Basic baldur config
This commit is contained in:
parent
11e4fe073d
commit
52a16f3aa0
GPG key ID:
9DBF7E6A1D2CE9ED
1 changed files with 30 additions and 155 deletions
|
|
@ -13,19 +13,7 @@ with lib; {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# boot = {
|
console = { font = "Lat2-Terminus16"; keyMap = "it"; };
|
||||||
# # binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
|
|
||||||
# # kernelPackages = pkgs.linuxPackages_5_18;
|
|
||||||
# # loader = {
|
|
||||||
# # systemd-boot.enable = true;
|
|
||||||
# # efi.canTouchEfiVariables = true;
|
|
||||||
# # };
|
|
||||||
# };
|
|
||||||
|
|
||||||
console = {
|
|
||||||
font = "Lat2-Terminus16";
|
|
||||||
keyMap = "it";
|
|
||||||
};
|
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
pathsToLink = [ "/share/zsh" ];
|
pathsToLink = [ "/share/zsh" ];
|
||||||
|
|
@ -35,97 +23,40 @@ with lib; {
|
||||||
i18n.defaultLocale = "it_IT.UTF-8";
|
i18n.defaultLocale = "it_IT.UTF-8";
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
# dconf.enable = true;
|
gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||||
gnupg.agent = {
|
zsh = { enable = true; syntaxHighlighting.enable = true; };
|
||||||
enable = true;
|
|
||||||
enableSSHSupport = true;
|
|
||||||
};
|
|
||||||
zsh = {
|
|
||||||
enable = true;
|
|
||||||
syntaxHighlighting.enable = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking.hostName = "baldur";
|
||||||
hostName = "baldur";
|
|
||||||
# interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
|
|
||||||
# networkmanager.enable = true;
|
|
||||||
# useDHCP = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Rome";
|
time.timeZone = "Europe/Rome";
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
# avahi = {
|
avahi = {
|
||||||
# enable = true;
|
enable = true;
|
||||||
# openFirewall = true;
|
openFirewall = true;
|
||||||
# nssmdns = true;
|
nssmdns = true;
|
||||||
# publish = {
|
publish = {
|
||||||
# enable = true;
|
enable = true;
|
||||||
# addresses = true;
|
addresses = true;
|
||||||
# domain = true;
|
domain = true;
|
||||||
# userServices = true;
|
userServices = true;
|
||||||
# workstation = true;
|
workstation = true;
|
||||||
# };
|
};
|
||||||
# extraServiceFiles = {
|
extraServiceFiles = {
|
||||||
# ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
|
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
|
||||||
# };
|
};
|
||||||
# };
|
};
|
||||||
# bazarr = { enable = true; openFirewall = true; group = "users"; };
|
fail2ban = {
|
||||||
# blueman.enable = true;
|
enable = true;
|
||||||
# dbus.packages = with pkgs; [ dconf ];
|
bantime-increment.enable = true;
|
||||||
# fail2ban = {
|
};
|
||||||
# enable = true;
|
|
||||||
# bantime-increment.enable = true;
|
|
||||||
# };
|
|
||||||
# gnome.gnome-keyring.enable = true;
|
|
||||||
# gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; };
|
|
||||||
# jackett = { enable = true; openFirewall = true; group = "users"; };
|
|
||||||
# jellyfin = { enable = true; openFirewall = true; group = "users"; };
|
|
||||||
# logind.lidSwitch = "ignore";
|
|
||||||
# node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
|
|
||||||
openssh = {
|
openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
permitRootLogin = "prohibit-password";
|
permitRootLogin = "prohibit-password";
|
||||||
passwordAuthentication = false;
|
passwordAuthentication = false;
|
||||||
};
|
};
|
||||||
# plex = { enable = true; openFirewall = true; group = "users"; };
|
|
||||||
# power-profiles-daemon.enable = true;
|
|
||||||
# radarr = { enable = true; openFirewall = true; group = "users"; };
|
|
||||||
# samba-wsdd = { enable = true; discovery = true; };
|
|
||||||
# smartd = { enable = true; notifications.x11.enable = true; };
|
|
||||||
