{ pkgs, lib, ... }: with lib; { boot = { binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; kernelPackages = pkgs.linuxPackages_latest; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; console = { font = "Lat2-Terminus16"; keyMap = "it"; }; environment = { pathsToLink = [ "/share/zsh" ]; systemPackages = builtins.attrValues { inherit (pkgs) kakoune tmux vim; }; }; hardware = { enableRedistributableFirmware = true; # nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; # nvidia.nvidiaPersistenced = true; # HEADLESS # nvidia.prime = { # offload.enable = false; # sync.enable = true; # intelBusId = "PCI:0:2:0"; # nvidiaBusId = "PCI:1:0:0"; # }; opengl = { enable = true; extraPackages = builtins.attrValues { inherit (pkgs) intel-media-driver libvdpau-va-gl vaapiIntel vaapiVdpau; }; }; bluetooth.enable = true; }; i18n.defaultLocale = "it_IT.UTF-8"; programs = { dconf.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; zsh = { enable = true; syntaxHighlighting.enable = true; }; }; networking = { hostName = "loki"; interfaces.eno1.useDHCP = true; # networkmanager.enable = true; # useDHCP = false; }; time.timeZone = "Europe/Rome"; services = { avahi = { enable = true; openFirewall = true; nssmdns = true; publish = { enable = true; addresses = true; domain = true; userServices = true; workstation = true; }; extraServiceFiles = { ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; }; }; bazarr = { enable = true; openFirewall = true; group = "users"; }; blueman.enable = true; dbus.packages = [ pkgs.dconf ]; fail2ban = { enable = true; bantime-increment.enable = true; }; gnome.gnome-keyring.enable = true; gvfs.enable = true; jackett = { enable = true; # package = pkgs.unstable.jackett; openFirewall = true; group = "users"; }; jellyfin = { enable = true; # package = pkgs.unstable.jellyfin; openFirewall = true; group = "users"; }; logind.lidSwitch = "ignore"; # node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; }; openssh = { enable = true; openFirewall = true; }; # plex = { enable = true; openFirewall = true; group = "users"; }; power-profiles-daemon.enable = true; radarr = { enable = true; openFirewall = true; group = "users"; }; samba-wsdd = { enable = true; discovery = true; }; # samba = { # enable = true; # enableNmbd = true; # enableWinbindd = true; # nsswins = true; # extraConfig = '' # workgroup = WORKGROUP # load printers = no # smb encrypt = required # ''; # shares = # let # common = { # "public" = "no"; # "writeable" = "yes"; # "create mask" = "0700"; # "directory mask" = "2700"; # "browseable" = "yes"; # "guest ok" = "no"; # "read only" = "no"; # "force group" = "users"; # }; # in # { # bertof = recursiveUpdate common { # path = "/home/bertof/"; # comment = "Bertof samba share"; # "force user" = "bertof"; # "valid users" = "bertof"; # }; # tiziano = recursiveUpdate common { # path = "/home/tiziano/"; # comment = "Tiziano samba share"; # "force user" = "tiziano"; # "valid users" = "tiziano"; # }; # condiviso = recursiveUpdate common { # path = "/mnt/raid0/condiviso"; # comment = "Samba share condiviso"; # "valid users" = "bertof tiziano"; # "create mask" = "0770"; # "directory mask" = "2770"; # "force create mode" = "0660"; # "force directory mode" = "2770"; # }; # }; # }; smartd.enable = true; sonarr = { enable = true; openFirewall = true; group = "users"; }; thermald.enable = true; # transmission = { # enable = true; # openFirewall = true; # group = "users"; # settings = { # download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent"; # incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete"; # }; # }; xserver = { # enable = true; # videoDrivers = [ "nvidia" ]; # layout = "it"; # xkbOptions = "eurosign:e;"; # libinput.enable = true; }; # zoneminder = { # enable = true; # openFirewall = true; # cameras = 3; # hostname = "0.0.0.0"; # database = { # username = "zoneminder"; # createLocally = true; # }; # }; # mysql = { # # enable = true; # ensureUsers = [{ # name = "bertof"; # ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; # }]; # }; }; users.users = { bertof = { isNormalUser = true; extraGroups = [ "audio" "input" # "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; shell = pkgs.zsh; }; tiziano = { isNormalUser = true; extraGroups = [ "audio" "input" "video" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ]; shell = pkgs.zsh; }; # jellyfin.extraGroups = [ "video" ]; }; services.snapper = { configs = let commonExtraConfig = '' TIMELINE_CREATE=yes TIMELINE_CLEANUP=yes ''; in { bertof_raid0 = { subvolume = "/home/bertof/"; extraConfig = '' ALLOW_USERS="bertof" ${commonExtraConfig} ''; }; tiziano_raid0 = { subvolume = "/home/tiziano/"; extraConfig = '' ALLOW_USERS="tiziano" ${commonExtraConfig} ''; }; # condiviso_raid0 = { # subvolume = "/mnt/raid0/condiviso"; # extraConfig = '' # ALLOW_USERS="bertof tiziano" # ${commonExtraConfig} # ''; # }; # condiviso_raid1 = { # subvolume = "/mnt/raid1/condiviso"; # extraConfig = '' # ALLOW_USERS="bertof tiziano" # ${commonExtraConfig} # ''; # }; }; }; networking.firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 445 # SAMBA 139 # SAMBA 5357 # SAMBA-WSDD 8123 # HOME ASSISTANT 8384 # SYNCTHING 8385 # SYNCTHING ]; allowedUDPPorts = [ 137 # SYNCTHING 138 # SYNCTHING 3702 # SAMBA-WSDD ]; extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; }; virtualisation = { # docker.enable = true; # kvmgt.enable = true; # libvirtd.enable = true; podman.enable = true; # virtualbox.host.enable = true; # oci-containers.containers = { # # hass = { # # image = "ghcr.io/home-assistant/home-assistant:stable"; # # environment = { TZ = "Europe/Rome"; }; # # extraOptions = [ "--privileged" "--network=host" "--pull=always" ]; # # ports = [ "8123:8123" ]; # # volumes = [ "/var/lib/hass:/config" "/mnt/raid0/condiviso:/media" ]; # # }; # }; }; # services.home-assistant = { # enable = true; # # openFirewall = true; # config = { # default_config = { }; # homeassistant = { # name = "Casa"; # latitude = "!secret home-latitude"; # longitude = "!secret home-longitude"; # elevation = 17; # unit_system = "metric"; # time_zone = "Europe/Rome"; # external_url = "https://home-assistant.bertof.net"; # }; # http = { # use_x_forwarded_for = true; # trusted_proxies = [ "172.23.4.159" "::1" "127.0.0.1" ]; # }; # automation = "!include automations.yaml"; # scene = "!include scenes.yaml"; # cloud = { }; # config = { }; # device_tracker = [{ # platform = "bluetooth_tracker"; # request_rssi = true; # }]; # esphome = { }; # frontend = { }; # # google_assistant = { project_id = "light-cathode-372118"; }; # history = { }; # logbook = { }; # # logger.default = "debug"; # logger.default = "info"; # "map" = { }; # mobile_app = { }; # recorder.purge_keep_days = 30; # shopping_list = { }; # sun = { }; # system_health = { }; # tts = [{ # platform = "google_translate"; # language = "it"; # # tld = "it"; # }]; # }; # configDir = "/var/lib/hass"; # configWritable = true; # extraPackages = ps: with ps; [ securetar ]; # extraComponents = [ # "default_config" # "accuweather" # "alert" # "analytics" # "bayesian" # "binary_sensor" # "blueprint" # "bluetooth_le_tracker" # "bluetooth_tracker" # "button" # "camera" # "cast" # "caldav" # "calendar" # "citybikes" # "configurator" # "coronavirus" # "cover" # "default_config" # "derivative" # "device_automation" # "device_sun_light_trigger" # "device_tracker" # "dlib_face_detect" # "dlib_face_identify" # "dlna_dmr" # "dlna_dms" # "esphome" # "flux" # "gdacs" # "google" # "google_translate" # "group" # "hassio" # "jellyfin" # "local_file" # "media_player" # "met" # "meteoalarm" # "network" # "nmap_tracker" # "notify" # "ping" # "plex" # "proximity" # "radarr" # "radio_browser" # "random" # "scene" # "schedule" # "sonarr" # "spotify" # "tcp" # "telegram" # "telegram_bot" # "template" # "threshold" # "tod" # times of the day # "trend" # "upnp" # "wake_on_lan" # "workday" # "zoneminder" # ]; # }; security.sudo.extraConfig = '' Defaults pwfeedback ''; system.stateVersion = "21.11"; }