From 533cfbb560b881d34cd9307d49a93478d387b856 Mon Sep 17 00:00:00 2001 From: xinyangli Date: Wed, 25 Dec 2024 11:32:34 +0800 Subject: [PATCH 1/4] weilite: add transmission --- machines/weilite/default.nix | 14 +++-- machines/weilite/secrets.yaml | 8 ++- machines/weilite/services/default.nix | 1 + machines/weilite/services/transmission.nix | 67 ++++++++++++++++++++++ 4 files changed, 81 insertions(+), 9 deletions(-) create mode 100644 machines/weilite/services/transmission.nix diff --git a/machines/weilite/default.nix b/machines/weilite/default.nix index c151e1b..c3a70d0 100644 --- a/machines/weilite/default.nix +++ b/machines/weilite/default.nix @@ -101,12 +101,7 @@ type = "virtiofs"; options = "rw,nodev,nosuid"; } - { - what = "media"; - where = "/var/lib/jellyfin/media"; - type = "virtiofs"; - options = "rw,nodev,nosuid"; - } + { what = "/mnt/nixos/ocis"; where = "/var/lib/ocis"; @@ -128,6 +123,13 @@ after = [ "mnt-nixos.mount" ]; wantedBy = [ "immich-server.service" ]; } + { + what = "/mnt/nixos/media"; + where = "/var/lib/jellyfin/media"; + options = "bind"; + after = [ "mnt-nixos.mount" ]; + wantedBy = [ "jellyfin.service" ]; + } ]; hardware.graphics = { diff --git a/machines/weilite/secrets.yaml b/machines/weilite/secrets.yaml index 0394a80..b5c3aa5 100644 --- a/machines/weilite/secrets.yaml +++ b/machines/weilite/secrets.yaml @@ -4,6 +4,8 @@ immich: oauth_client_secret: ENC[AES256_GCM,data:EFs2hPjGMj0idwY3oQVIDTOIWkdwoAoAVjDQE9Z2eAKzUDH3grmYpYE+33V8d/Ux,iv:A9cjwFr/ZqltG62/N8MQ1LhdDbSIVVAqIPVB492zYJw=,tag:VTTtE697BZTVsI32UF53/w==,type:str] restic: localpass: ENC[AES256_GCM,data:GIQAmkpDmGu4+sSG5/b5yQ==,iv:dcu6F8NnVjeQzEG2vM3fOV5owI0PWc86ts20UP3vN18=,tag:vsG8x062FG1pH5YNcAajeg==,type:str] +transmission: + rpc-password: ENC[AES256_GCM,data:4dumy0hygGOuwU3ANky3xEKRDRBAJWE=,iv:HVV2J+F8HndHZNsMD2YmkWrJOzk5JIapGd0SuQP8VqU=,tag:xqp5pxh5cYYogA4alrmIfg==,type:str] sops: kms: [] gcp_kms: [] @@ -28,8 +30,8 @@ sops: V0thRjU4WGpQRGFpcnoxSjZTZHhTTkUKzNMHh9p7GUY3hL5XZ9S4x20CwaItsXFV RKujsFVVBd8Kuq/jyOCBTRCscuHI4LW/wYeZYHFEZFSTK2liAqspgw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-03T05:59:51Z" - mac: ENC[AES256_GCM,data:0dLbfkm7fJvH5Mmct0/qHulg2AtDCeeeOgWMXfeGRUaX3GlLDiLga0zW4uNPDuahVecdh6ofvYfBOxFaGUdBCHk9vq5GzrwrzBNhqObWQ3AqVuq5rjqSxEKoFM4Eb5qoqaOefFzT/9qC94NDETTsHhjiEeIgd4fgSr2dazNiFPE=,iv:Ggw0FHzkrhKh5Uzo3seHGwwHsWW/tTAgAl0iIq9PVk4=,tag:rJvUI5/wsLJ01XyKmkRghw==,type:str] + lastmodified: "2024-12-25T00:35:15Z" + mac: ENC[AES256_GCM,data:sk4DL+w740RD9A3sPvcGD4fc90Nfw9C8dH11ScGRgt6gS3v4V16pD0Q/bHHZiUCll76phZKjp+sGcZaPw0X7RDlK582WY3uw0pLtqLlm0gejjmvBJYKg47nA0dCD+vDvbMkJlvJG6N3sRuXDBa/7bAe452eXZNS8Xnm7ceDscVc=,iv:Nx4yCfG9rNk0q8akuI1aZr6Wj4GIAxASE8Tc7TH4Vj8=,tag:GodvlMbhIPpPu062spKFxA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2 diff --git a/machines/weilite/services/default.nix b/machines/weilite/services/default.nix index 5a5cc25..ca5ee33 100644 --- a/machines/weilite/services/default.nix +++ b/machines/weilite/services/default.nix @@ -5,5 +5,6 @@ ./media-download.nix ./immich.nix ./jellyfin.nix + ./transmission.nix ]; } diff --git a/machines/weilite/services/transmission.nix b/machines/weilite/services/transmission.nix new file mode 100644 index 0000000..be7bb39 --- /dev/null +++ b/machines/weilite/services/transmission.nix @@ -0,0 +1,67 @@ +{ config, ... }: +let + cfg = config.services.transmission; +in +{ + sops.secrets = { + "transmission/rpc-password" = { }; + }; + + sops.templates."transmission-cred.json" = { + content = builtins.toJSON { + rpc-password = config.sops.placeholder."transmission/rpc-password"; + }; + }; + + services.transmission = { + enable = true; + openPeerPorts = true; + credentialsFile = config.sops.templates."transmission-cred.json".path; + settings = { + download-dir = "/mnt/nixos/media"; + incomplete-dir = "/mnt/nixos/transmission/incomplete"; + alt-speed-down = 40960; + alt-speed-enabled = false; + alt-speed-time-begin = 60; + alt-speed-time-day = 127; + alt-speed-time-enabled = true; + alt-speed-time-end = 420; + alt-speed-up = 4096; + bind-address-ipv4 = "0.0.0.0"; + bind-address-ipv6 = "::"; + download-queue-enabled = true; + download-queue-size = 5; + incomplete-dir-enabled = true; + lpd-enabled = false; + message-level = 2; + peer-congestion-algorithm = ""; + peer-id-ttl-hours = 6; + peer-limit-global = 200; + peer-limit-per-torrent = 50; + peer-port = 51413; + peer-socket-tos = "cs2"; + pex-enabled = true; + preallocation = 1; + prefetch-enabled = true; + queue-stalled-enabled = true; + queue-stalled-minutes = 30; + rename-partial-files = true; + rpc-bind-address = "127.0.0.1"; + rpc-enabled = true; + rpc-authentication-required = true; + rpc-port = 9092; + rpc-username = "xin"; + rpc-whitelist = "127.0.0.1"; + speed-limit-down = 20480; + speed-limit-down-enabled = true; + speed-limit-up = 3072; + speed-limit-up-enabled = true; + start-added-torrents = true; + watch-dir-enabled = false; + }; + }; + services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:9091".extraConfig = '' + reverse_proxy 127.0.0.1:${toString cfg.settings.rpc-port} + ''; + networking.firewall.allowedTCPPorts = [ 9091 ]; # allow on lan +} From 408ea16f6dedc3cedc1779bbcee4dd74407ccd9e Mon Sep 17 00:00:00 2001 From: xinyangli Date: Thu, 26 Dec 2024 20:26:07 +0800 Subject: [PATCH 2/4] calcite/keyd: global caplock reload --- machines/calcite/configuration.nix | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/machines/calcite/configuration.nix b/machines/calcite/configuration.nix index a3c84c4..68bd802 100644 --- a/machines/calcite/configuration.nix +++ b/machines/calcite/configuration.nix @@ -152,11 +152,14 @@ in services.keyd = { enable = true; keyboards = { + defualt = { + id = [ "*" ]; + capslock = "overload(control, esc)"; + }; "internal" = { ids = [ "0b05:1866" ]; settings = { main = { - capslock = "overload(control, esc)"; leftcontrol = "capslock"; }; }; @@ -170,17 +173,6 @@ in }; }; }; - "keydous" = { - ids = [ - "25a7:fa14" - "3151:4002" - ]; - settings = { - main = { - leftcontrol = "overload(control, esc)"; - }; - }; - }; }; }; @@ -302,7 +294,8 @@ in zotero # onlyoffice-bin - wemeet + # wemeet + config.nur.repos.linyinfeng.wemeet virt-manager wineWowPackages.waylandFull From 6bf9d771a1a66a92811e1e816d75f6aff039b84f Mon Sep 17 00:00:00 2001 From: xinyangli Date: Thu, 26 Dec 2024 20:27:18 +0800 Subject: [PATCH 3/4] weilite/media: add group "media" --- machines/weilite/default.nix | 17 ++++++++++------- machines/weilite/services/jellyfin.nix | 10 ++++++++++ machines/weilite/services/media-download.nix | 7 ++++++- machines/weilite/services/transmission.nix | 12 +++++++----- 4 files changed, 33 insertions(+), 13 deletions(-) diff --git a/machines/weilite/default.nix b/machines/weilite/default.nix index c3a70d0..cb5804b 100644 --- a/machines/weilite/default.nix +++ b/machines/weilite/default.nix @@ -12,6 +12,13 @@ ./services ]; + options = { + node = lib.mkOption { + type = lib.types.attrs; + default = { }; + }; + }; + config = { networking.hostName = "weilite"; commonSettings = { @@ -21,6 +28,9 @@ }; comin.enable = true; }; + node = { + mediaDir = "/mnt/nixos/media"; + }; boot = { loader = { @@ -123,13 +133,6 @@ after = [ "mnt-nixos.mount" ]; wantedBy = [ "immich-server.service" ]; } - { - what = "/mnt/nixos/media"; - where = "/var/lib/jellyfin/media"; - options = "bind"; - after = [ "mnt-nixos.mount" ]; - wantedBy = [ "jellyfin.service" ]; - } ]; hardware.graphics = { diff --git