Jimbo/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add back everything I lost oops

Browse source
This commit is contained in:
Jimbo 2024-07-30 08:51:17 -04:00
parent 7077a746a3
commit cb4928cd6b
12 changed files with 4711 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
Extras/Screenshots/SecondUnix.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 8 MiB

BIN
Extras/Wallpapers/lockpaper.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 314 KiB

BIN
Extras/Wallpapers/wallpaper1.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2 MiB

BIN
Extras/Wallpapers/wallpaper2.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.3 MiB

BIN
Extras/Wallpapers/wallpaper3.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.9 MiB

411
PC/configuration.nix Normal file
View file

@ -0,0 +1,411 @@
{ config, pkgs, options, lib, ... }:
let
# Import home manager, set common boot paramaters
homeManager = fetchTarball
"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
commonKernelParams = [
# Nvidia GSP firmware
"nouveau.config=NvGspRm=1"
# VM/GPU passthrough
"amd_iommu=on"
"iommu=pt"
"nested=1"
# Virtualization nonsense
"transparent_hugepage=never"
# Isolate devices into IOMMU groups
"pcie_acs_override=downstream,multifunction"
"pci=routeirq"
];
in
{
# Import other nix files and firmware
imports = [
./hardware-configuration.nix
./jimbo.nix
"${homeManager}/nixos"
];
# Allow unfree packages and accept packages from the Nix User Repos
nixpkgs = {
config = {
allowUnfree = true;
packageOverrides = pkgs: {
unstable = import (builtins.fetchTarball
"https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz") {
inherit pkgs;
config.allowUnfree = true;
};
};
};
# Package overlays/patches
overlays = [
# MPV scripts
(self: super: {
mpv = super.mpv.override {
scripts = with self.mpvScripts;
[ mpris sponsorblock thumbnail ];
};
})
];
};
# Allow flakes and enable garbage collection
nix = {
settings.experimental-features = [ "nix-command" "flakes" ];
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
};
# Set all boot options
boot = {
# Set a kernel version and load/blacklist drivers
kernelPackages = pkgs.linuxPackages_xanmod_latest;
blacklistedKernelModules = [ "pcspkr" ];
kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:13c2,10de:0fbb" ];
initrd.kernelModules = [ "vfio" "vfio_pci" "vfio_iommu_type1" ];
# Manage supported filesystems
supportedFilesystems = {
ntfs = true;
zfs = lib.mkForce false;
};
# Modprobe settings
extraModprobeConfig = ''
options hid_apple fnmode=2
'';
# Use the Systemd-Boot bootloader
loader.systemd-boot = {
enable = true;
netbootxyz.enable = true;
};
};
# Add a kernel entry to boot from the secondary GPU
specialisation = {
gputwo.configuration = {
boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
};
};
# Allow binary firmware
hardware.enableRedistributableFirmware = true;
# Enable the Nouveau drivers
services.xserver.videoDrivers = [ "nouveau" ];
# Enable a permissioning system
security = {
sudo.enable = false;
doas = {
enable = true;
extraRules = [
# Give wheel root access, allow persistant session
{ groups = [ "wheel" ]; keepEnv = true; persist = true; }
];
};
};
# Enable the ZSH shell
programs.zsh.enable = true;
# Disable Nano
programs.nano.enable = false;
# Timezone
time.timeZone = "America/New_York";
# Define a user account
users.users.jimbo = {
description = "Jimbo Awesome";
isNormalUser = true;
hashedPassword =
"$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone"
];
extraGroups = [
"wheel" "audio" "video" "input" "disk" "dialout"
"networkmanager" "kvm" "libvirtd" "qemu-libvirtd"
];
uid = 1000;
shell = pkgs.zsh;
};
# Installed programs to the system profile.
environment.systemPackages = with pkgs; [
# Essential system tools
cifs-utils parted git
# Printer control
system-config-printer
# Virtual machines
virt-manager virtiofsd dnsmasq
spice-vdagent looking-glass-client
];
# Disable the HTML documentation link
documentation = {
nixos.enable = false;
info.enable = false;
};
# Enable OpenGL
hardware.opengl = {
enable = true;
package = pkgs.unstable.mesa.drivers;
package32 = pkgs.unstable.pkgsi686Linux.mesa.drivers;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
vulkan-loader
vulkan-validation-layers
vulkan-extension-layer
];
};
# Enable Steam hardware and gamemode
hardware.steam-hardware.enable = true;
programs.gamemode.enable = true;
# Networking settings
networking = {
# Set hostname
hostName = "JimNixPC";
# Choose networking method
dhcpcd.enable = true;
wireless.enable = false;
#networkmanager.enable = true;
#enableB43Firmware = true;
# Enable firewall passthrough
firewall = {
allowedTCPPorts = [
# Sunshine TCP
47984 47989 48010
];
allowedUDPPorts = [
# Sunshine UDP
47998 47999 48000
# Games
27005 27015 7777
];
allowPing = false;
};
extraHosts = ''
192.168.1.18 pc
192.168.1.17 server
192.168.2.2 vm
'';
nameservers = [
"1.1.1.1"
"9.9.9.9"
];
};
# Enable Bluetooth
hardware.bluetooth = {
enable = true;
settings = {
General.Experimental = "true";
Policy.AutoEnable = "true";
};
};
# Enable lingering for Bluetooth and allow Looking-Glass permissions
systemd.tmpfiles.rules = [
"f /var/lib/systemd/linger/jimbo"
"f /dev/shm/looking-glass 0660 jimbo libvirtd -"
];
# Make udev rules to make PDP controller and Oculus Rift CV1 work
services.udev = let
oculusRules = pkgs.writeTextFile {
name = "10-oculus.rules";
text = ''
KERNEL=="hidraw*", ATTRS{idVendor}=="0e6f", ATTRS{idProduct}=="0184", MODE="0660", TAG+="uaccess"
'';
destination = "/etc/udev/rules.d/10-oculus.rules";
};
pdpRules = pkgs.writeTextFile {
name = "10-pdp.rules";
text = ''
SUBSYSTEM=="usb", ATTR{idVendor}=="2833", MODE="0666", GROUP="plugdev"
'';
destination = "/etc/udev/rules.d/10-pdp.rules";
};
in {
packages = [ oculusRules pdpRules ];
};
# Enable audio
security.rtkit.enable = true;
hardware.pulseaudio.enable = false;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
#jack.enable = true;
};
# Fonts
fonts = {
packages = with pkgs; [
liberation_ttf twitter-color-emoji ubuntu_font_family noto-fonts sarasa-gothic
orbitron (nerdfonts.override { fonts = [ "UbuntuMono" ]; })
];
fontconfig.defaultFonts.emoji = [ "Twitter Color Emoji" ];
};
# Enable Dconf and some portals
services.dbus.enable = true;
programs.dconf.enable = true;
programs.light.enable = true;
security.pam.services.swaylock = {};
xdg.portal = {
enable = true;
config.common.default = "*";
wlr = {
enable = true;
settings = {
screencast = {
max_fps = 60;
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or -B 00000066 -b 00000099";
};
};
};
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
# Configure greetd for remote login
services.greetd = {
enable = true;
restart = true;
settings = {
terminal = {
vt = 2;
switch = true;
};
default_session = {
command = "/home/jimbo/.config/sway/start.sh";
user = "jimbo";
};
};
};
# QT theming
qt = {
enable = true;
style = "gtk2";
platformTheme = "gtk2";
};
# Enable printing
services = {
printing = {
enable = true;
drivers = with pkgs; [ hplip ];
webInterface = false;
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
# Enable virtualization
virtualisation = {
libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu = {
ovmf = {
enable = true;
packages = [ pkgs.OVMFFull.fd ];
};
swtpm.enable = true;
};
};
spiceUSBRedirection.enable = true;
};
# Enable SSH
services.openssh = {
enable = true;
settings = {
LogLevel = "VERBOSE";
PermitRootLogin = "no";
PrintLastLog = "no";
PasswordAuthentication = false;
};
ports = [ 2211 ];
};
# Block SSH connections after numerous attempts
services.fail2ban = {
enable = true;
maxretry = 10;
};
# Enable AppImages
programs.appimage = {
enable = true;
binfmt = true;
};
# Enable MPD
services.mpd = {
enable = true;
user = "jimbo";
group = "users";
musicDirectory = "/home/jimbo/JimboNFS/Music";
playlistDirectory = "/home/jimbo/JimboNFS/Music/Playlists";
extraConfig = ''
audio_output {
type "pipewire"
name "Local Pipewire"
}
'';
};
systemd.services.mpd.environment = {
XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.jimbo.uid}";
};
# Enable AppArmor
security.apparmor.enable = true;
# Enable Polkit for authentication
security.polkit.enable = true;
# Battery saver for laptops
services.tlp.enable = true;
# Enable extra functionality in file managers
services.gvfs.enable = true;
# Attempt to automount USB drives
services.udisks2.enable = true;
# Used for Seneca VPN
services.globalprotect.enable = true;
# Define the initial install version and allow auto-upgrades
system.stateVersion = "23.11";
system.autoUpgrade.enable = true;
}

73
PC/hardware-configuration.nix Normal file
View file

@ -0,0 +1,73 @@
# This file was generated by 'nixos-generate-config'
# and may be overwritten by future invocations.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
# Load kernel modules on boot
boot = {
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
# Mount everything as necessary
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/f0786b07-8303-416f-87ff-276bfd696387";
fsType = "bcachefs";
};
"/boot" = {
device = "/dev/disk/by-uuid/EF6D-9009";
fsType = "vfat";
};
"/etc/libvirt" = {
device = "/dev/disk/by-label/Qemu";
options = [ "nosuid" "nodev" "nofail" ] ;
};
"/var/lib/libvirt" = {
depends = [ "/etc/libvirt" ];
device = "/etc/libvirt/varlibvirt";
options = [ "bind" "rw" ];
};
"/mnt/Linux1" = {
device = "/dev/disk/by-label/Linux1";
options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ];
};
"/mnt/Linux2" = {
device = "/dev/disk/by-label/Linux2";
options = [ "nosuid" "nodev" "nofail" "x-gvfs-show" ];
};
"/mnt/Windows1" = {
device = "/dev/disk/by-label/Windows1";
options = [ "nosuid" "nodev" "noauto" ];
};
"/mnt/Windows2" = {
device = "/dev/disk/by-label/Windows2";
options = [ "nosuid" "nodev" "noauto" ];
};
"/home/jimbo/JimboNFS" = {
device = "server:/export/JimboNFS";
fsType = "nfs";
options = [ "nofail" ];
};
};
# Set the swap partition
swapDevices = [
{ device = "/dev/disk/by-uuid/2e4c5120-716d-4cdc-84a0-c9e6391760db"; }
];
# Enables DHCP on each ethernet and wireless interface.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

3043
PC/jimbo.nix Normal file
View file

File diff suppressed because it is too large Load diff

6
README.md
View file

@ -1,3 +1,5 @@
# NixOS-Config ### My Nix "dotfiles", organized in the worst way you will ever see.
My NixOS configuration. Made with love ❤️
![image](./Extras/Screenshots/SecondUnix.png)

543
Server/configuration.nix Normal file
View file

@ -0,0 +1,543 @@
{ config, pkgs, options, lib, ... }:
let
# Import home manager
homeManager = fetchTarball
"https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
# Define domains and ips
jimdomain = ''jimbosfiles.com'';
bloxeldomain = ''bloxelcom.net'';
# IPs
localspan = ''192.168.1'';
pc = ''${localspan}.18'';
server = ''${localspan}.17'';
vm = ''${localspan}.70'';
in
{
# Import other nix files and firmware
imports = [
./hardware-configuration.nix
./jimbo.nix
"${homeManager}/nixos"
];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Allow flakes (I have no clue how they work yet)
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Allow unfree firmware
hardware.enableRedistributableFirmware = true;
# Choose Grub as the bootloader
boot = {
kernelPackages = pkgs.linuxPackages_xanmod;
loader = {
grub = {
efiSupport = true;
device = "nodev";
};
};
};
# Enable a permissioning system
security = {
sudo.enable = false;
doas = {
enable = true;
extraRules = [
# Give wheel root access, allow persistant session
{ groups = [ "wheel" ]; keepEnv = true; persist = true; }
];
};
};
# Enable the ZSH shell
programs.zsh.enable = true;
# Disable Nano
programs.nano.enable = false;
# Define a user account.
users.users.jimbo = {
isNormalUser = true;
hashedPassword =
"$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone"
];
extraGroups = [ "wheel" "docker" ];
uid = 1000;
shell = pkgs.zsh;
};
# Add Nginx to the Turnserver group
users.users.nginx.extraGroups = [ "turnserver" ];
# Installed programs to the system profile.
environment.systemPackages = with pkgs; [
# Essential system tools
git parted mdadm
];
# Define timezone and networking settings
time.timeZone = "America/New_York";
networking = {
# Set hostname
hostName = "JimNixServer";
# Choose networking method
dhcpcd.enable = true;
wireless.enable = false;
# Enable firewall passthrough
firewall = {
allowedTCPPorts = [
# NFS
2049
# Nginx
80 443 8448
# Minecraft
25565 19132
# Gitea
2299
# Coturn
3478 5349
];
allowedTCPPortRanges = [
# Also Azuracast
{ from = 8100; to = 8150; }
];
allowedUDPPorts = [
# Minecraft Voicechat and Bedrock
25565 19132
# Coturn again
3478 5349
];
allowedUDPPortRanges = [
# Coturn
{ from = 49000; to = 50000; }
];
# Extra rules that cannot be done above
extraCommands =
# SSH and game servers from my PC
''
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 2211 -m comment --comment "SSH to PC" -j DNAT --to-destination ${pc}
iptables -t nat -A PREROUTING -p udp -m udp --match multiport --dports 27005,27015,7777,29000 -m comment --comment "Games" -j DNAT --to-destination ${pc}
'' +
# Sunshine ports for PC and VM
''
iptables -t nat -A PREROUTING -p tcp -m tcp --match multiport --dports 48010,47989,47984 -m comment --comment "PC Sunshine TCP" -j DNAT --to-destination ${pc}
iptables -t nat -A PREROUTING -p udp -m udp --match multiport --dports 47998,47999,48000 -m comment --comment "PC Sunshine UDP" -j DNAT --to-destination ${pc}
iptables -t nat -A PREROUTING -p tcp -m tcp --match multiport --dports 38010,37989,37984 -m comment --comment "VM Sunshine TCP" -j DNAT --to-destination ${vm}
iptables -t nat -A PREROUTING -p udp -m udp --match multiport --dports 37998,37999,38000 -m comment --comment "VM Sunshine UDP" -j DNAT --to-destination ${vm}
'' +
# Set an IP firewall for RTMP
''
iptables -N RTMPCHAIN
iptables -A INPUT -p tcp -m tcp --match multiport --dports 1935,1945 -j RTMPCHAIN
iptables -A RTMPCHAIN -s ${pc} -j ACCEPT
iptables -A RTMPCHAIN -s 71.87.124.226 -j ACCEPT
iptables -A RTMPCHAIN -j DROP
'' +
# Finalize forwarding
''
iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
'';
# Remove the chain and such
extraStopCommands = ''
iptables -D INPUT -p tcp -m tcp --match multiport --dports 1935,1945 -j RTMPCHAIN
iptables -F RTMPCHAIN
iptables -X RTMPCHAIN
'';
# Disallow pinging this server
allowPing = false;
};
nameservers = [
"1.1.1.1"
"9.9.9.9"
];
};
# Boot with compatibility for IP forwarding
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
# Enable AppArmor
security.apparmor.enable = true;
# Enable all manner of services
services = {
# SSH
openssh = {
enable = true;
settings = {
LogLevel = "VERBOSE";
PermitRootLogin = "no";
PrintLastLog = "no";
PasswordAuthentication = false;
};
ports = [ 2222 ];
};
# Login attempt lockout
fail2ban = {
enable = true;
maxretry = 5;
ignoreIP = [ "${pc}" "${server}" "${vm}" ];
};
# NFS server
nfs.server = {
enable = true;
exports = ''
/export/JimboNFS ${localspan}.0/24(rw,nohide,insecure,no_subtree_check)
'';
};
# Nginx reverse proxy
nginx = {
enable = true;
package = (pkgs.nginxMainline.override { modules = [ pkgs.nginxModules.rtmp ]; });
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
# Nextcloud Proxy
"cloud.${jimdomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
extraConfig = "
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
";
};
};
# Vaultwarden Proxy
"warden.${jimdomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8222";
proxyWebsockets = true;
};
};
# Recipes Proxy
"recipes.${jimdomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5030";
proxyWebsockets = true;
};
};
# Bluemap Proxy
"bluemap.${jimdomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:31010";
proxyWebsockets = true;
};
};
# Gitea Proxy
"git.${jimdomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3110";
proxyWebsockets = true;
};
};
# Matrix Proxy
"matrix.${bloxeldomain}" = {
enableACME = true;
forceSSL = true;
listen = [
{ addr = "[::]"; port = 80; ssl = false; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{ addr = "[::]"; port = 443; ssl = true; }
{ addr = "0.0.0.0"; port = 443; ssl = true; }
{ addr = "[::]"; port = 8448; ssl = true; }
{ addr = "0.0.0.0"; port = 8448; ssl = true; }
];
locations."/_matrix".proxyPass = "http://[::1]:8008";
locations."/_synapse".proxyPass = "http://[::1]:8008";
locations."/.well-known".proxyPass = "http://[::1]:8008";
};
# Element Proxy
"chat.${bloxeldomain}" = {
addSSL = true;
enableACME = true;
root = "${pkgs.element-web}";
};
# Coturn Proxy
"turn.${bloxeldomain}" = {
enableACME = true;
forceSSL = true;
listen = [
{ addr = "[::]"; port = 80; ssl = false; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
];
locations."/".proxyPass = "http://[::1]:1380";
};
# Radio Proxy
"wbxdradio.${bloxeldomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:255";
proxyWebsockets = true;
};
};
# Streaming proxy
"live.${bloxeldomain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8060";
proxyWebsockets = true;
};
};
# Staging Bloxel Proxy
"staging.${bloxeldomain}" = {
addSSL = true;
enableACME = true;
root = "/var/www/bloxel-landing-page";
locations."/bloxcable/hls" = {
extraConfig = ''
types {
application/vnd.apple.mpegurl m3u8;
}
'';
};
};
};
appendConfig = ''
rtmp {
server {
listen 1945;
chunk_size 4096;
allow publish all;
application BloxelesteCA {
record off;
live on;
deny play all;
hls on;
hls_path /var/www/bloxel-landing-page/bloxcable/hls;
hls_fragment_naming system;
hls_fragment 3;
hls_playlist_length 40;
}
}
}
'';
};
# Nextcloud server
nextcloud = {
enable = true;
package = pkgs.nextcloud29;
hostName = "localhost";
datadir = "/mnt/nextcloud";
https = true;
config = {
adminuser = "jimbo";
adminpassFile = "/mnt/nextcloud/password.txt";
};
settings = {
trusted_proxies = [ "127.0.0.1" ];
trusted_domains = [ "cloud.${jimdomain}" ];
overwriteprotocol = "https";
};
};
# Force Nextcloud to use a different port
nginx.virtualHosts."localhost" = {
listen = [ { addr = "127.0.0.1"; port = 8080; } ];
};
# Vaultwarden password manager
vaultwarden = {
enable = true;
config = {
DOMAIN = "https://warden.${jimdomain}";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
# Recipes
tandoor-recipes = {
enable = true;
port = 5030;
};
# Gitea
gitea = {
enable = true;
settings = {
server = {
DOMAIN = "git.${jimdomain}";
ROOT_URL = "https://git.${jimdomain}:443";
HTTP_PORT = 3110;
SSH_PORT = 2299;
START_SSH_SERVER = true;
};
service.DISABLE_REGISTRATION = true;
};
};
# Owncast
owncast = {
enable = true;
port = 8060;
listen = "0.0.0.0";
};
# Coturn for VC
coturn = rec {
enable = true;
no-cli = true;
no-tcp-relay = true;
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
realm = "turn.${bloxeldomain}";
static-auth-secret = "will be world readable for local users :(";
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
};
# Synapse for Matrix clients
matrix-synapse = with config.services.coturn; {
enable = true;
settings = {
server_name = "matrix.${bloxeldomain}";
public_baseurl = "https://matrix.${bloxeldomain}";
serve_server_wellknown = true;
# Set the network config
listeners = [{
# Client config
port = 8008;
bind_addresses = [ "::" "0.0.0.0" ];
resources = [ { compress = false; names = [ "client" "federation" ]; } ];
type = "http";
tls = false;
x_forwarded = true;
}];
# Set the type of database
database.name = "sqlite3";
# Allow account registration
enable_registration = true;
registration_requires_token = true;
# General settings
url_preview_enabled = true;
max_upload_size = "50M";
report_stats = false;
# Turn settings
turn_uris = [ "turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=tcp" ];
turn_shared_secret = static-auth-secret;
turn_user_lifetime = "1h";
# Ratelimiting
burst_count = 15;
};
};
# Snowflake proxy for Tor
snowflake-proxy.enable = true;
# Fix a nonbuilding issue
logrotate.checkConfig = false;
};
# Make Nginx not shit itself
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/bloxel-landing-page/bloxcable/hls/" ];
# Get certificates for Coturn
security.acme = {
acceptTerms = true;
defaults.email = "jimjam4real@gmail.com";
certs = {
${config.services.coturn.realm} = {
group = "turnserver";
postRun = "systemctl restart coturn.service";
};
};
};
# Configure the Element web server
nixpkgs.config.element-web.conf = {
default_server_config = {
"m.homeserver" = {
base_url = "https://matrix.${bloxeldomain}:443";
server_name = "matrix.${bloxeldomain}";
};
};
branding = {
welcome_background_url = "https://images-wixmp-ed30a86b8c4ca887773594c2.wixmp.com/f/6658b953-7c85-4d44-9d97-d10a52d54af1/dhqaf1r-5402b859-340f-44cb-bfc6-eef5d541ae7d.png?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1cm46YXBwOjdlMGQxODg5ODIyNjQzNzNhNWYwZDQxNWVhMGQyNmUwIiwiaXNzIjoidXJuOmFwcDo3ZTBkMTg4OTgyMjY0MzczYTVmMGQ0MTVlYTBkMjZlMCIsIm9iaiI6W1t7InBhdGgiOiJcL2ZcLzY2NThiOTUzLTdjODUtNGQ0NC05ZDk3LWQxMGE1MmQ1NGFmMVwvZGhxYWYxci01NDAyYjg1OS0zNDBmLTQ0Y2ItYmZjNi1lZWY1ZDU0MWFlN2QucG5nIn1dXSwiYXVkIjpbInVybjpzZXJ2aWNlOmZpbGUuZG93bmxvYWQiXX0.jqJL7Sx9JHu4RqiQnKKfxoxXD55ZLgzH4liMXxH6LkM";
auth_header_logo_url = "https://www.${bloxeldomain}/bloxelcom.png";
};
embedded_pages = {
home_url = "https://www.${bloxeldomain}/";
};
disable_custom_urls = true;
disable_guests = true;
default_theme = "dark";
};
# Enable Docker
virtualisation.docker = {
enable = true;
daemon.settings = {
log-driver = "json-file";
};
};
# Determine the release version and allow auto-upgrades
system.stateVersion = "23.11";
system.autoUpgrade.enable = false;
}

