# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; nix = { extraOptions = "experimental-features = nix-command flakes"; package = pkgs.nixFlakes; }; nixpkgs.config.allowUnFree = true; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "shen"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "America/Chicago"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; # Enable CUPS to print documents. services.printing = { enable = true; drivers = [pkgs.gutenprint]; browsing = true; listenAddresses = [ "*:631" ]; # Not 100% sure this is needed and you might want to restrict to the local network allowFrom = [ "all" ]; # this gives access to anyone on the interface you might want to limit it see the official documentation defaultShared = true; # If you want extraConf = '' DefaultEncryption Never ''; }; services.avahi = { enable = true; publish.enable = true; publish.userServices = true; }; hardware.opengl = { enable = true; extraPackages = with pkgs; [ intel-media-driver vaapiIntel vaapiVdpau libvdpau-va-gl rocm-opencl-icd rocm-opencl-runtime amdvlk ]; driSupport = lib.mkDefault true; driSupport32Bit = lib.mkDefault true; #extraPackages32 = with pkgs; [ # driversi686linux.amdvlk #]; }; environment.variables.AMD_VULKAN_ICD = lib.mkDefault "RADV"; programs.fish.enable = true; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.chris = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ vim wget yt-dlp bat ripgrep ffmpeg-full rsync dutree tmux git samba exa jq fd bc sysstat procs btop htop #nvtop glxinfo vulkan-tools pciutils blesh ]; virtualisation.docker.enable = true; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; services.fstrim.enable = true; # CADDY services.caddy = { enable = true; extraConfig = '' (matrix-well-known-header) { # Headers header Access-Control-Allow-Origin "*" header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS" header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization" header Content-Type "application/json" } ''; virtualHosts = { "bitwarden.tfcconnection.org".extraConfig = '' reverse_proxy localhost:9898 encode gzip ''; }; virtualHosts = { "staff.tfcconnection.org".extraConfig = '' encode gzip reverse_proxy localhost:8080 redir /.well-known/carddav /remote.php/carddav 301 redir /.well-known/caldav /remote.php/caldav 301 header { Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;" Access-Control-Allow-Origin * Referrer-Policy no-referrer-when-downgrade } redir /.well-known/oidc-configuration /apps/oidc/openid-configuration 301 ''; }; virtualHosts = { "office.tfcconnection.org".extraConfig = '' encode gzip @collabora { path /hosting/discovery # WOPI discovery URL path /hosting/capabilities # Show capabilities as json path /cool/* # Main websocket, uploads/downloads, presentations path /cool/adminws # Main websocket, uploads/downloads, presentations path /browser # Main websocket, uploads/downloads, presentations } reverse_proxy https://127.0.0.1:9980 { transport http { tls_insecure_skip_verify } } ''; }; virtualHosts = { "table.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8181 ''; }; virtualHosts = { "app.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8686 ''; }; virtualHosts = { "test.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8880 ''; }; virtualHosts = { "n8n.tfcconnection.org".extraConfig = '' reverse_proxy localhost:5678 header { Access-Control-Allow-Origin * } ''; }; virtualHosts = { "videosdani.tfcconnection.org".extraConfig = '' @live { protocol rtmps } reverse_proxy 172.16.1.7:9000 reverse_proxy @live 172.16.1.7:1935 ''; }; virtualHosts = { "streamdani.tfcconnection.org".extraConfig = '' reverse_proxy 172.16.1.7:1935 ''; }; virtualHosts = { "tbl.tfcconnection.org".extraConfig = '' reverse_proxy localhost:9180 ''; }; virtualHosts = { "ytdl.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8686 ''; }; virtualHosts = { "mail.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8443 ''; }; virtualHosts = { "data.tfcconnection.org".extraConfig = '' reverse_proxy localhost:8055 ''; }; virtualHosts = { "photos.tfcconnection.org".extraConfig = '' reverse_proxy localhost:2342 ''; }; virtualHosts = { "new.tfcconnection.org".extraConfig = '' encode gzip root * /srv/tfcconnection file_server header { Access-Control-Allow-Origin * } ''; }; virtualHosts = { "tfcconnection.org".extraConfig = '' encode gzip root * /srv/tfcconnection file_server header { Access-Control-Allow-Origin * } handle /.well-known/matrix/server { import matrix-well-known-header respond `{"m.server":"matrix.tfcconnection.org"}` } handle /.well-known/matrix/client { import matrix-well-known-header respond `{"m.homeserver":{"base_url":"https://matrix.tfcconnection.org"},"m.identity_server":{"base_url":"https://identity.matrix.org"},"im.vector.riot.jitsi": { "preferredDomain": "jitsi.tfcconnection.org" }}` } ''; }; virtualHosts = { "www.tfcconnection.org".extraConfig = '' encode gzip root * /srv/tfcconnection file_server header { Access-Control-Allow-Origin * } ''; }; virtualHosts = { "plausible.tfcconnection.org".extraConfig = '' encode gzip reverse_proxy 127.0.0.1:8000 ''; }; virtualHosts = { "sd.tfcconnection.org".extraConfig = '' encode gzip reverse_proxy 172.16.1.7:7860 header { Access-Control-Allow-Origin * } ''; }; }; systemd.services = { nextcloud-cron = { enable = true; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php"; }; }; nextcloud-push = { enable = true; serviceConfig = { Environment = "PORT=7867"; ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 /var/www/html/custom_apps/notify_push/bin/x86_64/notify_push /var/www/html/config/config.php"; }; }; nextcloud-previews = { enable = true; serviceConfig = { Type = "oneshot"; ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate"; }; }; }; systemd.timers = { nextcloud-cron = { enable = true; partOf = ["nextcloud-cron.service"]; timerConfig = { OnStartupSec = "2min"; OnUnitActiveSec = "5min"; Unit = "nextcloud-cron.service"; }; wantedBy = [ "timers.target" ]; }; nextcloud-previews = { enable = true; partOf = ["nextcloud-previews.service"]; timerConfig = { OnCalendar = "*-*-* 00:00:30"; Unit = "nextcloud-previews.service"; }; wantedBy = [ "timers.target" ]; }; }; system.autoUpgrade = { enable = true; dates = "01:00"; allowReboot = false; }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }