diff --git a/configurations/home-manager/leyla/packages.nix b/configurations/home-manager/leyla/packages.nix index d9f1b32..449e828 100644 --- a/configurations/home-manager/leyla/packages.nix +++ b/configurations/home-manager/leyla/packages.nix @@ -21,7 +21,6 @@ in { lib.lists.optionals userConfig.isTerminalUser ( with pkgs; [ # command line tools - sox yt-dlp ffmpeg imagemagick diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ca9a291..7455812 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -9,12 +9,6 @@ "vpn-keys/tailscale-authkey/defiant" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; }; - "vpn-keys/proton-wireguard/defiant-p2p" = { - sopsFile = "${inputs.secrets}/vpn-keys.yaml"; - mode = "0640"; - owner = "root"; - group = "systemd-network"; - }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; }; @@ -105,79 +99,8 @@ enable = false; }; }; - - systemd.network = { - enable = true; - - config = { - routeTables = { - p2p = 1; - }; - }; - - netdevs = { - "10-bond0" = { - netdevConfig = { - Kind = "bond"; - Name = "bond0"; - }; - bondConfig = { - Mode = "802.3ad"; - TransmitHashPolicy = "layer3+4"; - }; - }; - - "15-p2p0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "p2p0"; - MTUBytes = "1280"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; - ListenPort = 51820; - # RouteTable = "p2p"; - }; - wireguardPeers = [ - { - PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - Endpoint = "185.230.126.146:51820"; - AllowedIPs = ["0.0.0.0/0"]; - RouteTable = "off"; - } - ]; - }; - }; - networks = { - "40-bond0" = { - matchConfig.Name = "bond0"; - linkConfig = { - RequiredForOnline = "degraded-carrier"; - RequiredFamilyForOnline = "any"; - }; - networkConfig.DHCP = "yes"; - - address = [ - "192.168.1.10/32" - ]; - - gateway = ["192.168.1.1"]; - dns = ["192.168.1.1"]; - }; - - "45-p2p0" = { - matchConfig.Name = "p2p0"; - address = [ - "10.2.0.2/32" - ]; - routes = [ - { - Destination = "0.0.0.0/0"; - } - ]; - linkConfig.RequiredForOnline = false; - }; - }; + networking = { + hostId = "c51763d6"; }; services = { @@ -198,7 +121,11 @@ }; desktopManager = { gnome.enable = true; + xterm.enable = false; }; + + # Get rid of xTerm + excludePackages = [pkgs.xterm]; }; ollama = { @@ -257,13 +184,6 @@ networkBridge = "bond0"; hostDevice = "0x10c4:0xea60"; }; - - qbittorrent = { - enable = true; - mediaDir = "/srv/qbittorent"; - openFirewall = true; - webPort = 8084; - }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index d4a638b..3b3ac45 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -34,13 +34,25 @@ networking = { hostName = "defiant"; # Define your hostname. - hostId = "c51763d6"; useNetworkd = true; }; systemd.network = { enable = true; + netdevs = { + "10-bond0" = { + netdevConfig = { + Kind = "bond"; + Name = "bond0"; + }; + bondConfig = { + Mode = "802.3ad"; + TransmitHashPolicy = "layer3+4"; + }; + }; + }; + networks = { "30-eno1" = { matchConfig.Name = "eno1"; @@ -50,6 +62,22 @@ matchConfig.Name = "eno2"; networkConfig.Bond = "bond0"; }; + + "40-bond0" = { + matchConfig.Name = "bond0"; + linkConfig = { + RequiredForOnline = "degraded-carrier"; + RequiredFamilyForOnline = "any"; + }; + networkConfig.DHCP = "yes"; + + address = [ + "192.168.1.10" + ]; + + gateway = ["192.168.1.1"]; + dns = ["192.168.1.1"]; + }; }; }; diff --git a/flake.nix b/flake.nix index ba10d20..c5968db 100644 --- a/flake.nix +++ b/flake.nix @@ -147,8 +147,6 @@ nix-inspect # for installing flakes from this repo onto other systems nixos-anywhere - # for updating disko configurations - disko ]; SOPS_AGE_KEY_DIRECTORY = import ./const/sops_age_key_directory.nix; diff --git a/modules/nixos-modules/desktop.nix b/modules/nixos-modules/desktop.nix index 2182cb2..22a7b65 100644 --- a/modules/nixos-modules/desktop.nix +++ b/modules/nixos-modules/desktop.nix @@ -27,25 +27,7 @@ # Get rid of xTerm desktopManager.xterm.enable = false; - excludePackages = with pkgs; [ - xterm - transmission_4-qt - atomix # puzzle game - cheese # webcam tool - epiphany # web browser - geary # email reader - gedit # text editor - gnome-characters - gnome-music - gnome-photos - gnome-tour - gnome-logs - gnome-maps - hitori # sudoku game - iagno # go game - tali # poker game - yelp # help viewer - ]; + excludePackages = [pkgs.xterm]; }; pipewire = { diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 7beee8b..6c3ba8e 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -11,6 +11,5 @@ ./virt-home-assistant.nix ./adguardhome.nix ./immich.nix - ./qbittorent.nix ]; } diff --git a/modules/nixos-modules/server/qbittorent.nix b/modules/nixos-modules/server/qbittorent.nix deleted file mode 100644 index 9b7b7e8..0000000 --- a/modules/nixos-modules/server/qbittorent.nix +++ /dev/null @@ -1,160 