From 312b1d6fa069d4301806596800aead1b011953e6 Mon Sep 17 00:00:00 2001 From: zuckerberg <5-zuckerberg@users.noreply.git.neet.dev> Date: Fri, 4 Jun 2021 09:02:07 -0400 Subject: [PATCH] fix container --- common/common.nix | 2 ++ common/pc/de.nix | 8 ------ common/zerotier.nix | 3 +++ machines/mitty/configuration.nix | 42 +++++++++++++++++++++++++------- 4 files changed, 38 insertions(+), 17 deletions(-) diff --git a/common/common.nix b/common/common.nix index 12701e2..1f14ca6 100644 --- a/common/common.nix +++ b/common/common.nix @@ -33,6 +33,8 @@ wget kakoune htop git dnsutils tmux nethogs iotop ]; + nixpkgs.config.allowUnfree = true; + users.mutableUsers = false; users.users.googlebot = { isNormalUser = true; diff --git a/common/pc/de.nix b/common/pc/de.nix index cb642c6..f7dc268 100644 --- a/common/pc/de.nix +++ b/common/pc/de.nix @@ -23,14 +23,6 @@ in { }; config = lib.mkIf cfg.enable { - # allow specific unfree packages - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "tigervnc" "font-bh-lucidatypewriter" # tigervnc - "steam" "steam-original" "steam-runtime" # TODO move to steam.nix - "discord" # TODO move to discord.nix - "chromium" "chrome-widevine-cdm" "chromium-unwrapped" # widevine support - ]; - # vulkan hardware.opengl.driSupport = true; hardware.opengl.driSupport32Bit = true; diff --git a/common/zerotier.nix b/common/zerotier.nix index 95b2ae8..cbbde1b 100644 --- a/common/zerotier.nix +++ b/common/zerotier.nix @@ -7,5 +7,8 @@ in { services.zerotierone.joinNetworks = [ "565799d8f6d654c0" ]; + networking.firewall.allowedUDPPorts = [ + 9993 + ]; }; } \ No newline at end of file diff --git a/machines/mitty/configuration.nix b/machines/mitty/configuration.nix index 19c2182..6ee1005 100644 --- a/machines/mitty/configuration.nix +++ b/machines/mitty/configuration.nix @@ -26,20 +26,44 @@ services.nginx.enable = true; - zerotier.enable = true; + services.zerotier.enable = true; containers.jellyfin = { - pia.enable = true; - zerotier.enable = true; - nixpkgs.pkgs = pkgs; + ephemeral = true; + autoStart = true; + bindMounts = { + "/var/lib" = { + hostPath = "/var/lib/"; + isReadOnly = false; + }; + }; + bindMounts = { + "/secret" = { + hostPath = "/secret"; + isReadOnly = true; + }; + }; + privateNetwork = true; + hostAddress = "172.16.100.1"; + localAddress = "172.16.100.2"; + config = { config, pkgs, ... }: { + imports = [ ../../common/common.nix ]; + pia.enable = true; + services.zerotier.enable = true; + nixpkgs.pkgs = pkgs; - services.radarr.enable = true; - services.bazarr.enable = true; - services.sonarr.enable = true; - services.deluge.enable = true; - services.deluge.web.enable = true; + services.radarr.enable = true; + services.bazarr.enable = true; + services.sonarr.enable = true; + services.deluge.enable = true; + services.deluge.web.enable = true; + }; }; + networking.nat.enable = true; + networking.nat.internalInterfaces = [ "ve-*" ]; + networking.nat.externalInterface = "ens3"; + security.acme.acceptTerms = true; security.acme.email = "letsencrypt+5@tar.ninja"; }