{ config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; nix = { package = pkgs.nixFlakes; optimise.automatic = true; # gc.automatic = true; extraOptions = '' experimental-features = nix-command flakes ''; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking = { hostName = "auxin"; # Define your hostname. networkmanager.enable = true; # Easiest to use and most distros use this by default. firewall = { enable = true; allowedUDPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 8888 9000 8089 445]; allowedTCPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 8888 9000 8089 445]; }; }; # Set your time zone. time.timeZone = "America/New_York"; # Enable the X11 windowing system. services = { xserver = { enable = true; desktopManager.xfce.enable = false; # Kodi desktopManager.kodi.enable = true; }; displayManager.sddm = { enable = true; settings = { Autologin = { Session = "kodi.desktop"; User = "mira"; }; }; }; # smartd smartd.enable = true; # BTRFS scrub btrfs.autoScrub.enable = true; avahi.enable = true; tuptime.enable = true; tuptime.timer.enable = true; }; # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; # Enable CUPS to print documents. # services.printing.enable = true; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users = { users = { dockremap = { isSystemUser = true; uid = 100000; group = "dockremap"; subUidRanges = [ { startUid = 100000; count = 65536; } ]; subGidRanges = [ { startGid = 100000; count = 65536; } ]; }; root.openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMggnmTj7KL409V2mtbPgKERbmyJAeCGBcyzxWW+arRZAAAABHNzaDo= yubikey-black" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAltYcKHavkQBJFlogNuT3JhX6ob30V3EYje4pOQBLgq gpg\\mira.kristipati@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKT/rbUu87QyRD7L/QSr+lQMJz2m/mdqlqyCQEMwUJj gpgssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw3/9inZC/MRPkuOF6T5LiFoOlgo5HZVIM36IC+hlzJ gpg\\mira-yubikey-black" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdRtpQWCPyQQuzcwlbFukGZSlRTcfNzG840kMvbuPwr gpg\\kristipati.ajay@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIA0ikP2zdDBaJZ+aoE6jFz3UpCyHjz1r1QtuZTAvTpx zagreus25519" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx1GWB1xkE+ECavUypp99FqmB4emiw+j2PpsxN8OXpa gpg\\mira@xn--2dkua.xn--tckwe" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa3w6lweeP4XBokNCEJb86th9S81WQQ+LVVwCRpADap kristipati.ajay@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY3LSWsg9XK1rI7r2E+1tmX3Vi7W5opwkvqO6AsduZR