# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware/samsehu.nix ]; # Use the `systemd-boot` boot loader boot.loader.systemd-boot.enable = true; networking.hostName = "samsehu"; # Define your hostname. # Pick only one of the below networking options. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "America/Denver"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; # useXkbConfig = true; # use xkb.options in tty. # }; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.geemili = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. packages = with pkgs; [ ]; }; users.users.desttinghim = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. packages = with pkgs; [ ]; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ helix wget ]; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; services.cockpit = { enable = true; openFirewall = true; }; services.udisks2.enable = true; services.jellyfin = { enable = true; openFirewall = true; }; services.blocky = { enable = true; settings = { ports.dns = 53; ports.http = 4000; upstreams = { # Picks 2 random resolvers and returns answer from fastest one. Read docs for more info. strategy = "parallel_best"; groups.default = [ # CloudFlare "https://one.one.one.one/dns-query" # OpenDNS "https://doh.opendns.com/dns-query" # Google "8.8.8.8" "8.8.4.4" "2001:4860:4860::8888" "2001:4860:4860::8844" # Comcast/Our ISP "75.75.75.75" "75.75.76.76" ]; }; bootstrapDns = { upstream = "https://one.one.one.one/dns-query"; ips = [ "1.1.1.1" "1.0.0.1" ]; }; blocking = { blackLists = { ads = ["https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"]; }; clientGroupsBlock = { default = [ "ads" ]; }; }; }; }; services.forgejo = { enable = true; }; services.lldap = { enable = true; settings = { ldap_base_dn = "dc=twins,dc=pearson"; # Sets the root administrator's user name ldap_user_dn = "admin"; # Default administrator password ldap_user_pass = "extending pulsate nastily"; }; }; # Dynamic DNS through duck dns users.users.dynamicdns = { # allocates the `uid` in the range 100-999, which indicates to software like login managers that it should not be displayed to the user. isSystemUser = true; group = "dynamicdns"; }; users.groups.dynamicdns = {}; systemd.services.dynamic-dns-updater = { serviceConfig.User = "dynamicdns"; path = [ pkgs.curl ]; script = "curl -o ~/duck.log --url-query domains=samsehuperli --url-query token@${config.age.secrets.samsehu_DUCK_DNS_TOKEN.path} https://www.duckdns.org/update"; startAt = "hourly"; }; systemd.timers.dynamic-dns-updater = { timerConfig.RandomizedDelaySec = "15m"; }; # Reverse proxy with Caddy services.caddy = { enable = true; virtualHosts."samsehu.perli.casa".extraConfig = '' respond "Hello, world!" ''; }; # Enable automatic upgrades system.autoUpgrade.enable = true; system.autoUpgrade.allowReboot = true; # Enable automatic garbage collection nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; nix.settings.trusted-users = [ "geemili" ]; # Open ports in the firewall. networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ # Blocky DNS 53 # Blocky API 4000 # Caddy HTTP and HTTPS 80 443 # Forgejo web interface 3000 # lldap LDAP 3890 # lldap HTTP; user login and administration 17170 ]; networking.firewall.allowedUDPPorts = [ # Blocky DNS 53 ]; # Use systemd-resolved and set networkmanager to allow mdns services.resolved.enable = true; networking.networkmanager.connectionConfig."connection.mdns" = 2; # 2 == yes # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? }