{ config, pkgs, options, lib, ... }: let # Import home manager homeManager = fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; # Secrets and passwords secrets = import ./secrets.nix; in { imports = [ ./hardware-configuration.nix "${homeManager}/nixos" ]; # Bootloader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; # Hostname networking.hostName = "freecornserver"; # Enable networking networking.networkmanager.enable = true; # Enable network manager applet programs.nm-applet.enable = true; # Set your time zone. time.timeZone = secrets.timeZone; # Select internationalisation properties. i18n.defaultLocale = "en_CA.UTF-8"; # Enable the X11 windowing system. services.xserver.enable = true; # Printer Stuff (FUCK HP!) # services.printing.enable = true; services.printing.drivers = [ pkgs.hplip ]; hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ]; services.avahi = { enable = true; nssmdns4 = true; openFirewall = true; publish = { enable = true; userServices = true; }; }; services.printing = { listenAddresses = [ "*:631" ]; allowFrom = [ "all" ]; browsing = true; defaultShared = true; openFirewall = true; }; # Enable the LXQT Desktop Environment. services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.lxqt.enable = true; # Configure keymap in X11 services.xserver = { xkb.layout = "us"; xkb.variant = ""; }; # Enable CUPS to print documents. services.printing.enable = true; hardware.sane.enable = true; # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.freecorn = { description = "FreeCorn"; isNormalUser = true; extraGroups = [ "networkmanager" "wheel" "video" "scanner" "lp" "plugdev" ]; }; users.users.nextcloud = { extraGroups = [ "nfsShare" ]; isSystemUser = true; }; # OpenGL and drivers hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; }; # RTL-SDR Support hardware.rtl-sdr.enable = true; boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver # OpenWebRX # services.openwebrx.enable = true; # Enable automatic login for the user. services.displayManager.autoLogin.enable = true; services.displayManager.autoLogin.user = "freecorn"; services.xserver.videoDrivers = [ "radeon" ]; # Define home manager programs and configs home-manager = { useGlobalPkgs = true; useUserPackages = true; users.freecorn = { config, pkgs, ... }: { # Install user programs home.packages = (with pkgs; [ rustdesk-flutter anydesk vlc ]); # OBS with plugins programs.obs-studio = { enable = true; plugins = with pkgs.obs-studio-plugins; [ advanced-scene-switcher obs-multi-rtmp ]; }; # Don't change this home.stateVersion = "24.05"; }; }; # NGINX :3 services.nginx = { enable = true; package = (pkgs.nginx.override { modules = with pkgs.nginxModules; [ rtmp ]; }); recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; # Homepage HTML virtualHosts = { "${secrets.cornDomain}" = { enableACME = true; addSSL = true; root = "/var/www/cornweb"; }; # non-free websites "nonfree.${secrets.cornDomain}" = { enableACME = true; forceSSL = true; root = "/var/www/non-free"; }; # websdr server "websdr.${secrets.cornDomain}" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:8073"; proxyWebsockets = true; }; # Nextcloud Proxy "cloud.${cornDomain}" = { enableACME = true; addSSL = true; locations."/" = { proxyWebsockets = true; extraConfig = '' location /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; ''; }; }; }; appendConfig = '' rtmp { server { listen 1935; chunk_size 4096; allow publish all; application stream { record off; live on; allow play all; } } } ''; }; # Nextcloud server nextcloud = { enable = true; package = pkgs.nextcloud29; hostName = "cloud.${cornDomain}"; datadir = "/nextcloud"; https = true; config = { adminuser = "freecorn"; adminpassFile = "/nextcloud/password.txt"; }; settings = { trusted_proxies = [ "127.0.0.1" ]; trusted_domains = [ "cloud.${cornDomain}" ]; overwriteprotocol = "https"; }; }; # Get certificates for Coturn security.acme = { acceptTerms = true; defaults.email = secrets.cornEmail; }; # Install firefox. programs.firefox.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; # Enable Adguard # services.adguardhome.enable = true; # Packages installed in system profile environment.systemPackages = with pkgs; [ wget x11vnc fastfetch ffmpeg system-config-printer libcaption git rtl-sdr steam-run openwebrx ]; # Install fonts, need this for orbitron! fonts.packages = with pkgs; [ orbitron ]; # Enable the OpenSSH daemon. services.openssh = { enable = true; # settings = { # PermitRootLogin = "no"; # PrintLastLog = "no"; # PasswordAuthentication = false; # }; # ports = [ 69 ]; }; # Open ports in the firewall. # Adguard ports: 3000 on tcp, 53 on udp networking.firewall.allowedTCPPorts = [ 1935 4455 80 443 1234 ]; networking.firewall.allowedUDPPorts = [ 1935 4455 80 443 ]; # Copy and link the NixOS configuration file to (/run/current-system/configuration.nix). system.copySystemConfiguration = true; # Don't change this system.stateVersion = "24.05"; }