From 51adeb02e609496408d1a3f57fc4a6926b811bc9 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Mon, 23 Mar 2026 15:09:58 +0100 Subject: [PATCH 1/2] fix a load of stuff --- .just/machine.just | 8 +++- .../nixos/services/media/servarr/default.nix | 45 +++++++++++++------ 2 files changed, 38 insertions(+), 15 deletions(-) diff --git a/.just/machine.just b/.just/machine.just index 420197a..3cb4587 100644 --- a/.just/machine.just +++ b/.just/machine.just @@ -11,4 +11,10 @@ cd .. && just vars _check {{ machine }} echo "" just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" - nixos-rebuild switch -L --sudo --target-host {{ machine }} --build-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json + nixos-rebuild switch -L --sudo --target-host {{ machine }} --flake ..#{{ machine }} --log-format internal-json -v |& nom --json + +[doc('Check if target machine builds')] +[no-exit-message] +@check machine: + just assert '-d "../systems/x86_64-linux/{{ machine }}"' "Machine {{ machine }} does not exist, must be one of: $(ls ../systems/x86_64-linux/ | sed ':a;N;$!ba;s/\n/, /g')" + nix build ..#nixosConfigurations.{{ machine }}.config.system.build.toplevel diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index 6953421..ba03076 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -80,18 +80,7 @@ in { enable = true; openFirewall = true; webuiPort = 2008; - - serverConfig = { - LegalNotice.Accepted = true; - - Prefecences.WebUI = { - AlternativeUIEnabled = true; - RootFolder = "''${pkgs.vuetorrent}/share/vuetorrent"; - - Username = "admin"; - Password_PBKDF2 = "@ByteArray(Yhyk8fzgSHuKcgcmIxhYzg==:9njltqI5znb98+n+eOqUvpe4xYj6Dcub994o2fe9kpTa1fczMdHf/fNoifLaGmEf69xkTNSztEuh6BqcR4/CbQ==)"; #config.sops.secrets."qbittorrent/password_hash".path; - }; - }; + serverConfig = lib.mkForce {}; user = "qbittorrent"; group = "media"; @@ -246,7 +235,7 @@ in { host = "localhost"; api_key = lib.tfRef "var.sabnzbd_api_key"; url_base = "/"; - port = 8080; + port = 2009; }; }; } @@ -425,7 +414,7 @@ in { # Sleep for a bit to give the service a chance to start up sleep 5s - if [ "$(systemctl is-active ${service})" != "active" ]; then + if [ "$(systemctl is-active "${service}")" != "active" ]; then echo "${service} is not running" exit 1 fi @@ -464,6 +453,18 @@ in { })) |> lib.mkMerge; + system.activationScripts.qbittorrent-config = { + deps = lib.optional (!config.sops.useSystemdActivation) "setupSecrets"; + # TODO: If sops-nix is switched to systemd activation, add a systemd unit + # for this install step that runs after sops-install-secrets.service, + # because this activation-script dependency only orders against setupSecrets. + text = '' + install -Dm0600 -o ${config.services.qbittorrent.user} -g ${config.services.qbittorrent.group} \ + ${config.sops.templates."qbittorrent/qBittorrent.conf".path} \ + ${config.services.qbittorrent.profileDir}/qBittorrent/config/qBittorrent.conf + ''; + }; + users = cfg |> lib.mapAttrsToList (service: {enable, ...}: (mkIf enable { @@ -532,6 +533,22 @@ in { sabnzbd_api_key = "${config.sops.placeholder."sabnzbd/apikey"}" ''; }; + "qbittorrent/qBittorrent.conf" = { + owner = "qbittorrent"; + group = "media"; + mode = "0600"; + restartUnits = ["qbittorrent.service"]; + content = '' + [LegalNotice] + Accepted=true + + [Preferences] + WebUI\AlternativeUIEnabled=true + WebUI\RootFolder=${pkgs.vuetorrent}/share/vuetorrent + WebUI\Username=admin + WebUI\Password_PBKDF2=${config.sops.placeholder."qbittorrent/password_hash"} + ''; + }; "sabnzbd/config.ini" = { owner = "sabnzbd"; group = "media"; From 01fb98ba10ebc098edcbe256b9766650297bd911 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Tue, 24 Mar 2026 07:30:41 +0100 Subject: [PATCH 2/2] various fixes --- .../nixos/services/media/glance/default.nix | 2 +- .../nixos/services/media/servarr/default.nix | 73 +------------------ systems/x86_64-linux/orome/default.nix | 10 ++- 3 files changed, 11 insertions(+), 74 deletions(-) diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix index ec6e851..b042297 100644 --- a/modules/nixos/services/media/glance/default.nix +++ b/modules/nixos/services/media/glance/default.nix @@ -15,7 +15,7 @@ in { config = mkIf cfg.enable { ${namespace}.services.networking.caddy.hosts = { "https://${config.networking.hostName}:443" = '' - reverse_proxy http://[::]:2000 + reverse_proxy http://[::1]:2000 ''; }; diff --git a/modules/nixos/services/media/servarr/default.nix b/modules/nixos/services/media/servarr/default.nix index ba03076..c7a066c 100644 --- a/modules/nixos/services/media/servarr/default.nix +++ b/modules/nixos/services/media/servarr/default.nix @@ -99,7 +99,9 @@ in { settings = { misc = { + host = "0.0.0.0"; port = 2009; + host_whitelist = "${config.networking.hostName}"; download_dir = "/var/media/downloads/incomplete"; complete_dir = "/var/media/downloads/done"; @@ -315,77 +317,6 @@ in { } ]; }; - - # "_1337x" = { - # enable = true; - - # app_profile_id = 1; - # priority = 1; - - # name = "1337x"; - # implementation = "Cardigann"; - # config_contract = "CardigannSettings"; - # protocol = "torrent"; - # tags = [1]; - - # fields = [ - # { - # name = "definitionFile"; - # text_value = "1337x"; - # } - # { - # name = "baseSettings.limitsUnit"; - # number_value = 0; - # } - # { - # name = "torrentBaseSettings.preferMagnetUrl"; - # bool_value = false; - # } - # { - # name = "disablesort"; - # bool_value = false; - # } - # { - # name = "sort"; - # number_value = 2; - # } - # { - # name = "type"; - # number_value = 1; - # } - # ]; - # }; - - # "nzbgeek" = { - # enable = true; - - # app_profile_id = 2; - # priority = 1; - - # name = "NZBgeek"; - # implementation = "Newznab"; - # config_contract = "NewznabSettings"; - # protocol = "usenet"; - - # fields = [ - # { - # name = "baseUrl"; - # text_value = "https://api.nzbgeek.info"; - # } - # { - # name = "apiPath"; - # text_value = "/api"; - # } - # { - # name = "apiKey"; - # text_value = "__TODO_API_KEY_SECRET__"; - # } - # { - # name = "baseSettings.limitsUnit"; - # number_value = 5; - # } - # ]; - # }; }; } ] diff --git a/systems/x86_64-linux/orome/default.nix b/systems/x86_64-linux/orome/default.nix index 48e049b..e155461 100644 --- a/systems/x86_64-linux/orome/default.nix +++ b/systems/x86_64-linux/orome/default.nix @@ -1,16 +1,22 @@ -{ ... }: -{ +{pkgs, ...}: { imports = [ ./disks.nix ./hardware.nix ]; + environment.systemPackages = with pkgs; [ + azure-cli + github-copilot-cli + ]; + sneeuwvlok = { hardware.has = { bluetooth = true; audio = true; }; + authentication.himmelblau.enable = true; + application = { steam.enable = true; };