configurations/home-manager/leyla/packages.nix

@@ -76,6 +76,7 @@ in {
             # system tools
             protonvpn-gui
             openvpn
+            nextcloud-client
             noisetorch
 
             # hardware managment tools

configurations/nixos/defiant/configuration.nix

@@ -58,7 +58,6 @@
           folder = "leyla";
           user = "leyla";
           group = "leyla";
-          bind = "/home/leyla/documents";
         }
         {
           folder = "eve";
@@ -70,12 +69,6 @@
           user = "root";
           group = "users";
         }
-        {
-          folder = "media";
-          user = "jellyfin";
-          group = "jellyfin_media";
-          bind = config.host.jellyfin.media_directory;
-        }
       ];
       nfs = {
         enable = true;
@@ -115,7 +108,7 @@
       enable = false;
     };
     nextcloud = {
-      enable = false;
+      enable = true;
       subdomain = "drive";
     };
     sync = {

configurations/nixos/horizon/hardware-configuration.nix

@@ -38,28 +38,40 @@
       fsType = "vfat";
     };
 
-    "/mnt/leyla_documents" = {
+    "/mnt/new_leyla_home" = {
       device = "defiant:/exports/leyla";
       fsType = "nfs";
       options = ["x-systemd.automount" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
     };
 
-    "/mnt/eve_documents" = {
+    "/mnt/new_eve_home" = {
       device = "defiant:/exports/eve";
       fsType = "nfs";
       options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
     };
 
-    "/mnt/users_documents" = {
+    "/mnt/new_users_home" = {
       device = "defiant:/exports/users";
       fsType = "nfs";
       options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
     };
 
-    "/mnt/media" = {
+    "/mnt/leyla_home" = {
-      device = "defiant:/exports/media";
+      device = "server.arpa:/home/leyla";
       fsType = "nfs";
-      options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
+      options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
+    };
+
+    "/mnt/share_home" = {
+      device = "server.arpa:/home/share";
+      fsType = "nfs";
+      options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
+    };
+
+    "/mnt/docker_home" = {
+      device = "server.arpa:/home/docker";
+      fsType = "nfs";
+      options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"];
     };
   };
 

configurations/nixos/twilight/hardware-configuration.nix

@@ -47,22 +47,22 @@
       options = ["fmask=0022" "dmask=0022"];
     };
 
-    "/mnt/leyla_documents" = {
+    "/mnt/leyla_home" = {
-      device = "defiant:/exports/leyla";
+      device = "server.arpa:/home/leyla";
       fsType = "nfs";
       options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
     };
 
-    "/mnt/users_documents" = {
+    "/mnt/share_home" = {
-      device = "defiant:/exports/users";
+      device = "server.arpa:/home/share";
       fsType = "nfs";
       options = ["x-systemd.automount" "user" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
     };
 
-    "/mnt/media" = {
+    "/mnt/docker_home" = {
-      device = "defiant:/exports/media";
+      device = "server.arpa:/home/docker";
       fsType = "nfs";
-      options = ["x-systemd.automount" "noauto" "user" "noatime" "nofail" "soft" "x-systemd.idle-timeout=600" "fsc"];
+      options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"];
     };
   };
 

modules/nixos-modules/server/home-assistant.nix

@@ -1,11 +1,9 @@
 {
   lib,
-  pkgs,
   config,
   ...
 }: let
   configDir = "/var/lib/hass";
-  db_user = "hass";
 in {
   options.host.home-assistant = {
     enable = lib.mkEnableOption "should home-assistant be enabled on this computer";
@@ -18,45 +16,20 @@ in {
 
   config = lib.mkIf config.host.home-assistant.enable (lib.mkMerge [
     {
-      systemd.tmpfiles.rules = [
-        "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass"
-      ];
       services.home-assistant = {
         enable = true;
-        package =
-          (pkgs.home-assistant.override {
-            extraPackages = py: with py; [psycopg2];
-          })
-          .overrideAttrs (oldAttrs: {
-            doInstallCheck = false;
-          });
-        configDir = configDir;
         extraComponents = [
+          "esphome"
           "met"
           "radio_browser"
           "isal"
-          "zha"
-          "jellyfin"
-          "webostv"
-          "tailscale"
-          "syncthing"
-          "sonos"
-          "analytics_insights"
-          "unifi"
-          "minecraft_server"
-          "openweathermap"
         ];
-        config = {
+        config.http = {
-          http = {
+          server_port = 8082;
-            server_port = 8082;
+          use_x_forwarded_for = true;
-            use_x_forwarded_for = true;
+          trusted_proxies = ["127.0.0.1" "::1"];
-            trusted_proxies = ["127.0.0.1" "::1"];
+          ip_ban_enabled = true;
-            ip_ban_enabled = true;
+          login_attempts_threshold = 10;
-            login_attempts_threshold = 10;
-          };
-          recorder.db_url = "postgresql://@/${db_user}";
-          "automation manual" = [];
-          "automation ui" = "!include automations.yaml";
         };
         extraPackages = python3Packages:
           with python3Packages; [
@@ -64,11 +37,6 @@ in {
             gtts
           ];
       };
-      systemd.services.home-assistant = {
-        requires = [
-          "postgresql.service"
-        ];
-      };
       host = {
         reverse_proxy.subdomains.${config.host.home-assistant.subdomain} = {
           target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}";
@@ -76,33 +44,15 @@ in {
           extraConfig = ''
             add_header Upgrade $http_upgrade;
             add_header Connection \"upgrade\";
-
             proxy_set_header Host $host;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
             proxy_set_header X-Forwarded-Host $server_name;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
-            proxy_buffering off;
-
             proxy_read_timeout 90;
           '';
         };
-        postgres = {
-          enable = true;
-          extraUsers = {
-            ${db_user} = {
-              isClient = true;
-              createUser = true;
-            };
-          };
-          extraDatabases = {
-            ${db_user} = {
-              name = db_user;
-            };
-          };
-        };
       };
     }
     (lib.mkIf config.host.impermanence.enable {

modules/nixos-modules/server/jellyfin.nix

@@ -7,6 +7,7 @@
   jellyfinPort = 8096;
   jellyfin_data_directory = "/var/lib/jellyfin";
   jellyfin_cache_directory = "/var/cache/jellyfin";
+  jellyfin_media_directory = "/srv/jellyfin/media";
 in {
   options.host.jellyfin = {
     enable = lib.mkEnableOption "should jellyfin be enabled on this computer";
@@ -20,11 +21,6 @@ in {
       description = "ex subdomain of base domain that jellyfin will be hosted at";
       default = [];
     };
-    media_directory = lib.mkOption {
-      type = lib.types.str;
-      description = "directory jellyfin media will be hosted at";
-      default = "/srv/jellyfin/media";
-    };
   };
 
   config = lib.mkIf config.host.jellyfin.enable (
@@ -130,7 +126,7 @@ in {
             hideMounts = true;
             directories = [
               {
-                directory = config.host.jellyfin.media_directory;
+                directory = jellyfin_media_directory;
                 user = "jellyfin";
                 group = "jellyfin_media";
                 mode = "1770";

modules/nixos-modules/server/network_storage/default.nix

@@ -57,7 +57,7 @@ in {
       # create any folders that we need to have for our exports
       systemd.tmpfiles.rules =
         [
-          "d ${config.host.network_storage.export_directory} 2775 root root -"
+          "d ${config.host.network_storage.export_directory} 2770 root root -"
         ]
         ++ (
           builtins.map (

modules/nixos-modules/server/network_storage/nfs.nix

@@ -38,8 +38,8 @@
         services.nfs.server = {
           enable = true;
           exports = lib.strings.concatLines (
-            lib.lists.imap0 (
+            builtins.map (
-              i: directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt,fsid=${builtins.toString i})"
+              directory: "${directory._directory} 100.64.0.0/10(rw,sync,no_subtree_check,crossmnt)"
             )
             (
               builtins.filter (

modules/nixos-modules/server/postgres.nix

@@ -65,7 +65,6 @@ in {
             ++ (
               builtins.map (user: {
                 name = user.name;
-                ensureDBOwnership = true;
               })
               createUsers
             );