{ config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking = { hostName = "auxin"; # Define your hostname. nameservers = ["192.168.1.208"]; networkmanager.enable = true; # Easiest to use and most distros use this by default. firewall = { enable = true; allowedUDPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 8888 9000 8089 445 2377 22000 7946]; allowedTCPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 8888 9000 8089 445 2377 22000 7946]; }; }; environment.systemPackages = with pkgs; [ alacritty czkawka gcc go hyperfine jellyfin-media-player kodiPackages.jellyfin kodiPackages.steam-controller lazydocker lazygit nil nodePackages.nodejs nodePackages.pnpm python3 ]; services = { k3s = { enable = true; role = "server"; token = "uwubernetes"; # TODO: change this extraFlags = toString [ "--write-kubeconfig-mode \"0644\"" "--cluster-init" # "--disable localstorage" ]; }; # Enable the X11 windowing system. xserver = { enable = true; desktopManager.xfce.enable = false; # Kodi desktopManager.kodi.enable = true; }; displayManager.sddm = { enable = true; settings = { Autologin = { Session = "kodi.desktop"; User = "mira"; }; }; }; }; # Define a user account. Don't forget to set a password with ‘passwd’. users = { users = { dockremap = { isSystemUser = true; uid = 100000; group = "dockremap"; subUidRanges = [ { startUid = 100000; count = 65536; } ]; subGidRanges = [ { startGid = 100000; count = 65536; } ]; }; }; }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; programs = { nh = { enable = true; clean.enable = true; clean.extraArgs = "--keep-since 4d --keep 3"; flake = "/etc/nixos/"; }; gnupg.agent = { enable = true; enableSSHSupport = true; }; zsh.enable = true; neovim = { enable = true; configure = { customRC = '' set number relativenumber ''; }; defaultEditor = true; }; }; # List services that you want to enable: # Enable the OpenSSH daemon. services = { fail2ban = { enable = true; ignoreIP = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ]; bantime-increment.enable = true; }; # TODO: check security settings samba = { enable = true; shares = { public = { path = "/"; browseable = "yes"; "guest ok" = "yes"; }; }; }; }; virtualisation.docker = { storageDriver = "overlay2"; enableOnBoot = true; enable = true; autoPrune.enable = true; extraOptions = "--userns-remap=default"; liveRestore = false; }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # TODO: powerManagement.enable = false; systemd = { targets = { sleep.enable = false; suspend.enable = false; }; timers."qbittorrent-healthcheck" = { wantedBy = ["timers.target"]; timerConfig = { OnCalendar = "*/5 * * * *"; Unit = "qbittorrent-healthcheck"; }; }; services = { "qbittorrent-healthcheck" = { script = '' ${pkgs.docker} exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker} restart qbittorrent ''; serviceConfig = { Type = "oneshot"; User = "root"; }; }; docker = { unitConfig = { RequiresMountsFor = "/data"; }; wantedBy = ["graphical.target"]; }; sshdAlert = { enable = true; unitConfig = { Requires = "sshd.service"; }; serviceConfig = { ExecStart = '' ${pkgs.curl}/bin/curl --request POST --url https://discord.com/api/webhooks/1235751608046846012/CU7tz271Z3Rbq9mPV0_rB5RBCRDhLKhGH14ebBm-TePpWFqKKJaCRYVMHYTJsIaSq2H- --header 'Content-Type: application/json' --data '{"username": "Auxin SSH status","avatar_url": "https://pbs.twimg.com/media/GMPtuovaQAAQ7Qr?format=png&name=large","content": "SSHD is Running!"}' ''; }; wantedBy = ["multi-user.target"]; }; }; }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; system.stateVersion = "23.11"; # Don't fuck with this }