From 853ee7482681b1edae7d039a7f7b38f27944b6d9 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Wed, 1 Dec 2021 15:47:50 +0100
Subject: [PATCH] nixos 21.11, added nitter, invidious and libreddit. modified
 umask transmission

---
 flake.lock                       | 22 +++++++++++-----------
 flake.nix                        |  4 ++--
 hosts/architect/default.nix      | 23 +++++++++--------------
 hosts/architect/hardware.nix     | 10 ++++++++--
 hosts/architect/invidious.nix    |  4 ++--
 hosts/architect/libreddit.nix    | 12 +++++-------
 hosts/architect/nitter.nix       |  9 ++++++++-
 hosts/architect/transmission.nix |  1 +
 lib/host.nix                     |  4 +---
 9 files changed, 47 insertions(+), 42 deletions(-)

diff --git a/flake.lock b/flake.lock
index 1158da2..09aca86 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,27 +7,27 @@
         ]
       },
       "locked": {
-        "lastModified": 1637917894,
-        "narHash": "sha256-mzkyjq+OW1K5XHG43zrnjJX/K1ehahVWlKjMzWX/Vvg=",
+        "lastModified": 1638267006,
+        "narHash": "sha256-heZdDlD09rnoeEiZ4wKfbXNDkO5I9qVFvX9d790h/XE=",
         "owner": "rycee",
         "repo": "home-manager",
-        "rev": "7efd99ef876c220848553ae10218685d5e5d79cb",
+        "rev": "3e93c4e8b2b479c712b7c20a428993b459118842",
         "type": "github"
       },
       "original": {
         "owner": "rycee",
-        "ref": "release-21.05",
+        "ref": "release-21.11",
         "repo": "home-manager",
         "type": "github"
       }
     },
     "nixos-unstable": {
       "locked": {
-        "lastModified": 1637841632,
-        "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=",
+        "lastModified": 1638286143,
+        "narHash": "sha256-A+rgjbIpz3uPRKHPXwdmouVcVn5pZqLnaZHymjkraG4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1",
+        "rev": "29d1f6e1f625d246dcf84a78ef97b4da3cafc6ea",
         "type": "github"
       },
       "original": {
@@ -39,16 +39,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1637875414,
-        "narHash": "sha256-Ica++SXFuLyxX9Q7YxhfZulUif6/gwM8AEQYlUxqSgE=",
+        "lastModified": 1638279546,
+        "narHash": "sha256-1KCwN7twjp1dBdp0jPgVdYFztDkCR8+roo0B34J9oBY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3bea86e918d8b54aa49780505d2d4cd9261413be",
+        "rev": "96b4157790fc96e70d6e6c115e3f34bba7be490f",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-21.05",
+        "ref": "nixos-21.11",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 79feadd..f280556 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,9 +1,9 @@
 {
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
     nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     home-manager = {
-      url = "github:rycee/home-manager/release-21.05";
+      url = "github:rycee/home-manager/release-21.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix
index f4fa26f..e9ff19e 100644
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@@ -23,28 +23,25 @@ in {
     ./matrix.nix
     ./fail2ban.nix
     ./dns.nix
-    ./minecraft.nix
+#    ./minecraft.nix
     ./prowlarr.nix
     ./plex.nix
     ./transmission.nix
     ./githubrunner.nix
+    ./libreddit.nix
+    ./invidious.nix
+    ./nitter.nix
   ];
 
   time.timeZone = "Europe/Rome";
-  system.stateVersion = "21.05"; # Did you read the comment?
+  system.stateVersion = "21.11"; # Did you read the comment?
   users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
-
-  fileSystems."/tmp" = {
-    device = "tmpfs";
-    fsType = "tmpfs";
-    options = [ "size=20G" ];
-  };
-
+  
+  services.fwupd.enable = true;
   boot = {
     kernelParams =
-      [ "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off" ];
+      [ "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off" "nvme_core.default_ps_max_latency_us=5500" ];
     kernel.sysctl."net.ipv4.ip_forward" = 1;
-
     initrd = {
       availableKernelModules = [ "igc" "r8169" ];
       network = {
@@ -72,7 +69,6 @@ in {
     };
 
     supportedFilesystems = [ "zfs" ];
-    zfs.enableUnstable = true;
     zfs.requestEncryptionCredentials = true;
   };
 
