Twins
/
server-configuration
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
server-configuration/configuration.nix

207 lines
5.6 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware/samsehu.nix
];
# Use the `systemd-boot` boot loader
boot.loader.systemd-boot.enable = true;
networking.hostName = "samsehu"; # Define your hostname.
# Pick only one of the below networking options.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "America/Denver";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.geemili = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [ ];
};
users.users.desttinghim = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [ ];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
helix
wget
];
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.cockpit = {
enable = true;
openFirewall = true;
};
services.udisks2.enable = true;
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.blocky = {
enable = true;
settings = {
ports.dns = 53;
ports.http = 4000;
upstreams = {
# Picks 2 random resolvers and returns answer from fastest one. Read docs for more info.
strategy = "parallel_best";
groups.default = [
# CloudFlare
"https://one.one.one.one/dns-query"
# OpenDNS
"https://doh.opendns.com/dns-query"
# Google
"8.8.8.8"
"8.8.4.4"
"2001:4860:4860::8888"
"2001:4860:4860::8844"
# Comcast/Our ISP
"75.75.75.75"
"75.75.76.76"
];
};
bootstrapDns = {
upstream = "https://one.one.one.one/dns-query";
ips = [ "1.1.1.1" "1.0.0.1" ];
};
blocking = {
blackLists = {
ads = ["https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"];
};
clientGroupsBlock = {
default = [ "ads" ];
};
};
};
};
services.forgejo = {
enable = true;
};
services.lldap = {
enable = true;
settings = {
ldap_base_dn = "dc=twins,dc=pearson";
# Sets the root administrator's user name
ldap_user_dn = "admin";
# Default administrator password
ldap_user_pass = "extending pulsate nastily";
};
};
# ACME client service for configuring SSL certificate
security.acme = {
acceptTerms = true;
defaults.email = "fresh.car0178@geemili.xyz";
certs."samsehu.perli.casa" = {
domain = "samsehu.perli.casa";
dnsProvider = "nearlyfreespeech";
credentialFiles = {
"NEARLYFREESPEECH_API_KEY_FILE" = config.age.secrets.samsehu_NFSN_API_KEY.path;
"NEARLYFREESPEECH_LOGIN_FILE" = config.age.secrets.samsehu_NFSN_LOGIN.path;
};
};
};
# Enable automatic upgrades
system.autoUpgrade.enable = true;
system.autoUpgrade.allowReboot = true;
# Enable automatic garbage collection
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
# Open ports in the firewall.
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# Blocky DNS
53
# Blocky API
4000
# Forgejo web interface
3000
# lldap LDAP
3890
# lldap HTTP; user login and administration
17170
];
networking.firewall.allowedUDPPorts = [
# Blocky DNS
53
];
# Use systemd-resolved and set networkmanager to allow mdns
services.resolved.enable = true;
networking.networkmanager.connectionConfig."connection.mdns" = 2; # 2 == yes
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink