{ pkgs, lib, ... }: with lib; { boot = { binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; kernelPackages = pkgs.linuxPackages_latest; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; }; console = { font = "Lat2-Terminus16"; keyMap = "it"; }; environment = { pathsToLink = [ "/share/zsh" ]; systemPackages = builtins.attrValues { inherit (pkgs) kakoune tmux vim; }; }; hardware = { enableRedistributableFirmware = true; # nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; # nvidia.nvidiaPersistenced = true; # HEADLESS # nvidia.prime = { # offload.enable = false; # sync.enable = true; # intelBusId = "PCI:0:2:0"; # nvidiaBusId = "PCI:1:0:0"; # }; opengl = { enable = true; extraPackages = builtins.attrValues { inherit (pkgs) intel-media-driver libvdpau-va-gl vaapiIntel vaapiVdpau; }; }; bluetooth.enable = true; }; i18n.defaultLocale = "it_IT.UTF-8"; programs = { dconf.enable = true; gnupg.agent = { enable = true; enableSSHSupport = true; }; zsh = { enable = true; syntaxHighlighting.enable = true; }; }; networking = { hostName = "loki"; interfaces.eno1.useDHCP = true; # networkmanager.enable = true; # useDHCP = false; }; time.timeZone = "Europe/Rome"; services = { avahi = { enable = true; openFirewall = true; nssmdns = true; publish = { enable = true; addresses = true; domain = true; userServices = true; workstation = true; }; extraServiceFiles = { ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service"; }; }; bazarr = { enable = true; openFirewall = true; group = "users"; }; blueman.enable = true; dbus.packages = [ pkgs.dconf ]; fail2ban = { enable = true; bantime-increment.enable = true; }; gnome.gnome-keyring.enable = true; gvfs.enable = true; jackett = { enable = true; # package = pkgs.unstable.jackett; openFirewall = true; group = "users"; }; jellyfin = { enable = true; # package = pkgs.unstable.jellyfin; openFirewall = true; group = "users"; }; logind.lidSwitch = "ignore"; # node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; }; openssh = { enable = true; openFirewall = true; }; # plex = { enable = true; openFirewall = true; group = "users"; }; power-profiles-daemon.enable = true; radarr = { enable = true; openFirewall = true; group = "users"; }; samba-wsdd = { enable = true; discovery = true; }; samba = { enable = true; enableNmbd = true; enableWinbindd = true; nsswins = true; extraConfig = '' workgroup = WORKGROUP load printers = no smb encrypt = required ''; shares = let common = { "public" = "no"; "writeable" = "yes"; "create mask" = "0700"; "directory mask" = "2700"; "browseable" = "yes"; "guest ok" = "no"; "read only" = "no"; "force group" = "users"; }; in { bertof = recursiveUpdate common { path = "/home/bertof/"; comment = "Bertof samba share"; "force user" = "bertof"; "valid users" = "bertof"; }; tiziano = recursiveUpdate common { path = "/home/tiziano/"; comment = "Tiziano samba share"; "force user" = "tiziano"; "valid users" = "tiziano"; }; condiviso = recursiveUpdate common { path = "/mnt/raid0/condiviso"; comment = "Samba share condiviso"; "valid users" = "bertof tiziano"; "create mask" = "0770"; "directory mask" = "2770"; "force create mode" = "0660"; "force directory mode" = "2770"; }; }; }; smartd.enable = true; sonarr = { enable = true; openFirewall = true; group = "users"; }; thermald.enable = true; transmission = { enable = true; openFirewall = true; group = "users"; settings = { download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent"; incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete"; }; }; xserver = { # enable = true; # videoDrivers = [ "nvidia" ]; # layout = "it"; # xkbOptions = "eurosign:e;"; # libinput.enable = true; }; # zoneminder = { # enable = true; # openFirewall = true; # cameras = 3; # hostname = "0.0.0.0"; # database = { # username = "zoneminder"; # createLocally = true; # }; # }; # mysql = { # # enable = true; # ensureUsers = [{ # name = "bertof"; # ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; # }]; # }; }; users.users = { bertof = { isNormalUser = true; extraGroups = [ "audio" "input" "docker" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ]; shell = pkgs.zsh; }; tiziano = { isNormalUser = true; extraGroups = [ "audio" "input" "video" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ]; shell = pkgs.zsh; }; # jellyfin.extraGroups = [ "video" ]; }; services.snapper = { configs = let commonExtraConfig = '' TIMELINE_CREATE=yes TIMELINE_CLEANUP=yes ''; in { bertof_raid0 = { subvolume = "/home/bertof/raid0"; extraConfig = '' ALLOW_USERS="bertof" ${commonExtraConfig} ''; }; tiziano_raid0 = { subvolume = "/home/tiziano/raid0"; extraConfig = '' ALLOW_USERS="tiziano" ${commonExtraConfig} ''; }; bertof_raid1 = { subvolume = "/home/bertof/raid1"; extraConfig = '' ALLOW_USERS="bertof" ${commonExtraConfig} ''; }; tiziano_raid1 = { subvolume = "/home/tiziano/raid1"; extraConfig = '' ALLOW_USERS="tiziano" ${commonExtraConfig} ''; }; condiviso_raid0 = { subvolume = "/mnt/raid0/condiviso"; extraConfig = '' ALLOW_USERS="bertof tiziano" ${commonExtraConfig} ''; }; condiviso_raid1 = { subvolume = "/mnt/raid1/condiviso"; extraConfig = '' ALLOW_USERS="bertof tiziano" ${commonExtraConfig} ''; }; }; }; networking.firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 445 # SAMBA 139 # SAMBA 5357 # SAMBA-WSDD 8123 # HOME ASSISTANT 8384 # SYNCTHING 8385 # SYNCTHING ]; allowedUDPPorts = [ 137 # SYNCTHING 138 # SYNCTHING 3702 # SAMBA-WSDD ]; extraCommands = "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns"; }; virtualisation = { docker.enable = true; # kvmgt.enable = true; # libvirtd.enable = true; podman.enable = true; # virtualbox.host.enable = true; oci-containers.containers = { # hass = { # image = "ghcr.io/home-assistant/home-assistant:stable"; # environment = { TZ = "Europe/Rome"; }; # extraOptions = [ "--privileged" "--network=host" "--pull=always" ]; # ports = [ "8123:8123" ]; # volumes = [ "/var/lib/hass:/config" "/mnt/raid0/condiviso:/media" ]; # }; }; }; services.home-assistant = { enable = true; # openFirewall = true; config = { default_config = { }; homeassistant = { name = "Casa"; latitude = "!secret home-latitude"; longitude = "!secret home-longitude"; elevation = 17; unit_system = "metric"; time_zone = "Europe/Rome"; external_url = "https://home-assistant.bertof.net"; }; http = { use_x_forwarded_for = true; trusted_proxies = [ "172.23.4.159" "::1" "127.0.0.1" ]; }; automation = "!include automations.yaml"; scene = "!include scenes.yaml"; cloud = { }; config = { }; device_tracker = [{ platform = "bluetooth_tracker"; request_rssi = true; }]; esphome = { }; frontend = { }; # google_assistant = { project_id = "light-cathode-372118"; }; history = { }; logbook = { }; # logger.default = "debug"; logger.default = "info"; "map" = { }; mobile_app = { }; recorder.purge_keep_days = 30; shopping_list = { }; sun = { }; system_health = { }; tts = [{ platform = "google_translate"; language = "it"; tld = "it"; }]; }; configDir = "/var/lib/hass"; configWritable = true; extraPackages = ps: with ps; [ securetar ]; extraComponents = [ "default_config" "accuweather" "alert" "analytics" "bayesian" "binary_sensor" "blueprint" "bluetooth_le_tracker" "bluetooth_tracker" "button" "camera" "cast" "caldav" "calendar" "citybikes" "configurator" "coronavirus" "cover" "default_config" "derivative" "device_automation" "device_sun_light_trigger" "device_tracker" "dlib_face_detect" "dlib_face_identify" "dlna_dmr" "dlna_dms" "esphome" "flux" "gdacs" "google" "google_translate" "group" "hassio" "jellyfin" "local_file" "media_player" "met" "meteoalarm" "network" "nmap_tracker" "notify" "ping" "plex" "proximity" "radarr" "radio_browser" "random" "scene" "schedule" "sonarr" "spotify" "tcp" "telegram" "telegram_bot" "template" "threshold" "tod" # times of the day "trend" "upnp" "wake_on_lan" "workday" "zoneminder" ]; }; security.sudo.extraConfig = '' Defaults pwfeedback ''; system.stateVersion = "21.11"; }