nixos-config/aplysia.nix

{ config, pkgs, ... }:

let
  trnsmssnIface = "wg-trnsmssn";
in
{
  imports =
    [
      ./common-headless.nix
    ];

  boot.supportedFilesystems = ["zfs"];
  boot.loader.grub = {
    enable = true;
    version = 2;
    zfsSupport = true;
    mirroredBoots = [
      { devices = [ "/dev/sda" ]; path = "/boota"; }
      { devices = [ "/dev/sdb" ]; path = "/bootb"; }
      { devices = [ "/dev/sdc" ]; path = "/bootc"; }
      { devices = [ "/dev/sdd" ]; path = "/bootd"; }
      { devices = [ "/dev/sde" ]; path = "/boote"; }
      { devices = [ "/dev/sdf" ]; path = "/bootf"; }
    ];
  };

  networking = {
    hostName = "aplysia";
    hostId = "34a820f1";
  };

  users = {
    users = {
      gebner.extraGroups = [
        "transmission"
        "nilotica"
      ];

      nilotica = {
        group = "nilotica";
      };
    };

    groups = {
      nilotica = {};
    };
  };

  boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;

  system.stateVersion = "17.03";

  fileSystems."/mnt/aplysia" = pkgs.lib.mkOverride 10 {
    device = "aplysia/export";
    fsType = "zfs";
  };

  fileSystems."/boota".options = [ "nofail" ];
  fileSystems."/bootb".options = [ "nofail" ];
  fileSystems."/bootc".options = [ "nofail" ];
  fileSystems."/bootd".options = [ "nofail" ];
  fileSystems."/boote".options = [ "nofail" ];
  fileSystems."/bootf".options = [ "nofail" ];

  services.samba = {
    enable = true;
    extraConfig = ''
      passdb backend = tdbsam
      unix password sync = no
    '';
    shares = {
      export = {
        "guest ok" = "no";
        "read only" = "no";
        path = "/mnt/aplysia";
      };
    };
  };

  containers.trnsmssn =
  let
    homeDir = "/mnt/aplysia/torrents";
  in rec {
    config = {
      services.transmission = {
        enable = true;
        settings = {
          download-dir = homeDir;
          incomplete-dir = homeDir;

          speed-limit-down = 5000;
          speed-limit-down-enabled = true;
          speed-limit-up = 800;
          speed-limit-up-enabled = true;

          peer-port = 7455;

          rpc-whitelist-enabled = false;
        };
      };

      networking.firewall = {
        enable = true;
        interfaces.${trnsmssnIface}.allowedTCPPorts = [
          config.services.transmission.settings.peer-port
        ];
        interfaces.eth0.allowedTCPPorts = [
          9091
        ];
      };

      networking.nameservers = [ "193.138.218.74" ];

      networking.interfaces.${trnsmssnIface} = {
        ipv4.addresses = [ { address = "10.64.157.93"; prefixLength = 32; } ];
        ipv6.addresses = [ { address = "fc00:bbbb:bbbb:bb01::1:9d5c"; prefixLength = 128; } ];
        ipv4.routes = [
          { address = "0.0.0.0"; prefixLength = 1; }
          { address = "128.0.0.0"; prefixLength = 1; }
        ];
        ipv6.routes = [ { address = "::"; prefixLength = 0; } ];
      };

      environment.systemPackages = with pkgs; [ wireguard ];
    };

    privateNetwork = true;
    interfaces = [ trnsmssnIface ];

    hostAddress = "192.168.100.10";
    localAddress = "192.168.100.11";

    autoStart = true;

    bindMounts.${homeDir} = {
      hostPath = homeDir;
      isReadOnly = false;
    };
  };

  networking.wireguard = {
    enable = true;
    interfaces.${trnsmssnIface} = {
      privateKeyFile = "/etc/wgkeys/mullvad";
      peers = [
        {
          allowedIPs = ["0.0.0.0/0" "::/0"];
          publicKey = "pKcMMeC4jMUxSU5pH1orvp4//GrY8is+y9JRfVP3+BY=";
          endpoint = "se6-wireguard.mullvad.net:51820";
        }
      ];
      allowedIPsAsRoutes = false;
    };
  };
  systemd.services."container@trnsmssn" = {
    requires = [ "wireguard-${trnsmssnIface}.service" ];
    after = [ "wireguard-${trnsmssnIface}.service" ];
  };

  users.users = [
    { name = "transmission";
      group = "transmission";
      uid = config.ids.uids.transmission;
    }
  ];

  users.groups = [
    { name = "transmission";
      gid = config.ids.gids.transmission;
    }
  ];

  networking.firewall = {
    allowedTCPPorts = [
      445 139 # samba
    ];
    allowedUDPPorts = [
      137 138 # samba
    ];
  };

  services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    virtualHosts."transmission-proxy" = {
      serverName = "localhost";
      listen = [
        { addr = "localhost"; port = 9091; }
      ];
      locations."/transmission/" = {
        proxyPass = "http://192.168.100.11:9091";
        proxyWebsockets = true;
      };
    };
  };

  environment.systemPackages = with pkgs; [
    transmission
    samba
  ];

  # hdd spindown
  powerManagement.powerUpCommands = ''
    ${pkgs.hdparm}/bin/hdparm -B127 -S100 /dev/sd{a,b,c,d,e,f}
  '';

}
aplysia 2017-08-05 09:17:30 +02:00			`{ config, pkgs, ... }:`

aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`let`
			`trnsmssnIface = "wg-trnsmssn";`
			`in`
aplysia 2017-08-05 09:17:30 +02:00			`{`
			`imports =`
			`[`
			`./common-headless.nix`
			`];`

			`boot.supportedFilesystems = ["zfs"];`
aplysia: enable samba 2017-08-05 10:27:17 +02:00			`boot.loader.grub = {`
			`enable = true;`
			`version = 2;`
			`zfsSupport = true;`
			`mirroredBoots = [`
			`{ devices = [ "/dev/sda" ]; path = "/boota"; }`
			`{ devices = [ "/dev/sdb" ]; path = "/bootb"; }`
			`{ devices = [ "/dev/sdc" ]; path = "/bootc"; }`
			`{ devices = [ "/dev/sdd" ]; path = "/bootd"; }`
			`{ devices = [ "/dev/sde" ]; path = "/boote"; }`
			`{ devices = [ "/dev/sdf" ]; path = "/bootf"; }`
			`];`
			`};`

			`networking = {`
			`hostName = "aplysia";`
			`hostId = "34a820f1";`
			`};`
aplysia 2017-08-05 09:17:30 +02:00
aplysia: use new users.users attribute 2019-11-03 16:21:04 +01:00			`users = {`
			`users = {`
			`gebner.extraGroups = [`
			`"transmission"`
			`"nilotica"`
			`];`
aplysia: add nilotica user 2019-11-03 16:13:59 +01:00
aplysia: use new users.users attribute 2019-11-03 16:21:04 +01:00			`nilotica = {`
			`group = "nilotica";`
			`};`
			`};`

			`groups = {`
			`nilotica = {};`
			`};`
aplysia: add nilotica user 2019-11-03 16:13:59 +01:00			`};`
clean up aplysia 2017-08-05 09:18:11 +02:00
aplysia 2017-08-05 09:17:30 +02:00			`boot.kernelPackages = pkgs.lib.mkOverride 10 pkgs.linuxPackages;`

			`system.stateVersion = "17.03";`

aplysia: enable samba 2017-08-05 10:27:17 +02:00			`fileSystems."/mnt/aplysia" = pkgs.lib.mkOverride 10 {`
			`device = "aplysia/export";`
			`fsType = "zfs";`
			`};`

aplysia: nofail boot & transmission config 2018-11-12 19:04:38 +01:00			`fileSystems."/boota".options = [ "nofail" ];`
			`fileSystems."/bootb".options = [ "nofail" ];`
			`fileSystems."/bootc".options = [ "nofail" ];`
			`fileSystems."/bootd".options = [ "nofail" ];`
			`fileSystems."/boote".options = [ "nofail" ];`
			`fileSystems."/bootf".options = [ "nofail" ];`

aplysia: enable samba 2017-08-05 10:27:17 +02:00			`services.samba = {`
			`enable = true;`
			`extraConfig = ''`
			`passdb backend = tdbsam`
			`unix password sync = no`
			`'';`
			`shares = {`
			`export = {`
			`"guest ok" = "no";`
aplysia: fix transmission and samba services 2017-08-05 17:48:15 +02:00			`"read only" = "no";`
aplysia: enable samba 2017-08-05 10:27:17 +02:00			`path = "/mnt/aplysia";`
			`};`
			`};`
			`};`

aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`containers.trnsmssn =`
			`let`
			`homeDir = "/mnt/aplysia/torrents";`
			`in rec {`
			`config = {`
			`services.transmission = {`
aplysia: enable transmission again 2019-10-15 21:56:40 +02:00			`enable = true;`
aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`settings = {`
			`download-dir = homeDir;`
			`incomplete-dir = homeDir;`

			`speed-limit-down = 5000;`
			`speed-limit-down-enabled = true;`
			`speed-limit-up = 800;`
			`speed-limit-up-enabled = true;`

aplysia: enable transmission again 2019-10-15 21:56:40 +02:00			`peer-port = 7455;`
aplysia: proxy transmission rpc 2019-10-16 00:20:57 +02:00
			`rpc-whitelist-enabled = false;`
aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`};`
			`};`

