diff options
Diffstat (limited to 'system/nanopi.nix')
| -rwxr-xr-x | system/nanopi.nix | 49 |
1 files changed, 18 insertions, 31 deletions
diff --git a/system/nanopi.nix b/system/nanopi.nix index 2d3551a4..f4ca6e44 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -10,7 +10,8 @@ in { imports = [ ./nanopi-hardware.nix - (inputs.nixos-hardware + "/friendlyarm/nanopi-r5s") + <nixos-hardware/friendlyarm/nanopi-r5s> + <agenix/modules/age.nix> ]; age.secrets = { @@ -72,8 +73,8 @@ in MaxRetentionSec=1 month ''; + environment.enableAllTerminfo = true; environment.systemPackages = with pkgs; [ - kitty.terminfo htop lsof usbutils @@ -125,7 +126,6 @@ in 5533 # SmartDNS 8096 9091 # Transmission - 8096 # Jellyfin ]; allowedUDPPorts = [ 53 @@ -136,9 +136,7 @@ in 5533 # SmartDNS 5353 5355 # LLMNR - 1900 # DLNA Jellyfin 3702 # Samba WSDD - 21027 # Syncthing LNDP 41641 51827 ]; @@ -514,7 +512,8 @@ in systemd.services.dnsmasq.wants = [ "network-online.target" ]; services.networkd-dispatcher = { - enable = true; + # broken? + enable = false; rules = { update-home-address = { onState = [ "configured" "configuring" ]; @@ -615,17 +614,21 @@ in }; }; nixpkgs.config.allowUnfree = true; - nixpkgs.overlays = [ ]; system.autoUpgrade = { enable = false; - dates = "01:00"; + dates = "04:15"; randomizedDelaySec = "59 min"; - channel = "https://nixos.org/channels/nixos-unstable-small"; + flake = "git+https://git.alanpearce.eu/nixfiles"; allowReboot = true; rebootWindow = { lower = "01:00"; - upper = "05:00"; + upper = "06:00"; }; + flags = [ + "--no-write-lock-file" + "--update-input" + "nixpkgs-small" + ]; }; services.miniupnpd = { @@ -639,7 +642,8 @@ in members = [ "alan" "jellyfin" ]; }; services.jellyfin = { - enable = true; + enable = false; + openFirewall = true; }; users.users.syncthing = { @@ -668,6 +672,8 @@ in hKTYCb7VA/P1dU3tTR1vSQxnu1DsiliD/XcKe2IK -----END CERTIFICATE----- ''); + overrideFolders = false; + overrideDevices = false; settings = { options = { maxRecvKbps = 10240; @@ -678,8 +684,6 @@ in urAccepted = 4; trafficClass = 1; }; - overrideFolders = false; - overrideDevices = false; }; }; @@ -770,18 +774,6 @@ in interface = "bridge0"; }; - security.acme = { - acceptTerms = true; - defaults.email = "tls@alanpearce.eu"; - certs."dns.alanpearce.eu" = { - reloadServices = map (x: "kresd@${toString x}") (lib.range 1 config.services.kresd.instances); - dnsProvider = "pdns"; - dnsResolver = "1.1.1.1:53"; - credentialsFile = config.age.secrets.acme.path; - group = "knot-resolver"; - }; - }; - services.smartdns = { enable = false; bindPort = "5533"; @@ -810,13 +802,8 @@ in instances = 4; listenPlain = [ "[::1]:5553" ]; # listenTLS = [ "853" ]; - listenDoH = [ "[::1]:5443" ]; + # listenDoH = [ "[::1]:5443" ]; extraConfig = '' - net.tls( - '/var/lib/acme/dns.alanpearce.eu/cert.pem', - '/var/lib/acme/dns.alanpearce.eu/key.pem' - ) - -- Load useful modules modules = { 'serve_stale < cache', |