bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup and removed jellyfin

Browse source
This commit is contained in:
Filippo Berto 2021-11-08 13:16:04 +01:00
parent 9e360d3a49
commit c8fd884cc7
1 changed files with 95 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

97
nixos/loki.nix
View file

@ -70,14 +70,69 @@
environment.pathsToLink = [ "/share/zsh" ];
services = {
avahi = { enable = true; nssmdns = true; };
avahi = {
enable = true;
openFirewall = true;
nssmdns = true;
publish = { enable = true; addresses = true; userServices = true; };
extraServiceFiles = {
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
smb = ''<?xml version="1.0" standalone='no'?><!--*-nxml-*--><!DOCTYPE service-group SYSTEM "avahi-service.dtd"><service-group><name replace-wildcards="yes">%h</name><service><type>_smb._tcp</type><port>445</port></service></service-group>'';
};
};
blueman.enable = true;
dbus.packages = with pkgs; [ gnome.dconf ];
fail2ban = { enable = true; bantime-increment.enable = true; };
gnome.gnome-keyring.enable = true;
gvfs = { enable = true; package = lib.mkForce pkgs.gnome3.gvfs; };
logind.lidSwitch = "ignore";
openssh.enable = true;
openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; };
plex = { enable = true; openFirewall = true; group = "users"; };
power-profiles-daemon.enable = true;
samba = {
enable = true;
enableNmbd = true;
enableWinbindd = true;
nsswins = true;
extraConfig = ''
workgroup = WORKGROUP
load printers = no
smb encrypt = required
'';
shares = let common = {
"public" = "no";
"writeable" = "yes";
"create mask" = "0700";
"directory mask" = "2700";
"browseable" = "yes";
"guest ok" = "no";
"read only" = "no";
"force group" = "users";
}; in
{
bertof = common // {
path = "/mnt/raid/bertof";
comment = "Bertof samba share";
"force user" = "bertof";
"valid users" = "bertof";
};
tiziano = common // {
path = "/mnt/raid/tiziano";
comment = "Tiziano samba share";
"force user" = "tiziano";
"valid users" = "tiziano";
};
condiviso = common // {
path = "/mnt/raid/condiviso";
comment = "Samba share condiviso";
"valid users" = "bertof tiziano";
"create mask" = "0770";
"directory mask" = "2770";
"force create mode" = "0660";
"force directory mode" = "2770";
};
};
};
smartd = { enable = true; notifications.x11.enable = true; };
thermald.enable = true;
zerotierone = { enable = true; joinNetworks = [ "8056c2e21cf9c753" ]; };
@ -98,6 +153,44 @@
# };
# };
systemd.packages = with pkgs; [ syncthing ];
systemd.services = let common = {
after = [ "network.target" ];
environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; };
wantedBy = [ "default.target" ];
serviceConfig = {
Restart = "on-failure";
SuccessExitStatus = "2 3 4";
RestartForceExitStatus = "3 4";
Group = config.ids.gids.users;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ];
};
}; in
{
syncthing-bertof = common // {
description = "Syncthing service bertof";
serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid/bertof/Syncthing/.config"; };
};
syncthing-tiziano = common // {
description = "Syncthing service tiziano";
serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid/tiziano/Syncthing/.config"; };
};
};
virtualisation = {
docker.enable = true;
kvmgt.enable = true;