			`networking.firewall = {`
			`enable = true;`
aplysia: proxy transmission rpc 2019-10-16 00:20:57 +02:00			`interfaces.${trnsmssnIface}.allowedTCPPorts = [`
aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`config.services.transmission.settings.peer-port`
			`];`
aplysia: proxy transmission rpc 2019-10-16 00:20:57 +02:00			`interfaces.eth0.allowedTCPPorts = [`
			`9091`
			`];`
aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`};`

			`networking.nameservers = [ "193.138.218.74" ];`

			`networking.interfaces.${trnsmssnIface} = {`
			`ipv4.addresses = [ { address = "10.64.157.93"; prefixLength = 32; } ];`
			`ipv6.addresses = [ { address = "fc00:bbbb:bbbb:bb01::1:9d5c"; prefixLength = 128; } ];`
aplysia: proxy transmission rpc 2019-10-16 00:20:57 +02:00			`ipv4.routes = [`
			`{ address = "0.0.0.0"; prefixLength = 1; }`
			`{ address = "128.0.0.0"; prefixLength = 1; }`
			`];`
aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`ipv6.routes = [ { address = "::"; prefixLength = 0; } ];`
			`};`

			`environment.systemPackages = with pkgs; [ wireguard ];`
			`};`

			`privateNetwork = true;`
			`interfaces = [ trnsmssnIface ];`
aplysia: fix transmission and samba services 2017-08-05 17:48:15 +02:00
aplysia: proxy transmission rpc 2019-10-16 00:20:57 +02:00			`hostAddress = "192.168.100.10";`
			`localAddress = "192.168.100.11";`

aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`autoStart = true;`
aplysia: nofail boot & transmission config 2018-11-12 19:04:38 +01:00
aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`bindMounts.${homeDir} = {`
			`hostPath = homeDir;`
			`isReadOnly = false;`
aplysia: transmission 2017-08-05 10:43:25 +02:00			`};`
			`};`

aplysia: first version of transmission container 2019-10-15 21:45:01 +02:00			`networking.wireguard = {`
			`enable = true;`
			`interfaces.${trnsmssnIface} = {`
			`privateKeyFile = "/etc/wgkeys/mullvad";`
			`peers = [`
			`{`
			`allowedIPs = ["0.0.0.0/0" "::/0"];`
			`publicKey = "pKcMMeC4jMUxSU5pH1orvp4//GrY8is+y9JRfVP3+BY=";`
			`endpoint = "se6-wireguard.mullvad.net:51820";`
			`}`
			`];`
			`allowedIPsAsRoutes = false;`
			`};`
			`};`
			`systemd.services."container@trnsmssn" = {`
			`requires = [ "wireguard-${trnsmssnIface}.service" ];`
			`after = [ "wireguard-${trnsmssnIface}.service" ];`
			`};`

			`users.users = [`
			`{ name = "transmission";`
			`group = "transmission";`
			`uid = config.ids.uids.transmission;`
			`}`
			`];`

			`users.groups = [`
			`{ name = "transmission";`
			`gid = config.ids.gids.transmission;`
			`}`
			`];`

aplysia: enable samba 2017-08-05 10:27:17 +02:00			`networking.firewall = {`
aplysia: transmission 2017-08-05 10:43:25 +02:00			`allowedTCPPorts = [`
			`445 139 # samba`
			`];`
			`allowedUDPPorts = [`
			`137 138 # samba`
			`];`
aplysia: enable samba 2017-08-05 10:27:17 +02:00			`};`

aplysia: proxy transmission rpc 2019-10-16 00:20:57 +02:00			`services.nginx = {`
			`enable = true;`
			`recommendedTlsSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedGzipSettings = true;`
			`recommendedProxySettings = true;`

			`virtualHosts."transmission-proxy" = {`
			`serverName = "localhost";`
			`listen = [`
			`{ addr = "localhost"; port = 9091; }`
			`];`
			`locations."/transmission/" = {`
			`proxyPass = "http://192.168.100.11:9091";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`};`

aplysia: transmission 2017-08-05 10:43:25 +02:00			`environment.systemPackages = with pkgs; [`
			`transmission`
			`samba`
			`];`

aplysia, vaccaria: hdd spindown 2017-08-05 17:46:35 +02:00			`# hdd spindown`
			`powerManagement.powerUpCommands = ''`
			`${pkgs.hdparm}/bin/hdparm -B127 -S100 /dev/sd{a,b,c,d,e,f}`
			`'';`

aplysia 2017-08-05 09:17:30 +02:00			`}`