2024-08-23 00:35:09 -04:00
|
|
|
|
{ config, pkgs, options, lib, ... }:
|
|
|
|
|
let
|
|
|
|
|
# Import home manager
|
|
|
|
|
homeManager = fetchTarball
|
|
|
|
|
"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
|
|
|
|
|
|
|
|
|
|
# Secrets and passwords
|
|
|
|
|
secrets = import ./secrets.nix;
|
|
|
|
|
in
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports = [
|
|
|
|
|
./hardware-configuration.nix
|
2024-08-27 14:23:50 -04:00
|
|
|
|
./freecorn.nix
|
2024-08-27 14:52:05 -04:00
|
|
|
|
./jimbo.nix
|
2024-08-23 00:35:09 -04:00
|
|
|
|
"${homeManager}/nixos"
|
|
|
|
|
];
|
|
|
|
|
|
2024-08-27 14:31:28 -04:00
|
|
|
|
# Bootloader
|
2024-08-27 14:23:50 -04:00
|
|
|
|
boot.loader.grub = {
|
|
|
|
|
enable = true;
|
|
|
|
|
device = "/dev/sda";
|
|
|
|
|
};
|
2024-08-23 00:35:09 -04:00
|
|
|
|
|
2024-08-27 14:31:28 -04:00
|
|
|
|
# Hostname and networking
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "freecornserver";
|
|
|
|
|
networkmanager.enable = true;
|
|
|
|
|
};
|
2024-08-23 00:35:09 -04:00
|
|
|
|
|
|
|
|
|
# Enable network manager applet
|
|
|
|
|
programs.nm-applet.enable = true;
|
|
|
|
|
|
|
|
|
|
# Set your time zone.
|
|
|
|
|
time.timeZone = secrets.timeZone;
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
i18n.defaultLocale = "en_CA.UTF-8";
|
|
|
|
|
|
|
|
|
|
# Enable the X11 windowing system.
|
2024-08-27 14:28:54 -04:00
|
|
|
|
services.xserver = {
|
|
|
|
|
enable = true;
|
|
|
|
|
videoDrivers = [ "radeon" ];
|
|
|
|
|
xkb = {
|
|
|
|
|
layout = "us";
|
|
|
|
|
variant = "";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Enable the LXQT Desktop Environment.
|
2024-08-27 14:38:20 -04:00
|
|
|
|
displayManager.lightdm.enable = true;
|
|
|
|
|
desktopManager.lxqt.enable = true;
|
2024-08-27 14:28:54 -04:00
|
|
|
|
};
|
2024-08-23 00:35:09 -04:00
|
|
|
|
|
|
|
|
|
# Printer Stuff (FUCK HP!)
|
2024-08-27 14:23:50 -04:00
|
|
|
|
services = {
|
|
|
|
|
printing = {
|
2024-08-23 00:35:09 -04:00
|
|
|
|
enable = true;
|
2024-08-27 14:23:50 -04:00
|
|
|
|
drivers = [ pkgs.hplip ];
|
|
|
|
|
webInterface = false;
|
|
|
|
|
};
|
|
|
|
|
avahi = {
|
|
|
|
|
enable = true;
|
|
|
|
|
nssmdns4 = true;
|
|
|
|
|
openFirewall = true;
|
2024-08-23 00:35:09 -04:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Enable sound with pipewire.
|
|
|
|
|
hardware.pulseaudio.enable = false;
|
|
|
|
|
security.rtkit.enable = true;
|
|
|
|
|
services.pipewire = {
|
|
|
|
|
enable = true;
|
|
|
|
|
alsa.enable = true;
|
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
|
pulse.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
2024-08-27 17:57:17 -04:00
|
|
|
|
users.users.nextcloud = {
|
|
|
|
|
extraGroups = [ "nfsShare" ];
|
|
|
|
|
isSystemUser = true;
|
|
|
|
|
};
|
2024-08-23 00:35:09 -04:00
|
|
|
|
|
|
|
|
|
# OpenGL and drivers
|
|
|
|
|
hardware.opengl = {
|
|
|
|
|
enable = true;
|
|
|
|
|
driSupport = true;
|
|
|
|
|
driSupport32Bit = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# RTL-SDR Support
|
|
|
|
|
hardware.rtl-sdr.enable = true;