@@ -119,10 +115,9 @@ in {
     '';
   };
 
-  environment.systemPackages = with pkgs; [ cudatoolkit ];
+  environment.systemPackages = with pkgs; [ cudatoolkit cachix ];
 
   hardware = {
-    cpu.amd.updateMicrocode = true;
     opengl.enable = true;
     opengl.extraPackages = with pkgs; [ vaapiVdpau ];
     opengl.driSupport = true;
diff --git a/hosts/architect/hardware.nix b/hosts/architect/hardware.nix
index da3a66f..613b6d2 100644
--- a/hosts/architect/hardware.nix
+++ b/hosts/architect/hardware.nix
@@ -42,9 +42,15 @@
     fsType = "vfat";
   };
 
+  fileSystems."/tmp" = {
+    fsType = "tmpfs";
+    device = "tmpfs";
+    options = [ "mode=1777" "strictatime" "rw" "nosuid" "nodev" "size=29G" ];
+  };
+
   swapDevices = [{
-    device = "/dev/zpool/data/swap";
-    size = 40000;
+    device = "/dev/sdc1";
+    size = 100000;
   }];
 
 }
diff --git a/hosts/architect/invidious.nix b/hosts/architect/invidious.nix
index d89553d..7d3a61e 100644
--- a/hosts/architect/invidious.nix
+++ b/hosts/architect/invidious.nix
@@ -7,14 +7,14 @@ in {
   services = {
     invidious = {
       enable = true;
-      port = 9091;
+      port = 9092;
     };
 
     nginx.virtualHosts.${domain} = {
       forceSSL = true;
       enableACME = true;
       locations."/" = {
-        proxyPass = "http://localhost:9091";
+        proxyPass = "http://localhost:9092";
       };
     };
   };
diff --git a/hosts/architect/libreddit.nix b/hosts/architect/libreddit.nix
index 9eccc19..40128ba 100644
--- a/hosts/architect/libreddit.nix
+++ b/hosts/architect/libreddit.nix
@@ -5,18 +5,16 @@ with import ./network.nix;
 let domain = "reddit.giugl.io";
 in {
   services = {
-    libreddit.enable = true;
+    libreddit = {
+      enable = true;
+      port = 9090;
+    };
 
     nginx.virtualHosts.${domain} = {
       forceSSL = true;
       enableACME = true;
       locations."/" = {
-        proxyPass = "http://localhost:8080";
-        extraConfig = ''
-          allow 10.0.0.0/24;
-          allow 10.3.0.0/24;
-          deny all;
-        '';
+        proxyPass = "http://localhost:9090";
       };
     };
   };
diff --git a/hosts/architect/nitter.nix b/hosts/architect/nitter.nix
index c11c6d9..13ebc7d 100644
--- a/hosts/architect/nitter.nix
+++ b/hosts/architect/nitter.nix
@@ -7,7 +7,14 @@ in {
   services = {
     nitter = {
       enable = true;
-      port = 9093;
+      server = {
+        port = 9093;
+        hostname = domain;
+      };
+      preferences = {
+        replaceYouTube = "tube.giugl.io";
+        replaceTwitter = "tweet.giugl.io";
+      };
     };
 
     nginx.virtualHosts.${domain} = {
diff --git a/hosts/architect/transmission.nix b/hosts/architect/transmission.nix
index 571408a..2a84a79 100644
--- a/hosts/architect/transmission.nix
+++ b/hosts/architect/transmission.nix
@@ -13,6 +13,7 @@ in {
         speed-limit-up = 10;
         speed-limit-up-enabled = true;
         peer-port = 51413;
+        umask = 2;
       };
       performanceNetParameters = true;
     };
diff --git a/lib/host.nix b/lib/host.nix
index 699d566..2abd077 100644
--- a/lib/host.nix
+++ b/lib/host.nix
@@ -14,11 +14,9 @@
 
     modules = [ 
       {
-        imports = users_mod ++ roles_mod ++ [(nixos-unstable + "/nixos/modules/services/misc/prowlarr.nix")];
-
+        imports = users_mod ++ roles_mod;
         nixpkgs = {
           pkgs = pkgs;
-          overlays = [ (self: super: {prowlarr = pkgs.unstable.prowlarr;}) ];
         };
 
         nix.nixPath = [