ryan.freumh.org / nixos
btw i use nix
fork atom

elephant immich

Ryan Gibb 6e3a4dbc 3144f0b8

options
unified split
Changed files
+105 -36
flake.lock
flake.nix
home
mail.nix
hosts
elephant
services.nix
owl
default.nix
+47 -11
flake.lock 
···

       
386

       
 

       
    },


     

       
387

       
 

       
    "gomod2nix": {


     

       
388

       
 

       
      "inputs": {


     

       
389

       
-

       
        "nixpkgs": "nixpkgs_4",


     

       
390

       
 

       
        "utils": "utils_3"


     

       
391

       
 

       
      },


     

       
392

       
 

       
      "locked": {


     
···

       
424

       
 

       
        "type": "github"


     

       
425

       
 

       
      }


     

       
426

       
 

       
    },


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
427

       
 

       
    "home-manager_2": {


     

       
428

       
 

       
      "inputs": {


     

       
429

       
 

       
        "nixpkgs": [


     
···

       
431

       
 

       
        ]


     

       
432

       
 

       
      },


     

       
433

       
 

       
      "locked": {


     

       
434

       
-

       
        "lastModified": 1717244110,


     

       
435

       
-

       
        "narHash": "sha256-UWzZcIdJAkrtSbXYKA67KD+NR9NNs3k2BgqltEQq59c=",


     

       
436

       
-

       
        "owner": "RyanGibb",


     

       
437

       
 

       
        "repo": "home-manager",


     

       
438

       
-

       
        "rev": "77d4ab660ff242bc7f0b187a5023bc7e13183b85",


     

       
439

       
 

       
        "type": "github"


     

       
440

       
 

       
      },


     

       
441

       
 

       
      "original": {


     

       
442

       
-

       
        "owner": "RyanGibb",


     

       
443

       
-

       
        "ref": "fork-24.05",


     

       
444

       
 

       
        "repo": "home-manager",


     

       
445

       
 

       
        "type": "github"


     

       
446

       
 

       
      }


     
···

       
592

       
 

       
    "nix-rpi5": {


     

       
593

       
 

       
      "inputs": {


     

       
594

       
 

       
        "flake-compat": "flake-compat_5",


     

       
595

       
-

       
        "nixpkgs": "nixpkgs_5"


     

       
596

       
 

       
      },


     

       
597

       
 

       
      "locked": {


     

       
598

       
 

       
        "lastModified": 1704485878,


     
···

       
775

       
 

       
    },


     

       
776

       
 

       
    "nixpkgs_4": {


     

       
777

       
 

       
      "locked": {


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
778

       
 

       
        "lastModified": 1658285632,


     

       
779

       
 

       
        "narHash": "sha256-zRS5S/hoeDGUbO+L95wXG9vJNwsSYcl93XiD0HQBXLk=",


     

       
780

       
 

       
        "owner": "NixOS",


     
···

       
789

       
 

       
        "type": "github"


     

       
790

       
 

       
      }


     

       
791

       
 

       
    },


     

       
792

       
-

       
    "nixpkgs_5": {


     

       
793

       
 

       
      "locked": {


     

       
794

       
 

       
        "lastModified": 1704322682,


     

       
795

       
 

       
        "narHash": "sha256-0FK10TWEYkEP5sloguzmDfM+hXIyPzlmZCFx/5c+ilQ=",


     
···

       
804

       
 

       
        "type": "github"


     

       
805

       
 

       
      }


     

       
806

       
 

       
    },


     

       
807

       
-

       
    "nixpkgs_6": {


     

       
808

       
 

       
      "locked": {


     

       
809

       
 

       
        "lastModified": 1731797254,


     

       
810

       
 

       
        "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",


     
···

       
1055

       
 

       
        "eon": "eon",


     

       
1056

       
 

       
        "fn06-website": "fn06-website",


     

       
1057

       
 

       
        "home-manager": "home-manager_2",


     

       

       

       
     

       
1058

       
 

       
        "hyperbib-eeg": "hyperbib-eeg",


     

       
1059

       
 

       
        "i3-workspace-history": "i3-workspace-history",


     

       
1060

       
 

       
        "nix-on-droid": "nix-on-droid",


     

       
1061

       
 

       
        "nix-rpi5": "nix-rpi5",


     

       
1062

       
 

       
        "nixos-hardware": "nixos-hardware",


     

       
1063

       
-

       
        "nixpkgs": "nixpkgs_6",


     

       
1064

       
 