a/machines/weilite/services/jellyfin.nix b/machines/weilite/services/jellyfin.nix index d321de5..025386b 100644 --- a/machines/weilite/services/jellyfin.nix +++ b/machines/weilite/services/jellyfin.nix @@ -1,7 +1,16 @@ { config, pkgs, ... }: +let + cfg = config.services.jellyfin; +in { services.jellyfin.enable = true; + systemd.services.jellyfin.serviceConfig = { + BindReadOnlyPaths = [ + "/mnt/nixos/media:${cfg.dataDir}/media" + ]; + }; + environment.systemPackages = with pkgs; [ jellyfin jellyfin-web @@ -12,4 +21,5 @@ ''; networking.firewall.allowedTCPPorts = [ 8920 ]; # allow on lan users.users.jellyfin.extraGroups = [ "render" ]; + users.groups.media.members = [ cfg.user ]; } diff --git a/machines/weilite/services/media-download.nix b/machines/weilite/services/media-download.nix index 6f22744..a161931 100644 --- a/machines/weilite/services/media-download.nix +++ b/machines/weilite/services/media-download.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ config, pkgs, ... }: { services.jackett = { enable = true; @@ -27,4 +27,9 @@ services.radarr = { enable = true; }; + + users.groups.media.members = [ + config.services.sonarr.user + config.services.radarr.user + ]; } diff --git a/machines/weilite/services/transmission.nix b/machines/weilite/services/transmission.nix index be7bb39..b025819 100644 --- a/machines/weilite/services/transmission.nix +++ b/machines/weilite/services/transmission.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: let cfg = config.services.transmission; in @@ -15,13 +15,14 @@ in services.transmission = { enable = true; + package = pkgs.transmission_4; openPeerPorts = true; credentialsFile = config.sops.templates."transmission-cred.json".path; settings = { download-dir = "/mnt/nixos/media"; incomplete-dir = "/mnt/nixos/transmission/incomplete"; alt-speed-down = 40960; - alt-speed-enabled = false; + alt-speed-enabled = true; alt-speed-time-begin = 60; alt-speed-time-day = 127; alt-speed-time-enabled = true; @@ -30,16 +31,16 @@ in bind-address-ipv4 = "0.0.0.0"; bind-address-ipv6 = "::"; download-queue-enabled = true; - download-queue-size = 5; + download-queue-size = 10; incomplete-dir-enabled = true; lpd-enabled = false; - message-level = 2; + message-level = 4; peer-congestion-algorithm = ""; peer-id-ttl-hours = 6; peer-limit-global = 200; peer-limit-per-torrent = 50; peer-port = 51413; - peer-socket-tos = "cs2"; + peer-socket-tos = "cs1"; pex-enabled = true; preallocation = 1; prefetch-enabled = true; @@ -64,4 +65,5 @@ in reverse_proxy 127.0.0.1:${toString cfg.settings.rpc-port} ''; networking.firewall.allowedTCPPorts = [ 9091 ]; # allow on lan + users.groups.media.members = [ cfg.user ]; } From efbfb72030680eb608e1a12dc740fbe2ef4de48a Mon Sep 17 00:00:00 2001 From: xinyangli Date: Thu, 26 Dec 2024 21:32:51 +0800 Subject: [PATCH 4/4] flake.lock: update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit • Updated input 'my-nixvim': 'git+https://git.xiny.li/xin/nixvim?ref=refs/heads/master&rev=fdf7775c738e2eb6bb8cb707d35a900bc47cd53e' (2024-12-21) → 'git+https://git.xiny.li/xin/nixvim?ref=refs/heads/master&rev=4439691030d1a28f4ad49c542104e3f880f7c183' (2024-12-26) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 3320dcb..f468ae0 100644 --- a/flake.lock +++ b/flake.lock @@ -396,11 +396,11 @@ "nixvim": "nixvim" }, "locked": { - "lastModified": 1734791154, - "narHash": "sha256-J/h0nh3iOnOqXnv28NahNH45xZ035tKpabPPKMPFTfo=", + "lastModified": 1735219902, + "narHash": "sha256-s1aI4l9e0OX861wHsvAPqz/s8B9ZTltAMJzPRXt5Kqo=", "ref": "refs/heads/master", - "rev": "fdf7775c738e2eb6bb8cb707d35a900bc47cd53e", - "revCount": 24, + "rev": "4439691030d1a28f4ad49c542104e3f880f7c183", + "revCount": 25, "type": "git", "url": "https://git.xiny.li/xin/nixvim" },