hosts/tilo/configuration.nix

@@ -31,6 +31,10 @@
           443 # HTTPS
           25565 # Minecraft
         ];
+        extraCommands = ''
+          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
+          iptables -I INPUT 1 -i 172.16.0.0/12 -p tcp -d 172.17.0.1 -j ACCEPT
+        '';
       };
     };
     packages.nix = {
@@ -39,10 +43,6 @@
     };
     services = {
       endlessh.enable = true;
-      plex = {
-        enable = true;
-        dataDir = "/tank/web/stacks/plex/plex-config";
-      };
       ssh = {
         enable = true;
         allowedUsers = ["phundrak"];

system/services/default.nix

@@ -2,7 +2,6 @@
   imports = [
     ./endlessh.nix
     ./fwupd.nix
-    ./plex.nix
     ./printing.nix
     ./ssh.nix
     ./sunshine.nix

system/services/plex.nix

@@ -1,35 +0,0 @@
-{
-  lib,
-  config,
-  ...
-}:
-with lib; let
-  cfg = config.system.services.plex;
-in {
-  options.system.services.plex = {
-    enable = mkEnableOption "Enable Plex";
-    group = mkOption {
-      type = types.string;
-      default = "users";
-      example = "users";
-      description = "Group under which Plex runs";
-    };
-    dataDir = mkOption {
-      type = types.string;
-      example = "/tank/plex-config";
-    };
-    user = mkOption {
-      type = types.string;
-      default = "phundrak";
-    };
-  };
-  config = {
-    services.plex = mkIf cfg.enable {
-      inherit (cfg) enable user group dataDir;
-      openFirewall = cfg.enable;
-    };
-    boot.kernel.sysctl = {
-      "kernel.unprivileged_userns_clone" = 1;
-    };
-  };
-}

users/phundrak/host/tilo.nix

@@ -1,7 +1,7 @@
 {config, ...}: {
   imports = [../light-home.nix];
   home = {
-    cli.nh.flake = "/tank/phundrak/nixos";
+    cli.nh.flake = "${config.home.homeDirectory}/nixos";
     phundrak.sshKey = {
       content = builtins.readFile ../../../keys/id_tilo.pub;
       # file = "${config.home.homeDirectory}/.ssh/id_ed25519.pub";