       
        "nixpkgs-neovim": "nixpkgs-neovim",


     

       
1065

       
 

       
        "nixpkgs-unstable": "nixpkgs-unstable"


     

       
1066

       
 

       
      }


     
···

       
386

       
 

       
    },


     

       
387

       
 

       
    "gomod2nix": {


     

       
388

       
 

       
      "inputs": {


     

       
389

       
+

       
        "nixpkgs": "nixpkgs_5",


     

       
390

       
 

       
        "utils": "utils_3"


     

       
391

       
 

       
      },


     

       
392

       
 

       
      "locked": {


     
···

       
424

       
 

       
        "type": "github"


     

       
425

       
 

       
      }


     

       
426

       
 

       
    },


     

       
427

       
+

       
    "home-manager-unstable": {


     

       
428

       
+

       
      "inputs": {


     

       
429

       
+

       
        "nixpkgs": "nixpkgs_4"


     

       
430

       
+

       
      },


     

       
431

       
+

       
      "locked": {


     

       
432

       
+

       
        "lastModified": 1732884235,


     

       
433

       
+

       
        "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=",


     

       
434

       
+

       
        "owner": "nix-community",


     

       
435

       
+

       
        "repo": "home-manager",


     

       
436

       
+

       
        "rev": "819f682269f4e002884702b87e445c82840c68f2",


     

       
437

       
+

       
        "type": "github"


     

       
438

       
+

       
      },


     

       
439

       
+

       
      "original": {


     

       
440

       
+

       
        "owner": "nix-community",


     

       
441

       
+

       
        "ref": "master",


     

       
442

       
+

       
        "repo": "home-manager",


     

       
443

       
+

       
        "type": "github"


     

       
444

       
+

       
      }


     

       
445

       
+

       
    },


     

       
446

       
 

       
    "home-manager_2": {


     

       
447

       
 

       
      "inputs": {


     

       
448

       
 

       
        "nixpkgs": [


     
···

       
450

       
 

       
        ]


     

       
451

       
 

       
      },


     

       
452

       
 

       
      "locked": {


     

       
453

       
+

       
        "lastModified": 1726989464,


     

       
454

       
+

       
        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",


     

       
455

       
+

       
        "owner": "nix-community",


     

       
456

       
 

       
        "repo": "home-manager",


     

       
457

       
+

       
        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",


     

       
458

       
 

       
        "type": "github"


     

       
459

       
 

       
      },


     

       
460

       
 

       
      "original": {


     

       
461

       
+

       
        "owner": "nix-community",


     

       
462

       
+

       
        "ref": "release-24.05",


     

       
463

       
 

       
        "repo": "home-manager",


     

       
464

       
 

       
        "type": "github"


     

       
465

       
 

       
      }


     
···

       
611

       
 

       
    "nix-rpi5": {


     

       
612

       
 

       
      "inputs": {


     

       
613

       
 

       
        "flake-compat": "flake-compat_5",


     

       
614

       
+

       
        "nixpkgs": "nixpkgs_6"


     

       
615

       
 

       
      },


     

       
616

       
 

       
      "locked": {


     

       
617

       
 

       
        "lastModified": 1704485878,


     
···

       
794

       
 

       
    },


     

       
795

       
 

       
    "nixpkgs_4": {


     

       
796

       
 

       
      "locked": {


     

       
797

       
+

       
        "lastModified": 1732521221,


     

       
798

       
+

       
        "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=",


     

       
799

       
+

       
        "owner": "NixOS",


     

       
800

       
+

       
        "repo": "nixpkgs",


     

       
801

       
+

       
        "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d",


     

       
802

       
+

       
        "type": "github"


     

       
803

       
+

       
      },


     

       
804

       
+

       
      "original": {


     

       
805

       
+

       
        "owner": "NixOS",


     

       
806

       
+

       
        "ref": "nixos-unstable",


     

       
807

       
+

       
        "repo": "nixpkgs",


     

       
808

       
+

       
        "type": "github"


     

       
809

       
+

       
      }


     

       
810

       
+

       
    },


     

       
811

       
+

       
    "nixpkgs_5": {


     

       
812

       
+

       
      "locked": {


     

       
813

       
 

       
        "lastModified": 1658285632,


     

       
814

       
 

       
        "narHash": "sha256-zRS5S/hoeDGUbO+L95wXG9vJNwsSYcl93XiD0HQBXLk=",


     

       
815

       
 

       
        "owner": "NixOS",


     
···

       
824

       
 

       
        "type": "github"


     

