Freecorn1854/server-nixos-config
Archived
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2024-10-19. You can view files and clone it, but cannot push or open issues or pull requests.
server-nixos-config/configuration.nix

310 lines
7.2 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, options, lib, ... }:
let
# Import home manager
homeManager = fetchTarball
"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
# Secrets and passwords
secrets = import ./secrets.nix;
in
{
imports = [
./hardware-configuration.nix
./freecorn.nix
./jimbo.nix
"${homeManager}/nixos"
];
# Bootloader
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
# Enable network manager applet
programs.nm-applet.enable = true;
# Set your time zone.
time.timeZone = secrets.timeZone;
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
# Enable the X11 windowing system.
# services.xserver = {
# enable = true;
# videoDrivers = [ "radeon" ];
# xkb = {
# layout = "us";
# variant = "";
# };
# Enable the LXQT Desktop Environment.
# displayManager.lightdm.enable = true;
# desktopManager.lxqt.enable = true;
# };
# Enable automatic login for the user.
# services.displayManager.autoLogin = {
# enable = true;
# user = "freecorn";
# };
# Enable sound with pipewire.
# hardware.pulseaudio.enable = false;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# };
# OpenGL and drivers
# hardware.opengl = {
# enable = true;
# driSupport = true;
# driSupport32Bit = true;
# };
# Printer Stuff (FUCK HP!)
services = {
printing = {
enable = true;
drivers = [ pkgs.hplip ];
webInterface = false;
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
# Install fonts, need this for orbitron!
# fonts.packages = with pkgs; [
# orbitron
# ];
# Define a user account. Don't forget to set a password with passwd.
users.users.nextcloud = {
extraGroups = [ "nfsShare" ];
isSystemUser = true;
};
# RTL-SDR Support
hardware.rtl-sdr.enable = true;
boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver
# Docker :(((
virtualisation.docker.enable = true;
# OpenWebRX
# services.openwebrx.enable = true;
# PufferPannel
services = {
pufferpanel = {
enable = true;
environment = {
PUFFER_WEB_HOST = ":5010";
PUFFER_PANEL_SETTINGS_MASTERURL = "https://ppanel.${secrets.cornDomain}";
PUFFER_PANEL_REGISTRATIONENABLED = "false";
# PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
# PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";
# PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";
# PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
# PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;
};
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
package = pkgs.buildFHSEnv {
name = "pufferpanel-fhs";
meta.mainProgram = "pufferpanel-fhs";
runScript = lib.getExe pkgs.pufferpanel;
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
};
};
};
# NGINX :3
services.nginx = {
enable = true;
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
# Homepage HTML
virtualHosts = {
"${secrets.cornDomain}" = {
enableACME = true;
addSSL = true;
root = "/var/www/cornweb";
};
# non-free websites
"nonfree.${secrets.cornDomain}" = {
enableACME = true;
forceSSL = true;
root = "/var/www/non-free";
};
# websdr server
"ppanel.${secrets.cornDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5010";
proxyWebsockets = true;
};
};
# Nextcloud Proxy
"cloud.${secrets.cornDomain}" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
'';
};
};
};
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
}
}
}
'';
};
# Nextcloud server
services.nextcloud = {
enable = true;
package = pkgs.nextcloud29;
hostName = "cloud.${secrets.cornDomain}";
datadir = "/mnt/nextcloud";
https = true;
config = {
adminuser = "freecorn";
adminpassFile = "/mnt/nextcloud/password.txt";
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.${secrets.cornDomain}" ];
overwriteprotocol = "https";
};
};
# Get certificates for Coturn
security.acme = {
acceptTerms = true;
defaults.email = secrets.cornEmail;
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Packages installed in system profile
environment.systemPackages = with pkgs; [
# firefox
wget
x11vnc
fastfetch
ffmpeg
system-config-printer
libcaption
git
rtl-sdr
steam-run
# openwebrx
qbittorrent
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PrintLastLog = "no";
PasswordAuthentication = false;
};
openFirewall = true;
};
# Hostname and networking
networking = {
hostName = "freecornserver";
networkmanager.enable = true;
firewall = {
allowedTCPPorts = [
1935 # RTMP
4455 # VR
80 443 # Nginx
1234 # Something
25565 # minecraft port
];
allowedUDPPorts = [
4455
24454 # minecraft vc mod
];
# Add extra input rules using nftables
extraInputRules = ''
ip saddr { 10.0.0.240, 10.0.0.124 } tcp dport 2049 accept comment "Accept NFS"
'';
};
nftables = {
enable = true;
tables = {
forwarding = {
family = "ip";
content = ''
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
tcp dport { 9943, 9944 } dnat to 10.0.0.97 comment "ALVR"
}
chain POSTROUTING {
type nat hook postrouting priority 100; policy accept;
oifname "enp2s0" masquerade
}
'';
};
};
};
};
# NFS server
services.nfs.server = {
enable = true;
# Allowing to 0.0.0.0 makes any IP the firewall allows in
exports = ''
/export/freecornNFS 0.0.0.0(rw,no_subtree_check)
'';
};
# Copy and link the NixOS configuration file to (/run/current-system/configuration.nix).
system.copySystemConfiguration = true;
# Don't change this
system.stateVersion = "24.05";
}
Reference in a new issue View git blame Copy permalink