mira/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos/auxin/configuration.nix
ArgentumCation d6a7cdf531 (auxin) I don't fucking know anymore
2025-01-12 19:30:55 -05:00

307 lines
7.2 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config
, lib
, pkgs
, ...
}:
let
ports = [
111 # RPC?
2049 # NFS
22 # SSH
22000 # syncthing
2222 # Gitea SSH
2377
25565 # Minecraft
3001 # Gitea(->3000)
4001 # Lockd
4002 # Mountd
443 # HTTPS
445 # SMB
7359 # jellyfin (dlna?)
7946
80 # HTTP
8080 # qbittorrent
8089 # traefik (->8080)
8096 # Jellyfin
8191 # flaresolverr
8420 # Website (->4321)
8842 # Crowdsec (-> 8842)
8888 # Kodi
9000 # Portainer (-> 9443)
];#// lib.lists.range 6800 7568 ;
in
{
imports = [
# Include the results of the hardware scan.
# ./hardware-configuration.nix
];
nixpkgs = {
config = {
kodi.enableAdvancedLauncher = true;
pulseaudio = true;
};
};
networking = {
interfaces.enp5s0f0u1c2.ipv4.addresses = [{
address = "192.168.2.153";
prefixLength = 24;
}];
# hostName = "auxin"; # Define your hostname.
nameservers = [ "192.168.1.1" ];
firewall = {
enable = true;
allowedUDPPorts = ports;
allowedTCPPorts = ports;
};
defaultGateway = {
address = "192.168.1.1";
};
};
environment.systemPackages = with pkgs; [
alacritty
czkawka
gcc
go
hyperfine
sof-firmware
jellyfin-media-player
lazydocker
gamescope
lazygit
nil
dig
nmap
upower
nodePackages.nodejs
nodePackages.pnpm
];
# Define a user account. Don't forget to set a password with passwd.
users = {
users = {
# mesh = { isNormalUser = true; extraGroups = [ "wheel" "docker" ]; };
dockremap = {
isSystemUser = true;
uid = 100000;
group = "dockremap";
subUidRanges = [
{
startUid = 100000;
count = 65536;
}
];
subGidRanges = [
{
startGid = 100000;
count = 65536;
}
];
};
};
};
i18n.defaultLocale = "en_US.UTF-8";
programs = {
virt-manager.enable = true;
fuse.userAllowOther = true;
steam = {
gamescopeSession.enable = true;
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
};
nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/etc/nixos/";
};
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh.enable = true;
neovim = {
enable = true;
configure = {
customRC = ''
set number relativenumber
'';
};
defaultEditor = true;
};
};
services = {
nfs = {
idmapd.settings = {
Mapping = {
"Nobody-User" = lib.mkForce "dockremap";
"Nobody-Group" = lib.mkForce "dockremap";
};
};
server = {
enable = true;
mountdPort = 4002;
lockdPort = 4001;
exports = ''
/raid/swarm 192.168.1.0/24(rw,sync,all_squash,anonuid=100000,anongid=100000)
'';
};
};
gvfs.enable = true;
xrdp = {
enable = true;
openFirewall = true;
};
x2goserver.enable = true;
# Enable the X11 windowing system.
xserver = {
enable = true;
# videoDrivers = ["modesetting"];
# desktopManager.xfce.enable = true;
# Kodi
desktopManager.kodi = {
enable = true;
package = pkgs.kodi.withPackages (pkgs:
with pkgs; [
jellyfin
jellycon
sendtokodi
sponsorblock
steam-library
youtube
libretro
libretro-mgba
steam-controller
steam-launcher
visualization-matrix
visualization-spectrum
visualization-waveform
inputstream-adaptive
]);
};
displayManager.lightdm.greeter.enable = false;
};
displayManager.autoLogin ={ enable = true; user="mira";};
btrbk = { }; # TODO:
caddy = { }; # TODO:
fail2ban = {
enable = true;
ignoreIP = [
"10.0.0.0/8"
"172.16.0.0/12"
"192.168.0.0/16"
];
bantime-increment.enable = true;
};
samba-wsdd = {
enable = true;
openFirewall = true;
};
# samba = {
# enable = true;
# settings = {
# global = {
# "min protocol" = "SMB2";
# "max protocol" = "SMB3";
# "client min protocol" = "SMB2";
# "client max protocol" = "SMB3";
# "client ipc min protocol" = "SMB2";
# "client ipc max protocol" = "SMB3";
# "server min protocol" = "SMB2";
# "server max protocol" = "SMB3";
# };
# public = {
# path = "/";
# browseable = "yes";
# "guest ok" = "yes";
# "read only" = "no";
# "create mask" = "0644";
# "directory mask" = "0755";
# "force user" = "dockremap";
# "force group" = "dockremap";
# };
# };
# };
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
audio.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
};
virtualisation.docker = {
storageDriver = "overlay2";
enableOnBoot = true;
enable = true;
autoPrune.enable = true;
# TODO: you're gonna need to disable this eventually
# extraOptions = "--userns-remap=default";
liveRestore = false; # NOTE: Incompatible with swarm
};
virtualisation.libvirtd.enable = true;
# TODO:
powerManagement.enable = lib.mkForce
false;
systemd = {
targets = {
sleep.enable = false;
suspend.enable = false;
};
timers."qbittorrent-healthcheck" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*/5 * * * *";
Unit = "qbittorrent-healthcheck";
};
};
services = {
"qbittorrent-healthcheck" = {
script = ''
${pkgs.docker}/bin/docker exec qbittorrent ping -c 1 -w 5 -I protonwire0 8.8.8.8 || ${pkgs.docker}/bin/docker restart qbittorrent
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
docker = {
unitConfig = {
RequiresMountsFor = "/raid";
};
wantedBy = [ "graphical.target" ];
};
# TODO: switch to ntfy?
sshdAlert = {
enable = true;
unitConfig = {
Requires = "sshd.service";
};
serviceConfig = {
User = "dockremap";
ExecStart = ''
${pkgs.curl}/bin/curl --request POST --url https://discord.com/api/webhooks/1235751608046846012/CU7tz271Z3Rbq9mPV0_rB5RBCRDhLKhGH14ebBm-TePpWFqKKJaCRYVMHYTJsIaSq2H- --header 'Content-Type: application/json' --data '{"username": "Auxin SSH status","avatar_url": "https://pbs.twimg.com/media/GMPtuovaQAAQ7Qr?format=png&name=large","content": "SSHD is Running!"}'
'';
};
wantedBy = [ "multi-user.target" ];
};
};
};
system = {
stateVersion = "23.11"; # NOTE: Don't fuck with this
};
}
Reference in a new issue View git blame Copy permalink