       
825

       
 

       
      }


     

       
826

       
 

       
    },


     

       
827

       
+

       
    "nixpkgs_6": {


     

       
828

       
 

       
      "locked": {


     

       
829

       
 

       
        "lastModified": 1704322682,


     

       
830

       
 

       
        "narHash": "sha256-0FK10TWEYkEP5sloguzmDfM+hXIyPzlmZCFx/5c+ilQ=",


     
···

       
839

       
 

       
        "type": "github"


     

       
840

       
 

       
      }


     

       
841

       
 

       
    },


     

       
842

       
+

       
    "nixpkgs_7": {


     

       
843

       
 

       
      "locked": {


     

       
844

       
 

       
        "lastModified": 1731797254,


     

       
845

       
 

       
        "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",


     
···

       
1090

       
 

       
        "eon": "eon",


     

       
1091

       
 

       
        "fn06-website": "fn06-website",


     

       
1092

       
 

       
        "home-manager": "home-manager_2",


     

       
1093

       
+

       
        "home-manager-unstable": "home-manager-unstable",


     

       
1094

       
 

       
        "hyperbib-eeg": "hyperbib-eeg",


     

       
1095

       
 

       
        "i3-workspace-history": "i3-workspace-history",


     

       
1096

       
 

       
        "nix-on-droid": "nix-on-droid",


     

       
1097

       
 

       
        "nix-rpi5": "nix-rpi5",


     

       
1098

       
 

       
        "nixos-hardware": "nixos-hardware",


     

       
1099

       
+

       
        "nixpkgs": "nixpkgs_7",


     

       
1100

       
 

       
        "nixpkgs-neovim": "nixpkgs-neovim",


     

       
1101

       
 

       
        "nixpkgs-unstable": "nixpkgs-unstable"


     

       
1102

       
 

       
      }
+16 -7
flake.nix 
···

       
5

       
 

       
    nixpkgs-neovim.url =


     

       
6

       
 

       
      "github:nixos/nixpkgs/a76212122970925d09aa2021a93e00d359e631dd";


     

       
7

       
 

       
    nixos-hardware.url = "github:nixos/nixos-hardware";


     

       
8

       
-

       
    #home-manager.url = "github:nix-community/home-manager/release-24.05";


     

       
9

       
-

       
    home-manager.url = "github:RyanGibb/home-manager/fork-24.05";


     

       
10

       
 

       
    agenix.url = "github:ryantm/agenix";


     

       
11

       
 

       
    deploy-rs.url = "github:serokell/deploy-rs";


     

       
12

       
 

       
    nix-on-droid.url = "github:nix-community/nix-on-droid/release-23.11";


     
···

       
35

       
 

       
  };


     

       
36

       
 

       



     

       
37

       
 

       
  outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-neovim, home-manager


     

       
38

       
-

       
    , agenix, deploy-rs, nix-on-droid, eilean, ... }@inputs:


     

       

       

       
     

       
39

       
 

       
    let


     

       
40

       
 

       
      getSystemOverlays = system: nixpkgsConfig:


     

       
41

       
 

       
        [


     
···

       
83

       
 

       
              };


     

       
84

       
 

       
              version = "2.3.0";


     

       
85

       
 

       
            });


     

       

       

       
     

       
86

       
 

       
          })


     

       
87

       
 

       
        ];


     

       
88

       
 

       
    in {


     

       
89

       
 

       
      nixosConfigurations = let


     

       
90

       
 

       
        mkMode = mode: host:


     

       
91

       
-

       
          nixpkgs.lib.nixosSystem {


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
92

       
 

       
            # use system from config.localSystem


     

       
93

       
 

       
            # see https://github.com/NixOS/nixpkgs/blob/5297d584bcc5f95c8e87c631813b4e2ab7f19ecc/nixos/lib/eval-config.nix#L55


     

       
94

       
 

       
            system = null;


     
···

       
100

       
 

       
              ({ config, ... }: {


     

       
101

       
 

       
                networking.hostName = "${host}";


     

       
102

       
 

       
                # pin nix command's nixpkgs flake to the system flake to avoid unnecessary downloads


     

       
103

       
-

       
                nix.registry.nixpkgs.flake = nixpkgs;


     

       
104

       
 

       
                system.stateVersion = "24.05";


     

       
105

       
 

       
                # record git revision (can be queried with `nixos-version --json)


     

       
106

       
 

       
                system.configurationRevision =


     

       
107

       
-

       
                  nixpkgs.lib.mkIf (self ? rev) self.rev;


