Merge pull request #4 from aymanbagabas/media-nixos-lxc

Add media host
aymanbagabas · Aug 11, 2024 · d9ee7d1 · d9ee7d1
2 parents e085a2a + a595b7a
commit d9ee7d1
Show file tree

Hide file tree

Showing 10 changed files with 229 additions and 7 deletions.
diff --git a/.github/workflows/media-lxc.yml b/.github/workflows/media-lxc.yml
@@ -0,0 +1,60 @@
+name: Generate Media LXC Container
+# Based on https://freddydumont.com/blog/nixos-github-actions
+
+on:
+  workflow_call:
+  pull_request:
+  push:
+    branches:
+      - master
+    tags:
+      - "v*.*.*"
+
+# The following permissions are required for softprops/action-gh-release@v1.
+permissions:
+  contents: write
+
+jobs:
+  generate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Extract tag name
+        run: |
+          tag_name="nightly"
+          case "$GITHUB_REF_NAME" in
+            v*.*.*)
+              tag_name="$GITHUB_REF_NAME"
+              ;;
+          esac
+          echo "TAG_NAME=$tag_name" >> $GITHUB_ENV
+
+      - name: Install nix
+        uses: cachix/install-nix-action@v24
+        with:
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Generate NixOS LXC configuration
+        run: |
+          nix run github:nix-community/nixos-generators -- -f proxmox-lxc --flake .#media | {
+            read path
+            echo "BUILD_PATH=$path" >> $GITHUB_ENV
+          }
+
+      - name: Modify file name
+        run: |
+          NEW_FILENAME="media-${{ env.TAG_NAME }}-$(basename ${{ env.BUILD_PATH }})"
+          RELEASE_PATH="${{ github.workspace }}/$NEW_FILENAME"
+          cp "${{ env.BUILD_PATH }}" "$RELEASE_PATH"
+          echo "RELEASE_PATH=$RELEASE_PATH" >> $GITHUB_ENV
+
+      # Create a GitHub release and attach the generated container template.
+      - name: Release
+        uses: softprops/action-gh-release@v1
+        if: ${{ github.event_name == 'push' }}
+        with:
+          name: ${{ env.TAG_NAME }}-media
+          files: ${{ env.RELEASE_PATH }}
+          prerelease: ${{ env.TAG_NAME == 'nightly' }}
+          tag_name: ${{ env.TAG_NAME }}
diff --git a/flake.nix b/flake.nix
@@ -56,6 +56,14 @@
       });
 
     in {
+      nixosConfigurations = {
+        media = mkSystem {
+          system = "x86_64-linux";
+          hostname = "media";
+          user = "ayman";
+        };
+      };
+
       darwinConfigurations = {
         spaceship = mkSystem {
           system = "x86_64-darwin";

diff --git a/hosts/media/configuration.nix b/hosts/media/configuration.nix
@@ -0,0 +1,84 @@
+# Media runs on a Proxmox LXC container, so we need to add the Proxmox LXC
+# module to the imports list.
+{ modulesPath, user, ... }:
+
+{
+  imports = [
+    ../nixos.nix
+    (modulesPath + "/virtualisation/proxmox-lxc.nix")
+  ];
+
+  proxmoxLXC = {
+    privileged = false;
+    manageHostName = false;
+  };
+
+  services.nginx = {
+    enable = true;
+    upstreams = {
+      tautulli.servers."media.local:8181" = { };
+    };
+    virtualHosts."media.local" = {
+      locations."~ /tautulli/(.*)" = {
+        proxyPass = "http://tautulli/$1$is_args$args";
+        priority = 1;
+        extraConfig = ''
+          proxy_redirect off;
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Host $server_name;
+        '';
+      };
+    };
+  };
+
+  services.plex = {
+    enable = true;
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
+  };
+  services.tautulli = {
+    enable = true;
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
+  };
+  services.sonarr = {
+    enable = true;
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
+  };
+  services.readarr = {
+    enable = true;
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
+  };
+  services.radarr = {
+    enable = true;
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
+  };
+  services.bazarr = {
+    enable = true;
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
+  };
+  services.prowlarr = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.05"; # Did you read the comment?
+}
diff --git a/hosts/media/home.nix b/hosts/media/home.nix
@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  imports = [
+    ../../modules/home.nix
+    ../../modules/shell.nix
+  ];
+}
diff --git a/hosts/nixos.nix b/hosts/nixos.nix
@@ -0,0 +1,55 @@
+{ user, hostname, ... }:
+
+{
+  imports = [
+    ./shared.nix
+  ];
+
+  users.users.${user} = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+  };
+
+  # Add "@wheel" group to trusted-users.
+  nix.settings.trusted-users = [ "@wheel" ];
+
+  # Run garbage collection weekly.
+  nix.gc.dates = "weekly";
+
+  networking.hostName = hostname;
+
+  # Enable passwordless sudo
+  security.sudo.extraRules = [
+    {
+      users = [ "${user}" ];
+      commands = [
+      {
+        command = "ALL";
+        options = [ "NOPASSWD" ];
+      }
+      ];
+    }
+  ];
+
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+  };
+
+  programs.zsh = {
+    enable = true;
+  };
+
+  # Common services.
+  services.openssh.enable = true;
+  services.cron.enable = true;
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    publish = {
+      enable = true;
+      domain = true;
+      addresses = true;
+    };
+  };
+}
diff --git a/hosts/shared.nix b/hosts/shared.nix
@@ -7,6 +7,10 @@
     name = "${user}";
     home = (if isDarwin then "/Users" else "/home") + "/${user}";
     shell = pkgs.zsh;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoKgI3rm5LJSKyaKg8ke4prIwRao0rMdrennfVwfLQx"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtyoux0Kzj64dAbq/WWbPKmxWBLb1Wug3hBMyH/71z3"
+    ];
   };
 
   nix = {

diff --git a/modules/neovim/config/init.lua b/modules/neovim/config/init.lua
@@ -1,5 +1,4 @@
 require("config.options")
-require("config.colorscheme")
 require("config.keymaps")
 
 require("user.autocommands")

diff --git a/modules/neovim/config/lua/config/colorscheme.lua b/modules/neovim/config/lua/config/colorscheme.lua
diff --git a/modules/neovim/config/plugin/onedark.lua b/modules/neovim/config/plugin/onedark.lua
@@ -9,3 +9,6 @@ onedark.setup({
 })
 
 onedark.load()
+
+-- Load the colorscheme
+vim.cmd.colorscheme("onedark")
diff --git a/modules/zsh.nix b/modules/zsh.nix
@@ -60,11 +60,13 @@ in {
         file = "base16-shell.plugin.zsh";
         src = inputs.tinted-shell;
       }
-    ] ++ (pkgs.lib.optionals pkgs.stdenv.isLinux {
-       name = "omzp-systemd";
-       file = "share/oh-my-zsh/plugins/systemd/systemd.plugin.zsh";
-       src = pkgs.oh-my-zsh;
-    });
+    ] ++ (pkgs.lib.optionals pkgs.stdenv.isLinux [
+      {
+        name = "omzp-systemd";
+        file = "share/oh-my-zsh/plugins/systemd/systemd.plugin.zsh";
+        src = pkgs.oh-my-zsh;
+      }
+    ]);
 
     sessionVariables = {
       PATH = pathJoin (