|
|
|
|
|
boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver
|
|
|
|
|
|
|
|
|
|
# OpenWebRX
|
2024-08-27 14:23:50 -04:00
|
|
|
|
# services.openwebrx.enable = true;
|
2024-08-23 00:35:09 -04:00
|
|
|
|
|
|
|
|
|
# Enable automatic login for the user.
|
2024-08-27 14:28:54 -04:00
|
|
|
|
services.displayManager.autoLogin = {
|
|
|
|
|
enable = true;
|
|
|
|
|
user = "freecorn";
|
2024-08-23 00:35:09 -04:00
|
|
|
|
};
|
|
|
|
|
|
2024-09-14 02:31:05 -04:00
|
|
|
|
# PufferPannel
|
|
|
|
|
services = {
|
|
|
|
|
pufferpanel = {
|
|
|
|
|
enable = true;
|
|
|
|
|
environment = {
|
|
|
|
|
PUFFER_WEB_HOST = ":5010";
|
|
|
|
|
PUFFER_PANEL_SETTINGS_MASTERURL = "https://ppanel.${secrets.cornDomain}";
|
|
|
|
|
# PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
|
|
|
|
|
# PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";
|
|
|
|
|
# PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";
|
|
|
|
|
# PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
|
|
|
|
|
# PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;
|
|
|
|
|
};
|
|
|
|
|
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
|
|
|
|
|
package = pkgs.buildFHSEnv {
|
|
|
|
|
name = "pufferpanel-fhs";
|
|
|
|
|
meta.mainProgram = "pufferpanel-fhs";
|
|
|
|
|
runScript = lib.getExe pkgs.pufferpanel;
|
|
|
|
|
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-23 00:35:09 -04:00
|
|
|
|
# NGINX :3
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = (pkgs.nginx.override {
|
|
|
|
|
modules = with pkgs.nginxModules; [ rtmp ];
|
|
|
|
|
});
|
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
|
|
|
|
|
|
# Homepage HTML
|
2024-08-23 01:05:44 -04:00
|
|
|
|
virtualHosts = {
|
|
|
|
|
"${secrets.cornDomain}" = {
|
2024-08-23 00:35:09 -04:00
|
|
|
|
enableACME = true;
|
|
|
|
|
addSSL = true;
|
|
|
|
|
root = "/var/www/cornweb";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# non-free websites
|
2024-08-23 01:05:44 -04:00
|
|
|
|
"nonfree.${secrets.cornDomain}" = {
|
2024-08-23 00:35:09 -04:00
|
|
|
|
enableACME = true;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
root = "/var/www/non-free";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# websdr server
|
2024-09-14 02:31:05 -04:00
|
|
|
|
"ppannel.${secrets.cornDomain}" = {
|
2024-08-23 00:35:09 -04:00
|
|
|
|
enableACME = true;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
locations."/" = {
|
2024-09-14 02:31:05 -04:00
|
|
|
|
proxyPass = "http://127.0.0.1:5010";
|
2024-08-23 00:35:09 -04:00
|
|
|
|
proxyWebsockets = true;
|
2024-08-23 01:11:57 -04:00
|
|
|
|
};
|
2024-08-23 00:35:09 -04:00
|
|
|
|
};
|
2024-08-23 01:01:32 -04:00
|
|
|
|
|
2024-08-27 17:57:17 -04:00
|
|
|
|
# Nextcloud Proxy
|
|
|
|
|
"cloud.${secrets.cornDomain}" = {
|
|
|
|
|
enableACME = true;
|
|
|
|
|
addSSL = true;
|
|
|
|
|
locations."/" = {
|
|
|
|
|
proxyWebsockets = true;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
location /.well-known/carddav {
|
|
|
|
|
return 301 $scheme://$host/remote.php/dav;
|
|
|
|
|
}
|
|
|
|
|
location /.well-known/caldav {
|
|
|
|
|
return 301 $scheme://$host/remote.php/dav;
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-08-23 01:05:44 -04:00
|
|
|
|
};
|
2024-08-23 00:35:09 -04:00
|
|
|
|
appendConfig = ''
|
|
|
|
|
rtmp {
|
|
|
|
|
server {
|
|
|
|
|
listen 1935;
|
|
|
|
|
chunk_size 4096;
|
|
|
|
|
allow publish all;
|
|
|
|
|
application stream {
|
|
|
|
|
record off;
|
|
|
|
|
live on;
|
|
|
|
|
allow play all;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2024-08-27 17:57:17 -04:00
|
|
|
|
# Nextcloud server
|
|
|
|
|
services.nextcloud = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.nextcloud29;
|
|
|
|
|
hostName = "cloud.${secrets.cornDomain}";
|
|
|
|
|
datadir = "/mnt/nextcloud";
|
|
|
|
|
https = true;
|
|
|
|
|
config = {
|
|
|
|
|
adminuser = "freecorn";
|
|
|
|
|
adminpassFile = "/mnt/nextcloud/password.txt";
|
|
|
|
|
};
|
|
|
|
|
settings = {
|
|
|
|
|
trusted_proxies = [ "127.0.0.1" ];
|
|
|
|
|
trusted_domains = [ "cloud.${secrets.cornDomain}" ];
|
|
|
|
|
overwriteprotocol = "https";
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-08-23 01:01:32 -04:00
|
|
|
|
|
2024-08-23 00:35:09 -04:00
|
|
|
|
# Get certificates for Coturn
|
|
|
|
|
security.acme = {
|
|
|
|
|
acceptTerms = true;
|
|
|
|
|
defaults.email = secrets.cornEmail;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Install firefox.
|
|
|
|
|
programs.firefox.enable = true;
|
|
|
|
|
|
|
|
|
|
# Allow unfree packages
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
|
|
|
# Packages installed in system profile
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
2024-08-27 14:23:50 -04:00
|
|
|
|
wget
|
|
|
|
|
x11vnc
|
|
|
|
|
fastfetch
|
|
|
|
|
ffmpeg
|
|
|
|
|
system-config-printer
|
|
|
|
|
libcaption
|
|
|
|
|
git
|
|
|
|
|
rtl-sdr
|
|
|
|
|
steam-run
|
2024-09-14 02:31:05 -04:00
|
|
|
|
# openwebrx
|
2024-09-04 18:52:06 -04:00
|
|
|
|
qbittorrent
|
2024-08-23 00:35:09 -04:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Install fonts, need this for orbitron!
|
|
|
|
|
fonts.packages = with pkgs; [
|
|
|
|
|
orbitron
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
2024-08-27 14:23:50 -04:00
|
|
|
|
settings = {
|
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
|
PrintLastLog = "no";
|
2024-08-27 14:53:26 -04:00
|
|
|
|
PasswordAuthentication = false;
|
2024-08-27 14:23:50 -04:00
|
|
|
|
};
|
2024-08-27 17:57:17 -04:00
|
|
|
|
openFirewall = true;
|
2024-08-23 00:35:09 -04:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Open ports in the firewall.
|
2024-08-27 17:57:17 -04:00
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
1935 # RTMP
|
|
|
|
|
4455 # VR
|
|
|
|
|
80 443 # Nginx
|
|
|
|
|
1234 # Something
|
|
|
|
|
];
|
2024-08-27 14:23:50 -04:00
|
|
|
|
networking.firewall.allowedUDPPorts = [ 4455 ];
|
2024-08-23 00:35:09 -04:00
|
|
|
|
|
|
|
|
|
# Copy and link the NixOS configuration file to (/run/current-system/configuration.nix).
|
|
|
|
|
system.copySystemConfiguration = true;
|
|
|
|
|
|
|
|
|
|
# Don't change this
|
|
|
|
|
system.stateVersion = "24.05";
|
|
|
|
|
}
|