feat: use media proxmox vm

aymanbagabas · Aug 11, 2024 · 301f2f3 · 301f2f3
1 parent b4c4344
commit 301f2f3
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 38 deletions.
diff --git a/.github/workflows/media-lxc.yml → .github/workflows/media-vm.yml b/.github/workflows/media-lxc.yml → .github/workflows/media-vm.yml
@@ -1,4 +1,4 @@
-name: Generate Media LXC Container
+name: Generate Media Qemu VM
 # Based on https://freddydumont.com/blog/nixos-github-actions
 
 on:
@@ -40,9 +40,9 @@ jobs:
         with:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Generate NixOS LXC configuration
+      - name: Generate NixOS Qemu VM configuration
         run: |
-          nix run github:nix-community/nixos-generators -- -f proxmox-lxc --flake .#media | {
+          nix run github:nix-community/nixos-generators -- -f proxmox --flake .#media | {
             read path
             echo "BUILD_PATH=$path" >> $GITHUB_ENV
           }

diff --git a/hosts/media/configuration.nix b/hosts/media/configuration.nix
@@ -1,43 +1,54 @@
-# Media runs on a Proxmox LXC container, so we need to add the Proxmox LXC
-# module to the imports list.
-{ modulesPath, user, ... }:
+# Media runs on a Proxmox VM, this configures the VM and Qemu options.
+{ config, pkgs, user, hostname, ... }:
 
 {
   imports = [
     ../nixos.nix
-    (modulesPath + "/virtualisation/proxmox-lxc.nix")
   ];
 
+  # Proxmox Qemu VM
+  proxmox = {
+    qemuConf = {
+      cores = 4;
+      memory = 8192;
+      bios = "ovmf";
+      boot = "order=scsi0;net0";
+    };
+  };
+
   # Make user login passwordless.
   # https://nixos.org/manual/nixos/stable/options#opt-users.users._name_.initialHashedPassword
   users.users.root.initialHashedPassword = "";
-  users.users.${user}.initialHashedPassword = "";
-
-  proxmoxLXC = {
-    privileged = false;
-    manageHostName = false;
+  users.users.${user} = {
+    initialHashedPassword = "";
   };
 
-  services.nginx = {
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.05"; # Did you read the comment?
+
+  networking.hostName = hostname;
+
+  services.cloud-init.network.enable = true;
+  services.qemuGuest.enable = true;
+  services.spice-vdagentd.enable = true;
+
+  services.plex = {
     enable = true;
-    upstreams = {
-      tautulli.servers."media.local:8181" = { };
-    };
-    virtualHosts."media.local" = {
-      locations."~ /tautulli/(.*)" = {
-        proxyPass = "http://tautulli/$1$is_args$args";
-        priority = 1;
-        extraConfig = ''
-          proxy_redirect off;
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Forwarded-Host $server_name;
-        '';
-      };
-    };
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
+  };
+  services.tautulli = {
+    enable = true;
+    openFirewall = true;
+    group = "wheel";
+    user = "${user}";
   };
-
   services.sonarr = {
     enable = true;
     openFirewall = true;
@@ -67,11 +78,26 @@
     openFirewall = true;
   };
 
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.05"; # Did you read the comment?
+  environment.systemPackages = [ pkgs.cifs-utils ];
+  fileSystems."/mnt/share/backups" = {
+    device = "//nas.local/backups/services";
+    fsType = "cifs";
+    options = builtins.concatStringsSep "," [
+      # Prevent hanging on network split
+      "x-systemd.automount"
+      "noauto"
+      "x-systemd.idle-timeout=60"
+      "x-systemd.device-timeout=5s"
+      "x-systemd.mount-timeout=5s"
+      # Mount as user
+      "uid=1000" # user
+      "gid=1"    # wheel
+      # Credentials need to be stored in a file
+      "credentials=/etc/nixos/smb-secrets"
+    ];
+  };
+
+  # Allow Samba discovery
+  # https://nixos.wiki/wiki/Samba#Firewall_configuration
+  networking.firewall.extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
 }
diff --git a/hosts/media/home.nix b/hosts/media/home.nix
@@ -2,7 +2,9 @@
 
 {
   imports = [
+    ../../modules/direnv.nix
     ../../modules/home.nix
-    ../../modules/shell.nix
+    ../../modules/scripts
+    ../../modules/zsh.nix
   ];
 }