mira/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos/auxin/configuration.nix
Mira 4dd774316e (refactor) move to common file
2024-07-19 23:33:40 -04:00

214 lines
5.1 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostName = "auxin"; # Define your hostname.
nameservers = ["192.168.1.208"];
networkmanager.enable = true; # Easiest to use and most distros use this by default.
firewall = {
enable = true;
allowedUDPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 8888 9000 8089 445 2377 22000 7946];
allowedTCPPorts = [22 80 443 2222 25565 8080 8842 8191 3001 8096 7359 8420 8888 9000 8089 445 2377 22000 7946];
};
};
environment.systemPackages = with pkgs; [
alacritty
czkawka
gcc
go
hyperfine
jellyfin-media-player
kodiPackages.jellyfin
kodiPackages.steam-controller
lazydocker
lazygit
nil
nodePackages.nodejs
nodePackages.pnpm
python3
];
services = {
k3s = {
enable = true;
role = "server";
token = "uwubernetes"; # TODO: change this
extraFlags = toString [
"--write-kubeconfig-mode \"0644\""
"--cluster-init"
# "--disable localstorage"
];
};
# Enable the X11 windowing system.
xserver = {
enable = true;
desktopManager.xfce.enable = false;
# Kodi
desktopManager.kodi.enable = true;
};
displayManager.sddm = {
enable = true;
settings = {
Autologin = {
Session = "kodi.desktop";
User = "mira";
};
};
};
};
# Define a user account. Don't forget to set a password with passwd.
users = {
users = {
dockremap = {
isSystemUser = true;
uid = 100000;
group = "dockremap";
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
};
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs = {
nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/etc/nixos/";
};
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh.enable = true;
neovim = {
enable = true;
configure = {
customRC = ''
set number relativenumber
'';
};
defaultEditor = true;
};
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
services = {
fail2ban = {
enable = true;
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
bantime-increment.enable = true;
};
# TODO: check security settings
samba = {
enable = true;
shares = {
public = {
path = "/";
browseable = "yes";
"guest ok" = "yes";
};
};
};
};
virtualisation.docker = {
storageDriver = "overlay2";
enableOnBoot = true;
enable = true;
autoPrune.enable = true;
extraOptions = "--userns-remap=default";
liveRestore = false;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# TODO:
powerManagement.enable = false;
systemd = {
targets = {
sleep.enable = false;
suspend.enable = false;
};
timers."qbittorrent-healthcheck" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*/5 * * * *";
Unit = "qbittorrent-healthcheck";
};
};
services = {
"qbittorrent-healthcheck" = {
script = ''
${pkgs.docker} exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker} restart qbittorrent
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
docker = {
unitConfig = {
RequiresMountsFor = "/data";
};
wantedBy = ["graphical.target"];
};
sshdAlert = {
enable = true;
unitConfig = {
Requires = "sshd.service";
};
serviceConfig = {
ExecStart = ''
${pkgs.curl}/bin/curl --request POST --url https://discord.com/api/webhooks/1235751608046846012/CU7tz271Z3Rbq9mPV0_rB5RBCRDhLKhGH14ebBm-TePpWFqKKJaCRYVMHYTJsIaSq2H- --header 'Content-Type: application/json' --data '{"username": "Auxin SSH status","avatar_url": "https://pbs.twimg.com/media/GMPtuovaQAAQ7Qr?format=png&name=large","content": "SSHD is Running!"}'
'';
};
wantedBy = ["multi-user.target"];
};
};
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
system.stateVersion = "23.11"; # Don't fuck with this
}
Reference in a new issue View git blame Copy permalink