tstarr/dotfiles
1
0
Fork 0
mirror of https://github.com/starr-dusT/dotfiles.git synced 2025-02-19 19:27:31 -08:00
Code Issues Packages Projects Releases Wiki Activity
dotfiles/provision/hosts/torus/configuration.nix

159 lines
3.8 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, user, lib, ... }:
{
imports = [
../../modules
./wireguard-server.nix
./samba-server.nix
./syncthing.nix
./obsidian-vault.nix
./share.nix
];
nix = {
package = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flakes";
settings.auto-optimise-store = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
# Add non-free packages
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = import ../../lib/overlays.nix;
# Use normal kernel
boot.kernelPackages = pkgs.linuxPackages;
# Set kernel modules
boot.kernelModules = [ "sg" ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Set networking options
networking.hostName = "torus";
# Needed for wireguard-server
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
};
networking.firewall.enable = true;
networking.firewall.checkReversePath = "loose";
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
# Set your time zone.
time.timeZone = "America/Los_Angeles";
i18n.defaultLocale = "en_US.UTF-8";
# Enable virtualisation
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "btrfs";
virtualisation.docker.enableNvidia = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
setLdLibraryPath = true;
};
# Define user account.
users.users.${user} = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ]; # Enable sudo for the user.
shell = pkgs.bash;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
docker-compose
python3
zk
gollum
];
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.pcscd.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "curses";
enableSSHSupport = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "starrtyler88@gmail.com";
};
security.pam.services.nginx.setEnvironment = false;
systemd.services.nginx.serviceConfig = {
SupplementaryGroups = [ "shadow" ];
};
networking.nameservers = [ "8.8.8.8" "8.8.4.4" ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
additionalModules = [ pkgs.nginxModules.pam ];
virtualHosts = let
SSL = {
enableACME = true;
forceSSL = true;
}; in {
"rss.tstarr.us" = (SSL // {
locations."/".proxyPass = "http://localhost:8081/";
});
"rssbridge.tstarr.us" = (SSL // {
locations."/".proxyPass = "http://localhost:3000/";
});
"media.tstarr.us" = (SSL // {
locations."/".proxyPass = "http://localhost:8096/";
});
"vault.tstarr.us" = (SSL // {
locations."/".proxyPass = "http://localhost:5000/";
extraConfig = ''
auth_pam "Password Required";
auth_pam_service_name "nginx";
'';
});
"share.tstarr.us" = (SSL // {
locations."/".proxyPass = "http://localhost:5001/";
extraConfig = ''
auth_pam "Password Required";
auth_pam_service_name "nginx";
'';
});
};
};
# Enable modules
modules = {
devel = {
tooling.enable = true;
};
services = {
jellyfin.enable = true;
};
system = {
terminal.enable = true;
ssh.enable = true;
secrets.enable = true;
};
};
# Did you read the comment?
system.stateVersion = "23.11";
}
Reference in New Issue View Git Blame Copy Permalink