57 lines
1.7 KiB
Nix
57 lines
1.7 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
{
|
|
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
|
|
# Create symlink from home to storage
|
|
systemd.tmpfiles.rules = [
|
|
"L+ /home/fred/storage - - - - /mnt/storage"
|
|
];
|
|
|
|
# Basic system packages
|
|
environment.systemPackages = with pkgs; [
|
|
mergerfs
|
|
wget
|
|
util-linux
|
|
javaPackages.compiler.temurin-bin.jre-25
|
|
unzip
|
|
screen
|
|
yt-dlp
|
|
ghostty.terminfo
|
|
matugen
|
|
usbutils
|
|
lm_sensors
|
|
(pkgs.writeShellScriptBin "transcode-hevc" ''
|
|
export PATH="${pkgs.jellyfin-ffmpeg}/bin:${pkgs.coreutils}/bin:${pkgs.findutils}/bin:${pkgs.gnugrep}/bin:${pkgs.gawk}/bin:${pkgs.bc}/bin:${pkgs.curl}/bin:$PATH"
|
|
exec ${pkgs.bash}/bin/bash ${../scripts/transcode-hevc.sh} "$@"
|
|
'')
|
|
(pkgs.writeShellScriptBin "record-update" ''
|
|
export PATH="${pkgs.nvd}/bin:${pkgs.coreutils}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:$PATH"
|
|
exec ${pkgs.bash}/bin/bash ${../scripts/record-update.sh} "$@"
|
|
'')
|
|
];
|
|
|
|
# Basic networking
|
|
networking.useDHCP = lib.mkDefault true;
|
|
|
|
# Allow fred to act as a remote Nix builder (trusted users can import
|
|
# unsigned store paths sent by the build client).
|
|
nix.settings.trusted-users = [ "root" "fred" ];
|
|
|
|
# Automatic daily system updates
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
flake = "git+https://forg.gregersen.it/rope/nixos";
|
|
dates = "04:15";
|
|
allowReboot = true;
|
|
};
|
|
|
|
# Open firewall for SSH
|
|
networking.firewall.allowedTCPPorts = [ 22 11434 ];
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "no";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
};
|
|
}
|