Compare commits
2 commits
886c93768a
...
7554ee6649
| Author | SHA1 | Date | |
|---|---|---|---|
| 7554ee6649 | |||
| b6f4ec974f |
27 changed files with 105 additions and 71 deletions
|
|
@ -27,6 +27,7 @@ Configure system by setting up values as defined in the [HomeFree module](./modu
|
||||||
* Prevent hangs on boot due to alerts (e.g. if no monitor attached)
|
* Prevent hangs on boot due to alerts (e.g. if no monitor attached)
|
||||||
* F2 to enter BIOS
|
* F2 to enter BIOS
|
||||||
* Select "Boot" tab
|
* Select "Boot" tab
|
||||||
|
* Enable Fast Boot
|
||||||
* Select "Boot Display Configuration"
|
* Select "Boot Display Configuration"
|
||||||
* Enable "Suppress Alert Messages at Boot"
|
* Enable "Suppress Alert Messages at Boot"
|
||||||
* Enable headless GPU
|
* Enable headless GPU
|
||||||
|
|
|
||||||
81
flake.lock
generated
81
flake.lock
generated
|
|
@ -144,11 +144,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1741352980,
|
"lastModified": 1743550720,
|
||||||
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
|
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "flake-parts",
|
"repo": "flake-parts",
|
||||||
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
|
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -212,16 +212,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729958008,
|
"lastModified": 1748294338,
|
||||||
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
|
"narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "ixx",
|
"repo": "ixx",
|
||||||
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
|
"rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"ref": "v0.0.6",
|
"ref": "v0.0.8",
|
||||||
"repo": "ixx",
|
"repo": "ixx",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
|
@ -439,27 +439,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1742669843,
|
"lastModified": 1748406211,
|
||||||
"narHash": "sha256-G5n+FOXLXcRx+3hCJ6Rt6ZQyF1zqQ0DL0sWAMn2Nk0w=",
|
"narHash": "sha256-B3BsCRbc+x/d0WiG1f+qfSLUy+oiIfih54kalWBi+/M=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "1e5b653dff12029333a6546c11e108ede13052eb",
|
"rev": "3d1f29646e4b57ed468d60f9d286cde23a8d1707",
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_5": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1742606399,
|
|
||||||
"narHash": "sha256-NAxwF5cjgh8o5aylhePXWNQETCWYaTpNvdO2bMfINpQ=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "0740f6f238767d4caf9afe774d3e88105766dfc6",
|
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -469,7 +453,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_6": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1744868846,
|
"lastModified": 1744868846,
|
||||||
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
|
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
|
||||||
|
|
@ -488,15 +472,16 @@
|
||||||
"nixvim": {
|
"nixvim": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-parts": "flake-parts_2",
|
"flake-parts": "flake-parts_2",
|
||||||
"nixpkgs": "nixpkgs_5",
|
"nixpkgs": "nixpkgs_4",
|
||||||
"nuschtosSearch": "nuschtosSearch"
|
"nuschtosSearch": "nuschtosSearch",
|
||||||
|
"systems": "systems_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1742732006,
|
"lastModified": 1748521000,
|
||||||
"narHash": "sha256-ZIBMfPNb/hfoFf79MRnhDXGKl0yGhjlYEpy3+/jbxFI=",
|
"narHash": "sha256-EnXH5PIrZBoe8U09hPQr2kOuPTZSqAJy78DqUVLmWXg=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "7776e37b67e7875c3cd56d9d20fd050798071706",
|
"rev": "a9e45072d82374dd3f0d971795e7d7f99e5bc6c2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -507,15 +492,14 @@
|
||||||
},
|
},
|
||||||
"nixvim-config": {
|
"nixvim-config": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_4",
|
|
||||||
"nixvim": "nixvim"
|
"nixvim": "nixvim"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1745217653,
|
"lastModified": 1748553600,
|
||||||
"narHash": "sha256-lIPGjaEU6iQ9I0TX0FoYJcU2QTyJAAz92qP++WRBQPY=",
|
"narHash": "sha256-WUtHKSeCZKDJBb5C2sd8iUvbeZa7AVVB+qo+HNDpKzg=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "6a2b1631f2a1c3aee1355b599ccbd7aeced74eac",
|
"rev": "4a83351844e9ee1ccc70dd9962f581b3dc7926e3",
|
||||||
"revCount": 24,
|
"revCount": 25,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.homefree.host/homefree/nixvim-config"
|
"url": "https://git.homefree.host/homefree/nixvim-config"
|
||||||
},
|
},
|
||||||
|
|
@ -535,11 +519,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1742659553,
|
"lastModified": 1748298102,
|
||||||
"narHash": "sha256-i/JCrr/jApVorI9GkSV5to+USrRCa0rWuQDH8JSlK2A=",
|
"narHash": "sha256-PP11GVwUt7F4ZZi5A5+99isuq39C59CKc5u5yVisU/U=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "search",
|
"repo": "search",
|
||||||
"rev": "508752835128a3977985a4d5225ff241f7756181",
|
"rev": "f8a1c221afb8b4c642ed11ac5ee6746b0fe1d32f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -595,7 +579,7 @@
|
||||||
},
|
},
|
||||||
"sops-nix": {
|
"sops-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_6"
|
"nixpkgs": "nixpkgs_5"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1745310711,
|
"lastModified": 1745310711,
|
||||||
|
|
@ -641,6 +625,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"systems_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"treefmt-nix": {
|
"treefmt-nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
|
|
||||||
|
|
@ -229,7 +229,7 @@
|
||||||
|
|
||||||
nixvim-config = {
|
nixvim-config = {
|
||||||
enable = true;
|
enable = true;
|
||||||
startify-header = let header-space = " "; in [
|
startify-header = let header-space = " "; in [
|
||||||
''${header-space} ___ ___ ___________''
|
''${header-space} ___ ___ ___________''
|
||||||
''${header-space} / | \ ____ _____ ____\_ _____/______ ____ ____''
|
''${header-space} / | \ ____ _____ ____\_ _____/______ ____ ____''
|
||||||
''${header-space}/ ~ \/ _ \ / \_/ __ \| __) \_ __ \_/ __ \_/ __ \''
|
''${header-space}/ ~ \/ _ \ / \_/ __ \| __) \_ __ \_/ __ \_/ __ \''
|
||||||
|
|
@ -272,6 +272,7 @@
|
||||||
inetutils
|
inetutils
|
||||||
iotop
|
iotop
|
||||||
iperf3
|
iperf3
|
||||||
|
jq
|
||||||
lemonade
|
lemonade
|
||||||
luarocks
|
luarocks
|
||||||
lshw
|
lshw
|
||||||
|
|
|
||||||
|
|
@ -162,6 +162,11 @@ in
|
||||||
ruleset = ''
|
ruleset = ''
|
||||||
flush ruleset
|
flush ruleset
|
||||||
|
|
||||||
|
# add table inet filter
|
||||||
|
# add table ip nat
|
||||||
|
# flush table inet filter
|
||||||
|
# flush table ip nat
|
||||||
|
|
||||||
## "inet" indicates both ipv4 and ipv6
|
## "inet" indicates both ipv4 and ipv6
|
||||||
table inet filter {
|
table inet filter {
|
||||||
## allow all packets sent by the firewall machine itself
|
## allow all packets sent by the firewall machine itself
|
||||||
|
|
@ -188,6 +193,7 @@ in
|
||||||
## Allow for web traffic
|
## Allow for web traffic
|
||||||
## http is needed for headscale relaying
|
## http is needed for headscale relaying
|
||||||
## 3022 is for git/forgejo ssh
|
## 3022 is for git/forgejo ssh
|
||||||
|
## @TODO: 3022 should only be opened if forgejo is set to public
|
||||||
tcp dport { http, https, 3022 } ct state new accept;
|
tcp dport { http, https, 3022 } ct state new accept;
|
||||||
|
|
||||||
## Headscale connections
|
## Headscale connections
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -38,7 +38,8 @@ in
|
||||||
|
|
||||||
systemd.services.podman-baikal = {
|
systemd.services.podman-baikal = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires =[ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "baikal-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "baikal-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -116,6 +116,7 @@ in
|
||||||
systemd.services.podman-cryptpad = {
|
systemd.services.podman-cryptpad = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires =[ "dns-ready.service" ];
|
requires =[ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "cryptpad-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "cryptpad-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -22,7 +22,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -80,6 +80,7 @@ in
|
||||||
systemd.services.podman-forgejo = {
|
systemd.services.podman-forgejo = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "forgejo-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "forgejo-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -140,7 +140,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
## 1GB of memory, reduces SSD/SD Card wear
|
## 1GB of memory, reduces SSD/SD Card wear
|
||||||
"--mount=type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000"
|
"--mount=type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000"
|
||||||
"--shm-size=512M"
|
"--shm-size=512M"
|
||||||
|
|
@ -175,6 +175,7 @@ in
|
||||||
systemd.services.podman-frigate = {
|
systemd.services.podman-frigate = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "frigate-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "frigate-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -21,7 +21,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -42,6 +42,7 @@ in
|
||||||
systemd.services.podman-grocy = {
