Freecorn1854/server-nixos-config
Archived
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2024-10-19. You can view files and clone it, but cannot push or open issues or pull requests.
server-nixos-config/configuration.nix
Jimbo 2da4bd1d84 Append secrets to domain
2024-08-27 14:30:05 -04:00

243 lines
5.2 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, options, lib, ... }:
let
# Import home manager
homeManager = fetchTarball
"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
# Secrets and passwords
secrets = import ./secrets.nix;
in
{
imports = [
./hardware-configuration.nix
./freecorn.nix
"${homeManager}/nixos"
];
# Bootloader.
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
# Hostname
networking.hostName = "freecornserver";
# Enable networking
networking.networkmanager.enable = true;
# Enable network manager applet
programs.nm-applet.enable = true;
# Set your time zone.
time.timeZone = secrets.timeZone;
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
# Enable the X11 windowing system.
services.xserver = {
enable = true;
videoDrivers = [ "radeon" ];
xkb = {
layout = "us";
variant = "";
};
# Enable the LXQT Desktop Environment.
displayManager = {
lightdm.enable = true;
lxqt.enable = true;
};
};
# Printer Stuff (FUCK HP!)
services = {
printing = {
enable = true;
drivers = [ pkgs.hplip ];
webInterface = false;
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.nextcloud = {
extraGroups = [ "nfsShare" ];
isSystemUser = true;
};
# OpenGL and drivers
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# RTL-SDR Support
hardware.rtl-sdr.enable = true;
boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver
# OpenWebRX
# services.openwebrx.enable = true;
# Enable automatic login for the user.
services.displayManager.autoLogin = {
enable = true;
user = "freecorn";
};
# NGINX :3
services.nginx = {
enable = true;
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
# Homepage HTML
virtualHosts = {
"${secrets.cornDomain}" = {
enableACME = true;
addSSL = true;
root = "/var/www/cornweb";
};
# non-free websites
"nonfree.${secrets.cornDomain}" = {
enableACME = true;
forceSSL = true;
root = "/var/www/non-free";
};
# websdr server
"websdr.${secrets.cornDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8073";
proxyWebsockets = true;
};
};
# Nextcloud Proxy
"cloud.${secrets.cornDomain}" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
'';
};
};
};
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
}
}
}
'';
};
# Nextcloud server
nextcloud = {
enable = true;
package = pkgs.nextcloud29;
hostName = "cloud.${secrets.cornDomain}";
datadir = "/nextcloud";
https = true;
config = {
adminuser = "freecorn";
adminpassFile = "/nextcloud/password.txt";
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.${secrets.cornDomain}" ];
overwriteprotocol = "https";
};
};
# Get certificates for Coturn
security.acme = {
acceptTerms = true;
defaults.email = secrets.cornEmail;
};
# Install firefox.
programs.firefox.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Packages installed in system profile
environment.systemPackages = with pkgs; [
wget
x11vnc
fastfetch
ffmpeg
system-config-printer
libcaption
git
rtl-sdr
steam-run
openwebrx
];
# Install fonts, need this for orbitron!
fonts.packages = with pkgs; [
orbitron
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PrintLastLog = "no";
# PasswordAuthentication = false;
};
# ports = [ 69 ];
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 1935 4455 80 443 1234 ];
networking.firewall.allowedUDPPorts = [ 4455 ];
# Copy and link the NixOS configuration file to (/run/current-system/configuration.nix).
system.copySystemConfiguration = true;
# Don't change this
system.stateVersion = "24.05";
}
Reference in a new issue View git blame Copy permalink