{ config, pkgs, options, lib, ... }: let # Import home manager homeManager = fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; # Secrets and passwords secrets = import ./secrets.nix; in { imports = [ ./hardware-configuration.nix ./freecorn.nix ./jimbo.nix "${homeManager}/nixos" ]; # Bootloader boot.loader.grub = { enable = true; device = "/dev/sda"; }; # Hostname and networking networking = { hostName = "freecornserver"; networkmanager.enable = true; }; # Enable network manager applet programs.nm-applet.enable = true; # Set your time zone. time.timeZone = secrets.timeZone; # Select internationalisation properties. i18n.defaultLocale = "en_CA.UTF-8"; # Enable the X11 windowing system. services.xserver = { enable = true; videoDrivers = [ "radeon" ]; xkb = { layout = "us"; variant = ""; }; # Enable the LXQT Desktop Environment. displayManager.lightdm.enable = true; desktopManager.lxqt.enable = true; }; # Printer Stuff (FUCK HP!) services = { printing = { enable = true; drivers = [ pkgs.hplip ]; webInterface = false; }; avahi = { enable = true; nssmdns4 = true; openFirewall = true; }; }; # Enable sound with pipewire. hardware.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.nextcloud = { extraGroups = [ "nfsShare" ]; isSystemUser = true; }; # OpenGL and drivers hardware.opengl = { enable = true; driSupport = true; driSupport32Bit = true; }; # RTL-SDR Support hardware.rtl-sdr.enable = true; boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver # OpenWebRX # services.openwebrx.enable = true; # Enable automatic login for the user. services.displayManager.autoLogin = { enable = true; user = "freecorn"; }; # PufferPannel services = { pufferpanel = { enable = true; environment = { PUFFER_WEB_HOST = ":5010"; PUFFER_PANEL_SETTINGS_MASTERURL = "https://ppanel.${secrets.cornDomain}"; # PUFFER_PANEL_EMAIL_PROVIDER = "smtp"; # PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587"; # PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}"; # PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}"; # PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword; }; extraPackages = with pkgs; [ bash curl gawk gnutar gzip ]; package = pkgs.buildFHSEnv { name = "pufferpanel-fhs"; meta.mainProgram = "pufferpanel-fhs"; runScript = lib.getExe pkgs.pufferpanel; targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ]; }; }; }; # NGINX :3 services.nginx = { enable = true; package = (pkgs.nginx.override { modules = with pkgs.nginxModules; [ rtmp ]; }); recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; # Homepage HTML virtualHosts = { "${secrets.cornDomain}" = { enableACME = true; addSSL = true; root = "/var/www/cornweb"; }; # non-free websites "nonfree.${secrets.cornDomain}" = { enableACME = true; forceSSL = true; root = "/var/www/non-free"; }; # websdr server "ppannel.${secrets.cornDomain}" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:5010"; proxyWebsockets = true; }; }; # Nextcloud Proxy "cloud.${secrets.cornDomain}" = { enableACME = true; addSSL = true; locations."/" = { proxyWebsockets = true; extraConfig = '' location /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } ''; }; }; }; appendConfig = '' rtmp { server { listen 1935; chunk_size 4096; allow publish all; application stream { record off; live on; allow play all; } } } ''; }; # Nextcloud server services.nextcloud = { enable = true; package = pkgs.nextcloud29; hostName = "cloud.${secrets.cornDomain}"; datadir = "/mnt/nextcloud"; https = true; config = { adminuser = "freecorn"; adminpassFile = "/mnt/nextcloud/password.txt"; }; settings = { trusted_proxies = [ "127.0.0.1" ]; trusted_domains = [ "cloud.${secrets.cornDomain}" ]; overwriteprotocol = "https"; }; }; # Get certificates for Coturn security.acme = { acceptTerms = true; defaults.email = secrets.cornEmail; }; # Install firefox. programs.firefox.enable = true; # Allow unfree packages nixpkgs.config.allowUnfree = true; # Packages installed in system profile environment.systemPackages = with pkgs; [ wget x11vnc fastfetch ffmpeg system-config-printer libcaption git rtl-sdr steam-run # openwebrx qbittorrent ]; # Install fonts, need this for orbitron! fonts.packages = with pkgs; [ orbitron ]; # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { PermitRootLogin = "no"; PrintLastLog = "no"; PasswordAuthentication = false; }; openFirewall = true; }; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 1935 # RTMP 4455 # VR 80 443 # Nginx 1234 # Something ]; networking.firewall.allowedUDPPorts = [ 4455 ]; # Copy and link the NixOS configuration file to (/run/current-system/configuration.nix). system.copySystemConfiguration = true; # Don't change this system.stateVersion = "24.05"; }