{ config, pkgs, options, lib, ... }: let # Import home manager homeManager = fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; # Secrets and passwords secrets = import ./secrets.nix; in { imports = [ ./hardware-configuration.nix ./freecorn.nix ./jimbo.nix ./vaultwarden.nix "${homeManager}/nixos" # ./wireguard.nix # ./neovim.nix ]; # Bootloader boot.loader.grub = { enable = true; device = "/dev/sda"; }; # Enable network manager applet programs.nm-applet.enable = true; # Set your time zone. time.timeZone = secrets.timeZone; # Select internationalisation properties. i18n.defaultLocale = "en_CA.UTF-8"; # allow non nix programs to run programs.nix-ld.enable = true; programs.nix-ld.libraries = with pkgs; [ # Add any missing dynamic libraries for unpackaged programs # here, NOT in environment.systemPackages ]; # Enable the X11 windowing system. # services.xserver = { # enable = true; # videoDrivers = [ "radeon" ]; # xkb = { # layout = "us"; # variant = ""; # }; # Enable the LXQT Desktop Environment. # displayManager.lightdm.enable = true; # desktopManager.lxqt.enable = true; # }; # Enable automatic login for the user. # services.displayManager.autoLogin = { # enable = true; # user = "freecorn"; # }; # Enable sound with pipewire. # hardware.pulseaudio.enable = false; # security.rtkit.enable = true; # services.pipewire = { # enable = true; # alsa.enable = true; # alsa.support32Bit = true; # pulse.enable = true; # }; # OpenGL and drivers # hardware.opengl = { # enable = true; # driSupport = true; # driSupport32Bit = true; # }; # Printer Stuff (FUCK HP!) # services = { # printing = { # listenAddresses = [ "*:631" ]; # allowFrom = [ "all" ]; # browsing = true; # defaultShared = true; # openFirewall = true; # enable = true; # drivers = [ pkgs.hplip ]; # webInterface = true; # }; # avahi = { # nssmdns4 = true; # openFirewall = true; # publish = { # enable = true; # userServices = true; # }; # }; # }; # Install fonts, need this for orbitron! # fonts.packages = with pkgs; [ # orbitron # ]; # systemd.services.rtl_tcp = { # enable = true; # description = "rtl_tcp"; # unitConfig = { # Type = "simple"; # # ... # }; # serviceConfig = { # ExecStart = "rtl_tcp -a 10.0.0.240"; # # ... # }; #} # Define a users and groups users = { groups = { nfsShare = {}; }; users.nextcloud = { extraGroups = [ "nfsShare" ]; isSystemUser = true; }; }; # RTL-SDR Support hardware.rtl-sdr.enable = true; boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver # Docker :((( virtualisation.docker.enable = true; # OpenWebRX # services.openwebrx.enable = true; # PufferPannel services = { pufferpanel = { enable = true; environment = { PUFFER_WEB_HOST = ":5010"; PUFFER_PANEL_SETTINGS_MASTERURL = "https://ppanel.${secrets.cornDomain}"; PUFFER_PANEL_REGISTRATIONENABLED = "false"; # PUFFER_PANEL_EMAIL_PROVIDER = "smtp"; # PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587"; # PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}"; # PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}"; # PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword; }; extraPackages = with pkgs; [ bash curl gawk gnutar gzip ]; package = pkgs.buildFHSEnv { name = "pufferpanel-fhs"; meta.mainProgram = "pufferpanel-fhs"; runScript = lib.getExe pkgs.pufferpanel; targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ]; }; }; }; # NGINX :3 services.nginx = { enable = true; package = (pkgs.nginx.override { modules = with pkgs.nginxModules; [ rtmp ]; }); recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; # Homepage HTML virtualHosts = { "${secrets.cornDomain}" = { enableACME = true; addSSL = true; root = "/var/www/cornweb"; }; # non-free websites "nonfree.${secrets.cornDomain}" = { enableACME = true; forceSSL = true; root = "/var/www/non-free"; }; # websdr server "ppanel.${secrets.cornDomain}" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:5010"; proxyWebsockets = true; }; }; # Nextcloud Proxy "cloud.${secrets.cornDomain}" = { enableACME = true; addSSL = true; locations."/" = { proxyWebsockets = true; extraConfig = '' location /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } ''; }; }; }; appendConfig = '' rtmp { server { listen 1935; chunk_size 4096; allow publish all; application stream { record off; live on; allow play all; } } } ''; }; # Nextcloud server services.nextcloud = { enable = true; package = pkgs.nextcloud29; hostName = "cloud.${secrets.cornDomain}"; datadir = "/mnt/nextcloud"; https = true; config = { adminuser = "freecorn"; adminpassFile = "/mnt/nextcloud/password.txt"; }; settings = { trusted_proxies = [ "127.0.0.1" ]; trusted_domains = [ "cloud.${secrets.cornDomain}" ]; overwriteprotocol = "https"; }; }; # Get certificates for Coturn security.acme = { acceptTerms = true; defaults.email = secrets.cornEmail; }; # Allow unfree packages nixpkgs.config.allowUnfree = true; # Packages installed in system profile environment.systemPackages = with pkgs; [ # firefox wget x11vnc fastfetch ffmpeg system-config-printer libcaption git rtl-sdr steam-run # openwebrx qbittorrent vim ]; # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { PermitRootLogin = "no"; PrintLastLog = "no"; PasswordAuthentication = false; }; openFirewall = true; }; # Hostname and networking networking = { hostName = "freecornserver"; networkmanager.enable = true; firewall = { allowedTCPPorts = [ 1935 # RTMP # 4455 # VR 80 443 # Nginx 1234 # rtl_tcp # 25565 # minecraft port 8222 ]; allowedUDPPorts = [ # 4455 # 24454 # minecraft vc mod ]; # Add extra input rules using nftables extraInputRules = '' ip saddr { 10.0.0.124, ${secrets.jimIP1}, ${secrets.jimIP2}, ${secrets.lunaIP} } tcp dport 2049 accept comment "Accept NFS" ''; }; nftables = { enable = true; tables = { forwarding = { family = "ip"; content = '' chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; tcp dport { 9943, 9944 } dnat to 10.0.0.97 comment "ALVR" } chain POSTROUTING { type nat hook postrouting priority 100; policy accept; oifname "enp2s0" masquerade } ''; }; }; }; }; # :3 # NFS server # services.nfs.server = { # enable = true; # exports = '' # /export/freecornNFS *(rw,no_subtree_check) # ''; # }; # Copy and link the NixOS configuration file to (/run/current-system/configuration.nix). system.copySystemConfiguration = true; # Don't change this system.stateVersion = "24.05"; }