blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5168f5fc3e51b9fedceaef2d0067361cb09fcceb
nix/hosts/snowbelle/configuration.nix

184 lines
4.4 KiB
Nix
Raw Blame History

{ config, lib, stable_pkgs, unstable_pkgs, ... }:
let
pkgs = stable_pkgs.x86_64;
unstable = unstable_pkgs.x86_64;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../users/users.nix
../../modules/system
../../modules/homelab
../../modules/homelab/gameservers/minecraft_recpro
];
modules = {
system = {
ssh.enable = true;
backups.enable = true;
backups.repo = "/holocron/backups";
sops.enable = true;
podman.enable = true;
syncthing.enable = true;
tailscale.enable = true;
nvidia.enable = true;
};
homelab = {
enable = true;
zfs.enable = true;
smb.enable = true;
nfs.enable = true;
};
services = {
caddy.enable = true;
jellyfin.enable = true;
audiobookshelf.enable = true;
vaultwarden.enable = true;
gitea.enable = true;
glance.enable = true;
qbittorrent.enable = true;
immich.enable = true;
hass.enable = true;
zigbee2mqtt.enable = true;
mosquitto.enable = true;
prowlarr.enable = true;
flaresolverr.enable = true;
bazarr.enable = true;
radarr.enable = true;
sonarr.enable = true;
uptime-kuma.enable = true;
};
gameservers = {
minecraft_recpro.enable = true;
};
};
# configure users & groups
users = {
blake.enable = true; # main user, home manager
defaultUserShell = pkgs.zsh; # the goat
};
# boot (systemd is going on me)
boot.loader.systemd-boot.enable = true; # systemd your pretty cool ya know
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.systemd.enable = true; # better logging
# setup hostname and networking stack
services.resolved = {
enable = true;
fallbackDns = [ "1.1.1.1" "9.9.9.9" ];
dnsovertls = "opportunistic";
};
networking = {
hostName = "snowbelle"; # hostname
hostId = "3e6e7055"; # zfs wants this
networkmanager = {
enable = true; # the goat
dns = "systemd-resolved"; # the backup dancer!
ensureProfiles.profiles = {
vpn = {
ethernet.mac-address = "7a:e4:07:8d:22:76";
connection.type = "vlan";
connection.id = "vpn";
connection.interface-name = "enp89s0.69"; # or just "vpn-vlan"
vlan.interface-name = "enp89s0.69"; # or just "vpn-vlan"
vlan.parent = "enp89s0";
vlan.id = 69;
#ipv4.dns = "9.9.9.9";
};
};
};
};
# set timezone
time.timeZone = "America/Chicago";
hardware.bluetooth.enable = true;
# define shell
programs.zsh.enable = true;
# package install list
environment.systemPackages = with pkgs; [
git
age
rsync
wget
curl
fzf
fd
tree
vim
lf
tmux
btop
neofetch
usbutils
inetutils
iptables
bluez
];
# allow proprietary packages
nixpkgs.config.allowUnfree = true;
# ld fix
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged
# programs here, NOT in environment.systemPackages
];
# enable flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
80 # set - http
111 # set - portmapper for nfs
139 # set - smb
443 # set - https
445 # set - cifs
1198
1883 # set - mqtt
2049 # set - nfs
2222 # srv - syncthing
7100 # srv - jellyfin
7101 # srv - audiobookshelf
7102 # srv - yacreader
7103 # srv - qbittorrent
7104 # srv - prowlarr
7105 # srv - bazarr
7106 # srv - sonarr
7107 # srv - radarr
7120 # srv - flaresolverr
5701 # srv - archivebox
7502 # srv - kiwix
7567 # srv - gitea ssh
7700 # srv - glance
7701 # srv - vaultwarden
7702 # srv - immich
7703 # srv - gitea
7704 # srv - hass
7705 # srv - zigbee2mqtt
7901 # srv - uptime kuma
25777 # srv - minecraft
25565 # ^ ^ ^
25566 # | | |
25567 # | | |
];
networking.firewall.allowedUDPPorts = [ 51820 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
system.stateVersion = "25.05"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink