jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: jan-leila:67eee18d7f593f5fac6054d7173dc72ff68a2d15
Branches Tags
jan-leila:main
jan-leila:storage-refactor
...
compare: jan-leila:3302af38b38ab61ea9de9f065ac213da3d8d2e58
Branches Tags
jan-leila:main
jan-leila:storage-refactor

2 commits
67eee18d7f ... 3302af38b3

Author SHA1 Message Date
Leyla Becker
3302af38b3 feat: moved legacy datasets from main into defiant configuration 2026-02-08 12:50:58 -06:00
Leyla Becker
18c738cc2f feat: disabled impermanence for all the needed services 2026-02-08 12:37:42 -06:00
3 changed files with 242 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

29
configurations/nixos/defiant/configuration.nix
View file

@ -226,6 +226,7 @@
postgresql = { postgresql = {
enable = true; enable = true;
adminUsers = ["leyla"]; adminUsers = ["leyla"];
impermanence.enable = false;
}; };
# temp enable desktop environment for setup # temp enable desktop environment for setup
@ -244,6 +245,7 @@
reverseProxy = { reverseProxy = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
impermanence.enable = false;
acme = { acme = {
enable = true; enable = true;
email = "jan-leila@protonmail.com"; email = "jan-leila@protonmail.com";
@ -253,6 +255,7 @@
ollama = { ollama = {
enable = true; enable = true;
exposePort = true; exposePort = true;
impermanence.enable = false;
environmentVariables = { environmentVariables = {
OLLAMA_KEEP_ALIVE = "24h"; OLLAMA_KEEP_ALIVE = "24h";
@ -287,6 +290,7 @@
enable = true; enable = true;
authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path; authKeyFile = config.sops.secrets."vpn-keys/tailscale-authkey/defiant".path;
useRoutingFeatures = "server"; useRoutingFeatures = "server";
impermanence.enable = false;
extraUpFlags = [ extraUpFlags = [
"--advertise-exit-node" "--advertise-exit-node"
"--advertise-routes=192.168.0.0/24" "--advertise-routes=192.168.0.0/24"
@ -299,24 +303,33 @@
]; ];
}; };
syncthing.enable = true; syncthing = {
enable = true;
impermanence.enable = false;
};
fail2ban.enable = true; fail2ban = {
enable = true;
impermanence.enable = false;
};
jellyfin = { jellyfin = {
enable = true; enable = true;
domain = "media.jan-leila.com"; domain = "media.jan-leila.com";
extraDomains = ["jellyfin.jan-leila.com"]; extraDomains = ["jellyfin.jan-leila.com"];
impermanence.enable = false;
}; };
immich = { immich = {
enable = true; enable = true;
domain = "photos.jan-leila.com"; domain = "photos.jan-leila.com";
impermanence.enable = false;
}; };
forgejo = { forgejo = {
enable = true; enable = true;
reverseProxy.domain = "git.jan-leila.com"; reverseProxy.domain = "git.jan-leila.com";
impermanence.enable = false;
}; };
searx = { searx = {
@ -327,6 +340,7 @@
actual = { actual = {
enable = true; enable = true;
domain = "budget.jan-leila.com"; domain = "budget.jan-leila.com";
impermanence.enable = false;
}; };
home-assistant = { home-assistant = {
@ -334,6 +348,7 @@
domain = "home.jan-leila.com"; domain = "home.jan-leila.com";
openFirewall = true; openFirewall = true;
postgres.enable = true; postgres.enable = true;
impermanence.enable = false;
extensions = { extensions = {
sonos.enable = true; sonos.enable = true;
@ -346,11 +361,13 @@
enable = true; enable = true;
domain = "documents.jan-leila.com"; domain = "documents.jan-leila.com";
passwordFile = config.sops.secrets."services/paperless_password".path; passwordFile = config.sops.secrets."services/paperless_password".path;
impermanence.enable = false;
}; };
panoramax = { panoramax = {
enable = false; enable = false;
openFirewall = true; openFirewall = true;
impermanence.enable = false;
}; };
crab-hole = { crab-hole = {
@ -358,6 +375,7 @@
port = 8085; port = 8085;
openFirewall = true; openFirewall = true;
show_doc = true; show_doc = true;
impermanence.enable = false;
downstreams = { downstreams = {
host = { host = {
enable = true; enable = true;
@ -373,31 +391,38 @@
mediaDir = "/srv/qbittorent"; mediaDir = "/srv/qbittorent";
openFirewall = true; openFirewall = true;
webuiPort = 8084; webuiPort = 8084;
impermanence.enable = false;
}; };
sonarr = { sonarr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
impermanence.enable = false;
}; };
radarr = { radarr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
impermanence.enable = false;
}; };
bazarr = { bazarr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
impermanence.enable = false;
}; };
lidarr = { lidarr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
impermanence.enable = false;
}; };
jackett = { jackett = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
impermanence.enable = false;
}; };
flaresolverr = { flaresolverr = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
impermanence.enable = false;
}; };
}; };

1
configurations/nixos/defiant/default.nix
View file

@ -4,5 +4,6 @@
./hardware-configuration.nix ./hardware-configuration.nix
./configuration.nix ./configuration.nix
./packages.nix ./packages.nix
./legacy-impermanence.nix
]; ];
} }

214
configurations/nixos/defiant/legacy-impermanence.nix Normal file
View file

@ -0,0 +1,214 @@
# Legacy impermanence module for defiant
# This module contains all the impermanence configurations that were previously
# handled by individual service modules on the main branch. It allows us to
# merge the storage-refactor branch into main while keeping current functionality,
# and then migrate services one at a time to the new automated impermanence system.
#
# To migrate a service to the new system:
# 1. Remove the service's configuration from this file
# 2. Set `impermanence.enable = true` for that service in configuration.nix
# 3. Remove `impermanence.enable = false` from the service configuration
{
config,
lib,
...
}: {
config = lib.mkIf config.storage.impermanence.enable {
environment.persistence."/persist/replicate/system/root" = {
enable = true;
hideMounts = true;
directories = lib.mkMerge [
# PostgreSQL
(lib.mkIf config.services.postgresql.enable [
{
directory = "/var/lib/postgresql/16";
user = "postgres";
group = "postgres";
}
])
# Reverse Proxy (ACME)
(lib.mkIf config.services.reverseProxy.enable [
{
directory = "/var/lib/acme";
user = "acme";
group = "acme";
}
])
# Ollama
(lib.mkIf config.services.ollama.enable [
{
directory = "/var/lib/private/ollama";
user = config.services.ollama.user;
group = config.services.ollama.group;
mode = "0700";
}
])
# Tailscale
(lib.mkIf config.services.tailscale.enable [
{
directory = "/var/lib/tailscale";
user = "root";
group = "root";
}
])
# Syncthing
(lib.mkIf config.services.syncthing.enable [
{
directory = "/mnt/sync";
user = "syncthing";
group = "syncthing";
}
{
directory = "/etc/syncthing";
user = "syncthing";
group = "syncthing";
}
])
# Fail2ban
(lib.mkIf config.services.fail2ban.enable [
{
directory = "/var/lib/fail2ban";
user = "fail2ban";
group = "fail2ban";
}
])
# Jellyfin
(lib.mkIf config.services.jellyfin.enable [
{
directory = "/var/lib/jellyfin";
user = "jellyfin";
group = "jellyfin";
}
{
directory = "/var/cache/jellyfin";
user = "jellyfin";
group = "jellyfin";
}
])
# Immich
(lib.mkIf config.services.immich.enable [
{
directory = "/var/lib/immich";
user = "immich";
group = "immich";
}
])
# Forgejo
(lib.mkIf config.services.forgejo.enable [
{
directory = "/var/lib/forgejo";
user = "forgejo";
group = "forgejo";
}
])
# Actual
(lib.mkIf config.services.actual.enable [
{
directory = "/var/lib/private/actual";
user = "actual";
group = "actual";
}
])
# Home Assistant
(lib.mkIf config.services.home-assistant.enable [
{
directory = "/var/lib/hass";
user = "hass";
group = "hass";
}
])
# Paperless
(lib.mkIf config.services.paperless.enable [
{
directory = "/var/lib/paperless";
user = "paperless";
group = "paperless";
}
])
# Crab-hole
(lib.mkIf config.services.crab-hole.enable [
{
directory = "/var/lib/private/crab-hole";
user = "crab-hole";
group = "crab-hole";
}
])
# qBittorrent
(lib.mkIf config.services.qbittorrent.enable [
{
directory = "/var/lib/qBittorrent/";
user = "qbittorrent";
group = "qbittorrent";
}
])
# Sonarr
(lib.mkIf config.services.sonarr.enable [
{
directory = "/var/lib/sonarr/.config/NzbDrone";
user = "sonarr";
group = "sonarr";
}
])
# Radarr
(lib.mkIf config.services.radarr.enable [
{
directory = "/var/lib/radarr/.config/Radarr";
user = "radarr";
group = "radarr";
}
])
# Bazarr
(lib.mkIf config.services.bazarr.enable [
{
directory = "/var/lib/bazarr";
user = "bazarr";
group = "bazarr";
}
])
# Lidarr
(lib.mkIf config.services.lidarr.enable [
{
directory = "/var/lib/lidarr/.config/Lidarr";
user = "lidarr";
group = "lidarr";
}
])
# Jackett
(lib.mkIf config.services.jackett.enable [
{
directory = "/var/lib/jackett/.config/Jackett";
user = "jackett";
group = "jackett";
}
])
# FlareSolverr
(lib.mkIf config.services.flaresolverr.enable [
{
directory = "/var/lib/flaresolverr";
user = "flaresolverr";
group = "flaresolverr";
}
])
];
};
};
}