nixos/hosts/FredOS-Mediaserver.nix
rope 8560c11afa fix NIC naming: use udev rules instead of .link files
systemd.network.links didn't generate files; use udev extraRules
to pin NIC names to MACs. Also disable networking.useDHCP catch-all
that silently misconfigured the LAN NIC when it got a wrong name.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-22 09:31:57 +01:00

56 lines
1.7 KiB
Nix

{ config, pkgs, lib, ... }:
{
config = lib.mkIf (config.networking.hostName == "FredOS-Mediaserver") {
# Create symlink from home to storage
systemd.tmpfiles.rules = [
"L+ /home/fred/storage - - - - /mnt/storage"
];
# Basic system packages
environment.systemPackages = with pkgs; [
mergerfs
wget
util-linux
javaPackages.compiler.temurin-bin.jre-25
unzip
screen
yt-dlp
ghostty.terminfo
usbutils
lm_sensors
(pkgs.writeShellScriptBin "transcode-hevc" ''
export PATH="${pkgs.jellyfin-ffmpeg}/bin:${pkgs.coreutils}/bin:${pkgs.findutils}/bin:${pkgs.gnugrep}/bin:${pkgs.gawk}/bin:${pkgs.bc}/bin:${pkgs.curl}/bin:$PATH"
exec ${pkgs.bash}/bin/bash ${../scripts/transcode-hevc.sh} "$@"
'')
(pkgs.writeShellScriptBin "record-update" ''
export PATH="${pkgs.nvd}/bin:${pkgs.coreutils}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin:$PATH"
exec ${pkgs.bash}/bin/bash ${../scripts/record-update.sh} "$@"
'')
];
# Basic networking
networking.useDHCP = lib.mkForce false;
# Allow fred to act as a remote Nix builder (trusted users can import
# unsigned store paths sent by the build client).
nix.settings.trusted-users = [ "root" "fred" ];
# Automatic daily system updates
system.autoUpgrade = {
enable = true;
flake = "git+https://forg.gregersen.it/rope/nixos";
dates = "04:15";
allowReboot = true;
};
# Open firewall for SSH
networking.firewall.allowedTCPPorts = [ 22 11434 ];
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
};
}