bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-dotfiles/freya/configuration.nix
Filippo Berto c69d6fa6fb
Update flake
2023-02-09 23:21:28 +01:00

298 lines
8.8 KiB
Nix
Raw Blame History

{ pkgs, lib, ... }:
with lib; {
boot = {
# kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "it";
};
environment = {
pathsToLink = [ "/share/zsh" ];
systemPackages = with pkgs; [ kakoune tmux vim ];
};
i18n.defaultLocale = "it_IT.UTF-8";
programs = {
dconf.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh = {
enable = true;
syntaxHighlighting.enable = true;
};
};
networking = {
hostName = "freya";
# interfaces = { eno1.useDHCP = true; wlp7s0.useDHCP = true; };
networkmanager.enable = true;
useDHCP = false;
};
time.timeZone = "Europe/Rome";
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
userServices = true;
workstation = true;
};
extraServiceFiles = {
ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
};
# bazarr = { enable = true; openFirewall = true; group = "users"; };
# blueman.enable = true;
dbus.packages = with pkgs; [ dconf ];
# fail2ban = { enable = true; bantime-increment.enable = true; };
gnome.gnome-keyring.enable = true;
# gvfs = { enable = true; package = mkForce pkgs.gnome3.gvfs; };
# jackett = { enable = true; openFirewall = true; group = "users"; };
# jellyfin = { enable = true; openFirewall = true; group = "users"; };
# logind.lidSwitch = "ignore";
# node-red = { enable = true; openFirewall = true; withNpmAndGcc = true; };
openssh = {
enable = true;
openFirewall = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
# plex = { enable = true; openFirewall = true; group = "users"; };
# power-profiles-daemon.enable = true;
# radarr = { enable = true; openFirewall = true; group = "users"; };
# samba-wsdd = { enable = true; discovery = true; };
# samba = {
# enable = true;
# enableNmbd = true;
# enableWinbindd = true;
# nsswins = true;
# extraConfig = ''
# workgroup = WORKGROUP
# load printers = no
# smb encrypt = required
# '';
# shares =
# let
# common = {
# "public" = "no";
# "writeable" = "yes";
# "create mask" = "0700";
# "directory mask" = "2700";
# "browseable" = "yes";
# "guest ok" = "no";
# "read only" = "no";
# "force group" = "users";
# };
# in
# {
# bertof = recursiveUpdate common {
# path = "/mnt/raid0/bertof";
# comment = "Bertof samba share";
# "force user" = "bertof";
# "valid users" = "bertof";
# };
# tiziano = recursiveUpdate common {
# path = "/mnt/raid0/tiziano";
# comment = "Tiziano samba share";
# "force user" = "tiziano";
# "valid users" = "tiziano";
# };
# condiviso = recursiveUpdate common {
# path = "/mnt/raid0/condiviso";
# comment = "Samba share condiviso";
# "valid users" = "bertof tiziano";
# "create mask" = "0770";
# "directory mask" = "2770";
# "force create mode" = "0660";
# "force directory mode" = "2770";
# };
# bertof_safe = recursiveUpdate common {
# path = "/mnt/raid1/bertof";
# comment = "Bertof samba share";
# "force user" = "bertof";
# "valid users" = "bertof";
# };
# tiziano_safe = recursiveUpdate common {
# path = "/mnt/raid1/tiziano";
# comment = "Tiziano samba share";
# "force user" = "tiziano";
# "valid users" = "tiziano";
# };
# condiviso_safe = recursiveUpdate common {
# path = "/mnt/raid1/condiviso";
# comment = "Samba share condiviso";
# "valid users" = "bertof tiziano";
# "create mask" = "0770";
# "directory mask" = "2770";
# "force create mode" = "0660";
# "force directory mode" = "2770";
# };
# };
# };
smartd = {
enable = true;
notifications.x11.enable = true;
};
# sonarr = { enable = true; openFirewall = true; group = "users"; };
thermald.enable = true;
# transmission = {
# enable = true;
# openFirewall = true;
# group = "users";
# settings = {
# download-dir = "/mnt/raid0/condiviso/Scaricati/Torrent";
# incomplete-dir = "/mnt/raid0/condiviso/Scaricati/Torrent/.incomplete";
# };
# };
# xserver = {
# # enable = true;
# videoDrivers = [ "nvidia" ];
# # layout = "it";
# # xkbOptions = "eurosign:e;";
# # libinput.enable = true;
# };
# zoneminder = {
# enable = true;
# openFirewall = true;
# cameras = 3;
# hostname = "0.0.0.0";
# database = { username = "zoneminder"; createLocally = true; };
# };
# mysql = {
# # enable = true;
# ensureUsers = [{ name = "bertof"; ensurePermissions = { "*.*" = "ALL PRIVILEGES"; }; }];
# };
};
users.users = {
bertof = {
isNormalUser = true;
extraGroups = [
"audio"
"input"
"docker"
"libvirtd"
"network"
"networkmanager"
"usb"
"video"
"wheel"
];
shell = pkgs.zsh;
};
# tiziano = {
# isNormalUser = true;
# openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMExwtJFk6HjySrTZwJH67SOHC3hlL28NO4oe2GXsv6k" ];
# };
# jellyfin.extraGroups = [ "video" ];
};
# services.snapper = {
# configs =
# let
# commonExtraConfig = ''
# ALLOW_USERS="bertof"
# TIMELINE_CREATE=yes
# TIMELINE_CLEANUP=yes
# '';
# in
# {
# bertof_raid0 = {
# subvolume = "/mnt/raid0/bertof";
# extraConfig = ''
# ALLOW_USERS="bertof"
# ${commonExtraConfig}
# '';
# };
# tiziano_raid0 = {
# subvolume = "/mnt/raid0/tiziano";
# extraConfig = ''
# ALLOW_USERS="tiziano"
# ${commonExtraConfig}
# '';
# };
# condiviso_raid0 = {
# subvolume = "/mnt/raid0/condiviso";
# extraConfig = ''
# ALLOW_USERS="bertof tiziano"
# ${commonExtraConfig}
# '';
# };
# };
# };
# systemd.packages = with pkgs; [ syncthing ];
# systemd.services =
# let
# common = {
# documentation = [ "man:syncthing(1)" ];
# startLimitIntervalSec = 60;
# startLimitBurst = 4;
# after = [ "network.target" ];
# environment = { STNORESTART = "yes"; STNOUPGRADE = "yes"; };
# wantedBy = [ "default.target" ];
# serviceConfig = {
# Restart = "on-failure";
# RestartSec = 1;
# SuccessExitStatus = "3 4";
# RestartForceExitStatus = "3 4";
# Group = config.ids.gids.users;
# MemoryDenyWriteExecute = true;
# NoNewPrivileges = true;
# PrivateDevices = true;
# PrivateMounts = true;
# PrivateTmp = true;
# PrivateUsers = true;
# ProtectControlGroups = true;
# ProtectHostname = true;
# ProtectKernelModules = true;
# ProtectKernelTunables = true;
# RestrictNamespaces = true;
# RestrictRealtime = true;
# RestrictSUIDSGID = true;
# CapabilityBoundingSet = [ "~CAP_SYS_PTRACE" "~CAP_SYS_ADMIN" "~CAP_SETGID" "~CAP_SETUID" "~CAP_SETPCAP" "~CAP_SYS_TIME" "~CAP_KILL" ];
# };
# };
# in
# {
# syncthing-bertof = recursiveUpdate common {
# description = "Syncthing service bertof";
# serviceConfig = { User = "bertof"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8384 -home=/mnt/raid0/bertof/Syncthing/.config"; };
# };
# syncthing-tiziano = recursiveUpdate common {
# description = "Syncthing service tiziano";
# serviceConfig = { User = "tiziano"; ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -gui-address=0.0.0.0:8385 -home=/mnt/raid0/tiziano/Syncthing/.config"; };
# };
# };
security.sudo.extraConfig = ''
Defaults pwfeedback
'';
system.autoUpgrade = {
enable = true;
allowReboot = true;
flags = [ "--flake gitlab:bertof/nix-dotfiles" ];
};
system.stateVersion = "22.05";
}
Reference in a new issue View git blame Copy permalink