From 447982a10a6f6fa0f43ddc3d3c2411960b471be0 Mon Sep 17 00:00:00 2001 From: Simon Gardling Date: Wed, 20 Aug 2025 10:28:42 -0400 Subject: [PATCH] cleanup --- configuration.nix | 10 ++++++---- flake.nix | 7 +++---- home.nix | 34 +++++++++++++++------------------- services/jellyfin.nix | 6 ++---- services/qbittorrent.nix | 11 +++-------- 5 files changed, 29 insertions(+), 39 deletions(-) diff --git a/configuration.nix b/configuration.nix index 086c9ca..df27387 100644 --- a/configuration.nix +++ b/configuration.nix @@ -107,6 +107,7 @@ system.activationScripts = { # extract all my secureboot keys + # TODO! awful secrets management, it's globally readable in /nix/store "secureboot-keys".text = '' #!/bin/sh rm -fr ${config.boot.lanzaboote.pkiBundle} || true @@ -216,7 +217,7 @@ { description = "disable rgb"; serviceConfig = { - ExecStart = "${lib.getExe no-rgb}"; + ExecStart = lib.getExe no-rgb; Type = "oneshot"; }; wantedBy = [ "multi-user.target" ]; @@ -268,7 +269,7 @@ # }; }; - users.groups.${service_configs.torrent_group} = { }; + users.groups.${service_configs.media_group} = { }; users.users.${username} = { isNormalUser = true; @@ -276,10 +277,11 @@ "wheel" "video" "render" - service_configs.torrent_group + service_configs.media_group ]; - hashedPasswordFile = builtins.toString ./secrets/hashedPass; + # TODO! use proper secrets management + # hashedPasswordFile = builtins.toString ./secrets/hashedPass; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop diff --git a/flake.nix b/flake.nix index b18b27f..50f9109 100644 --- a/flake.nix +++ b/flake.nix @@ -70,7 +70,7 @@ torrents_path = "/torrents"; services_dir = "/${zpool_ssds}/services"; music_dir = "/${zpool_ssds}/music"; - torrent_group = "media"; + media_group = "media"; ports = { https = 443; @@ -148,16 +148,15 @@ in { formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; - nixosConfigurations.${hostname} = nixpkgs.lib.nixosSystem { + nixosConfigurations.${hostname} = lib.nixosSystem { inherit system; - specialArgs = rec { + specialArgs = { inherit username hostname eth_interface service_configs inputs - lib ; }; modules = [ diff --git a/home.nix b/home.nix index 893dae0..050e42d 100644 --- a/home.nix +++ b/home.nix @@ -1,36 +1,32 @@ { pkgs, username, - stateVersion, + lib, ... }: { home.stateVersion = "24.11"; - programs.fish = - let - eza = "${pkgs.eza}/bin/eza --color=always --group-directories-first"; - coreutils = "${pkgs.coreutils}/bin"; - in - { - enable = true; + programs.fish = { + enable = true; - interactiveShellInit = '' - #disable greeting - set fish_greeting + interactiveShellInit = '' + # disable greeting + set fish_greeting - #fixes gnupg password entry - export GPG_TTY=(${coreutils}/tty) + # pfetch on shell start (disable pkgs because of execution time) + PF_INFO="ascii title os host kernel uptime memory editor wm" ${lib.getExe pkgs.pfetch-rs} + ''; - #pfetch on shell start (disable pkgs because of execution time) - PF_INFO="ascii title os host kernel uptime memory editor wm" ${pkgs.pfetch-rs}/bin/pfetch - ''; - - shellAliases = { + shellAliases = + let + eza = "${lib.getExe pkgs.eza} --color=always --group-directories-first"; + in + { # from DistroTube's dot files: Changing "ls" to "eza" ls = "${eza} -al"; la = "${eza} -a"; ll = "${eza} -l"; lt = "${eza} -aT"; }; - }; + }; } diff --git a/services/jellyfin.nix b/services/jellyfin.nix index 0ca5469..a7f187c 100644 --- a/services/jellyfin.nix +++ b/services/jellyfin.nix @@ -20,8 +20,7 @@ openFirewall = true; package = pkgs.jellyfin.override { jellyfin-ffmpeg = (lib.optimizePackage pkgs.jellyfin-ffmpeg); }; - dataDir = service_configs.jellyfin.dataDir; - cacheDir = service_configs.jellyfin.cacheDir; + inherit (service_configs.jellyfin) dataDir cacheDir; }; services.caddy.virtualHosts."jellyfin.${service_configs.https.domain}".extraConfig = '' @@ -39,8 +38,7 @@ users.users.${config.services.jellyfin.user}.extraGroups = [ "video" "render" - service_configs.torrent_group - "media" + service_configs.media_group ]; users.users.${username}.extraGroups = [ diff --git a/services/qbittorrent.nix b/services/qbittorrent.nix index d84f445..15d78af 100644 --- a/services/qbittorrent.nix +++ b/services/qbittorrent.nix @@ -215,8 +215,8 @@ }; systemd.tmpfiles.rules = [ - "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.torrent_group}" - "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0750 ${config.services.qbittorrent.user} ${service_configs.torrent_group}" + "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.SavePath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}" + "d ${config.services.qbittorrent.serverConfig.Preferences.Downloads.TempPath} 0750 ${config.services.qbittorrent.user} ${service_configs.media_group}" ]; # make qbittorrent use a vpn @@ -231,11 +231,6 @@ ''; users.users.${config.services.qbittorrent.user}.extraGroups = [ - service_configs.torrent_group + service_configs.media_group ]; - - users.users.${username}.extraGroups = [ - config.services.qbittorrent.group - ]; - }