This repository has been archived on 2024-10-19. You can view files and clone it, but cannot push or open issues or pull requests.
server-nixos-config/configuration.nix

272 lines
6.2 KiB
Nix
Raw Normal View History

2024-08-23 00:35:09 -04:00
{ config, pkgs, options, lib, ... }:
let
# Import home manager
homeManager = fetchTarball
"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
# Secrets and passwords
secrets = import ./secrets.nix;
in
{
imports = [
./hardware-configuration.nix
2024-08-27 14:23:50 -04:00
./freecorn.nix
./jimbo.nix
2024-08-23 00:35:09 -04:00
"${homeManager}/nixos"
];
2024-08-27 14:31:28 -04:00
# Bootloader
2024-08-27 14:23:50 -04:00
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
2024-08-23 00:35:09 -04:00
2024-08-27 14:31:28 -04:00
# Hostname and networking
networking = {
hostName = "freecornserver";
networkmanager.enable = true;
};
2024-08-23 00:35:09 -04:00
# Enable network manager applet
programs.nm-applet.enable = true;
# Set your time zone.
time.timeZone = secrets.timeZone;
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
# Enable the X11 windowing system.
2024-08-27 14:28:54 -04:00
services.xserver = {
enable = true;
videoDrivers = [ "radeon" ];
xkb = {
layout = "us";
variant = "";
};
# Enable the LXQT Desktop Environment.
2024-08-27 14:38:20 -04:00
displayManager.lightdm.enable = true;
desktopManager.lxqt.enable = true;
2024-08-27 14:28:54 -04:00
};
2024-08-23 00:35:09 -04:00
# Printer Stuff (FUCK HP!)
2024-08-27 14:23:50 -04:00
services = {
printing = {
2024-08-23 00:35:09 -04:00
enable = true;
2024-08-27 14:23:50 -04:00
drivers = [ pkgs.hplip ];
webInterface = false;
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
2024-08-23 00:35:09 -04:00
};
};
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
2024-08-27 17:57:17 -04:00
users.users.nextcloud = {
extraGroups = [ "nfsShare" ];
isSystemUser = true;
};
2024-08-23 00:35:09 -04:00
# OpenGL and drivers
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# RTL-SDR Support
hardware.rtl-sdr.enable = true;
boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver
# OpenWebRX
2024-08-27 14:23:50 -04:00
# services.openwebrx.enable = true;
2024-08-23 00:35:09 -04:00
# Enable automatic login for the user.
2024-08-27 14:28:54 -04:00
services.displayManager.autoLogin = {
enable = true;
user = "freecorn";
2024-08-23 00:35:09 -04:00
};
2024-09-14 02:31:05 -04:00
# PufferPannel
services = {
pufferpanel = {
enable = true;
environment = {
PUFFER_WEB_HOST = ":5010";
PUFFER_PANEL_SETTINGS_MASTERURL = "https://ppanel.${secrets.cornDomain}";
# PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
# PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";
# PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";
# PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
# PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;
};
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
package = pkgs.buildFHSEnv {
name = "pufferpanel-fhs";
meta.mainProgram = "pufferpanel-fhs";
runScript = lib.getExe pkgs.pufferpanel;
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
};
};
};
2024-08-23 00:35:09 -04:00
# NGINX :3
services.nginx = {
enable = true;
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
# Homepage HTML
2024-08-23 01:05:44 -04:00
virtualHosts = {
"${secrets.cornDomain}" = {
2024-08-23 00:35:09 -04:00
enableACME = true;
addSSL = true;
root = "/var/www/cornweb";
};
# non-free websites
2024-08-23 01:05:44 -04:00
"nonfree.${secrets.cornDomain}" = {
2024-08-23 00:35:09 -04:00
enableACME = true;
forceSSL = true;
root = "/var/www/non-free";
};
# websdr server
2024-09-14 02:31:05 -04:00
"ppannel.${secrets.cornDomain}" = {
2024-08-23 00:35:09 -04:00
enableACME = true;
forceSSL = true;
locations."/" = {
2024-09-14 02:31:05 -04:00
proxyPass = "http://127.0.0.1:5010";
2024-08-23 00:35:09 -04:00
proxyWebsockets = true;
2024-08-23 01:11:57 -04:00
};
2024-08-23 00:35:09 -04:00
};
2024-08-23 01:01:32 -04:00
2024-08-27 17:57:17 -04:00
# Nextcloud Proxy
"cloud.${secrets.cornDomain}" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
'';
};
};
2024-08-23 01:05:44 -04:00
};
2024-08-23 00:35:09 -04:00
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
}
}
}
'';
};
2024-08-27 17:57:17 -04:00
# Nextcloud server
services.nextcloud = {
enable = true;
package = pkgs.nextcloud29;
hostName = "cloud.${secrets.cornDomain}";
datadir = "/mnt/nextcloud";
https = true;
config = {
adminuser = "freecorn";
adminpassFile = "/mnt/nextcloud/password.txt";
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.${secrets.cornDomain}" ];
overwriteprotocol = "https";
};
};
2024-08-23 01:01:32 -04:00
2024-08-23 00:35:09 -04:00
# Get certificates for Coturn
security.acme = {
acceptTerms = true;
defaults.email = secrets.cornEmail;
};
# Install firefox.
programs.firefox.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Packages installed in system profile
environment.systemPackages = with pkgs; [
2024-08-27 14:23:50 -04:00
wget
x11vnc
fastfetch
ffmpeg
system-config-printer
libcaption
git
rtl-sdr
steam-run
2024-09-14 02:31:05 -04:00
# openwebrx
qbittorrent
2024-08-23 00:35:09 -04:00
];
# Install fonts, need this for orbitron!
fonts.packages = with pkgs; [
orbitron
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
2024-08-27 14:23:50 -04:00
settings = {
PermitRootLogin = "no";
PrintLastLog = "no";
2024-08-27 14:53:26 -04:00
PasswordAuthentication = false;
2024-08-27 14:23:50 -04:00
};
2024-08-27 17:57:17 -04:00
openFirewall = true;
2024-08-23 00:35:09 -04:00
};
# Open ports in the firewall.
2024-08-27 17:57:17 -04:00
networking.firewall.allowedTCPPorts = [
1935 # RTMP
4455 # VR
80 443 # Nginx
1234 # Something
];
2024-08-27 14:23:50 -04:00
networking.firewall.allowedUDPPorts = [ 4455 ];
2024-08-23 00:35:09 -04:00
# Copy and link the NixOS configuration file to (/run/current-system/configuration.nix).
system.copySystemConfiguration = true;
# Don't change this
system.stateVersion = "24.05";
}