bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-dotfiles/loki/configuration.nix

446 lines
11 KiB
Nix
Raw Blame History

{ pkgs, lib, ... }:
with lib; {
boot = {
binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "it";
};
environment = {
pathsToLink = [ "/share/zsh" ];
systemPackages = builtins.attrValues { inherit (pkgs) kakoune tmux vim; };
};
hardware = {
enableRedistributableFirmware = true;
# nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
# nvidia.nvidiaPersistenced = true; # HEADLESS
# nvidia.prime = {
# offload.enable = false;
# sync.enable = true;
# intelBusId = "PCI:0:2:0";
# nvidiaBusId = "PCI:1:0:0";
# };
opengl = {
enable = true;
extraPackages = builtins.attrValues {
inherit (pkgs) intel-media-driver libvdpau-va-gl vaapiIntel vaapiVdpau;
};
};
bluetooth.enable = true;
};
i18n.defaultLocale = "it_IT.UTF-8";
programs = {
dconf.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh = {
enable = true;
syntaxHighlighting.enable = true;
};
};
networking = {
hostName = "loki";
interfaces.eno1.useDHCP = true;
# networkmanager.enable = true;
# useDHCP = false;
};
time.timeZone = "Europe/Rome";
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
};
bazarr = {
enable = true;
openFirewall = true;
group = "users";
};
blueman.enable = true;
dbus.packages = [ pkgs.dconf ];
fail2ban = {
enable = true;
bantime-increment.enable = true;
};
gnome.gnome-keyring.enable = true;
gvfs.enable = true;
jackett = {
enable = true;
# package = pkgs.unstable.jackett;
openFirewall = true;
group = "users";
};
jellyfin = {
enable = true;
# package = pkgs.unstable.jellyfin;
openFirewall = true;
group = "users";
};
logind.lidSwitch = "ignore";
# node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
openssh = {
enable = true;
openFirewall = true;
};
# plex = { enable = true; openFirewall = true; group = "users"; };
power-profiles-daemon.enable = true;
radarr = {
enable = true;
openFirewall = true;
group = "users";
};
samba-wsdd = {
enable = true;
discovery = true;
};
# samba = {
# enable = true;
# enableNmbd = true;
# enableWinbindd = true;
# nsswins = true;
# extraConfig = ''
# workgroup = WORKGROUP
# load printers = no
# smb encrypt = required
# '';
# shares =
# let
# common = {
# "public" = "no";
# "writeable" = "yes";
# "create mask" = "0700";
# "directory mask" = "2700";
# "browseable" = "yes";
# "guest ok" = "no";
# "read only" = "no";
# "force group" = "users";
# };
# in
# {
# bertof = recursiveUpdate common {
# path = "/home/bertof/";
# comment = "Bertof samba share";
# "force user" = "bertof";
# "valid users" = "bertof";
# };
# tiziano = recursiveUpdate common {
# path = "/home/tiziano/";
# comment = "Tiziano samba share";
# "force user" = "tiziano";
# "valid users" = "tiziano";
# };
# condiviso = recursiveUpdate common {
# path = "/mnt/raid0/condiviso";
# comment = "Samba share condiviso";
# "valid users" = "bertof tiziano";
# "create mask" = "0770";
# "directory mask" = "2770";
# "force create mode" = "0660";
# "force directory mode" = "2770";
# };
# };
# };
smartd.enable = true;
sonarr = {
enable = true;
openFirewall = true;
group = "users";
};
thermald.enable = true;
# transmission = {
# enable = true;
# openFirewall = true;
# group = "users";
# settings = {
# download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent";
# incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete";
# };
# };
xserver = {
# enable = true;
# videoDrivers = [ "nvidia" ];
# layout = "it";
# xkbOptions = "eurosign:e;";
# libinput.enable = true;
};
# zoneminder = {
# enable = true;
# openFirewall = true;
# cameras = 3;
# hostname = "0.0.0.0";
# database = {
# username = "zoneminder";
# createLocally = true;
# };
# };
# mysql = {
# # enable = true;
# ensureUsers = [{
# name = "bertof";
# ensurePermissions = { "*.*" = "ALL PRIVILEGES"; };
# }];
# };
};
users.users = {
bertof = {
isNormalUser = true;
extraGroups = [
"audio"
"input"
# "docker"
"libvirtd"