# sonarr = { enable = true; openFirewall = true; group = "users"; };
|
|
||||||
# thermald.enable = true;
|
|
||||||
# transmission = {
|
|
||||||
# enable = true;
|
|
||||||
# openFirewall = true;
|
|
||||||
# group = "users";
|
|
||||||
# settings = {
|
|
||||||
# download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent";
|
|
||||||
# incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete";
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
# xserver = {
|
|
||||||
# # enable = true;
|
|
||||||
# videoDrivers = [ "nvidia" ];
|
|
||||||
# # layout = "it";
|
|
||||||
# # xkbOptions = "eurosign:e;";
|
|
||||||
# # libinput.enable = true;
|
|
||||||
# };
|
|
||||||
|
|
||||||
# zoneminder = {
|
|
||||||
# enable = true;
|
|
||||||
# openFirewall = true;
|
|
||||||
# cameras = 3;
|
|
||||||
# hostname = "0.0.0.0";
|
|
||||||
# database = { username = "zoneminder"; createLocally = true; };
|
|
||||||
# };
|
|
||||||
|
|
||||||
# mysql = {
|
|
||||||
# # enable = true;
|
|
||||||
# ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }];
|
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.bertof = {
|
users.users.bertof = {
|
||||||
|
|
@ -144,69 +75,13 @@ with lib; {
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
|
|
||||||
# systemd.packages = with pkgs; [ syncthing ];
|
networking.firewall = {
|
||||||
# systemd.services =
|
enable = true;
|
||||||
# let
|
allowPing = true;
|
||||||
# common = {
|
# allowedTCPPorts = [ ];
|
||||||
# documentation = [ "man:syncthing(1)" ];
|
# allowedUDPPorts = [ ];
|
||||||
# startLimitIntervalSec = 60;
|
extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
|
||||||
# startLimitBurst = 4;
|
};
|
||||||
# after = [ "network.target" ];
|
|
||||||
# environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; };
|
|
||||||
# wantedBy = [ "default.target" ];
|
|
||||||
# serviceConfig = {
|
|
||||||
# Restart = "on-failure";
|
|
||||||
# RestartSec = 1;
|
|
||||||
# SuccessExitStatus = "3 4";
|
|
||||||
# RestartForceExitStatus = "3 4";
|
|
||||||
|
|
||||||
# Group = config.ids.gids.users;
|
|
||||||
# MemoryDenyWriteExecute = true;
|
|
||||||
# NoNewPrivileges = true;
|
|
||||||
# PrivateDevices = true;
|
|
||||||
# PrivateMounts = true;
|
|
||||||
# PrivateTmp = true;
|
|
||||||
# PrivateUsers = true;
|
|
||||||
# ProtectControlGroups = true;
|
|
||||||
# ProtectHostname = true;
|
|
||||||
# ProtectKernelModules = true;
|
|
||||||
# ProtectKernelTunables = true;
|
|
||||||
# RestrictNamespaces = true;
|
|
||||||
# RestrictRealtime = true;
|
|
||||||
# RestrictSUIDSGID = true;
|
|
||||||
# CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ];
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
# in
|
|
||||||
# {
|
|
||||||
# syncthing-bertof = recursiveUpdate common {
|
|
||||||
# description = "Syncthing service bertof";
|
|
||||||
# serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; };
|
|
||||||
# };
|
|
||||||
# syncthing-tiziano = recursiveUpdate common {
|
|
||||||
# description = "Syncthing service tiziano";
|
|
||||||
# serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; };
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
# networking.firewall = {
|
|
||||||
# enable = true;
|
|
||||||
# allowPing = true;
|
|
||||||
# allowedTCPPorts = [
|
|
||||||
# 445 # SAMBA
|
|
||||||
# 139 # SAMBA
|
|
||||||
# 5357 # SAMBA-WSDD
|
|
||||||
# 8123 # HOME ASSISTANT
|
|
||||||
# 8384 # SYNCTHING
|
|
||||||
# 8385 # SYNCTHING
|
|
||||||
# ];
|
|
||||||
# allowedUDPPorts = [
|
|
||||||
# 137 # SYNCTHING
|
|
||||||
# 138 # SYNCTHING
|
|
||||||
# 3702 # SAMBA-WSDD
|
|
||||||
# ];
|
|
||||||
# extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
|
|
||||||
# };
|
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue