commit fc6ebcd94f168e096e7637fcd555fe388f1d0654 Author: Luna Date: Fri Oct 25 17:00:18 2024 -0500 Initial commit for /etc/nixos configuration diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..4c487d0 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,98 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./users/luna.nix + ./users/jimbo.nix + ./hardware-configuration.nix + ./server/acme.nix + ./server/azuracast.nix + ./server/nginx.nix + ./server/nfs.nix + ./server/nextcloud.nix + ]; + + # Bootloader. + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + networking.hostName = "HP"; + # networking.wireless.enable = true; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/Chicago"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + # Enable X11, Cinnamon, and LightDM. + services.xserver = { + enable = true; + displayManager.lightdm.enable = true; + desktopManager.cinnamon.enable = true; + }; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + #jack.enable = true; + }; + + # Enable automatic login for the user. + services.displayManager.autoLogin.enable = true; + services.displayManager.autoLogin.user = "luna"; + + # Install firefox. + programs.firefox.enable = true; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + # programs + vim + neovim + icu + openssl + zlib + ]; + + # Enable git for shit and stuff + programs.git.enable = true; + + # Enable ZSH for user shells + programs.zsh.enable = true; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PrintLastLog = "no"; + PasswordAuthentication = false; + }; + }; + + # Open ports in the firewall using nftables + networking = { + nftables.enable = true; + firewall = { + allowedTCPPorts = [ 111 2049 20048 32438 ]; + allowedUDPPorts = []; + }; + }; + + # This value determines the NixOS release for stateful data + system.stateVersion = "24.05"; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..068f9ec --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems = { + "/" = { device = "/dev/disk/by-uuid/9bcde200-d78b-4d54-b371-5fb8dd371137"; + fsType = "ext4"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/75E4-8437"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + "/export/LunaNFS" = { + device = "/dev/disk/by-uuid/380B71921F406EFC"; + fsType = "ntfs"; + noCheck = true; + }; + "/home/luna/LunaNFS" = { + device = "/export/LunaNFS"; + fsType = "none"; + options = [ "bind" ]; + }; + + # Atrocity of bindmounts + "/mnt/nextcloud/data/LunaNFS" = { + device = "/export/LunaNFS"; + fsType = "none"; + options = [ "bind" ]; + }; + "/var/lib/docker/volumes/azuracast_station_data/_data/wtrf/media/Music" = { + device = "/export/LunaNFS/stuffs/Music"; + fsType = "none"; + options = [ "bind" ]; + }; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/server/acme.nix b/server/acme.nix new file mode 100644 index 0000000..a91ead6 --- /dev/null +++ b/server/acme.nix @@ -0,0 +1,6 @@ +{ + security.acme = { + acceptTerms = true; + defaults.email = "odintoons@gmail.com"; + }; +} diff --git a/server/azuracast.nix b/server/azuracast.nix new file mode 100644 index 0000000..467698a --- /dev/null +++ b/server/azuracast.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + services.nginx.virtualHosts."radio.lunamoonlight.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.0.0.9:86"; + proxyWebsockets = true; + }; + }; +} diff --git a/server/nextcloud.nix b/server/nextcloud.nix new file mode 100644 index 0000000..890f537 --- /dev/null +++ b/server/nextcloud.nix @@ -0,0 +1,35 @@ +{pkgs, outputs, ...