gpg\\ArgentumCation" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA+Hrb45HQrcBe+gXQz4goWw0PBWdmAWMQ0RWrHXwvkWXM4KsXXrUP7qijEPPtDvJG3JL4Ifsbj+VIN7RprjE5wfvkIxlmnluUK6m2u8r8BlNDhFW5wjoA6PBuHhqYEKGbdqm5s+3WaZt8l2EERyIV87YJPbxNpwc175J3mWYWesvxSp/uNxcXEbOClr+jHXVxztno3XVoVXfpiFfjSsUgprQonbPYiKdfiLwFeXHI03vZlWfmEjERzBE+Ro5ireJ8JVNjKOgiw7aU6tQAyDKe2NkcyTV/tO/OdUSGlnO3Nc3qHHE9B0OTdoKPpiv5A1GdmJWub7UNJKzKB1y7eSGHU3X/FVMSCf9eZUmLIMxWcu1y6GrH1CHIpdqPk+rw6lfjkFg1dDL2f3CXoAwLIEFVaUzI+Gg7BC9Z2jUWTkaj7KoI4sN65PzqrNiJ5QfUjlGh1T0hgMB/QwGarPUilBljGUo7IQfcleDQF3Y5F05Amjr6isZ9ONpeOlCegUB6BIU= mira@epinephrine" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDD48bhv1AEPhbrGIKxf+XTSWMyxu2qBeaN4nZNZ0YMyinltHd6/VaDEZIzCvadBi3Rc9oTdJIEiXzcMTKj26DacuAuh+YPMvoA0I+lfT36q2SZmWIaVSREtfYYdluJtAyiLvFTkv6G0p5c/x1v9ovEXY3OYo1lnio7j0SmBpj4R9UQJYJhohJLtJCTdfutSuQVclhx/kiytdmFqsCDlCI0EaNxTFS861iTmm2ZjKm7o8ohevxPmnXAHizIBOAZDzbhJ61sPLKIOLWWgJNiK04YUDsBToZBOpeLEnNGkkKY++V4u+5tGI5L1RlVwoGSSB40aY5WLouFmeVE/f42nVuTIF2r/UDjsxeiUdivai+L5xNiqHa5JRWg4+at1lYWGdpineXOPYF6MmzkV+HQMvxC8YhG7ig7W+V7KCfKzMy8EEej+gIMxGFqr6CJQCDXZxqt5o0+Ksh7IMw8AEcrBszuMdJEE/7E/XUnYQHfGUNgFvFwKVzPjOSzbwHMfWPI1k= root@epinephrine" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDm1kPy3bxyLX2nUwvETrsBbjmPDHEvKxmzn9dCoaa/C1tWttrvaXUhYZ6svftR7ofqjCailq1WHU4qkIlfz6Hxwq/mxZdOGRg3A2lzDgbJ5C9RSA8LIfYht2UhbqW40wHCEa1B6+bcwLHFWbDyoeT+NQO007lK4Tu1OY3nTNz3QFJgxAPtFuqQSTFpkxL8JZetQtc/KwJ5ofZBZ+nFc4PUstPE47uf4OEOaKY+fbDZ2bf8tmybGhVq6Oc+BQKij5usnQLTeN8XyVxPxGvXahXHx7ESnp//wCs6DrzoMHBbAVFVXS+w6ZzX2el9gCAcUeyZt8iu0zl9GxnVkpyQzHuuBgYON3orYaCdM5vRCnECFoK8XNwP45jNPzFxrIpSYeJ4tR4uhLxCfD3OHB/BQtOQsEdMJvnLnynzyWePeweTe2S1+ohg9zskyxt9c2rSxw8OlWdHds32JuWka6mTJCdfZgHaNY+Ppz1NEo5XYIfz9Jt0vevmaCVbBHo73Tyh6+k= norepinephrine" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmOATOG9brF/pBmMufk0LQkPQuLwgZAOZMeHCSdOpr+4Tap/mmqCHGtDL/JW6KsDfFpOFmdnSoeihVPGT3r/Mixt3cGOJlzoWXDt2bHyaEOsLz5B3MuYqBIXG3d2wvxharbmlVg3xyArSaCtuBZcopC5rXajnrPW4HxW+pxPC1NsL3RRGSF0edWdJVdX8oJJBsMMUzfeWh1bxEz2iLKMSYb6KPbQITwFTr+RuiEIppOW3n0zJko1wNG8oWTOgHdkmY4C4rUOk6KgW4qs19t7Mjlc7CnZa3XV7/0DcxERGsphpKvS7dpnEtOt7RaHUr/t0V3yLgl58MPbJKG6WSNIRaXZ0EPSlzz8k+4JjuEFdCDg7WjEDSZsBS9U4AyYQjlEwrkinT7g+LUVKYEDqb0hE539SwARvHZsOXrRgtA+Jh2CJIb/rRWfQRkgxpT9hKiBfYbSj8qbphUrbJ/g72UOQyhIbEW8fF9vmWY75NV/X2+EFZyF56ZhvLFk08sjGIF+s= u0_a441@localhost" ]; mira = { isNormalUser = true; group = "mira"; extraGroups = ["wheel" "docker" "dockremap"]; packages = with pkgs; [ firefox tree ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMggnmTj7KL409V2mtbPgKERbmyJAeCGBcyzxWW+arRZAAAABHNzaDo= yubikey-black" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAltYcKHavkQBJFlogNuT3JhX6ob30V3EYje4pOQBLgq gpg\\mira.kristipati@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEKT/rbUu87QyRD7L/QSr+lQMJz2m/mdqlqyCQEMwUJj gpgssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEw3/9inZC/MRPkuOF6T5LiFoOlgo5HZVIM36IC+hlzJ gpg\\mira-yubikey-black" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdRtpQWCPyQQuzcwlbFukGZSlRTcfNzG840kMvbuPwr gpg\\kristipati.ajay@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIA0ikP2zdDBaJZ+aoE6jFz3UpCyHjz1r1QtuZTAvTpx