{ pkgs, lib, ... }: with lib; { boot = { binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; kernelPackages = pkgs.linuxPackages_5_18; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; console = { font = "Lat2-Terminus16"; keyMap = "it"; }; environment = { pathsToLink = [ "/share/zsh" ]; systemPackages = with pkgs; [ kakoune tmux vim ]; }; i18n.defaultLocale = "it_IT.UTF-8"; programs = { dconf.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; zsh = { enable = true; syntaxHighlighting.enable = true; }; }; networking = { hostName = "freya"; # interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; }; networkmanager.enable = true; useDHCP = false; }; time.timeZone = "Europe/Rome"; services = { avahi = { enable = true; openFirewall = true; nssmdns = true; publish = { enable = true; addresses = true; domain = true; userServices = true; workstation = true; }; extraServiceFiles = { ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; }; }; # bazarr = { enable = true; openFirewall = true; group = "users"; }; # blueman.enable = true; dbus.packages = with pkgs; [ dconf ]; # fail2ban = { enable = true; bantime-increment.enable = true; }; gnome.gnome-keyring.enable = true; # gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; }; # jackett = { enable = true; openFirewall = true; group = "users"; }; # jellyfin = { enable = true; openFirewall = true; group = "users"; }; # logind.lidSwitch = "ignore"; # node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; }; openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; }; # plex = { enable = true; openFirewall = true; group = "users"; }; # power-profiles-daemon.enable = true; # radarr = { enable = true; openFirewall = true; group = "users"; }; # samba-wsdd = { enable = true; discovery = true; }; # samba = { # enable = true; # enableNmbd = true; # enableWinbindd = true; # nsswins = true; # extraConfig = '' # workgroup = WORKGROUP # load printers = no # smb encrypt = required # ''; # shares = # let # common = { # "public" = "no"; # "writeable" = "yes"; # "create mask" = "0700"; # "directory mask" = "2700"; # "browseable" = "yes"; # "guest ok" = "no"; # "read only" = "no"; # "force group" = "users"; # }; # in # { # bertof = recursiveUpdate common { # path = "/mnt/raid0/bertof"; # comment = "Bertof samba share"; # "force user" = "bertof"; # "valid users" = "bertof"; # }; # tiziano = recursiveUpdate common { # path = "/mnt/raid0/tiziano"; # comment = "Tiziano samba share"; # "force user" = "tiziano"; # "valid users" = "tiziano"; # }; # condiviso = recursiveUpdate common { # path = "/mnt/raid0/condiviso"; # comment = "Samba share condiviso"; # "valid users" = "bertof tiziano"; # "create mask" = "0770"; # "directory mask" = "2770"; # "force create mode" = "0660"; # "force directory mode" = "2770"; # }; # bertof_safe = recursiveUpdate common { # path = "/mnt/raid1/bertof"; # comment = "Bertof samba share"; # "force user" = "bertof"; # "valid users" = "bertof"; # }; # tiziano_safe = recursiveUpdate common { # path = "/mnt/raid1/tiziano"; # comment = "Tiziano samba share"; # "force user" = "tiziano"; # "valid users" = "tiziano"; # }; # condiviso_safe = recursiveUpdate common { # path = "/mnt/raid1/condiviso"; # comment = "Samba share condiviso"; # "valid users" = "bertof tiziano"; # "create mask" = "0770"; # "directory mask" = "2770"; # "force create mode" = "0660"; # "force directory mode" = "2770"; # }; # }; # }; smartd = { enable = true; notifications.x11.enable = true; }; # sonarr = { enable = true; openFirewall = true; group = "users"; }; thermald.enable = true; # transmission = { # enable = true; # openFirewall = true; # group = "users"; # settings = { # download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent"; # incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete"; # }; # }; # xserver = { # # enable = true; # videoDrivers = [ "nvidia" ]; # # layout = "it"; # # xkbOptions = "eurosign:e;"; # # libinput.enable = true; # }; # zoneminder = { # enable = true; # openFirewall = true; # cameras = 3; # hostname = "0.0.0.0"; # database = { username = "zoneminder"; createLocally = true; }; # }; # mysql = { # # enable = true; # ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }]; # }; }; users.users = { bertof = { isNormalUser = true; extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; shell = pkgs.zsh; }; # tiziano = { # isNormalUser = true; # openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ]; # }; # jellyfin.extraGroups = [ "video" ]; }; # services.snapper = { # configs = # let # commonExtraConfig = '' # ALLOW_USERS="bertof" # TIMELINE_CREATE=yes # TIMELINE_CLEANUP=yes # ''; # in # { # bertof_raid0 = { # subvolume = "/mnt/raid0/bertof"; # extraConfig = '' # ALLOW_USERS="bertof" # ${commonExtraConfig} # ''; # }; # tiziano_raid0 = { # subvolume = "/mnt/raid0/tiziano"; # extraConfig = '' # ALLOW_USERS="tiziano" # ${commonExtraConfig} # ''; # }; # condiviso_raid0 = { # subvolume = "/mnt/raid0/condiviso"; # extraConfig = '' # ALLOW_USERS="bertof tiziano" # ${commonExtraConfig} # ''; # }; # }; # }; # systemd.packages = with pkgs; [ syncthing ]; # systemd.services = # let # common = { # documentation = [ "man:syncthing(1)" ]; # startLimitIntervalSec = 60; # startLimitBurst = 4; # after = [ "network.target" ]; # environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; }; # wantedBy = [ "default.target" ]; # serviceConfig = { # Restart = "on-failure"; # RestartSec = 1; # SuccessExitStatus = "3 4"; # RestartForceExitStatus = "3 4"; # Group = config.ids.gids.users; # MemoryDenyWriteExecute = true; # NoNewPrivileges = true; # PrivateDevices = true; # PrivateMounts = true; # PrivateTmp = true; # PrivateUsers = true; # ProtectControlGroups = true; # ProtectHostname = true; # ProtectKernelModules = true; # ProtectKernelTunables = true; # RestrictNamespaces = true; # RestrictRealtime = true; # RestrictSUIDSGID = true; # CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ]; # }; # }; # in # { # syncthing-bertof = recursiveUpdate common { # description = "Syncthing service bertof"; # serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; }; # }; # syncthing-tiziano = recursiveUpdate common { # description = "Syncthing service tiziano"; # serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; }; # }; # }; security.sudo.extraConfig = '' Defaults pwfeedback ''; system.autoUpgrade = { enable = true; allowReboot = true; flags = [ "--flake gitlab:bertof/nix-dotfiles" ]; }; system.stateVersion = "22.05"; }