"network"
"networkmanager"
"usb"
"video"
"wheel"
];
shell = pkgs.zsh;
};
tiziano = {
isNormalUser = true;
extraGroups = [ "audio" "input" "video" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k"
];
shell = pkgs.zsh;
};
# jellyfin.extraGroups = [ "video" ];
};
services.snapper = {
configs =
let
commonExtraConfig = ''
TIMELINE_CREATE=yes
TIMELINE_CLEANUP=yes
'';
in
{
bertof_raid0 = {
subvolume = "/home/bertof/";
extraConfig = ''
ALLOW_USERS="bertof"
${commonExtraConfig}
'';
};
tiziano_raid0 = {
subvolume = "/home/tiziano/";
extraConfig = ''
ALLOW_USERS="tiziano"
${commonExtraConfig}
'';
};
# condiviso_raid0 = {
# subvolume = "/mnt/raid0/condiviso";
# extraConfig = ''
# ALLOW_USERS="bertof tiziano"
# ${commonExtraConfig}
# '';
# };
# condiviso_raid1 = {
# subvolume = "/mnt/raid1/condiviso";
# extraConfig = ''
# ALLOW_USERS="bertof tiziano"
# ${commonExtraConfig}
# '';
# };
};
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
445 # SAMBA
139 # SAMBA
5357 # SAMBA-WSDD
8123 # HOME ASSISTANT
8384 # SYNCTHING
8385 # SYNCTHING
];
allowedUDPPorts = [
137 # SYNCTHING
138 # SYNCTHING
3702 # SAMBA-WSDD
];
extraCommands =
"iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
};
virtualisation = {
# docker.enable = true;
# kvmgt.enable = true;
# libvirtd.enable = true;
podman.enable = true;
# virtualbox.host.enable = true;
# oci-containers.containers = {
# # hass = {
# # image = "ghcr.io/home-assistant/home-assistant:stable";
# # environment = { TZ = "Europe/Rome"; };
# # extraOptions = [ "--privileged" "--network=host" "--pull=always" ];
# # ports = [ "8123:8123" ];
# # volumes = [ "/var/lib/hass:/config" "/mnt/raid0/condiviso:/media" ];
# # };
# };
};
# services.home-assistant = {
# enable = true;
# # openFirewall = true;
# config = {
# default_config = { };
# homeassistant = {
# name = "Casa";
# latitude = "!secret home-latitude";
# longitude = "!secret home-longitude";
# elevation = 17;
# unit_system = "metric";
# time_zone = "Europe/Rome";
# external_url = "https://home-assistant.bertof.net";
# };
# http = {
# use_x_forwarded_for = true;
# trusted_proxies = [ "172.23.4.159" "::1" "127.0.0.1" ];
# };
# automation = "!include automations.yaml";
# scene = "!include scenes.yaml";
# cloud = { };
# config = { };
# device_tracker = [{
# platform = "bluetooth_tracker";
# request_rssi = true;
# }];
# esphome = { };
# frontend = { };
# # google_assistant = { project_id = "light-cathode-372118"; };
# history = { };
# logbook = { };
# # logger.default = "debug";
# logger.default = "info";
# "map" = { };
# mobile_app = { };
# recorder.purge_keep_days = 30;
# shopping_list = { };
# sun = { };
# system_health = { };
# tts = [{
# platform = "google_translate";
# language = "it";
# # tld = "it";
# }];
# };
# configDir = "/var/lib/hass";
# configWritable = true;
# extraPackages = ps: with ps; [ securetar ];
# extraComponents = [
# "default_config"
# "accuweather"
# "alert"
# "analytics"
# "bayesian"
# "binary_sensor"
# "blueprint"
# "bluetooth_le_tracker"
# "bluetooth_tracker"
# "button"
# "camera"
# "cast"
# "caldav"
# "calendar"
# "citybikes"
# "configurator"
# "coronavirus"
# "cover"
# "default_config"
# "derivative"
# "device_automation"
# "device_sun_light_trigger"
# "device_tracker"
# "dlib_face_detect"
# "dlib_face_identify"
# "dlna_dmr"
# "dlna_dms"
# "esphome"
# "flux"
# "gdacs"
# "google"
# "google_translate"
# "group"
# "hassio"
# "jellyfin"
# "local_file"
# "media_player"
# "met"
# "meteoalarm"
# "network"
# "nmap_tracker"
# "notify"
# "ping"
# "plex"
# "proximity"
# "radarr"
# "radio_browser"
# "random"
# "scene"
# "schedule"
# "sonarr"
# "spotify"
# "tcp"
# "telegram"
# "telegram_bot"
# "template"
# "threshold"
# "tod" # times of the day
# "trend"
# "upnp"
# "wake_on_lan"
# "workday"
# "zoneminder"
# ];
# };
security.sudo.extraConfig = ''
Defaults pwfeedback
'';
system.stateVersion = "21.11";
}
Reference in a new issue View git blame Copy permalink