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: let - qbittorent_data_directory = "/var/lib/qbittorrent"; -in { - options.services.qbittorrent = { - enable = lib.mkEnableOption "should the headless qbittorrent service be enabled"; - - dataDir = lib.mkOption { - type = lib.types.path; - default = "/var/lib/qbittorrent"; - description = lib.mdDoc '' - The directory where qBittorrent stores its data files. - ''; - }; - - mediaDir = lib.mkOption { - type = lib.types.path; - description = lib.mdDoc '' - The directory to create to store qbittorrent media. - ''; - }; - - user = lib.mkOption { - type = lib.types.str; - default = "qbittorrent"; - description = lib.mdDoc '' - User account under which qBittorrent runs. - ''; - }; - - group = lib.mkOption { - type = lib.types.str; - default = "qbittorrent"; - description = lib.mdDoc '' - Group under which qBittorrent runs. - ''; - }; - - webPort = lib.mkOption { - type = lib.types.port; - default = 8080; - description = lib.mdDoc '' - qBittorrent web UI port. - ''; - }; - - openFirewall = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Open services.qBittorrent.webPort to the outside network."; - }; - - package = lib.mkOption { - type = lib.types.package; - default = pkgs.qbittorrent-nox; - defaultText = lib.literalExpression "pkgs.qbittorrent-nox"; - description = "The qbittorrent package to use."; - }; - }; - - config = lib.mkIf config.services.qbittorrent.enable (lib.mkMerge [ - { - networking.firewall = lib.mkIf config.services.qbittorrent.openFirewall { - allowedTCPPorts = [config.services.qbittorrent.webPort]; - }; - - systemd.services.qbittorrent = { - # based on the plex.nix service module and - # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in - description = "qBittorrent-nox service"; - documentation = ["man:qbittorrent-nox(1)"]; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; - - serviceConfig = { - Type = "simple"; - User = config.services.qbittorrent.user; - Group = config.services.qbittorrent.group; - - # Run the pre-start script with full permissions (the "!" prefix) so it - # can create the data directory if necessary. - ExecStartPre = let - preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' - #!${pkgs.bash}/bin/bash - - # Create data directory if it doesn't exist - if ! test -d "$QBT_PROFILE"; then - echo "Creating initial qBittorrent data directory in: $QBT_PROFILE" - install -d -m 0755 -o "${config.services.qbittorrent.user}" -g "${config.services.qbittorrent.group}" "$QBT_PROFILE" - fi - ''; - in "!${preStartScript}"; - - #ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; - ExecStart = "${config.services.qbittorrent.package}/bin/qbittorrent-nox"; - # To prevent "Quit & shutdown daemon" from working; we want systemd to - # manage it! - #Restart = "on-success"; - #UMask = "0002"; - #LimitNOFILE = cfg.openFilesLimit; - }; - - environment = { - QBT_PROFILE = config.services.qbittorrent.dataDir; - QBT_WEBUI_PORT = toString config.services.qbittorrent.webPort; - }; - }; - } - (lib.mkIf config.host.impermanence.enable { - fileSystems."/persist/system/qbittorrent".neededForBoot = true; - - host.storage.pool.extraDatasets = { - # sops age key needs to be available to pre persist for user generation - "persist/system/qbittorrent" = { - type = "zfs_fs"; - mountpoint = "/persist/system/qbittorrent"; - options = { - canmount = "on"; - }; - }; - }; - - assertions = [ - { - assertion = config.services.qbittorrent.dataDir == qbittorent_data_directory; - message = "qbittorrent data directory does not match persistence"; - } - ]; - - environment.persistence = { - "/persist/system/root" = { - directories = [ - { - directory = qbittorent_data_directory; - user = "qbittorrent"; - group = "qbittorrent"; - } - ]; - }; - - "/persist/system/qbittorrent" = { - enable = true; - hideMounts = true; - directories = [ - { - directory = config.services.qbittorrent.mediaDir; - user = "qbittorrent"; - group = "qbittorrent"; - mode = "1775"; - } - ]; - }; - }; - }) - ]); -} diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 18cf06f..7bdb3dd 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -23,7 +23,6 @@ ollama = 2008; git = 2009; immich = 2010; - qbittorrent = 2011; }; gids = { @@ -39,7 +38,6 @@ ollama = 2008; git = 2009; immich = 2010; - qbittorrent = 2011; }; users = config.users.users; @@ -161,12 +159,6 @@ in { isSystemUser = true; group = config.users.users.immich.name; }; - - qbittorrent = { - uid = lib.mkForce uids.qbittorrent; - isNormalUser = true; - group = config.users.users.qbittorrent.name; - }; }; groups = { @@ -263,14 +255,6 @@ in { # leyla ]; }; - - qbittorrent = { - gid = lib.mkForce gids.qbittorrent; - members = [ - users.qbittorrent.name - leyla - ]; - }; }; }; }