}: { + services = { + nextcloud = { + enable = true; + package = pkgs.nextcloud29; + hostName = "nextcloud.lunamoonlight.xyz"; + datadir = "/mnt/nextcloud"; + https = true; + config = { + adminuser = "luna"; + adminpassFile = "/mnt/nextcloud/password.txt"; + }; + settings = { + trusted_proxies = [ "127.0.0.1" ]; + trusted_domains = [ "nextcloud.lunamoonlight.xyz" ]; + overwriteprotocol = "https"; + }; + }; + nginx.virtualHosts."nextcloud.lunamoonlight.xyz" = { + enableACME = true; + addSSL = true; + locations."/" = { + proxyWebsockets = true; + extraConfig = " + location /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + "; + }; + }; + }; +} diff --git a/server/nfs.nix b/server/nfs.nix new file mode 100644 index 0000000..f9c6ce6 --- /dev/null +++ b/server/nfs.nix @@ -0,0 +1,9 @@ +{ + # NFS server + services.nfs.server = { + enable = true; + exports = '' + /export/LunaNFS *(rw,no_subtree_check) + ''; + }; +} diff --git a/server/nginx.nix b/server/nginx.nix new file mode 100644 index 0000000..1b7249e --- /dev/null +++ b/server/nginx.nix @@ -0,0 +1,26 @@ +{pkgs, ...}: { + services.nginx = { + enable = true; + package = (pkgs.nginx.override { + modules = with pkgs.nginxModules; [ rtmp ]; + }); + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts = { + "lunamoonlight.xyz" = { + enableACME = true; + addSSL = true; + root = "/var/www/lunalanding"; + }; + }; + }; + + # Open HTTP and HTTPs ports + networking.firewall = { + allowedTCPPorts = [ + 80 443 + ]; + }; +} diff --git a/users/jimbo.nix b/users/jimbo.nix new file mode 100644 index 0000000..ff78e4d --- /dev/null +++ b/users/jimbo.nix @@ -0,0 +1,29 @@ +{pkgs, ...}: { + users.users.jimbo = { + description = "Jimbo"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl jimbo@JimDesktop" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKC8Uqxb09V3msBgDv6lD/nETMYr/X0OgtpDo8ldcMK jimbo@JimServer" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLe/HioxCOkszFQdm1vb3ZwuzLzsOThqHNvEI4IXeXZ JimPhone" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnaD+OpCF1JC8a/A7OQUCqj+/nDOSUbFqHQBzhG9cDu jimbo@nixos" + ]; + extraGroups = [ + "wheel" + "audio" + "video" + "input" + "disk" + "dialout" + "networkmanager" + "rtkit" + "kvm" + "libvirtd" + "qemu-libvirtd" + "nginx" + "minecraft" + "nfsShare" + ]; + shell = pkgs.zsh; + }; +} diff --git a/users/luna.nix b/users/luna.nix new file mode 100644 index 0000000..702f5c5 --- /dev/null +++ b/users/luna.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.luna = { + isNormalUser = true; + description = "luna"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCiIminKLGqJqHgIJd8zlD8LrAk3V1agMLvk7pub3iUMbokJ1SlpH2mAHp3EZ1Maxcf9oh5gmQg8lf+Sb5mGlV2VmQKcDurSmJWysqcs3PrB/KRfxQxEiBbeVkXjs207Hf0xKkH6joG97pUf3dmZROKF+Q8/2NpSqEk402UGtvg8vXyn2SrNkB5A0v9lz2v8x9++YyoaqbeEVoZ0tp8hK7KGmVLbd7uFCe/pdylbA0YxfW4eovKm26jTMlTL27rRMiEL9La/AloYM3BgVepNZONpdUOPQt34/v9dH5UqAokfCKYK9/bE7H3HnOb70WxHVDB9N2JmxSRo1HBsDdTT+Fh9iIMfQQ3IgniYtw190VFqgYfvjnZl2eax91Zep2Oy9uVXrXhUfKzPpwjZSaaeChNPYHt1sE1wQNfMcw+wsUVjNdvsh2KDxIoagubu9OIGiW4Qp8MOfTvEnQv8HgR17KoWYXJUN5Dg0mTt6HQ+CvtIqM5oVhGS1x6kVyq0Irmel8= luna@ThinkPadT450DEB" + ]; + extraGroups = [ + "networkmanager" + "wheel" + ]; + packages = with pkgs; [ + #thunderbird + ]; + }; +}