155 lines
3.8 KiB
Nix
155 lines
3.8 KiB
Nix
{ config, lib, inputs, stable_pkgs, unstable_pkgs, ... }:
|
|
|
|
let
|
|
pkgs = stable_pkgs.x86_64;
|
|
unstable = unstable_pkgs.x86_64;
|
|
in
|
|
{
|
|
imports =
|
|
[ # Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
../../nixos
|
|
../../../users/blake
|
|
../../../modules/system
|
|
../../../modules/holocron
|
|
../../../modules/homelab
|
|
../../../modules/gameservers/minecraft_recpro
|
|
];
|
|
|
|
home-manager.users.blake.imports = [
|
|
../../../users/blake/hosts/snowbelle.nix
|
|
];
|
|
|
|
system = {
|
|
ssh.enable = true;
|
|
sops.enable = true;
|
|
podman.enable = true;
|
|
yubikey.enable = true;
|
|
graphics = {
|
|
enable = true;
|
|
vendor = "nvidia";
|
|
};
|
|
};
|
|
holocron = {
|
|
syncthing.enable = true;
|
|
copyparty.enable = false;
|
|
ensure_perms.enable = false;
|
|
zfs.enable = true;
|
|
smb.enable = true;
|
|
nfs.enable = true;
|
|
};
|
|
homelab = {
|
|
enable = true;
|
|
tailscale.enable = true;
|
|
dnsmasq.enable = true;
|
|
backups.enable = true;
|
|
motd.enable = true;
|
|
postfix.enable = true;
|
|
gitea.enable = true;
|
|
glance.enable = true;
|
|
immich.enable = true;
|
|
hass.enable = true;
|
|
jellyfin.enable = true;
|
|
audiobookshelf.enable = true;
|
|
yacreader.enable = true;
|
|
qbittorrent.enable = true;
|
|
sonarr.enable = true;
|
|
radarr.enable = true;
|
|
bazarr.enable = true;
|
|
prowlarr.enable = true;
|
|
flaresolverr.enable = true;
|
|
zigbee2mqtt.enable = true;
|
|
mosquitto.enable = true;
|
|
caddy.enable = true;
|
|
uptime-kuma.enable = true;
|
|
vaultwarden.enable = true;
|
|
};
|
|
gameservers = {
|
|
minecraft_recpro.enable = true;
|
|
minecraft_modded.enable = true;
|
|
};
|
|
|
|
# boot (systemd is going on me)
|
|
boot.loader.systemd-boot.enable = true; # systemd your pretty cool ya know
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
boot.initrd.systemd.enable = true; # better logging
|
|
|
|
# setup hostname and networking stack
|
|
services.resolved = {
|
|
enable = true;
|
|
fallbackDns = [ "1.1.1.1" "9.9.9.9" ];
|
|
dnsovertls = "opportunistic";
|
|
};
|
|
networking = {
|
|
hostName = "snowbelle"; # hostname
|
|
hostId = "3e6e7055"; # zfs wants this
|
|
networkmanager = {
|
|
enable = true; # the goat
|
|
dns = "systemd-resolved"; # the backup dancer!
|
|
ensureProfiles.profiles = {
|
|
vpn = {
|
|
ethernet.mac-address = "7a:e4:07:8d:22:76";
|
|
connection.type = "vlan";
|
|
connection.id = "vpn";
|
|
connection.interface-name = "enp89s0.69"; # or just "vpn-vlan"
|
|
vlan.interface-name = "enp89s0.69"; # or just "vpn-vlan"
|
|
vlan.parent = "enp89s0";
|
|
vlan.id = 69;
|
|
#ipv4.dns = "9.9.9.9";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
|
|
|
|
hardware.bluetooth.enable = true;
|
|
|
|
|
|
|
|
# Open ports in the firewall.
|
|
networking.firewall.allowedTCPPorts = [
|
|
80 # set - http
|
|
111 # set - portmapper for nfs
|
|
139 # set - smb
|
|
443 # set - https
|
|
445 # set - cifs
|
|
1198
|
|
1883 # set - mqtt
|
|
2049 # set - nfs
|
|
2222 # srv - syncthing
|
|
7100 # srv - jellyfin
|
|
7101 # srv - audiobookshelf
|
|
7102 # srv - yacreader
|
|
7103 # srv - qbittorrent
|
|
7104 # srv - prowlarr
|
|
7105 # srv - bazarr
|
|
7106 # srv - sonarr
|
|
7107 # srv - radarr
|
|
7120 # srv - flaresolverr
|
|
5701 # srv - archivebox
|
|
7502 # srv - kiwix
|
|
7567 # srv - gitea ssh
|
|
7700 # srv - glance
|
|
7701 # srv - vaultwarden
|
|
7702 # srv - immich
|
|
7703 # srv - gitea
|
|
7704 # srv - hass
|
|
7705 # srv - zigbee2mqtt
|
|
7901 # srv - uptime kuma
|
|
7902 # srv - copyparty
|
|
25777 # srv - minecraft
|
|
25565 # ^ ^ ^
|
|
25566 # | | |
|
|
25567 # | | |
|
|
];
|
|
|
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
|
# Or disable the firewall altogether.
|
|
networking.firewall.enable = true;
|
|
|
|
system.stateVersion = "25.05"; # stays here : )
|
|
|
|
}
|
|
|