|
systemd.services.podman-grocy = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "grocy-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "grocy-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -138,7 +138,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -185,6 +185,7 @@ in
|
||||||
systemd.services.podman-headplane = {
|
systemd.services.podman-headplane = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "headplane-prestart" headplane-preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "headplane-prestart" headplane-preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -69,7 +69,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
"--network=host"
|
"--network=host"
|
||||||
"--privileged"
|
"--privileged"
|
||||||
];
|
];
|
||||||
|
|
@ -89,6 +89,7 @@ in
|
||||||
systemd.services.podman-homeassistant = {
|
systemd.services.podman-homeassistant = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "homeassistant-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "homeassistant-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -40,6 +40,7 @@ in
|
||||||
systemd.services.podman-homebox = {
|
systemd.services.podman-homebox = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "homebox-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "homebox-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -97,7 +97,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -138,7 +138,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
## 1GB of memory, reduces SSD/SD Card wear
|
## 1GB of memory, reduces SSD/SD Card wear
|
||||||
"--mount=type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000"
|
"--mount=type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000"
|
||||||
"--device=/dev/bus/usb:/dev/bus/usb" # Passes the USB Coral, needs to be modified for other versions
|
"--device=/dev/bus/usb:/dev/bus/usb" # Passes the USB Coral, needs to be modified for other versions
|
||||||
|
|
@ -170,7 +170,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
"--health-cmd=redis-cli ping || exit 1"
|
"--health-cmd=redis-cli ping || exit 1"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -187,6 +187,7 @@ in
|
||||||
systemd.services.podman-immich-server = {
|
systemd.services.podman-immich-server = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "imimich-server-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "imimich-server-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
@ -195,11 +196,13 @@ in
|
||||||
systemd.services.podman-immich-machine-learning = {
|
systemd.services.podman-immich-machine-learning = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.podman-immich-redis = {
|
systemd.services.podman-immich-redis = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
homefree.service-config = if config.homefree.services.immich.enable == true then [
|
homefree.service-config = if config.homefree.services.immich.enable == true then [
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
## 1GB of memory, reduces SSD/SD Card wear
|
## 1GB of memory, reduces SSD/SD Card wear
|
||||||
"--mount=type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000"
|
"--mount=type=tmpfs,target=/tmp/cache,tmpfs-size=1000000000"
|
||||||
"--device=/dev/dri:/dev/dri"
|
"--device=/dev/dri:/dev/dri"
|
||||||
|
|
@ -76,6 +76,7 @@ in
|
||||||
systemd.services.podman-jellyfin = {
|
systemd.services.podman-jellyfin = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "jellyfin-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "jellyfin-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -52,6 +52,7 @@ in
|
||||||
systemd.services.podman-joplin = {
|
systemd.services.podman-joplin = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
homefree.service-config = if config.homefree.services.joplin.enable == true then [
|
homefree.service-config = if config.homefree.services.joplin.enable == true then [
|
||||||
|
|
|
||||||
|
|
@ -197,7 +197,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -219,6 +219,7 @@ in
|
||||||
systemd.services.podman-kanidm = {
|
systemd.services.podman-kanidm = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "kanidm-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "kanidm-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -45,6 +45,7 @@ in
|
||||||
systemd.services.podman-lidarr = {
|
systemd.services.podman-lidarr = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "lidarr-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "lidarr-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
version = "v2.10.2";
|
version = "v2.10.2";
|
||||||
version-meili = "v1.12.8";
|
version-meili = "v1.12.8";
|
||||||
|
|
@ -39,7 +39,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -68,7 +68,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
volumes = [
|
volumes = [
|
||||||
|
|
@ -86,6 +86,7 @@ in
|
||||||
systemd.services.podman-linkwarden = {
|
systemd.services.podman-linkwarden = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "linkwarden-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "linkwarden-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
@ -94,6 +95,7 @@ in
|
||||||
systemd.services.podman-meilisearch = {
|
systemd.services.podman-meilisearch = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "meili-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "meili-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -31,6 +31,7 @@ in
|
||||||
systemd.services.podman-logseq = {
|
systemd.services.podman-logseq = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
homefree.service-config = if config.homefree.services.logseq.enable == true then [
|
homefree.service-config = if config.homefree.services.logseq.enable == true then [
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -39,6 +39,7 @@ in
|
||||||
systemd.services.podman-mongo = {
|
systemd.services.podman-mongo = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "mongo-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "mongo-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -44,6 +44,7 @@ in
|
||||||
systemd.services.podman-nzbget = {
|
systemd.services.podman-nzbget = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "nzbget-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "nzbget-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
"--add-host=host.docker.internal:host-gateway"
|
"--add-host=host.docker.internal:host-gateway"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
@ -64,6 +64,7 @@ in
|
||||||
systemd.services.podman-ollama-webui = {
|
systemd.services.podman-ollama-webui = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "ollama-webui-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "ollama-webui-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -37,6 +37,7 @@ in
|
||||||
systemd.services.podman-radicale = {
|
systemd.services.podman-radicale = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "radicale-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "radicale-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -243,6 +243,7 @@ in
|
||||||
systemd.services.podman-snipe-it = {
|
systemd.services.podman-snipe-it = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "snipe-it-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "snipe-it-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -55,7 +55,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -85,7 +85,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -144,6 +144,7 @@ in
|
||||||
systemd.services.podman-unifi-db = {
|
systemd.services.podman-unifi-db = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "unifi-db-prestart" mongo-preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "unifi-db-prestart" mongo-preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
@ -152,6 +153,7 @@ in
|
||||||
systemd.services.podman-unifi = {
|
systemd.services.podman-unifi = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "unifi-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "unifi-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -38,6 +38,7 @@ in
|
||||||
systemd.services.podman-vaultwarden = {
|
systemd.services.podman-vaultwarden = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "vaultwarden-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "vaultwarden-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ in
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
|
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--pull=always"
|
# "--pull=always"
|
||||||
];
|
];
|
||||||
|
|
||||||
ports = [
|
ports = [
|
||||||
|
|
@ -67,6 +67,7 @@ in
|
||||||
systemd.services.podman-zitadel = {
|
systemd.services.podman-zitadel = {
|
||||||
after = [ "dns-ready.service" ];
|
after = [ "dns-ready.service" ];
|
||||||
requires = [ "dns-ready.service" ];
|
requires = [ "dns-ready.service" ];
|
||||||
|
partOf = [ "nftables.service" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStartPre = [ "!${pkgs.writeShellScript "zitadel-prestart" preStart}" ];
|
ExecStartPre = [ "!${pkgs.writeShellScript "zitadel-prestart" preStart}" ];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue