# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ../../pkgs/base-packages.nix ../../modules/base.nix ]; networking.hostName = "shen"; # Define your hostname. # Enable CUPS to print documents. services.printing = { enable = true; drivers = [pkgs.gutenprint]; browsing = true; listenAddresses = [ "*:631" ]; # Not 100% sure this is needed and you might want to restrict to the local network allowFrom = [ "all" ]; # this gives access to anyone on the interface you might want to limit it see the official documentation defaultShared = true; # If you want extraConf = '' DefaultEncryption Never ''; }; services.xserver.videoDrivers = [ "nvidia" ]; hardware = { opengl = { enable = true; extraPackages = with pkgs; [ intel-media-driver vaapiIntel vaapiVdpau libvdpau-va-gl # rocm-opencl-icd # rocm-opencl-runtime # amdvlk ]; driSupport = lib.mkDefault true; driSupport32Bit = lib.mkDefault true; #extraPackages32 = with pkgs; [ # driversi686linux.amdvlk #]; }; nvidia = { package = config.boot.kernelPackages.nvidiaPackages.stable; modesetting.enable = true; }; }; # environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV"; environment.systemPackages = with pkgs; [ cudatoolkit ]; virtualisation.docker.enableNvidia = true; services.samba = { enable = true; extraConfig = '' # security = share # passdb backend = tdbsam workgroup = WORKGROUP server string = smbnix netbios name = smbnix security = user #use sendfile = yes #max protocol = smb2 # note: localhost is the ipv6 localhost ::1 hosts allow = 172.16.1. 127.0.0.1 localhost hosts deny = 0.0.0.0/0 guest account = chris map to guest = bad user ''; shares = { public = { path = "/storage/share"; # "valid users" = "tfc"; public = "yes"; writeable = "yes"; browsable = "yes"; "read only" = "no"; "create mask" = "0644"; "directory mask" = "0755"; "guest ok" = "yes"; "force user" = "chris"; "fruit:aapl" = "yes"; "fruit:time machine" = "yes"; "vfs objects" = "catia fruit streams_xattr"; }; }; }; # CADDY services.caddy = { enable = true; extraConfig = '' (matrix-well-known-header) { # Headers header Access-Control-Allow-Origin "*" header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" header Content-Type "application/json" } ''; virtualHosts = { "sermons.luctorcrc.org".extraConfig = '' reverse_proxy 172.16.1.202:9000 encode gzip ''; }; virtualHosts = { "restream.luctorcrc.org".extraConfig = '' reverse_proxy 172.16.1.202:443 encode gzip ''; }; virtualHosts = { "bitwarden.tfcconnection.org".extraConfig = '' reverse_proxy localhost:9898 encode gzip ''; }; virtualHosts = { "staff.tfcconnection.org".extraConfig = '' encode gzip reverse_proxy localhost:8080 redir /.well-known/carddav /remote.php/carddav 301 redir /.well-known/caldav /remote.php/caldav 301 header { Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;" Access-Control-Allow-Origin * Referrer-Policy no-referrer-when-downgrade } redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301 ''; }; virtualHosts = { "office.tfcconnection.org".extraConfig = '' encode gzip @collabora { path /loleaflet/* path /hosting/discovery # WOPI discovery URL path /hosting/capabilities # Show capabilities as json path /cool/* # Main websocket, uploads/downloads, presentations path /lool/* # Main websocket, uploads/downloads, presentations path /cool/adminws # Main websocket, uploads/downloads, presentations path /browser # Main websocket, uploads/downloads, presentations } reverse_proxy https://127.0.0.1:9980 { transport http { tls_insecure_skip_verify } } ''; }; virtualHosts = { "table.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8181 ''; }; virtualHosts = { "app.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8686 ''; }; virtualHosts = { "test.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8880 ''; }; virtualHosts = { "n8n.tfcconnection.org".extraConfig = '' reverse_proxy localhost:5678 header { Access-Control-Allow-Origin * } ''; }; virtualHosts = { "videosdani.tfcconnection.org".extraConfig = '' @live { protocol rtmps } reverse_proxy 172.16.1.7:9000 reverse_proxy @live 172.16.1.7:1935 ''; }; virtualHosts = { "streamdani.tfcconnection.org".extraConfig = '' reverse_proxy 172.16.1.7:1935 ''; }; virtualHosts = { "tbl.tfcconnection.org".extraConfig = '' reverse_proxy localhost:9180 ''; }; virtualHosts = { "ytdl.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8686 ''; }; virtualHosts = { "mail.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8443 ''; }; virtualHosts = { "data.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8055 ''; }; virtualHosts = { "photos.tfcconnection.org".extraConfig = '' reverse_proxy localhost:2342 ''; }; virtualHosts = { "new.tfcconnection.org".extraConfig = '' encode gzip root * /srv/tfcconnection file_server header { Access-Control-Allow-Origin * } ''; }; virtualHosts = { "tfcconnection.org".extraConfig = '' encode gzip root * /srv/tfcconnection file_server header { Access-Control-Allow-Origin * } handle /.well-known/matrix/server { import matrix-well-known-header respond `{"m.server":"matrix.tfcconnection.org"}` } handle /.well-known/matrix/client { import matrix-well-known-header respond `{"m.homeserver":{"base_url":"https://matrix.tfcconnection.org"},"m.identity_server":{"base_url":"https://identity.matrix.org"},"im.vector.riot.jitsi": { "preferredDomain": "jitsi.tfcconnection.org" }}` } ''; }; virtualHosts = { "www.tfcconnection.org".extraConfig = '' encode gzip root * /srv/tfcconnection file_server header { Access-Control-Allow-Origin * } ''; }; virtualHosts = { "plausible.tfcconnection.org".extraConfig = '' encode gzip reverse_proxy 127.0.0.1:8000 ''; }; virtualHosts = { "yt.tfcconnection.org".extraConfig = '' encode gzip reverse_proxy 127.0.0.1:8484 ''; }; virtualHosts = { "imaginary.tfcconnection.org".extraConfig = '' encode gzip reverse_proxy 127.0.0.1:9000 ''; }; virtualHosts = { "ai.tfcconnection.org".extraConfig = '' encode gzip reverse_proxy 127.0.0.1:8008 ''; }; virtualHosts = { "lem.cochrun.xyz".extraConfig = '' reverse_proxy localhost:7080 encode gzip header { -Server Strict-Transport-Security "max-age=31536000; include-subdomains;" X-XSS-Protection "1; mode=block" X-Frame-Options "DENY" X-Content-Type-Options nosniff Referrer-Policy no-referrer-when-downgrade X-Robots-Tag "none" } ''; }; }; systemd.services = { nextcloud-cron = { enable = true; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php"; }; }; nextcloud-push = { enable = true; serviceConfig = { Environment = "PORT=7867"; ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php"; }; }; nextcloud-previews = { enable = true; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate"; }; }; nextcloud-backup = { enable = true; serviceConfig = { Type = "oneshot"; ExecStart = "/home/chris/bin/nextcloud/backup.sh"; }; }; # photoprism-index = { # enable = true; # serviceConfig = { # Type = "oneshot"; # ExecStart = "${pkgs.docker}/bin/docker exec -d photoprism-photoprism-1 photoprism index"; # }; # }; }; systemd.timers = { nextcloud-cron = { enable = true; partOf = ["nextcloud-cron.service"]; timerConfig = { OnStartupSec = "2min"; OnUnitActiveSec = "5min"; Unit = "nextcloud-cron.service"; }; wantedBy = [ "timers.target" ]; }; nextcloud-previews = { enable = true; partOf = ["nextcloud-previews.service"]; timerConfig = { OnCalendar = "*-*-* 00:02:30"; Unit = "nextcloud-previews.service"; }; wantedBy = [ "timers.target" ]; }; nextcloud-backup = { enable = true; partOf = ["nextcloud-backup.service"]; timerConfig = { OnCalendar = "*-*-* 00:00:30"; Unit = "nextcloud-backup.service"; }; wantedBy = [ "timers.target" ]; }; # photoprism-index = { # enable = true; # partOf = ["photoprism-index.service"]; # timerConfig = { # OnStartupSec = "2min"; # OnUnitActiveSec = "15min"; # Unit = "photoprism-index.service"; # }; # wantedBy = [ "timers.target" ]; # }; }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }