server-nixos-config/configuration.nix

{ config, pkgs, options, lib, ... }:
let
  # Import home manager
  homeManager = fetchTarball
    "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";

  # Secrets and passwords
  secrets = import ./secrets.nix;
in

{
  imports = [ 
    ./hardware-configuration.nix 
    ./freecorn.nix
    ./jimbo.nix
    ./vaultwarden.nix
    "${homeManager}/nixos"
#    ./wireguard.nix
#    ./neovim.nix 
  ];

  # Bootloader
  boot.loader.grub = {
    enable = true;
    device = "/dev/sda";
  };

  # Enable network manager applet
  programs.nm-applet.enable = true;

  # Set your time zone.
  time.timeZone = secrets.timeZone;

  # Select internationalisation properties.
  i18n.defaultLocale = "en_CA.UTF-8";

  # allow non nix programs to run
  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = with pkgs; [
    # Add any missing dynamic libraries for unpackaged programs
    # here, NOT in environment.systemPackages
  ];


  # Enable the X11 windowing system.
#  services.xserver = {
#    enable = true;
#    videoDrivers = [ "radeon" ];
#    xkb = {
#      layout = "us";
#      variant = "";
#    };

    # Enable the LXQT Desktop Environment.
#    displayManager.lightdm.enable = true;
#    desktopManager.lxqt.enable = true;
#  };

  # Enable automatic login for the user.
#  services.displayManager.autoLogin = {
#    enable = true;
#    user = "freecorn";
#  };

  # Enable sound with pipewire.
#  hardware.pulseaudio.enable = false;
#  security.rtkit.enable = true;
#  services.pipewire = {
#    enable = true;
#    alsa.enable = true;
#    alsa.support32Bit = true;
#    pulse.enable = true;
#  };

  # OpenGL and drivers
#  hardware.opengl = {
#    enable = true;
#    driSupport = true;
#    driSupport32Bit = true;
#  };

  # Printer Stuff (FUCK HP!)
#  services = {
#    printing = {
#        listenAddresses = [ "*:631" ];
#        allowFrom = [ "all" ];
#        browsing = true;
#        defaultShared = true;
#        openFirewall = true;
#        enable = true;
#        drivers = [ pkgs.hplip ];
#        webInterface = true;
#    };
#    avahi = {
#      nssmdns4 = true;
#      openFirewall = true;
#      publish = {
#       enable = true;
#       userServices = true;
#    };
#   };
#  };

  # Install fonts, need this for orbitron!
#  fonts.packages = with pkgs; [
#    orbitron
#  ];
  
#  systemd.services.rtl_tcp = {
#    enable = true;
#    description = "rtl_tcp";
#    unitConfig = {
#      Type = "simple";
#      # ...
#    };
#    serviceConfig = {
#      ExecStart = "rtl_tcp -a 10.0.0.240";
#      # ...
#  };
#}

  # Define a users and groups
  users = {
    groups = {
      nfsShare = {};
    };
    users.nextcloud = {
      extraGroups = [ "nfsShare" ];
      isSystemUser = true;
    };
  };

  # RTL-SDR Support
  hardware.rtl-sdr.enable = true;
  boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver

  # Docker :(((
  virtualisation.docker.enable = true;

  # OpenWebRX
#  services.openwebrx.enable = true;

  # PufferPannel
  services = {
    pufferpanel = {
      enable = true;
      environment = {
        PUFFER_WEB_HOST = ":5010";
        PUFFER_PANEL_SETTINGS_MASTERURL = "https://ppanel.${secrets.cornDomain}";
	PUFFER_PANEL_REGISTRATIONENABLED = "false";
       # PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
       # PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";
       # PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";
       # PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
       # PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;
      };
      extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
      package = pkgs.buildFHSEnv {
        name = "pufferpanel-fhs";
        meta.mainProgram = "pufferpanel-fhs";
        runScript = lib.getExe pkgs.pufferpanel;
        targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
      };
    };
  };

  # NGINX :3
  services.nginx = {
    enable = true;
    package = (pkgs.nginx.override {
      modules = with pkgs.nginxModules; [ rtmp ];
    });
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedProxySettings = true;

    # Homepage HTML
    virtualHosts = {
      "${secrets.cornDomain}" = {
        enableACME = true;
        addSSL = true;
        root = "/var/www/cornweb";
      };

      # non-free websites
      "nonfree.${secrets.cornDomain}" = {
        enableACME = true;
        forceSSL = true;
        root = "/var/www/non-free";
      };

      # websdr server
      "ppanel.${secrets.cornDomain}" = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:5010";
          proxyWebsockets = true;
	};
      };

      # Nextcloud Proxy
      "cloud.${secrets.cornDomain}" = {
        enableACME = true;
        addSSL = true;
        locations."/" = {
          proxyWebsockets = true;
          extraConfig = ''
            location /.well-known/carddav {
              return 301 $scheme://$host/remote.php/dav;
            }
            location /.well-known/caldav {
              return 301 $scheme://$host/remote.php/dav;
	    }
          '';
        };
      };
    };
    appendConfig = ''
      rtmp {
        server {
          listen 1935;
          chunk_size 4096;
          allow publish all;
          application stream {
            record off;
            live on;
            allow play all;
          }
        }
      }
    '';
  };

  # Nextcloud server
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud29;
    hostName = "cloud.${secrets.cornDomain}";
    datadir = "/mnt/nextcloud";
    https = true;
    config = {
      adminuser = "freecorn";
      adminpassFile = "/mnt/nextcloud/password.txt";
    };
    settings = {
      trusted_proxies = [ "127.0.0.1" ];
      trusted_domains = [ "cloud.${secrets.cornDomain}" ];
      overwriteprotocol = "https";
    };
  };

  # Get certificates for Coturn
  security.acme = {
    acceptTerms = true;
    defaults.email = secrets.cornEmail;
  };

  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

  # Packages installed in system profile
  environment.systemPackages = with pkgs; [
    # firefox
    wget
    x11vnc
    fastfetch
    ffmpeg
    system-config-printer
    libcaption
    git
    rtl-sdr
    steam-run
    # openwebrx
    qbittorrent
    vim
  ];

  # Enable the OpenSSH daemon.
  services.openssh = {
  enable = true;
    settings = {
      PermitRootLogin = "no";
      PrintLastLog = "no";
      PasswordAuthentication = false;
    };
    openFirewall = true;
  };

  # Hostname and networking
  networking = {
    hostName = "freecornserver";
    networkmanager.enable = true;
    firewall = {
      allowedTCPPorts = [ 
        1935 # RTMP
#        4455 # VR
        80 443 # Nginx
        1234 # rtl_tcp
#        25565 # minecraft port
         8222
      ];
      allowedUDPPorts = [ 
#        4455
#        24454 # minecraft vc mod
      ];
      # Add extra input rules using nftables
      extraInputRules = ''
        ip saddr { 10.0.0.124, ${secrets.jimIP1}, ${secrets.jimIP2}, ${secrets.lunaIP} } tcp dport 2049 accept comment "Accept NFS"
      '';
    };
    nftables = {
      enable = true;
      tables = {
        forwarding = {
          family = "ip";
          content = ''
            chain PREROUTING {
              type nat hook prerouting priority dstnat; policy accept;
              tcp dport { 9943, 9944 } dnat to 10.0.0.97 comment "ALVR"
            }
            chain POSTROUTING {
              type nat hook postrouting priority 100; policy accept;
              oifname "enp2s0" masquerade
            }
          '';
        };
      };
    };
  };

  
# :3
     

  # NFS server
#  services.nfs.server = {
#    enable = true;
#    exports = ''
#      /export/freecornNFS *(rw,no_subtree_check)
#    '';
#  };

  # Copy and link the NixOS configuration file to (/run/current-system/configuration.nix).
  system.copySystemConfiguration = true;

  # Don't change this
  system.stateVersion = "24.05";
}
added the config files 2024-08-23 00:35:09 -04:00			`{ config, pkgs, options, lib, ... }:`
			`let`
			`# Import home manager`
			`homeManager = fetchTarball`
			`"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";`

			`# Secrets and passwords`
			`secrets = import ./secrets.nix;`
			`in`

			`{`
			`imports = [`
			`./hardware-configuration.nix`
:3 2024-08-27 14:23:50 -04:00			`./freecorn.nix`
Comment out nextcloud for now and Jimbo 2024-08-27 14:52:05 -04:00			`./jimbo.nix`
added vaultwarden but thats under secrets 2024-10-09 20:52:40 -04:00			`./vaultwarden.nix`
last commit till merge with desktop 2024-10-18 22:30:36 -04:00			`"${homeManager}/nixos"`
			`# ./wireguard.nix`
			`# ./neovim.nix`
added the config files 2024-08-23 00:35:09 -04:00			`];`

Make nextcloud a service 2024-08-27 14:31:28 -04:00			`# Bootloader`
:3 2024-08-27 14:23:50 -04:00			`boot.loader.grub = {`
			`enable = true;`
			`device = "/dev/sda";`
			`};`
added the config files 2024-08-23 00:35:09 -04:00
			`# Enable network manager applet`
			`programs.nm-applet.enable = true;`

			`# Set your time zone.`
			`time.timeZone = secrets.timeZone;`

			`# Select internationalisation properties.`
			`i18n.defaultLocale = "en_CA.UTF-8";`

sdr server stuff (rtl_tcp support) 2024-09-27 16:05:28 -04:00			`# allow non nix programs to run`
			`programs.nix-ld.enable = true;`
			`programs.nix-ld.libraries = with pkgs; [`
			`# Add any missing dynamic libraries for unpackaged programs`
			`# here, NOT in environment.systemPackages`
			`];`


added the config files 2024-08-23 00:35:09 -04:00			`# Enable the X11 windowing system.`
commented out xorg stuff 2024-09-15 17:57:41 -04:00			`# services.xserver = {`
			`# enable = true;`
			`# videoDrivers = [ "radeon" ];`
			`# xkb = {`
			`# layout = "us";`
			`# variant = "";`
			`# };`
Attempt to fix duplicate xserver 2024-08-27 14:28:54 -04:00
			`# Enable the LXQT Desktop Environment.`
commented out xorg stuff 2024-09-15 17:57:41 -04:00			`# displayManager.lightdm.enable = true;`
			`# desktopManager.lxqt.enable = true;`
broken config, someone fix 2024-09-22 16:42:26 -04:00			`# };`

			`# Enable automatic login for the user.`
			`# services.displayManager.autoLogin = {`
			`# enable = true;`
			`# user = "freecorn";`
			`# };`

			`# Enable sound with pipewire.`
			`# hardware.pulseaudio.enable = false;`
			`# security.rtkit.enable = true;`
			`# services.pipewire = {`
			`# enable = true;`
			`# alsa.enable = true;`
			`# alsa.support32Bit = true;`
			`# pulse.enable = true;`
			`# };`

			`# OpenGL and drivers`
			`# hardware.opengl = {`
			`# enable = true;`
			`# driSupport = true;`
			`# driSupport32Bit = true;`
commented out xorg stuff 2024-09-15 17:57:41 -04:00			`# };`
added the config files 2024-08-23 00:35:09 -04:00
			`# Printer Stuff (FUCK HP!)`
i give up on network printing 2024-10-09 22:13:22 -04:00			`# services = {`
			`# printing = {`
			`# listenAddresses = [ "*:631" ];`
			`# allowFrom = [ "all" ];`
			`# browsing = true;`
			`# defaultShared = true;`
			`# openFirewall = true;`
			`# enable = true;`
			`# drivers = [ pkgs.hplip ];`
			`# webInterface = true;`
			`# };`
			`# avahi = {`
			`# nssmdns4 = true;`
			`# openFirewall = true;`
			`# publish = {`
			`# enable = true;`
			`# userServices = true;`
			`# };`
			`# };`
			`# };`
added the config files 2024-08-23 00:35:09 -04:00
broken config, someone fix 2024-09-22 16:42:26 -04:00			`# Install fonts, need this for orbitron!`
			`# fonts.packages = with pkgs; [`
			`# orbitron`
			`# ];`
i forgor 💀 2024-09-29 04:37:29 -04:00
			`# systemd.services.rtl_tcp = {`
			`# enable = true;`
			`# description = "rtl_tcp";`
			`# unitConfig = {`
			`# Type = "simple";`
			`# # ...`
			`# };`
			`# serviceConfig = {`
			`# ExecStart = "rtl_tcp -a 10.0.0.240";`
			`# # ...`
			`# };`
			`#}`
added the config files 2024-08-23 00:35:09 -04:00
NFS stuff 2024-09-22 18:55:25 -04:00			`# Define a users and groups`
			`users = {`
			`groups = {`
			`nfsShare = {};`
			`};`
			`users.nextcloud = {`
			`extraGroups = [ "nfsShare" ];`
			`isSystemUser = true;`
			`};`
update config idk jimbo did it all 2024-08-27 17:57:17 -04:00			`};`
added the config files 2024-08-23 00:35:09 -04:00
			`# RTL-SDR Support`
			`hardware.rtl-sdr.enable = true;`
			`boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver`

added docker :( for gmod server and other rouge apps 2024-09-15 17:39:34 -04:00			`# Docker :(((`
			`virtualisation.docker.enable = true;`

