Freecorn1854/server-nixos-config
Archived
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2024-10-19. You can view files and clone it, but cannot push or open issues or pull requests.
server-nixos-config/configuration.nix
Jimbo 60405a8504 Close nginx also
2024-08-23 01:11:57 -04:00

272 lines
6.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, options, lib, ... }:
let
# Import home manager
homeManager = fetchTarball
"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
# Secrets and passwords
secrets = import ./secrets.nix;
in
{
imports = [
./hardware-configuration.nix
"${homeManager}/nixos"
];
# Bootloader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
# Hostname
networking.hostName = "freecornserver";
# Enable networking
networking.networkmanager.enable = true;
# Enable network manager applet
programs.nm-applet.enable = true;
# Set your time zone.
time.timeZone = secrets.timeZone;
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
# Enable the X11 windowing system.
services.xserver.enable = true;
# Printer Stuff (FUCK HP!)
# services.printing.enable = true;
services.printing.drivers = [ pkgs.hplip ];
hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
publish = {
enable = true;
userServices = true;
};
};
services.printing = {
listenAddresses = [ "*:631" ];
allowFrom = [ "all" ];
browsing = true;
defaultShared = true;
openFirewall = true;
};
# Enable the LXQT Desktop Environment.
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.lxqt.enable = true;
# Configure keymap in X11
services.xserver = {
xkb.layout = "us";
xkb.variant = "";
};
# Enable CUPS to print documents.
services.printing.enable = true;
hardware.sane.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.freecorn = {
description = "FreeCorn";
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "video" "scanner" "lp" "plugdev" ];
};
users.users.nextcloud = {
extraGroups = [ "nfsShare" ];
isSystemUser = true;
};
# OpenGL and drivers
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# RTL-SDR Support
hardware.rtl-sdr.enable = true;
boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver
# OpenWebRX
# services.openwebrx.enable = true;
# Enable automatic login for the user.
services.displayManager.autoLogin.enable = true;
services.displayManager.autoLogin.user = "freecorn";
services.xserver.videoDrivers = [ "radeon" ];
# Define home manager programs and configs
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.freecorn = { config, pkgs, ... }: {
# Install user programs
home.packages = (with pkgs; [
rustdesk-flutter anydesk vlc
]);
# OBS with plugins
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
advanced-scene-switcher obs-multi-rtmp
];
};
# Don't change this
home.stateVersion = "24.05";
};
};
# NGINX :3
services.nginx = {
enable = true;
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
# Homepage HTML
virtualHosts = {
"${secrets.cornDomain}" = {
enableACME = true;
addSSL = true;
root = "/var/www/cornweb";
};
# non-free websites
"nonfree.${secrets.cornDomain}" = {
enableACME = true;
forceSSL = true;
root = "/var/www/non-free";
};
# websdr server
"websdr.${secrets.cornDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8073";
proxyWebsockets = true;
};
};
# Nextcloud Proxy
"cloud.${cornDomain}" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
'';
};
};
};
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
}
}
}
'';
};
# Nextcloud server
nextcloud = {
enable = true;
package = pkgs.nextcloud29;
hostName = "cloud.${cornDomain}";
datadir = "/nextcloud";
https = true;
config = {
adminuser = "freecorn";
adminpassFile = "/nextcloud/password.txt";
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.${cornDomain}" ];
overwriteprotocol = "https";
};
};
# Get certificates for Coturn
security.acme = {
acceptTerms = true;
defaults.email = secrets.cornEmail;
};
# Install firefox.
programs.firefox.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Enable Adguard
# services.adguardhome.enable = true;
# Packages installed in system profile
environment.systemPackages = with pkgs; [
wget x11vnc fastfetch ffmpeg system-config-printer libcaption git rtl-sdr steam-run openwebrx
];
# Install fonts, need this for orbitron!
fonts.packages = with pkgs; [
orbitron
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
# settings = {
# PermitRootLogin = "no";
# PrintLastLog = "no";
# PasswordAuthentication = false;
# };
# ports = [ 69 ];
};
# Open ports in the firewall.
# Adguard ports: 3000 on tcp, 53 on udp
networking.firewall.allowedTCPPorts = [ 1935 4455 80 443 1234 ];
networking.firewall.allowedUDPPorts = [ 1935 4455 80 443 ];
# Copy and link the NixOS configuration file to (/run/current-system/configuration.nix).
system.copySystemConfiguration = true;
# Don't change this
system.stateVersion = "24.05";
}
Reference in a new issue View git blame Copy permalink