     

       
108

       
 

       
                nixpkgs = {


     

       
109

       
 

       
                  config.allowUnfree = true;


     

       
110

       
 

       
                  config.permittedInsecurePackages = [


     
···

       
121

       
 

       
                };


     

       
122

       
 

       
                security.acme-eon.acceptTerms = true;


     

       
123

       
 

       
              })


     

       
124

       
-

       
              home-manager.nixosModule


     

       
125

       
 

       
              eilean.nixosModules.default


     

       
126

       
 

       
              agenix.nixosModules.default


     

       
127

       
 

       
            ];


     
···

       
5

       
 

       
    nixpkgs-neovim.url =


     

       
6

       
 

       
      "github:nixos/nixpkgs/a76212122970925d09aa2021a93e00d359e631dd";


     

       
7

       
 

       
    nixos-hardware.url = "github:nixos/nixos-hardware";


     

       
8

       
+

       
    home-manager.url = "github:nix-community/home-manager/release-24.05";


     

       
9

       
+

       
    home-manager-unstable.url = "github:nix-community/home-manager/master";


     

       
10

       
 

       
    agenix.url = "github:ryantm/agenix";


     

       
11

       
 

       
    deploy-rs.url = "github:serokell/deploy-rs";


     

       
12

       
 

       
    nix-on-droid.url = "github:nix-community/nix-on-droid/release-23.11";


     
···

       
35

       
 

       
  };


     

       
36

       
 

       



     

       
37

       
 

       
  outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-neovim, home-manager


     

       
38

       
+

       
    , home-manager-unstable, agenix, deploy-rs, nix-on-droid, eilean, ...


     

       
39

       
+

       
    }@inputs:


     

       
40

       
 

       
    let


     

       
41

       
 

       
      getSystemOverlays = system: nixpkgsConfig:


     

       
42

       
 

       
        [


     
···

       
84

       
 

       
              };


     

       
85

       
 

       
              version = "2.3.0";


     

       
86

       
 

       
            });


     

       
87

       
+

       
            immich = final.overlay-unstable.immich;


     

       
88

       
 

       
          })


     

       
89

       
 

       
        ];


     

       
90

       
 

       
    in {


     

       
91

       
 

       
      nixosConfigurations = let


     

       
92

       
 

       
        mkMode = mode: host:


     

       
93

       
+

       
          let


     

       
94

       
+

       
            host-nixpkgs =


     

       
95

       
+

       
              if host == "elephant" then nixpkgs-unstable else nixpkgs;


     

       
96

       
+

       
            host-home-manager = if host == "elephant" then


     

       
97

       
+

       
              home-manager-unstable


     

       
98

       
+

       
            else


     

       
99

       
+

       
              home-manager;


     

       
100

       
+

       
          in host-nixpkgs.lib.nixosSystem {


     

       
101

       
 

       
            # use system from config.localSystem


     

       
102

       
 

       
            # see https://github.com/NixOS/nixpkgs/blob/5297d584bcc5f95c8e87c631813b4e2ab7f19ecc/nixos/lib/eval-config.nix#L55


     

       
103

       
 

       
            system = null;


     
···

       
109

       
 

       
              ({ config, ... }: {


     

       
110

       
 

       
                networking.hostName = "${host}";


     

       
111

       
 

       
                # pin nix command's nixpkgs flake to the system flake to avoid unnecessary downloads


     

       
112

       
+

       
                nix.registry.nixpkgs.flake = host-nixpkgs;


     

       
113

       
 

       
                system.stateVersion = "24.05";


     

       
114

       
 

       
                # record git revision (can be queried with `nixos-version --json)


     

       
115

       
 

       
                system.configurationRevision =


     

       
116

       
+

       
                  host-nixpkgs.lib.mkIf (self ? rev) self.rev;


     

       
117

       
 

       
                nixpkgs = {


     

       
118

       
 

       
                  config.allowUnfree = true;


     

       
119

       
 

       
                  config.permittedInsecurePackages = [


     
···

       
130

       
 

       
                };


     

       
131

       
 

       
                security.acme-eon.acceptTerms = true;


     

       
132

       
 

       
              })


     

       
133

       
+

       
              host-home-manager.nixosModule


     

       
134

       
 

       
              eilean.nixosModules.default


     

       
135

       
 

       
              agenix.nixosModules.default


     

       
136

       
 

       
            ];
-1
home/mail.nix 
···

       
87

       
 

       



     

       
88

       
 

       
    accounts.email = {


     

