This repository has been archived on 2024-10-19. You can view files and clone it, but cannot push or open issues or pull requests.
server-nixos-config/configuration.nix

280 lines
6.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, options, lib, ... }:
let
# Import home manager
homeManager = fetchTarball
"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
# Secrets and passwords
secrets = import ./secrets.nix;
in
{
imports = [
./hardware-configuration.nix
./freecorn.nix
./jimbo.nix
"${homeManager}/nixos"
];
# Bootloader
boot.loader.grub = {
enable = true;
device = "/dev/sda";
};
# Hostname and networking
networking = {
hostName = "freecornserver";
networkmanager.enable = true;
};
# Enable network manager applet
programs.nm-applet.enable = true;
# Set your time zone.
time.timeZone = secrets.timeZone;
# Select internationalisation properties.
i18n.defaultLocale = "en_CA.UTF-8";
# Enable the X11 windowing system.
# services.xserver = {
# enable = true;
# videoDrivers = [ "radeon" ];
# xkb = {
# layout = "us";
# variant = "";
# };
# Enable the LXQT Desktop Environment.
# displayManager.lightdm.enable = true;
# desktopManager.lxqt.enable = true;
# };
# Printer Stuff (FUCK HP!)
services = {
printing = {
enable = true;
drivers = [ pkgs.hplip ];
webInterface = false;
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
# Enable sound with pipewire.
# hardware.pulseaudio.enable = false;
# security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
# alsa.enable = true;
# alsa.support32Bit = true;
# pulse.enable = true;
# };
# Define a user account. Don't forget to set a password with passwd.
users.users.nextcloud = {
extraGroups = [ "nfsShare" ];
isSystemUser = true;
};
# # OpenGL and drivers
# hardware.opengl = {
# enable = true;
# driSupport = true;
# driSupport32Bit = true;
# };
# RTL-SDR Support
hardware.rtl-sdr.enable = true;
boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; # blacklist dunb driver
# Docker :(((
virtualisation.docker.enable = true;
# OpenWebRX
# services.openwebrx.enable = true;
# Enable automatic login for the user.
# services.displayManager.autoLogin = {
# enable = true;
# user = "freecorn";
# };
# PufferPannel
services = {
pufferpanel = {
enable = true;
environment = {
PUFFER_WEB_HOST = ":5010";
PUFFER_PANEL_SETTINGS_MASTERURL = "https://ppanel.${secrets.cornDomain}";
PUFFER_PANEL_REGISTRATIONENABLED = "false";
# PUFFER_PANEL_EMAIL_PROVIDER = "smtp";
# PUFFER_PANEL_EMAIL_HOST = "mx.${outputs.secrets.jimDomain}:587";
# PUFFER_PANEL_EMAIL_FROM = "noreply@${outputs.secrets.jimDomain}";
# PUFFER_PANEL_EMAIL_USERNAME = "noreply@${outputs.secrets.jimDomain}";
# PUFFER_PANEL_EMAIL_PASSWORD = outputs.secrets.noreplyPassword;
};
extraPackages = with pkgs; [ bash curl gawk gnutar gzip ];
package = pkgs.buildFHSEnv {
name = "pufferpanel-fhs";
meta.mainProgram = "pufferpanel-fhs";
runScript = lib.getExe pkgs.pufferpanel;
targetPkgs = pkgs': with pkgs'; [ icu openssl zlib ];
};
};
};
# NGINX :3
services.nginx = {
enable = true;
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];
});
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
# Homepage HTML
virtualHosts = {
"${secrets.cornDomain}" = {
enableACME = true;
addSSL = true;
root = "/var/www/cornweb";
};
# non-free websites
"nonfree.${secrets.cornDomain}" = {
enableACME = true;
forceSSL = true;
root = "/var/www/non-free";
};
# websdr server
"ppanel.${secrets.cornDomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5010";
proxyWebsockets = true;
};
};
# Nextcloud Proxy
"cloud.${secrets.cornDomain}" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
'';
};
};
};
appendConfig = ''
rtmp {
server {
listen 1935;
chunk_size 4096;
allow publish all;
application stream {
record off;
live on;
allow play all;
}
}
}
'';
};
# Nextcloud server
services.nextcloud = {
enable = true;
package = pkgs.nextcloud29;
hostName = "cloud.${secrets.cornDomain}";
datadir = "/mnt/nextcloud";
https = true;
config = {
adminuser = "freecorn";
adminpassFile = "/mnt/nextcloud/password.txt";
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.${secrets.cornDomain}" ];
overwriteprotocol = "https";
};
};
# Get certificates for Coturn
security.acme = {
acceptTerms = true;
defaults.email = secrets.cornEmail;
};
# Install firefox.
# programs.firefox.enable = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Packages installed in system profile
environment.systemPackages = with pkgs; [
wget
x11vnc
fastfetch
ffmpeg
system-config-printer
libcaption
git
rtl-sdr
steam-run
# openwebrx
qbittorrent
];
# Install fonts, need this for orbitron!
fonts.packages = with pkgs; [
orbitron
];
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PrintLastLog = "no";
PasswordAuthentication = false;
};
openFirewall = true;
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
1935 # RTMP
4455 # VR
80 443 # Nginx
1234 # Something
25565 # minecraft port
];
networking.firewall.allowedUDPPorts = [
4455
24454 # minecraft vc mod
];
# Copy and link the NixOS configuration file to (/run/current-system/configuration.nix).
system.copySystemConfiguration = true;
# Don't change this
system.stateVersion = "24.05";
}