136 lines
2.9 KiB
Nix
136 lines
2.9 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
imports =
|
|
[ # Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
../../users/users.nix
|
|
../../modules/system/default.nix
|
|
../../modules/homelab/default.nix
|
|
];
|
|
|
|
modules = {
|
|
system = {
|
|
ssh.enable = true;
|
|
sops.enable = true;
|
|
docker.enable = true;
|
|
syncthing.enable = true;
|
|
# syncthing.mode = "server";
|
|
tailscale.enable = false;
|
|
nvidia.enable = true;
|
|
};
|
|
homelab = {
|
|
zfs.enable = true;
|
|
smb.enable = true;
|
|
nfs.enable = true;
|
|
nginx-proxy.enable = true;
|
|
};
|
|
services = {
|
|
jellyfin.enable = true;
|
|
};
|
|
};
|
|
|
|
# enable users
|
|
users = {
|
|
blake.enable = true;
|
|
};
|
|
|
|
users.groups.media = { gid = 700; };
|
|
|
|
# testing!
|
|
boot.plymouth.enable = false;
|
|
boot.initrd.systemd.enable = true; # optional, for nicer initrd logs
|
|
boot.loader.systemd-boot.consoleMode = "auto"; # not "keep" or "max"
|
|
|
|
|
|
# use the systemd-boot EFI boot loader.
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
# setup hostname and networking stack
|
|
networking.hostName = "snowbelle"; # Define your hostname.
|
|
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
|
networking.hostId = "3e6e7055";
|
|
|
|
# set timezone
|
|
time.timeZone = "America/Chicago";
|
|
|
|
# define shell
|
|
programs.zsh.enable = true;
|
|
users.defaultUserShell = pkgs.zsh;
|
|
|
|
# package install list
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
rsync
|
|
wget
|
|
git
|
|
iptables
|
|
nettools
|
|
neofetch
|
|
btop
|
|
age
|
|
nvidia-container-toolkit
|
|
];
|
|
|
|
|
|
# allow proprietary packages
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
# ld fix
|
|
programs.nix-ld.enable = true;
|
|
programs.nix-ld.libraries = with pkgs; [
|
|
# Add any missing dynamic libraries for unpackaged
|
|
# programs here, NOT in environment.systemPackages
|
|
];
|
|
|
|
# enable flakes
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
# Open ports in the firewall.
|
|
networking.firewall.allowedTCPPorts = [
|
|
80 # http
|
|
111 # portmapper for nfs
|
|
139 # smb
|
|
443 # https
|
|
445 # cifs
|
|
1883
|
|
2049 # nfs
|
|
2222 # syncthing
|
|
3030 # jellyfin
|
|
3131 # audiobookshelf
|
|
3232 #
|
|
3333 # qbittorrent
|
|
3434 # yacreader
|
|
3535 # prowlarr
|
|
3636 # sonarr
|
|
3737 # radarr
|
|
3838 # bazarr
|
|
3939 # flaresolverr
|
|
3923 # copyparty
|
|
4141 # hass
|
|
4142 # mqtt
|
|
4242 # immich
|
|
4444 # gitea
|
|
5050 # kiwix
|
|
5656 # archivebox
|
|
7070 # vaultwarden
|
|
7567 # gitea ssh
|
|
7777 # glance
|
|
8080 # nginx webui
|
|
8181 # uptime kuma
|
|
25777 # minecraft
|
|
25565
|
|
25566
|
|
25567
|
|
];
|
|
|
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
|
# Or disable the firewall altogether.
|
|
networking.firewall.enable = true;
|
|
|
|
system.stateVersion = "25.05"; # Did you read the comment?
|
|
|
|
}
|
|
|