{ pkgs, lib, ... }: with lib; { boot = { # kernelPackages = pkgs.linuxPackages_latest; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; console = { font = "Lat2-Terminus16"; keyMap = "it"; }; environment = { pathsToLink = [ "/share/zsh" ]; systemPackages = builtins.attrValues { inherit (pkgs) kakoune tmux vim; }; }; i18n.defaultLocale = "it_IT.UTF-8"; programs = { dconf.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; zsh = { enable = true; syntaxHighlighting.enable = true; }; }; networking = { hostName = "freya"; # interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; }; networkmanager.enable = true; useDHCP = false; }; time.timeZone = "Europe/Rome"; services = { avahi = { enable = true; openFirewall = true; nssmdns = true; publish = { enable = true; addresses = true; domain = true; userServices = true; workstation = true; }; extraServiceFiles = { ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; }; }; # bazarr = { enable = true; openFirewall = true; group = "users"; }; # blueman.enable = true; dbus.packages = [ pkgs.dconf ]; # fail2ban = { enable = true; bantime-increment.enable = true; }; gnome.gnome-keyring.enable = true; # gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; }; # jackett = { enable = true; openFirewall = true; group = "users"; }; # jellyfin = { enable = true; openFirewall = true; group = "users"; }; # logind.lidSwitch = "ignore"; # node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; }; openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; }; # plex = { enable = true; openFirewall = true; group = "users"; }; # power-profiles-daemon.enable = true; # radarr = { enable = true; openFirewall = true; group = "users"; }; # samba-wsdd = { enable = true; discovery = true; }; # samba = { # enable = true; # enableNmbd = true; # enableWinbindd = true; # nsswins = true; # extraConfig = '' # workgroup = WORKGROUP # load printers = no # smb encrypt = required # ''; # shares = # let # common = { # "public" = "no"; # "writeable" = "yes"; # "create mask" = "0700"; # "directory mask" = "2700"; # "browseable" = "yes"; # "guest ok" = "no"; # "read only" = "no"; # "force group" = "users"; # }; # in # { # bertof = recursiveUpdate common { # path = "/mnt/raid0/bertof"; # comment = "Bertof samba share"; # "force user" = "bertof"; # "valid users" = "bertof"; # }; # tiziano = recursiveUpdate common { # path = "/mnt/raid0/tiziano"; # comment = "Tiziano samba share"; # "force user" = "tiziano"; # "valid users" = "tiziano"; # }; # condiviso = recursiveUpdate common { # path = "/mnt/raid0/condiviso"; # comment = "Samba share condiviso"; # "valid users" = "bertof tiziano"; # "create mask" = "0770"; # "directory mask" = "2770"; # "force create mode" = "0660"; # "force directory mode" = "2770"; # }; # bertof_safe = recursiveUpdate common { # path = "/mnt/raid1/bertof"; # comment = "Bertof samba share"; # "force user" = "bertof"; # "valid users" = "bertof"; # }; # tiziano_safe = recursiveUpdate common { # path = "/mnt/raid1/tiziano"; # comment = "Tiziano samba share"; # "force user" = "tiziano"; # "valid users" = "tiziano"; # }; # condiviso_safe = recursiveUpdate common { # path = "/mnt/raid1/condiviso"; # comment = "Samba share condiviso"; # "valid users" = "bertof tiziano"; # "create mask" = "0770"; # "directory mask" = "2770"; # "force create mode" = "0660"; # "force directory mode" = "2770"; # }; # }; # }; # sonarr = { enable = true; openFirewall = true; group = "users"; }; thermald.enable = true; # transmission = { # enable = true; # openFirewall = true; # group = "users"; # settings = { # download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent"; # incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete"; # }; # }; # xserver = { # # enable = true; # videoDrivers = [ "nvidia" ]; # # layout = "it"; # # xkbOptions = "eurosign:e;"; # # libinput.enable = true; # }; # zoneminder = { # enable = true; # openFirewall = true; # cameras = 3; # hostname = "0.0.0.0"; # database = { username = "zoneminder"; createLocally = true; }; # }; # mysql = { # # enable = true; # ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }]; # }; }; users.users = { bertof = { isNormalUser = true; extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; shell = pkgs.zsh; }; # tiziano = { # isNormalUser = true; # openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ]; # }; # jellyfin.extraGroups = [ "video" ]; }; # services.snapper = { # configs = # let # commonExtraConfig = '' # ALLOW_USERS="bertof" # TIMELINE_CREATE=yes # TIMELINE_CLEANUP=yes # ''; # in # { # bertof_raid0 = { # subvolume = "/mnt/raid0/bertof"; # extraConfig = '' # ALLOW_USERS="bertof" # ${commonExtraConfig} # ''; # }; # tiziano_raid0 = { # subvolume = "/mnt/raid0/tiziano"; # extraConfig = '' # ALLOW_USERS="tiziano" # ${commonExtraConfig} # ''; # }; # condiviso_raid0 = { # subvolume = "/mnt/raid0/condiviso"; # extraConfig = '' # ALLOW_USERS="bertof tiziano" # ${commonExtraConfig} # ''; # }; # }; # }; security.sudo.extraConfig = '' Defaults pwfeedback ''; system.autoUpgrade = { enable = true; allowReboot = true; flags = [ "--flake gitlab:bertof/nix-dotfiles" ]; }; system.stateVersion = "22.05"; }