From 52a16f3aa0d71f1ccc43dbee47afe63e5cfe22d5 Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Sun, 18 Dec 2022 16:14:32 +0100 Subject: [PATCH] Basic baldur config --- baldur/configuration.nix | 185 +++++++-------------------------------- 1 file changed, 30 insertions(+), 155 deletions(-) diff --git a/baldur/configuration.nix b/baldur/configuration.nix index c616765..76166a6 100644 --- a/baldur/configuration.nix +++ b/baldur/configuration.nix @@ -13,19 +13,7 @@ with lib; { }; }; - # boot = { - # # binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; - # # kernelPackages = pkgs.linuxPackages_5_18; - # # loader = { - # # systemd-boot.enable = true; - # # efi.canTouchEfiVariables = true; - # # }; - # }; - - console = { - font = "Lat2-Terminus16"; - keyMap = "it"; - }; + console = { font = "Lat2-Terminus16"; keyMap = "it"; }; environment = { pathsToLink = [ "/share/zsh" ]; @@ -35,97 +23,40 @@ with lib; { i18n.defaultLocale = "it_IT.UTF-8"; programs = { - # dconf.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - zsh = { - enable = true; - syntaxHighlighting.enable = true; - }; + gnupg.agent = { enable = true; enableSSHSupport = true; }; + zsh = { enable = true; syntaxHighlighting.enable = true; }; }; - networking = { - hostName = "baldur"; - # interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; }; - # networkmanager.enable = true; - # useDHCP = false; - }; + networking.hostName = "baldur"; time.timeZone = "Europe/Rome"; services = { - # avahi = { - # enable = true; - # openFirewall = true; - # nssmdns = true; - # publish = { - # enable = true; - # addresses = true; - # domain = true; - # userServices = true; - # workstation = true; - # }; - # extraServiceFiles = { - # ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; - # }; - # }; - # bazarr = { enable = true; openFirewall = true; group = "users"; }; - # blueman.enable = true; - # dbus.packages = with pkgs; [ dconf ]; - # fail2ban = { - # enable = true; - # bantime-increment.enable = true; - # }; - # gnome.gnome-keyring.enable = true; - # gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; }; - # jackett = { enable = true; openFirewall = true; group = "users"; }; - # jellyfin = { enable = true; openFirewall = true; group = "users"; }; - # logind.lidSwitch = "ignore"; - # node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; }; + avahi = { + enable = true; + openFirewall = true; + nssmdns = true; + publish = { + enable = true; + addresses = true; + domain = true; + userServices = true; + workstation = true; + }; + extraServiceFiles = { + ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; + }; + }; + fail2ban = { + enable = true; + bantime-increment.enable = true; + }; openssh = { enable = true; openFirewall = true; permitRootLogin = "prohibit-password"; passwordAuthentication = false; }; - # plex = { enable = true; openFirewall = true; group = "users"; }; - # power-profiles-daemon.enable = true; - # radarr = { enable = true; openFirewall = true; group = "users"; }; - # samba-wsdd = { enable = true; discovery = true; }; - # smartd = { enable = true; notifications.x11.enable = true; }; - # sonarr = { enable = true; openFirewall = true; group = "users"; }; - # thermald.enable = true; - # transmission = { - # enable = true; - # openFirewall = true; - # group = "users"; - # settings = { - # download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent"; - # incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete"; - # }; - # }; - # xserver = { - # # enable = true; - # videoDrivers = [ "nvidia" ]; - # # layout = "it"; - # # xkbOptions = "eurosign:e;"; - # # libinput.enable = true; - # }; - - # zoneminder = { - # enable = true; - # openFirewall = true; - # cameras = 3; - # hostname = "0.0.0.0"; - # database = { username = "zoneminder"; createLocally = true; }; - # }; - - # mysql = { - # # enable = true; - # ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }]; - # }; }; users.users.bertof = { @@ -144,69 +75,13 @@ with lib; { shell = pkgs.zsh; }; - # systemd.packages = with pkgs; [ syncthing ]; - # systemd.services = - # let - # common = { - # documentation = [ "man:syncthing(1)" ]; - # startLimitIntervalSec = 60; - # startLimitBurst = 4; - # after = [ "network.target" ]; - # environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; }; - # wantedBy = [ "default.target" ]; - # serviceConfig = { - # Restart = "on-failure"; - # RestartSec = 1; - # SuccessExitStatus = "3 4"; - # RestartForceExitStatus = "3 4"; - - # Group = config.ids.gids.users; - # MemoryDenyWriteExecute = true; - # NoNewPrivileges = true; - # PrivateDevices = true; - # PrivateMounts = true; - # PrivateTmp = true; - # PrivateUsers = true; - # ProtectControlGroups = true; - # ProtectHostname = true; - # ProtectKernelModules = true; - # ProtectKernelTunables = true; - # RestrictNamespaces = true; - # RestrictRealtime = true; - # RestrictSUIDSGID = true; - # CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ]; - # }; - # }; - # in - # { - # syncthing-bertof = recursiveUpdate common { - # description = "Syncthing service bertof"; - # serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; }; - # }; - # syncthing-tiziano = recursiveUpdate common { - # description = "Syncthing service tiziano"; - # serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; }; - # }; - # }; - - # networking.firewall = { - # enable = true; - # allowPing = true; - # allowedTCPPorts = [ - # 445 # SAMBA - # 139 # SAMBA - # 5357 # SAMBA-WSDD - # 8123 # HOME ASSISTANT - # 8384 # SYNCTHING - # 8385 # SYNCTHING - # ]; - # allowedUDPPorts = [ - # 137 # SYNCTHING - # 138 # SYNCTHING - # 3702 # SAMBA-WSDD - # ]; - # extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; - # }; + networking.firewall = { + enable = true; + allowPing = true; + # allowedTCPPorts = [ ]; + # allowedUDPPorts = [ ]; + extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns''; + }; system.stateVersion = "22.11"; }