       
89

       
 

       
      maildirBasePath = "mail";


     

       
90

       
-

       
      order = [ "ryangibb321@gmail.com" "ryan.gibb@cl.cam.ac.uk" ];


     

       
91

       
 

       
      accounts = {


     

       
92

       
 

       
        "ryan@freumh.org" = rec {


     

       
93

       
 

       
          primary = true;


     
···

       
87

       
 

       



     

       
88

       
 

       
    accounts.email = {


     

       
89

       
 

       
      maildirBasePath = "mail";


     

       

       

       
     

       
90

       
 

       
      accounts = {


     

       
91

       
 

       
        "ryan@freumh.org" = rec {


     

       
92

       
 

       
          primary = true;
+37 -17
hosts/elephant/services.nix 
···

       
1

       
-

       
{ config, pkgs, lib, ... }:


     

       
2

       
 

       



     

       
3

       
 

       
{


     

       
4

       
 

       
  custom.nix-cache.enable = true;


     
···

       
19

       
 

       
      "transmission.vpn.freumh.org"


     

       
20

       
 

       
      "nextcloud.vpn.freumh.org"


     

       
21

       
 

       
      "owntracks.vpn.freumh.org"


     

       

       

       
     

       
22

       
 

       
    ];


     

       
23

       
 

       
  };


     

       
24

       
 

       



     
···

       
40

       
 

       
        enableSSL = true;


     

       
41

       
 

       
        listenAddresses = [ "100.64.0.9" ];


     

       
42

       
 

       
        locations."/" = {


     

       
43

       
-

       
          proxyPass = ''


     

       
44

       
-

       
            http://localhost:9091


     

       
45

       
 

       
          '';


     

       
46

       
 

       
        };


     

       
47

       
 

       
      };


     
···

       
53

       
 

       
        enableSSL = true;


     

       
54

       
 

       
        listenAddresses = [ "100.64.0.9" ];


     

       
55

       
 

       
      };


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
56

       
 

       
    };


     

       
57

       
 

       
  };


     

       
58

       
 

       



     
···

       
78

       
 

       



     

       
79

       
 

       
  services.jellyfin = {


     

       
80

       
 

       
    enable = true;


     

       
81

       
-

       
    openFirewall = true;


     

       
82

       
 

       
  };


     

       
83

       
 

       



     

       
84

       
 

       
  services.samba = {


     

       
85

       
 

       
    enable = true;


     

       
86

       
 

       
    openFirewall = true;


     

       
87

       
 

       
    securityType = "user";


     

       
88

       
-

       
    extraConfig = ''


     

       
89

       
-

       
      workgroup = WORKGROUP


     

       
90

       
-

       
      server string = ${config.networking.hostName}


     

       
91

       
-

       
      netbios name = ${config.networking.hostName}


     

       
92

       
-

       
      security = user


     

       
93

       
-

       
      #use sendfile = yes


     

       
94

       
-

       
      #max protocol = smb2


     

       
95

       
-

       
      # note: localhost is the ipv6 localhost ::1


     

       
96

       
-

       
      hosts allow = 192.168.1. 192.168.0. 127.0.0.1 localhost 100.64.0.0/10


     

       
97

       
-

       
      hosts deny = 0.0.0.0/0


     

       
98

       
-

       
      guest account = nobody


     

       
99

       
-

       
      map to guest = bad user


     

       
100

       
-

       
    '';


     

       

       

       
     

       

       

       
     

       

       

       
     

       
101

       
 

       
    shares = {


     

       
102

       
 

       
      tank = {


     

       
103

       
 

       
        path = "/tank/";


     
···

       
184

       
 

       
    enable = true;


     

       
185

       
 

       
    host = "100.64.0.9";


     

       
186

       
 

       
    domain = "owntracks.vpn.freumh.org";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
187

       
 

       
  };


     

       
188

       
 

       
}


     
···

       
1

       
+

       
{ nixpkgs-unstable, config, pkgs, lib, ... }:


     

       
2

       
 

       



     

       
3

       
 

       
{


     

       
4

       
 

       
  custom.nix-cache.enable = true;


     
···

       
19

       
 

       
      "transmission.vpn.freumh.org"


     

       
20

       
 

       
      "nextcloud.vpn.freumh.org"


     

       
21

       
 

       
      "owntracks.vpn.freumh.org"


     

       
22

       
+

       
      "immich.vpn.freumh.org"


     

       
23

       
 

       
    ];


     

       
24

       
 

       
  };


     

