bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-dotfiles/freya/configuration.nix

249 lines
6.9 KiB
Nix
Raw Blame History

{ pkgs, lib, ... }:
with lib; {
boot = {
# kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "it";
};
environment = {
pathsToLink = [ "/share/zsh" ];
systemPackages = builtins.attrValues { inherit (pkgs) kakoune tmux vim; };
};
i18n.defaultLocale = "it_IT.UTF-8";
programs = {
dconf.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh = {
enable = true;
syntaxHighlighting.enable = true;
};
};
networking = {
hostName = "freya";
# interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
networkmanager.enable = true;
useDHCP = false;
};
time.timeZone = "Europe/Rome";
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
};
# bazarr = { enable = true; openFirewall = true; group = "users"; };
# blueman.enable = true;
dbus.packages = [ pkgs.dconf ];
# fail2ban = { enable = true; bantime-increment.enable = true; };
gnome.gnome-keyring.enable = true;
# gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; };
# jackett = { enable = true; openFirewall = true; group = "users"; };
# jellyfin = { enable = true; openFirewall = true; group = "users"; };
# logind.lidSwitch = "ignore";
# node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
openssh = {
enable = true;
openFirewall = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
# plex = { enable = true; openFirewall = true; group = "users"; };
# power-profiles-daemon.enable = true;
# radarr = { enable = true; openFirewall = true; group = "users"; };
# samba-wsdd = { enable = true; discovery = true; };
# samba = {
# enable = true;
# enableNmbd = true;
# enableWinbindd = true;
# nsswins = true;
# extraConfig = ''
# workgroup = WORKGROUP
# load printers = no
# smb encrypt = required
# '';
# shares =
# let
# common = {
# "public" = "no";
# "writeable" = "yes";
# "create mask" = "0700";
# "directory mask" = "2700";
# "browseable" = "yes";
# "guest ok" = "no";
# "read only" = "no";
# "force group" = "users";
# };
# in
# {
# bertof = recursiveUpdate common {
# path = "/mnt/raid0/bertof";
# comment = "Bertof samba share";
# "force user" = "bertof";
# "valid users" = "bertof";
# };
# tiziano = recursiveUpdate common {
# path = "/mnt/raid0/tiziano";
# comment = "Tiziano samba share";
# "force user" = "tiziano";
# "valid users" = "tiziano";
# };
# condiviso = recursiveUpdate common {
# path = "/mnt/raid0/condiviso";
# comment = "Samba share condiviso";
# "valid users" = "bertof tiziano";
# "create mask" = "0770";
# "directory mask" = "2770";
# "force create mode" = "0660";
# "force directory mode" = "2770";
# };
# bertof_safe = recursiveUpdate common {
# path = "/mnt/raid1/bertof";
# comment = "Bertof samba share";
# "force user" = "bertof";
# "valid users" = "bertof";
# };
# tiziano_safe = recursiveUpdate common {
# path = "/mnt/raid1/tiziano";
# comment = "Tiziano samba share";
# "force user" = "tiziano";
# "valid users" = "tiziano";
# };
# condiviso_safe = recursiveUpdate common {
# path = "/mnt/raid1/condiviso";
# comment = "Samba share condiviso";
# "valid users" = "bertof tiziano";
# "create mask" = "0770";
# "directory mask" = "2770";
# "force create mode" = "0660";
# "force directory mode" = "2770";
# };
# };
# };
# sonarr = { enable = true; openFirewall = true; group = "users"; };
thermald.enable = true;
# transmission = {
# enable = true;
# openFirewall = true;
# group = "users";
# settings = {
# download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent";
# incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete";
# };
# };
# xserver = {
# # enable = true;
# videoDrivers = [ "nvidia" ];
# # layout = "it";
# # xkbOptions = "eurosign:e;";
# # libinput.enable = true;
# };
# zoneminder = {
# enable = true;
# openFirewall = true;
# cameras = 3;
# hostname = "0.0.0.0";
# database = { username = "zoneminder"; createLocally = true; };
# };
# mysql = {
# # enable = true;
# ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }];
# };
};
users.users = {
bertof = {
isNormalUser = true;
extraGroups = [
"audio"
"input"
"docker"
"libvirtd"
"network"
"networkmanager"
"usb"
"video"
"wheel"
];
shell = pkgs.zsh;
};
# tiziano = {
# isNormalUser = true;
# openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ];
# };
# jellyfin.extraGroups = [ "video" ];
};
# services.snapper = {
# configs =
# let
# commonExtraConfig = ''
# ALLOW_USERS="bertof"
# TIMELINE_CREATE=yes
# TIMELINE_CLEANUP=yes
# '';
# in
# {
# bertof_raid0 = {
# subvolume = "/mnt/raid0/bertof";
# extraConfig = ''
# ALLOW_USERS="bertof"
# ${commonExtraConfig}
# '';
# };
# tiziano_raid0 = {
# subvolume = "/mnt/raid0/tiziano";
# extraConfig = ''
# ALLOW_USERS="tiziano"
# ${commonExtraConfig}
# '';
# };
# condiviso_raid0 = {
# subvolume = "/mnt/raid0/condiviso";
# extraConfig = ''
# ALLOW_USERS="bertof tiziano"
# ${commonExtraConfig}
# '';
# };
# };
# };
security.sudo.extraConfig = ''
Defaults pwfeedback
'';
system.autoUpgrade = {
enable = true;
allowReboot = true;
flags = [ "--flake gitlab:bertof/nix-dotfiles" ];
};
system.stateVersion = "22.05";
}
Reference in a new issue View git blame Copy permalink