miloignis/nix_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

By Nathan: commit after adding tachikoma flake/service

Browse Source
This commit is contained in:
Marcus Godwin
2026-06-19 12:39:44 -04:00
parent c11cf32d39
commit dcd3742313
4 changed files with 162 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files
panam.nix
+115 -78
View File
@@ -13,17 +13,17 @@
fileSystems."/boot" = { device = "/dev/disk/by-uuid/BE49-6634"; fsType = "vfat"; };
swapDevices = [ { device = "/dev/disk/by-uuid/9b8aa223-f67b-4c1a-9161-a3daec3dfefc"; } ];
# Mounted data drives for use by glusterfs
fileSystems."/data/brick1" = { device = "/dev/disk/by-label/gfs_ssd1"; fsType = "xfs"; };
#fileSystems."/data/brick1" = { device = "/dev/disk/by-label/gfs_ssd1"; fsType = "xfs"; };
fileSystems."/data/brick2" = { device = "/dev/disk/by-label/gfs_hdd1"; fsType = "xfs"; };
fileSystems."/data/brick3" = { device = "/dev/disk/by-label/gfs_hdd2"; fsType = "xfs"; };
# Glusterfs shared storage
#fileSystems."/ghost_in_the_stream" = { device = "panam:/gv0"; fsType = "glusterfs"; };
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
#hardware.video.hidpi.enable = lib.mkDefault true;
boot.loader.systemd-boot.enable = true;
@@ -57,67 +57,121 @@
};
# Pi Hole + docker setup
virtualisation.oci-containers.backend = "docker";
virtualisation.docker.autoPrune.enable = true;
#virtualisation.oci-containers.backend = "docker";
#virtualisation.docker.autoPrune.enable = true;
virtualisation.oci-containers.containers.pihole = {
#virtualisation.oci-containers.containers.pihole = {
#image = "pihole/pihole:2023.02.2";
image = "pihole/pihole:latest";
ports = [
"5353:53/udp"
"5353:53/tcp"
"9091:80/tcp"
];
volumes = [
"/var/lib/pihole/:/etc/pihole/"
"/var/lib/dnsmasq.d:/etc/dnsmasq.d"
];
environment = {
TZ = config.time.timeZone;
WEB_PORT = "80";
WEBPASSWORD = "critical";
PIHOLE_DNS_ = "172.17.0.1";
REV_SERVER = "true";
REV_SERVER_DOMAIN = "pihole.local";
REV_SERVER_TARGET = "192.168.1.1";
REV_SERVER_CIDR = "192.168.1.0/16";
DNSMASQ_LISTENING = "all";
# image = "pihole/pihole:latest";
# ports = [
# "5353:53/udp"
# "5353:53/tcp"
# "9091:80/tcp"
# ];
# volumes = [
# "/var/lib/pihole/:/etc/pihole/"
# "/var/lib/dnsmasq.d:/etc/dnsmasq.d"
# ];
# environment = {
# TZ = config.time.timeZone;
# WEB_PORT = "80";
# WEBPASSWORD = "critical";
# PIHOLE_DNS_ = "9.9.9.9;2620:fe::fe";
# REV_SERVER = "true";
# REV_SERVER_DOMAIN = "pihole.local";
# REV_SERVER_TARGET = "192.168.4.1";
# REV_SERVER_CIDR = "192.168.4.0/16";
# DNSMASQ_LISTENING = "local";
# VIRTUAL_HOST = "pi.hole";
# };
# extraOptions = [
# "--add-host=host.docker.internal:host-gateway"
# ];
#};
#systemd.services."docker-pihole".postStart = ''
# while ! docker ps | grep pihole; do
# sleep 10s
# echo "Waiting on containers"
# done
# sleep 30s
# docker exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
# docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt"
# docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt"
# docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt"
# docker exec pihole pihole -g
# '';
# Adguard Home
services.adguardhome = {
enable = true;
mutableSettings = true;
openFirewall = true;
settings = {
http = {
address = "127.0.0.1:3000";
};
dns = {
upstream_dns = [
"9.9.9.9#dns.quad9.net"
"1.1.1.1"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
parental_enabled = false;
safe_search = {
enabled = false;
};
};
};
extraOptions = [
"--add-host=host.docker.internal:host-gateway"
];
};
systemd.services."docker-pihole".postStart = ''
while ! docker ps | grep pihole; do
sleep 10s
echo "Waiting on containers"
done
sleep 30s
docker exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt"
docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt"
docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt"
docker exec pihole pihole -g
'';
# Enable flatpak for installing/running steam link software
services.flatpak.enable = true;
# testing
services.jellyfin.enable = true;
services.tachikoma = {
enable = true;
user = "nathan";
config = ''
id = "panam"
database_prefix = "/home/nathan/tachikoma_db"
adam_smasher_your_io_bandwidth = false
reset_interval = 300
port = 8080
[shares.default]
serve = [ "/data/brick1", "/data/brick2", "/data/brick3", "/home/videos" ]
avoid = [ "/data/brick2/grey_share", "/data/brick2/staging", "/data/brick2/cache", "data/brick2/Angel Cop - Remastered", "/data/brick2/Gunbuster - The Complete OVA Series", "/data/brick2/Iria - Zeiram the Animation/", "/data/brick2/Record of Lodoss War- Chronicles of the Heroic Knight" ]
download_dir = "/data/brick2/cache"
mount_point = "/fuse_mount" # this is optional, remove if you don't want to FUSE
max_delete = 30
[shares.a_darker_shade_of_grey]
serve = [ "/data/brick2/grey_share" ]
max_delete = 30
'';
};
programs.fuse.userAllowOther = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.dbus.enable = true;
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk ];
gtkUsePortal = true;
extraPortals = [
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-kde
];
#gtkUsePortal = true;
};
nixpkgs.overlays = [
];
@@ -134,7 +188,7 @@
kanshi # autorandr
bemenu # is this right?
i3status
ffmpeg_5-full
ffmpeg_7-full
];
};
@@ -144,29 +198,34 @@
};
};
# For steam, and Vulkan in general
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = true;
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.opengl = {
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
];
};
programs.bash.shellAliases = {
steamlink = "flatpak run com.valvesoftware.SteamLink";
};
environment.systemPackages = with pkgs; [
tmux vim wget curl git w3m iftop iotop killall file unzip zip ripgrep imv killall gomuks htop
firefox-wayland chromium gnome.nautilus
vlc steam transmission-gtk mupdf
tmux vim wget curl git w3m iftop iotop killall file unzip zip ripgrep imv killall htop
firefox pkgs.nautilus vlc steam
foot pavucontrol pywal
sway wayland glib dracula-theme gnome.adwaita-icon-theme wl-clipboard
sway wayland glib dracula-theme pkgs.adwaita-icon-theme wl-clipboard
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
(pkgs.writeTextFile {
name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment";
@@ -213,27 +272,5 @@
services.tailscale.enable = true;
networking.firewall.enable = false;
#services.pihole = {
#enable = true;
#hostConfig = {
#user = "pihole";
#enableLingeringForUser = true;
#persistVolumes = true;
#dnsPort = 5335;
#webPort = 8080;
#};
#piholeConfig.ftl = {
#LOCAL_IPV4 = "192.168.4.200";
#};
#piholeConfig.web = {
#virtualHost = "pi.hole";
#password = "password";
#};
#};
#networking.firewall.interfaces.eth0 = {
#allowedTCPPorts = [ 5335 8080 ];
#allowedUDPPorts = [ 5335 ];
#};
})