78
Server/hardware-configuration.nix Normal file
View file

@ -0,0 +1,78 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "nvme" "usbhid" "sd_mod" "sr_mod" ];
boot.kernelModules = [ "kvm-intel" ];
# Mounting options
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/8f81cab7-9381-4950-b77f-b85c5fdbad16";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/2034-754A";
fsType = "vfat";
};
"/home/jimbo/JimboNFS" = {
device = "/dev/disk/by-uuid/713fcd92-534c-4153-8e04-e0c6fe5f6a51";
fsType = "ext4";
neededForBoot = true;
};
"/export/JimboNFS" = {
device = "/home/jimbo/JimboNFS";
fsType = "none";
options = [ "bind" ];
};
"/mnt/nextcloud/data/JimboNFS" = {
device = "/home/jimbo/JimboNFS";
fsType = "none";
options = [ "bind" ];
};
"/var/lib/docker/volumes/azuracast_station_data/_data/bloxradio/media/Music" = {
device = "/home/jimbo/JimboNFS/Music";
fsType = "none";
options = [ "bind" ];
};
# Atrocity
"/var/lib/bitwarden_rs" = {
device = "/home/jimbo/JimboNFS/System/var/lib/bitwarden_rs";
fsType = "none";
options = [ "bind" ];
};
"/var/lib/gitea" = {
device = "/home/jimbo/JimboNFS/System/var/lib/gitea";
fsType = "none";
options = [ "bind" ];
};
"/var/lib/matrix-synapse" = {
device = "/home/jimbo/JimboNFS/System/var/lib/matrix-synapse";
fsType = "none";
options = [ "bind" ];
};
"/var/lib/nextcloud" = {
device = "/home/jimbo/JimboNFS/System/var/lib/nextcloud";
fsType = "none";
options = [ "bind" ];
};
"/var/lib/owncast" = {
device = "/home/jimbo/JimboNFS/System/var/lib/owncast";
fsType = "none";
options = [ "bind" ];
};
};
swapDevices = [
{ device = "/dev/disk/by-uuid/ec422cad-bf93-4b15-b989-2c807f1073a4"; }
];
# Enables DHCP on each ethernet and wireless interface.
networking.useDHCP = lib.mkDefault true;
# Hardware settings
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
boot.swraid.enable = true;
}

559
Server/jimbo.nix Normal file
View file

@ -0,0 +1,559 @@
{ config, pkgs, options, ... }:
let
# Terminal authenticator
auth = ''doas'';
# Neofetch main config
neoConf = ''
{
"$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
"logo": {
"source": "xenia",
"color": {
"1": "1;97",
"2": "red",
"3": "yellow"
}
},
"display": {
"separator": " \u001b[33m ",
"color": "red"
},
"modules": [
{
"type": "custom",
"format": "\u001b[1m"
},
{
"type": "host",
"format": "{5} {2}",
"key": "󰌢 "
},
{
"type": "cpu",
"key": " "
},
{
"type": "gpu",
"key": "󰢮 "
},
{
"type": "disk",
"folders": "/",
"key": " "
},
{
"type": "memory",
"format": "{/1}{-}{/}{/2}{-}{/}{} / {}",
"key": " "
},
{
"type": "display",
"compactType": "original",
"key": "󰍹 "
},
{
"type": "custom",
"format": "\u001b[1m"
},
{
"type": "os",
"format": "{3} {12}",
"key": "󰍛 "
},
{
"type": "kernel",
"format": "{1} {2}",
"key": " "
},
{
"type": "wm",
"key": " "
},
{
"type": "shell",
"key": " "
},
{
"type": "terminal",
"key": " "
},
{
"type": "packages",
"key": "󰆧 "
},
{
"type": "uptime",
"key": "󰅐 "
},
{
"type": "command",
"text": "date -d @$(stat -c %W /) '+%a %b %d %r %Z %Y'",
"key": "󰶡 "
},
{
"type": "custom",
"format": "\u001b[1m"
},
{
"type": "custom",
"format": "\u001b[90m󰮯 \u001b[31m󰊠 \u001b[32m󰊠 \u001b[33m󰊠 \u001b[34m󰊠 \u001b[35m󰊠 \u001b[36m󰊠 \u001b[37m󰊠"
}
]
}
'';
# Small Neofetch config
pFetch = let
smallConf = pkgs.writeText "smallconf.jsonc" ''
{
"$schema": "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json",
"logo": {
"source": "debian_small"
},
"modules": [
{
"type": "os",
"format": "{3} {12}",
"key": "󰍛 "
},
{
"type": "host",
"format": "{5}",
"key": "󰌢 "
},
{
"type": "kernel",
"format": "{1} {2}",
"key": " "
},
{
"type": "uptime",
"key": "󰅐 "
},
{
"type": "packages",
"key": "󰊠 "
},
{
"type": "memory",
"format": "{/1}{-}{/}{/2}{-}{/}{} / {}",
"key": " "
}
]
}
'';
in pkgs.writeScriptBin "pfetch"
''fastfetch --config ${smallConf}'';
# Rofi (terminal file browser) config
rangerConf = ''
set preview_script ~/.config/ranger/scope.sh
set preview_images true
set preview_images_method kitty
set dirname_in_tabs true
set cd_tab_fuzzy true
set autosave_bookmarks false
set show_hidden true
set wrap_scroll true
set column_ratios 2,2,4
set hidden_filter ^\.|\.(?:pyc|pyo|bak|swp)$|^lost\+found$|^__(py)?cache__$
default_linemode devicons
'';
# Choose how ranger opens stuff
rifleConf = ''
# Define the "editor" for text files as first action
mime ^text, label editor = nvim -- "$@"
mime ^text, label pager = "$PAGER" -- "$@"
!mime ^text, label editor, ext xml|json|csv|tex|py|pl|rb|js|sh|php = nvim -- "$@"
!mime ^text, label pager, ext xml|json|csv|tex|py|pl|rb|js|sh|php = "$PAGER" -- "$@"
# Websites
ext x?html?, has librewolf, X, flag f = librewolf -- "$@"
# Define the "editor" for text files as first action
mime ^text, label editor = "$EDITOR" -- "$@"
mime ^text, label pager = "$PAGER" -- "$@"
!mime ^text, label editor, ext xml|json|csv|tex|py|pl|rb|js|sh|php = "$EDITOR" -- "$@"
!mime ^text, label pager, ext xml|json|csv|tex|py|pl|rb|js|sh|php = "$PAGER" -- "$@"
# Misc files
ext 1 = man "$1"
ext exe = wine "$1"
ext msi = wine "$1"
name ^[mM]akefile$ = make
# Scripts
ext py = python -- "$1"
ext pl = perl -- "$1"
ext rb = ruby -- "$1"
ext js = node -- "$1"
ext sh = sh -- "$1"
ext php = php -- "$1"
# Audio and video
mime ^audio|ogg$, terminal, has mpv = mpv --no-audio-display -- "$@"
mime ^audio|ogg$, terminal, has mpv = mpv --shuffle --no-audio-display -- "$@"
mime ^video, has mpv, X, flag f = mpv -- "$@"
mime ^video, terminal, !X, has mpv = mpv -- "$@"
# Documents
ext pdf, has zathura, X, flag f = zathura -- "$@"
ext pdf, has xpdf, X, flag f = xpdf -- "$@"
ext pdf, has okular, X, flag f = okular -- "$@"
ext pptx?|od[dfgpst]|docx?|sxc|xlsx?|xlt|xlw|gnm|gnumeric, has libreoffice, X, flag f = libreoffice "$@"
# Images
mime ^image, has imv, X, flag f = imv -- "$@"
# Archives
ext 7z, has 7z = 7z -p l "$@" | "$PAGER"
ext 7z|ace|ar|arc|bz2?|cab|cpio|cpt|deb|dgc|dmg|gz, has 7z = 7z x -- "$@"
ext iso|jar|pkg|rar|shar|tar|tgz|xar|xpi|xz|zip, has 7z = 7z x -- "$@"
# Listing and extracting archives without atool:
ext tar|gz|bz2|xz, has tar = tar vvtf "$1" | "$PAGER"
