/NixOS/nixos-hardware/blob/master/gigabyte/b550/b550-fix-suspend.nix using until
+  # it has been merged into the flake.
+  systemd.services.bugfixSuspend-GPP0 = {
+    enable = lib.mkDefault true;
+    description = "Fix crash on wakeup from suspend/hibernate (b550 bugfix)";
+    unitConfig = {
+      Type = "oneshot";
+    };
+    serviceConfig = {
+      User = "root"; # root may not be necessary
+      # check for gppN, disable if enabled
+      # lifted from  https://www.reddit.com/r/gigabyte/comments/p5ewjn/comment/ksbm0mb/ /u/Demotay
+      ExecStart = "-${pkgs.bash}/bin/bash -c 'if grep 'GPP0' /proc/acpi/wakeup | grep -q 'enabled'; then echo 'GPP0' > /proc/acpi/wakeup; fi'";
+      RemainAfterExit = "yes"; # required to not toggle when `nixos-rebuild switch` is ran
+    };
+    wantedBy = ["multi-user.target"];
+  };
+
+  systemd.services.bugfixSuspend-GPP8 = {
+    enable = lib.mkDefault true;
+    description = "Fix crash on wakeup from suspend/hibernate (b550 bugfix)";
+    unitConfig = {
+      Type = "oneshot";
+    };
+    serviceConfig = {
+      User = "root";
+      ExecStart = "-${pkgs.bash}/bin/bash -c 'if grep 'GPP8' /proc/acpi/wakeup | grep -q 'enabled'; then echo 'GPP8' > /proc/acpi/wakeup; fi'";
+      RemainAfterExit = "yes";
+    };
+    wantedBy = ["multi-user.target"];
+  };
+}
--- a/hosts/nixdesk/hardware.nix
+++ b/hosts/nixdesk/hardware.nix
@ -1,4 +1,10 @@
-{...}: {
+{inputs, ...}: {
+  imports = [
+    inputs.hardware.nixosModules.common-cpu-amd
+    inputs.hardware.nixosModules.common-gpu-amd
+    inputs.hardware.nixosModules.common-pc-ssd
+    ./gigabyte-b550-fix.nix
+  ];
  boot = {
    initrd = {
      availableKernelModules = [
--- a/hosts/nixdesk/jellyfin.nix
+++ b/hosts/nixdesk/jellyfin.nix
@ -0,0 +1,94 @@
+{config, ...}: {
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "xunuwu@gmail.com";
+      reloadServices = ["podman-caddy.service"];
+    };
+    certs = {
+      "xun.cam" = {
+        dnsProvider = "cloudflare";
+        credentialFiles = {
+          CF_DNS_API_TOKEN_FILE = config.sops.secrets.cloudflare.path;
+        };
+        extraDomainNames = ["jellyfin.desktop.xun.cam"];
+      };
+    };
+  };
+
+  virtualisation.podman = {
+    enable = true;
+    autoPrune.enable = true;
+    dockerSocket.enable = true;
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /media/config/caddy/data 0750 root root -"
+    "d /media/config/caddy/config 0750 root root -"
+    "d /media/config/jellyfin/config 0750 root root -"
+    "d /media/config/jellyfin/cache 0750 root root -"
+    "d /media/library 0750 root root -"
+  ];
+
+  virtualisation.oci-containers = {
+    backend = "podman";
+
+    containers = {
+      gluetun = {
+        image = "qmcgaw/gluetun:v3";
+        volumes = [
+          "${config.sops.secrets.wireguard.path}:/gluetun/wireguard/wg0.conf"
+        ];
+        ports = [
+          ## This bypasses the firewall
+          ## use 127.0.0.1:XXXX:XXXX if you only want it to be accessible locally
+          "8096:8096" # jellyfin local network
+          "60926:60926" # jellyfin
+        ];
+
+        environment = {
+          VPN_SERVICE_PROVIDER = "airvpn";
+          VPN_TYPE = "wireguard";
+          SERVER_COUNTRIES = "Netherlands";
+          FIREWALL_VPN_INPUT_PORTS = "60926";
+        };
+
+        extraOptions = [
+          "--cap-add=NET_ADMIN"
+          "--device=/dev/net/tun:/dev/net/tun"
+        ];
+      };
+      jellyfin = {
+        image = "jellyfin/jellyfin";
+        volumes = [
+          "/media/config/jellyfin/config:/config"
+          "/media/config/jellyfin/cache:/cache"
+          "/media/library:/library"
+        ];
+        dependsOn = ["gluetun"];
+        extraOptions = [
+          "--network=container:gluetun"
+          "--device=/dev/dri:/dev/dri"
+        ];
+      };
+      caddy = {
+        image = "caddy";
+        volumes = [
+          "${builtins.toFile "Caddyfile" ''
+            https://jellyfin.desktop.xun.cam:60926 {
+              tls /etc/ssl/certs/xun.cam/cert.pem /etc/ssl/certs/xun.cam/key.pem
+              reverse_proxy localhost:8096
+            }
+          ''}:/etc/caddy/Caddyfile"
+          "/var/lib/acme/xun.cam:/etc/ssl/certs/xun.cam"
+          "/media/config/caddy/data:/data"
+          "/media/config/caddy/config:/config"
+        ];
+        dependsOn = ["gluetun"];
+        extraOptions = [
+          "--network=container:gluetun"
+        ];
+      };
+    };
+  };
+}