added the config files 2024-08-23 00:35:09 -04:00			`# OpenWebRX`
:3 2024-08-27 14:23:50 -04:00			`# services.openwebrx.enable = true;`
added the config files 2024-08-23 00:35:09 -04:00
added pufferpannel, yoy 2024-09-14 02:31:05 -04:00			`# PufferPannel`
			`services = {`
			`pufferpanel = {`
			`enable = true;`
			`environment = {`
			`PUFFER_WEB_HOST = ":5010";`
			`PUFFER_PANEL_SETTINGS_MASTERURL = "https://ppanel.${secrets.cornDomain}";`
make sure that no new accounts can be made 2024-09-14 02:37:16 -04:00			`PUFFER_PANEL_REGISTRATIONENABLED = "false";`
added pufferpannel, yoy 2024-09-14 02:31:05 -04:00			`# PUFFER_PANEL_EMAIL_PROVIDER = "smtp";`
			`# PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";`
			`# PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";`
			`# PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";`
			`# PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;`
			`};`
			`extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];`
			`package = pkgs.buildFHSEnv {`
			`name = "pufferpanel-fhs";`
			`meta.mainProgram = "pufferpanel-fhs";`
			`runScript = lib.getExe pkgs.pufferpanel;`
			`targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];`
			`};`
			`};`
			`};`

added the config files 2024-08-23 00:35:09 -04:00			`# NGINX :3`
			`services.nginx = {`
			`enable = true;`
			`package = (pkgs.nginx.override {`
			`modules = with pkgs.nginxModules; [ rtmp ];`
			`});`
			`recommendedTlsSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedGzipSettings = true;`
			`recommendedProxySettings = true;`

			`# Homepage HTML`
Fix nextcloud 2024-08-23 01:05:44 -04:00			`virtualHosts = {`
			`"${secrets.cornDomain}" = {`
added the config files 2024-08-23 00:35:09 -04:00			`enableACME = true;`
			`addSSL = true;`
			`root = "/var/www/cornweb";`
			`};`

			`# non-free websites`
Fix nextcloud 2024-08-23 01:05:44 -04:00			`"nonfree.${secrets.cornDomain}" = {`
added the config files 2024-08-23 00:35:09 -04:00			`enableACME = true;`
			`forceSSL = true;`
			`root = "/var/www/non-free";`
			`};`

			`# websdr server`
fixed typo with dns/subdomain 2024-09-14 02:34:59 -04:00			`"ppanel.${secrets.cornDomain}" = {`
added the config files 2024-08-23 00:35:09 -04:00			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
added pufferpannel, yoy 2024-09-14 02:31:05 -04:00			`proxyPass = "http://127.0.0.1:5010";`
added the config files 2024-08-23 00:35:09 -04:00			`proxyWebsockets = true;`
Close nginx also 2024-08-23 01:11:57 -04:00			`};`
added the config files 2024-08-23 00:35:09 -04:00			`};`
broken config #1 2024-08-23 01:01:32 -04:00
update config idk jimbo did it all 2024-08-27 17:57:17 -04:00			`# Nextcloud Proxy`
			`"cloud.${secrets.cornDomain}" = {`
			`enableACME = true;`
			`addSSL = true;`
			`locations."/" = {`
			`proxyWebsockets = true;`
			`extraConfig = ''`
			`location /.well-known/carddav {`
			`return 301 $scheme://$host/remote.php/dav;`
			`}`
			`location /.well-known/caldav {`
			`return 301 $scheme://$host/remote.php/dav;`
			`}`
			`'';`
			`};`
			`};`
Fix nextcloud 2024-08-23 01:05:44 -04:00			`};`
added the config files 2024-08-23 00:35:09 -04:00			`appendConfig = ''`
			`rtmp {`
			`server {`
			`listen 1935;`
			`chunk_size 4096;`
			`allow publish all;`
			`application stream {`
			`record off;`
			`live on;`
			`allow play all;`
			`}`
			`}`
			`}`
			`'';`
			`};`

update config idk jimbo did it all 2024-08-27 17:57:17 -04:00			`# Nextcloud server`
			`services.nextcloud = {`
			`enable = true;`
			`package = pkgs.nextcloud29;`
			`hostName = "cloud.${secrets.cornDomain}";`
			`datadir = "/mnt/nextcloud";`
			`https = true;`
			`config = {`
			`adminuser = "freecorn";`
			`adminpassFile = "/mnt/nextcloud/password.txt";`
			`};`
			`settings = {`
			`trusted_proxies = [ "127.0.0.1" ];`
			`trusted_domains = [ "cloud.${secrets.cornDomain}" ];`
			`overwriteprotocol = "https";`
			`};`
			`};`
broken config #1 2024-08-23 01:01:32 -04:00
added the config files 2024-08-23 00:35:09 -04:00			`# Get certificates for Coturn`
			`security.acme = {`
			`acceptTerms = true;`
			`defaults.email = secrets.cornEmail;`
			`};`