       
25

       
 

       



     
···

       
41

       
 

       
        enableSSL = true;


     

       
42

       
 

       
        listenAddresses = [ "100.64.0.9" ];


     

       
43

       
 

       
        locations."/" = {


     

       
44

       
+

       
          proxyPass = with config.services.transmission.settings; ''


     

       
45

       
+

       
            http://localhost:${builtins.toString rpc-port}


     

       
46

       
 

       
          '';


     

       
47

       
 

       
        };


     

       
48

       
 

       
      };


     
···

       
54

       
 

       
        enableSSL = true;


     

       
55

       
 

       
        listenAddresses = [ "100.64.0.9" ];


     

       
56

       
 

       
      };


     

       
57

       
+

       
      "immich.vpn.freumh.org" = {


     

       
58

       
+

       
        enableSSL = true;


     

       
59

       
+

       
        listenAddresses = [ "100.64.0.9" ];


     

       
60

       
+

       
        locations."/" = {


     

       
61

       
+

       
          proxyPass = with config.services.immich; ''


     

       
62

       
+

       
            http://${host}:${builtins.toString port}


     

       
63

       
+

       
          '';


     

       
64

       
+

       
        };


     

       
65

       
+

       
      };


     

       
66

       
 

       
    };


     

       
67

       
 

       
  };


     

       
68

       
 

       



     
···

       
88

       
 

       



     

       
89

       
 

       
  services.jellyfin = {


     

       
90

       
 

       
    enable = true;


     

       
91

       
+

       
    #openFirewall = true;


     

       
92

       
 

       
  };


     

       
93

       
 

       



     

       
94

       
 

       
  services.samba = {


     

       
95

       
 

       
    enable = true;


     

       
96

       
 

       
    openFirewall = true;


     

       
97

       
 

       
    securityType = "user";


     

       
98

       
+

       
    settings = {


     

       
99

       
+

       
      global = {


     

       
100

       
+

       
        workgroup = "WORKGROUP";


     

       
101

       
+

       
        "server string" = "${config.networking.hostName}";


     

       
102

       
+

       
        "netbios name" = "${config.networking.hostName}";


     

       
103

       
+

       
        "security" = "user";


     

       
104

       
+

       
        #"use sendfile" = "yes";


     

       
105

       
+

       
        #"max protocol" = "smb2";


     

       
106

       
+

       
        # note: localhost is the ipv6 localhost ::1


     

       
107

       
+

       
        "hosts allow" =


     

       
108

       
+

       
          "192.168.1. 192.168.0. 127.0.0.1 localhost 100.64.0.0/10";


     

       
109

       
+

       
        "hosts deny" = "0.0.0.0/0";


     

       
110

       
+

       
        "guest account" = "nobody";


     

       
111

       
+

       
        "map to guest" = "bad user";


     

       
112

       
+

       
      };


     

       
113

       
+

       
    };


     

       
114

       
 

       
    shares = {


     

       
115

       
 

       
      tank = {


     

       
116

       
 

       
        path = "/tank/";


     
···

       
197

       
 

       
    enable = true;


     

       
198

       
 

       
    host = "100.64.0.9";


     

       
199

       
 

       
    domain = "owntracks.vpn.freumh.org";


     

       
200

       
+

       
  };


     

       
201

       
+

       



     

       
202

       
+

       
  services.immich = {


     

       
203

       
+

       
    enable = true;


     

       
204

       
+

       
    openFirewall = true;


     

       
205

       
+

       
    host = "100.64.0.9";


     

       
206

       
+

       
    mediaLocation = "/tank/immich";


     

       
207

       
 

       
  };


     

       
208

       
 

       
}
+5
hosts/owl/default.nix 
···

       
27

       
 

       
      type = "A";


     

       
28

       
 

       
      value = "100.64.0.9";


     

       
29

       
 

       
    }


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
30

       
 

       
  ];


     

       
31

       
 

       
in {


     

       
32

       
 

       
  imports = [


     
···

       
27

       
 

       
      type = "A";


     

       
28

       
 

       
      value = "100.64.0.9";


     

       
29

       
 

       
    }


     

       
30

       
+

       
    {


     

       
31

       
+

       
      name = "immich.vpn.${config.networking.domain}.";


     

       
32

       
+

       
      type = "A";


     

       
33

       
+

       
      value = "100.64.0.9";


     

       
34

       
+

       
    }


     

       
35

       
 

       
  ];


     

       
36

       
 

       
in {


     

       
37

       
 

       
  imports = [