From d0f47c9b49fb82e5e3c8c4876cb85d076b326d28 Mon Sep 17 00:00:00 2001 From: Dennis Schoepf Date: Thu, 26 Dec 2024 01:07:32 +0100 Subject: [PATCH] Adds configuration for jellyfin, samba and syncthing --- hosts/dnsc-server/default.nix | 119 +++++++++++++++++++++++++++++++--- 1 file changed, 109 insertions(+), 10 deletions(-) diff --git a/hosts/dnsc-server/default.nix b/hosts/dnsc-server/default.nix index c55a4e5..b0210e1 100644 --- a/hosts/dnsc-server/default.nix +++ b/hosts/dnsc-server/default.nix @@ -6,11 +6,10 @@ pkgs, ... }: { - imports = - [ - ./hardware-configuration.nix - inputs.home-manager.nixosModules.home-manager - ]; + imports = [ + ./hardware-configuration.nix + inputs.home-manager.nixosModules.home-manager + ]; # General time.timeZone = "Europe/Berlin"; @@ -22,6 +21,7 @@ boot.loader.systemd-boot.configurationLimit = 10; boot.supportedFilesystems = [ "zfs" ]; boot.zfs.forceImportRoot = false; + boot.zfs.extraPools = [ "main" ]; # Nix Settings # Perform garbage collection weekly to maintain low disk usage @@ -36,6 +36,15 @@ networking.hostName = "dnsc-server"; networking.hostId = "380f584e"; networking.networkmanager.enable = true; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + 8384 # Syncthing GUI + 22000 # Syncthing + ]; + networking.firewall.allowedUDPPorts = [ + 22000 # Syncthing + 21027 # Syncthing + ]; # My user account users.users.dennis = { @@ -64,6 +73,9 @@ btop neovim wget + jellyfin + jellyfin-web + jellyfin-ffmpeg ]; # Programs @@ -74,7 +86,7 @@ }; # Services - # SSH Settings + # SSH services.openssh = { enable = true; settings = { @@ -85,10 +97,97 @@ openFirewall = true; }; - # Firewall Settings - networking.firewall.enable = true; - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; + # ZFS + services.zfs = { + autoSnapshot.enable = true; + trim.enable = true; + }; + + # Samba + services.samba = { + enable = true; + securityType = "user"; + openFirewall = true; + settings = { + global = { + "workgroup" = "WORKGROUP"; + "security" = "user"; + #"use sendfile" = "yes"; + #"max protocol" = "smb2"; + # note: localhost is the ipv6 localhost ::1 + "hosts allow" = "192.168.178. 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "share" = { + "path" = "/main/share"; + "browseable" = "yes"; + "writeable" = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "force user" = "dennis"; + "force group" = "users"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.avahi = { + publish.enable = true; + publish.userServices = true; + nssmdns4 = true; + enable = true; + openFirewall = true; + }; + + # Jellyfin + services.jellyfin = { + enable = true; + openFirewall = true; + }; + + nixpkgs.config.packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + intel-vaapi-driver + vaapiVdpau + intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) + vpl-gpu-rt # QSV on 11th gen or newer + intel-media-sdk # QSV up to 11th gen + ]; + }; + + # Tailscale + services.tailscale.enable = true; + + # Syncthing + services.syncthing = { + enable = true; + group = "users"; + guiAddress = "0.0.0.0:8384"; + user = "dennis"; + dataDir = "/home/dennis/sync"; + configDir = "/home/dennis/sync/.config/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + "dnsc-pixel" = { id = "FD4XYVI-UZCBEXZ-OATLR3Y-7ZZPQOA-MFWP3Q7-OFNZY33-XH4TJAF-KVHW2AI"; }; + "dnsc-air" = { id = "RYFO5XN-RRZZQI3-4W5DPHO-C7OKL5N-ZUQUBEI-ZKSWUHM-2BMTFRY-MDC7MA3"; }; + }; + }; + }; + systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Environment variables environment.variables.EDITOR = "nvim";