zagreus25519" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJx1GWB1xkE+ECavUypp99FqmB4emiw+j2PpsxN8OXpa gpg\\mira@xn--2dkua.xn--tckwe" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINa3w6lweeP4XBokNCEJb86th9S81WQQ+LVVwCRpADap kristipati.ajay@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY3LSWsg9XK1rI7r2E+1tmX3Vi7W5opwkvqO6AsduZR gpg\\ArgentumCation" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDA+Hrb45HQrcBe+gXQz4goWw0PBWdmAWMQ0RWrHXwvkWXM4KsXXrUP7qijEPPtDvJG3JL4Ifsbj+VIN7RprjE5wfvkIxlmnluUK6m2u8r8BlNDhFW5wjoA6PBuHhqYEKGbdqm5s+3WaZt8l2EERyIV87YJPbxNpwc175J3mWYWesvxSp/uNxcXEbOClr+jHXVxztno3XVoVXfpiFfjSsUgprQonbPYiKdfiLwFeXHI03vZlWfmEjERzBE+Ro5ireJ8JVNjKOgiw7aU6tQAyDKe2NkcyTV/tO/OdUSGlnO3Nc3qHHE9B0OTdoKPpiv5A1GdmJWub7UNJKzKB1y7eSGHU3X/FVMSCf9eZUmLIMxWcu1y6GrH1CHIpdqPk+rw6lfjkFg1dDL2f3CXoAwLIEFVaUzI+Gg7BC9Z2jUWTkaj7KoI4sN65PzqrNiJ5QfUjlGh1T0hgMB/QwGarPUilBljGUo7IQfcleDQF3Y5F05Amjr6isZ9ONpeOlCegUB6BIU= mira@epinephrine" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDD48bhv1AEPhbrGIKxf+XTSWMyxu2qBeaN4nZNZ0YMyinltHd6/VaDEZIzCvadBi3Rc9oTdJIEiXzcMTKj26DacuAuh+YPMvoA0I+lfT36q2SZmWIaVSREtfYYdluJtAyiLvFTkv6G0p5c/x1v9ovEXY3OYo1lnio7j0SmBpj4R9UQJYJhohJLtJCTdfutSuQVclhx/kiytdmFqsCDlCI0EaNxTFS861iTmm2ZjKm7o8ohevxPmnXAHizIBOAZDzbhJ61sPLKIOLWWgJNiK04YUDsBToZBOpeLEnNGkkKY++V4u+5tGI5L1RlVwoGSSB40aY5WLouFmeVE/f42nVuTIF2r/UDjsxeiUdivai+L5xNiqHa5JRWg4+at1lYWGdpineXOPYF6MmzkV+HQMvxC8YhG7ig7W+V7KCfKzMy8EEej+gIMxGFqr6CJQCDXZxqt5o0+Ksh7IMw8AEcrBszuMdJEE/7E/XUnYQHfGUNgFvFwKVzPjOSzbwHMfWPI1k= root@epinephrine" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDm1kPy3bxyLX2nUwvETrsBbjmPDHEvKxmzn9dCoaa/C1tWttrvaXUhYZ6svftR7ofqjCailq1WHU4qkIlfz6Hxwq/mxZdOGRg3A2lzDgbJ5C9RSA8LIfYht2UhbqW40wHCEa1B6+bcwLHFWbDyoeT+NQO007lK4Tu1OY3nTNz3QFJgxAPtFuqQSTFpkxL8JZetQtc/KwJ5ofZBZ+nFc4PUstPE47uf4OEOaKY+fbDZ2bf8tmybGhVq6Oc+BQKij5usnQLTeN8XyVxPxGvXahXHx7ESnp//wCs6DrzoMHBbAVFVXS+w6ZzX2el9gCAcUeyZt8iu0zl9GxnVkpyQzHuuBgYON3orYaCdM5vRCnECFoK8XNwP45jNPzFxrIpSYeJ4tR4uhLxCfD3OHB/BQtOQsEdMJvnLnynzyWePeweTe2S1+ohg9zskyxt9c2rSxw8OlWdHds32JuWka6mTJCdfZgHaNY+Ppz1NEo5XYIfz9Jt0vevmaCVbBHo73Tyh6+k= norepinephrine" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDmOATOG9brF/pBmMufk0LQkPQuLwgZAOZMeHCSdOpr+4Tap/mmqCHGtDL/JW6KsDfFpOFmdnSoeihVPGT3r/Mixt3cGOJlzoWXDt2bHyaEOsLz5B3MuYqBIXG3d2wvxharbmlVg3xyArSaCtuBZcopC5rXajnrPW4HxW+pxPC1NsL3RRGSF0edWdJVdX8oJJBsMMUzfeWh1bxEz2iLKMSYb6KPbQITwFTr+RuiEIppOW3n0zJko1wNG8oWTOgHdkmY4C4rUOk6KgW4qs19t7Mjlc7CnZa3XV7/0DcxERGsphpKvS7dpnEtOt7RaHUr/t0V3yLgl58MPbJKG6WSNIRaXZ0EPSlzz8k+4JjuEFdCDg7WjEDSZsBS9U4AyYQjlEwrkinT7g+LUVKYEDqb0hE539SwARvHZsOXrRgtA+Jh2CJIb/rRWfQRkgxpT9hKiBfYbSj8qbphUrbJ/g72UOQyhIbEW8fF9vmWY75NV/X2+EFZyF56ZhvLFk08sjGIF+s= u0_a441@localhost" ]; }; anish = { isNormalUser = true; extraGroups = ["wheel" "docker" "dockremap"]; shell = pkgs.zsh; openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6+YE7GteMK6Lmo0oW266LmaD6jwQMnCxwv0/V9zqKR akristipati6@gatech.edu"]; }; }; groups.dockremap = {}; groups."mira".gid = 1000; }; environment.systemPackages = with pkgs; [ alacritty alejandra bat btdu btop btrbk cargo chezmoi czkawka delta fastfetch file fzf gcc git go hyfetch hyperfine jellyfin-media-player killall kodiPackages.jellyfin kodiPackages.steam-controller lazydocker lazygit lsd mcfly neovim nil nodePackages.nodejs nodePackages.pnpm ripgrep sheldon starship statix tealdeer tmux viddy wget yazi zoxide zsh ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; programs = { nh = { enable = true; clean.enable = true; clean.extraArgs = "--keep-since 4d --keep 3"; flake = "/etc/nixos/"; }; gnupg.agent = { enable = true; enableSSHSupport = true; }; zsh.enable = true; neovim = { enable = true; configure = { customRC = '' set number relativenumber ''; }; defaultEditor = true; }; }; # List services that you want to enable: # Enable the OpenSSH daemon. services = { openssh = { enable = true; settings = { PermitRootLogin = "prohibit-password"; PasswordAuthentication = false; }; allowSFTP = true; }; fail2ban = { enable = true; ignoreIP = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ]; bantime-increment.enable = true; }; samba = { enable = true; shares = { public = { path = "/"; browseable = "yes"; "guest ok" = "yes"; }; }; }; }; virtualisation.docker = { storageDriver = "overlay2"; enableOnBoot = true; enable = true; autoPrune.enable = true; extraOptions = "--userns-remap=default"; }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # TODO: powerManagement.enable = false; systemd = { targets = { sleep.enable = false; suspend.enable = false; }; timers."qbittorrent-healthcheck" = { wantedBy = ["timers.target"]; timerConfig = { OnCalendar = "*/5 * * * *"; Unit = "qbittorrent-healthcheck"; }; }; services = { "qbittorrent-healthcheck" = { script = '' ${pkgs.docker} exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker} restart qbittorrent ''; serviceConfig = { Type = "oneshot"; User = "root"; }; }; docker = { unitConfig = { RequiresMountsFor = "/data"; }; wantedBy = ["graphical.target"]; }; sshdAlert = { enable = true; unitConfig = { Requires = "sshd.service"; }; serviceConfig = { ExecStart = '' ${pkgs.curl}/bin/curl --request POST --url https://discord.com/api/webhooks/1235751608046846012/CU7tz271Z3Rbq9mPV0_rB5RBCRDhLKhGH14ebBm-TePpWFqKKJaCRYVMHYTJsIaSq2H- --header 'Content-Type: application/json' --data '{"username": "Auxin SSH status","avatar_url": "https://pbs.twimg.com/media/GMPtuovaQAAQ7Qr?format=png&name=large","content": "SSHD is Running!"}' ''; }; wantedBy = ["multi-user.target"]; }; }; }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; system.stateVersion = "23.11"; # Don't fuck with this }