			`# Allow unfree packages`
			`nixpkgs.config.allowUnfree = true;`

			`# Packages installed in system profile`
			`environment.systemPackages = with pkgs; [`
broken config, someone fix 2024-09-22 16:42:26 -04:00			`# firefox`
:3 2024-08-27 14:23:50 -04:00			`wget`
			`x11vnc`
			`fastfetch`
			`ffmpeg`
			`system-config-printer`
			`libcaption`
			`git`
			`rtl-sdr`
			`steam-run`
added pufferpannel, yoy 2024-09-14 02:31:05 -04:00			`# openwebrx`
added qbittorrent so i can seed Rupert. 2024-09-04 18:52:06 -04:00			`qbittorrent`
last commit till merge with desktop 2024-10-18 22:30:36 -04:00			`vim`
added the config files 2024-08-23 00:35:09 -04:00			`];`

			`# Enable the OpenSSH daemon.`
			`services.openssh = {`
			`enable = true;`
:3 2024-08-27 14:23:50 -04:00			`settings = {`
			`PermitRootLogin = "no";`
			`PrintLastLog = "no";`
Temporary testing 2024-08-27 14:53:26 -04:00			`PasswordAuthentication = false;`
:3 2024-08-27 14:23:50 -04:00			`};`
update config idk jimbo did it all 2024-08-27 17:57:17 -04:00			`openFirewall = true;`
added the config files 2024-08-23 00:35:09 -04:00			`};`

broken config, someone fix 2024-09-22 16:42:26 -04:00			`# Hostname and networking`
			`networking = {`
			`hostName = "freecornserver";`
			`networkmanager.enable = true;`
			`firewall = {`
			`allowedTCPPorts = [`
			`1935 # RTMP`
sdr server stuff (rtl_tcp support) 2024-09-27 16:05:28 -04:00			`# 4455 # VR`
broken config, someone fix 2024-09-22 16:42:26 -04:00			`80 443 # Nginx`
sdr server stuff (rtl_tcp support) 2024-09-27 16:05:28 -04:00			`1234 # rtl_tcp`
			`# 25565 # minecraft port`
added vaultwarden but thats under secrets 2024-10-09 20:52:40 -04:00			`8222`
broken config, someone fix 2024-09-22 16:42:26 -04:00			`];`
			`allowedUDPPorts = [`
sdr server stuff (rtl_tcp support) 2024-09-27 16:05:28 -04:00			`# 4455`
			`# 24454 # minecraft vc mod`
broken config, someone fix 2024-09-22 16:42:26 -04:00			`];`
idk i did something 2024-09-22 18:01:25 -04:00			`# Add extra input rules using nftables`
			`extraInputRules = ''`
sdr server stuff (rtl_tcp support) 2024-09-27 16:05:28 -04:00			`ip saddr { 10.0.0.124, ${secrets.jimIP1}, ${secrets.jimIP2}, ${secrets.lunaIP} } tcp dport 2049 accept comment "Accept NFS"`
idk i did something 2024-09-22 18:01:25 -04:00			`'';`
broken config, someone fix 2024-09-22 16:42:26 -04:00			`};`
idk i did something 2024-09-22 18:01:25 -04:00			`nftables = {`
			`enable = true;`
			`tables = {`
			`forwarding = {`
			`family = "ip";`
			`content = ''`
			`chain PREROUTING {`
			`type nat hook prerouting priority dstnat; policy accept;`
			`tcp dport { 9943, 9944 } dnat to 10.0.0.97 comment "ALVR"`
			`}`
			`chain POSTROUTING {`
			`type nat hook postrouting priority 100; policy accept;`
			`oifname "enp2s0" masquerade`
			`}`
			`'';`
			`};`
			`};`
			`};`
			`};`

last commit till merge with desktop 2024-10-18 22:30:36 -04:00

			`# :3`


idk i did something 2024-09-22 18:01:25 -04:00			`# NFS server`
i forgor 💀 2024-09-29 04:37:29 -04:00			`# services.nfs.server = {`
			`# enable = true;`
			`# exports = ''`
			`# /export/freecornNFS *(rw,no_subtree_check)`
			`# '';`
			`# };`
added the config files 2024-08-23 00:35:09 -04:00
			`# Copy and link the NixOS configuration file to (/run/current-system/configuration.nix).`
			`system.copySystemConfiguration = true;`

			`# Don't change this`
			`system.stateVersion = "24.05";`
			`}`