ext tar|gz|bz2|xz, has tar = for file in "$@"; do tar vvxf "$file"; done
# Fonts
mime ^font, has fontforge, X, flag f = fontforge "$@"
# Generic file openers
label open, has xdg-open = xdg-open -- "$@"
# Define the editor for non-text files + pager as last action
!mime ^text, !ext xml|json|csv|tex|py|pl|rb|js|sh|php = ask
label editor, !mime ^text, !ext xml|json|csv|tex|py|pl|rb|js|sh|php = "$EDITOR" -- "$@"
label pager, !mime ^text, !ext xml|json|csv|tex|py|pl|rb|js|sh|php = "$PAGER" -- "$@"
# Execute a file as program/script.
mime application/x-executable = "$1"
'';
# Ranger's preview
rangerScope = ''
#!/usr/bin/env bash
set -o noclobber -o noglob -o nounset -o pipefail
IFS=$'\n'
# Script arguments
FILE_PATH="$1"
PV_WIDTH="$2"
PV_HEIGHT="$3"
IMAGE_CACHE_PATH="$4"
PV_IMAGE_ENABLED="$5"
FILE_EXTENSION=$(echo "$FILE_PATH" | rev | cut -d. -f1 | rev)
FILE_EXTENSION_LOWER=$(echo "$FILE_EXTENSION" | tr '[:upper:]' '[:lower:]')
# Settings
HIGHLIGHT_TABWIDTH=8
HIGHLIGHT_STYLE='pablo'
PYGMENTIZE_STYLE='autumn'
handle_extension() {
case "$FILE_EXTENSION_LOWER" in
# Archive
a|ace|alz|arc|arj|bz|bz2|cab|cpio|deb|gz|jar|lha|lz|lzh|lzma|lzo|\
rpm|rz|t7z|tar|tbz|tbz2|tgz|tlz|txz|tZ|tzo|war|xpi|xz|Z|zip)
atool --list -- "$FILE_PATH" && exit 5
bsdtar --list --file "$FILE_PATH" && exit 5
exit 1;;
rar)
unrar lt -p- -- "$FILE_PATH" && exit 5
exit 1;;
7z)
7z l -p -- "$FILE_PATH" && exit 5
exit 1;;
pdf)
pdftotext -l 10 -nopgbrk -q -- "$FILE_PATH" - && exit 5
exiftool "$FILE_PATH" && exit 5
exit 1;;
torrent)
transmission-show -- "$FILE_PATH" && exit 5
exit 1;;
# OpenDocument
odt|ods|odp|sxw)
odt2txt "$FILE_PATH" && exit 5
exit 1;;
esac
}
handle_image() {
local mimetype="$1"
case "$mimetype" in
# SVG
image/svg+xml)
convert "$FILE_PATH" "$IMAGE_CACHE_PATH" && exit 6
exit 1;;
# Image
image/*)
local orientation
orientation="$( identify -format '%[EXIF:Orientation]\n' -- "$FILE_PATH" )"
if [[ -n "$orientation" && "$orientation" != 1 ]]; then
convert -- "$FILE_PATH" -auto-orient "$IMAGE_CACHE_PATH" && exit 6
fi
exit 7;;
# Video
video/*)
# Thumbnail
ffmpegthumbnailer -i "$FILE_PATH" -o "$IMAGE_CACHE_PATH" -s 0 && exit 6
exit 1;;
# PDF
application/pdf)
pdftoppm -f 1 -l 1 \
-scale-to-x 1920 \
-scale-to-y -1 \
-singlefile \
-jpeg -tiffcompression jpeg \
-- "$FILE_PATH" "$(basename "$IMAGE_CACHE_PATH")" \
&& exit 6 || exit 1;;
esac
}
handle_mime() {
local mimetype="$1"
case "$mimetype" in
# Text
text/* | */xml)
exit 2;;
# Image
image/*)
exiftool "$FILE_PATH" && exit 5
exit 1;;
# Video and audio
video/* | audio/*)
mediainfo "$FILE_PATH" && exit 5
exiftool "$FILE_PATH" && exit 5
exit 1;;
esac
}
MIMETYPE="$( file --dereference --brief --mime-type -- "$FILE_PATH" )"
if [[ "$PV_IMAGE_ENABLED" == 'True' ]]; then
handle_image "$MIMETYPE"
fi
handle_extension
handle_mime "$MIMETYPE"
handle_fallback
exit 1
'';
# Ranger's bookmarks
rangerBookmarks = ''
# Local files
k:/home/jimbo/Downloads
c:/home/jimbo/.config
L:/home/jimbo/.local
D:/mnt
n:/etc/nixos
# Remote files
a:/home/jimbo/JimboNFS
K:/home/jimbo/JimboNFS/Downloads
p:/home/jimbo/JimboNFS/Photos
V:/home/jimbo/JimboNFS/Videos/Random
m:/home/jimbo/JimboNFS/Music
L:/home/jimbo/JimboNFS/MineServers
s:/home/jimbo/JimboNFS/School
N:/home/jimbo/JimboNFS/JimboOS/NixOS
'';
in
{
# Define home manager programs and configs
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jimbo = { config, pkgs, ... }: {
# Install user programs
home.packages = (with pkgs; [
fastfetch pFetch htop ranger tcptrack
]);
# Install Neovim and plugins
programs.neovim = {
enable = true;
defaultEditor = true;
vimAlias = true;
plugins = with pkgs.vimPlugins; [
# Vim theme
vim-airline vim-airline-themes
# Internal clipboard
vim-vsnip cmp-vsnip
# Autocomplete manager
lspkind-nvim
# Autocomplete plugins
cmp-nvim-lsp cmp-buffer cmp-path cmp-cmdline nvim-cmp
# Hex color visualizer and color theme
nvim-colorizer-lua vim-monokai-pro
];
extraConfig = ''
lua <<EOF
-- Set up nvim-cmp.
local cmp = require'cmp'
cmp.setup({
snippet = {
-- REQUIRED - you must specify a snippet engine
expand = function(args)
vim.fn["vsnip#anonymous"](args.body) -- For `vsnip` users.
end,
},
mapping = cmp.mapping.preset.insert({
['<C-b>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.abort(),
['<CR>'] = cmp.mapping.confirm({ select = true }), -- Accept currently selected item. Set `select` to `false` to only confirm explicitly selected items.
}),
sources = cmp.config.sources({
{ name = 'nvim_lsp' },
{ name = 'vsnip' }
}, {
{ name = 'buffer' },
})
})
-- Use buffer source for `/` and `?`.
cmp.setup.cmdline({ '/', '?' }, {
mapping = cmp.mapping.preset.cmdline(),
sources = {
{ name = 'buffer' }
}
})
-- Use cmdline & path source for ':'.
cmp.setup.cmdline(':', {
mapping = cmp.mapping.preset.cmdline(),
sources = cmp.config.sources({
{ name = 'path' }
}, {
{ name = 'cmdline' }
})
})
EOF
colorscheme monokai_pro
let g:airline_theme='onedark'
let g:airline#extensions#tabline#enabled = 1
highlight Normal guibg=none ctermbg=235
highlight Visual guibg=#151515 ctermbg=238
highlight Pmenu guibg=#151515 ctermbg=238
highlight EndOfBuffer guibg=none ctermbg=235
highlight LineNr guibg=none ctermbg=none
lua require'colorizer'.setup()
set nu rnu
set termguicolors
set runtimepath+=/usr/share/vim/vimfiles
set mouse=a
set undofile
set undodir=$HOME/.local/share/nvim/undo
set undolevels=100
set undoreload=10000
nmap <C-x> :bnext<CR>
nmap <C-z> :bprev<CR>
'';
};
# Enable tmux
programs.tmux = {
enable = true;
extraConfig = ''
set -g mouse on
set -g base-index 1
set -g default-terminal "st-256color"
set -g history-limit 4096
set -g set-titles on
set -g set-titles-string "#T"
set -g status on
set -g status-left ""
set -g status-position bottom
set -g status-right "#[bg=brightblack]#[fg=dark_purple] #T "
set -g status-style "bg=black"
setw -g pane-base-index 1
setw -g window-status-format "#[bg=brightmagenta]#[fg=black] #I #[bg=brightblack]#[fg=white] #W "
setw -g window-status-current-format "#[bg=brightmagenta]#[fg=black] #I #[bg=white]#[fg=black] #W "
'';
};
# Start defining arbitrary files
home.file = {
# Fastfetch config
".config/fastfetch/config.jsonc".text = neoConf;
# Ranger config
".config/ranger/rc.conf".text = rangerConf;
".config/ranger/rifle.conf".text = rifleConf;
".config/ranger/scope.sh" = { text = rangerScope; executable = true; };
".local/share/ranger/bookmarks".text = rangerBookmarks;
".config/ranger/plugins/devicons/devicons.py".source = "${pkgs.fetchurl {
url = "https://raw.githubusercontent.com/alexanderjeurissen/ranger_devicons/2c3c19dffb4238d01c74515c9eed5088066db243/devicons.py";
sha256 = "0girsranwhsgc6kcyh1mkwymx0bl14a2k5nzk3kyllb6ic48c33k";
}}";
".config/ranger/plugins/devicons/__init__.py".source = "${pkgs.fetchurl {
url = "https://raw.githubusercontent.com/alexanderjeurissen/ranger_devicons/2c3c19dffb4238d01c74515c9eed5088066db243/__init__.py";
sha256 = "1r086apw20ryxylqgnbynx7mzz779v1w0m40wghmmhlzw4x15fmr";
}}";
};
# Shell aliases
programs.zsh = {
enable = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
initExtra = ''
${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
'';
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "half-life";
};
shellAliases = let
mineServers = ''/home/jimbo/JimboNFS/MineServers'';
in {
# NixOS aliases
nixcfg = "nvim /etc/nixos/{configuration,jimbo,hardware-configuration}.nix";
nixswitch = "${auth} nixos-rebuild switch";
nixdate = "${auth} nixos-rebuild switch --upgrade-all";
nixclean = "${auth} nix-store --gc; nix-collect-garbage -d";
# Shortcut aliases
neo = "clear && fastfetch";
ip = "ip -c";
ls = "${pkgs.eza}/bin/eza -a --color=always --group-directories-first --icons";
cat = "${pkgs.bat}/bin/bat --paging never";
# Curl tools
myip = "curl ifconfig.co";
# Start basic programs
controlpanel = "tmux new-session -d -s control; tmux attach -t control";
# Minecraft stuff
mcstart21 = "${pkgs.temurin-jre-bin-21}/bin/java -Xmx8G -jar";
mcstart8 = "${pkgs.temurin-jre-bin-8}/bin/java -Xmx5G -jar";
velocitystart = "cd ${mineServers}/Velocity && mcstart21 velocity*";
johnstart = "cd ${mineServers}/Johnside-SMP && mcstart21 paper* --nogui";
bloxelstart = "cd ${mineServers}/Bloxelcom && mcstart21 paper* --nogui";
dewstart = "cd ${mineServers}/DewDestroyer && mcstart21 paper* --nogui";
betastart = "cd ${mineServers}/BetaServer && mcstart8 Posiden*";
};
};
# Define current version
home.stateVersion = "23.11";
};
};
}