chris/dotfiles
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
dotfiles/systems/dalinar/configuration.nix

525 lines
14 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/base.nix
../../modules/servers.nix
../../pkgs/base-packages.nix
../../modules/audiobookshelf.nix
# ../../modules/matrix.nix
];
networking.hostName = "dalinar"; # Define your hostname.
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.chris = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
};
virtualisation.docker = {
enable = true;
# daemon.settings = {
# experimental = true;
# ip6tables = true;
# };
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
services.syncthing = {
enable = true;
dataDir = "/storage/syncthing";
openDefaultPorts = true;
configDir = "/home/chris/syncthing";
user = "chris";
group = "users";
guiAddress = "0.0.0.0:8384";
overrideDevices = true;
overrideFolders = true;
settings = {
devices = {
syl = {
id = "FPELBL2-Y6BMDOB-4TXM75K-VZV7IR3-JDMM35Z-TUEZKXX-YAPUTL6-K5SFQAN";
};
kaladin = {
id = "LH6523Z-QQ5F3A4-SINZDOI-UFMQBIX-ZV6Q5BQ-LTKVMDB-CRI6QG5-RRKJFQS";
};
shadow = {
id = "B24VU6Z-URTMEXN-ZYKRWX7-XWSTHXD-XKX67EB-XSKMT4V-KWKGX7Q-W7DB2QV";
};
tablet = {
id = "4HEXCNH-MCVBZQX-LQ735TG-P2VTJ7N-CZ5MK4P-ICZAPC7-YCXVEWV-7NILMA5";
};
kohlin = {
id = "BSWKBRR-2IJBCHA-UQY7DE7-CV2U2IL-PMFQFCJ-D5ZZJMU-FPYRUPC-MCC32QQ";
};
};
folders = {
music = {
id = "teqqy-rzvec";
path = "/storage/syncthing/Music";
devices = [ "syl" "kaladin" "shadow" "kohlin"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
ebooks = {
id = "wziqy-7hyv9";
path = "/storage/syncthing/ebooks";
devices = [ "kaladin" "shadow" "tablet" "kohlin"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
docs = {
path = "/storage/syncthing/docs";
devices = [ "syl" "kaladin" "shadow" "kohlin"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
librera = {
id = "vvtvj-osndy";
path = "/storage/syncthing/librera";
devices = [ "tablet" "shadow" "kohlin"];
versioning = {
type = "trashcan";
params.cleanoutDays = "100";
};
};
};
};
};
# nix-bitcoin = {
# generateSecrets = true;
# operator = {
# enable = false;
# name = "chris";
# };
# };
# List services that you want to enable:
services.locate = {
enable = true;
package = pkgs.plocate;
localuser = null;
};
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.fstrim.enable = true;
services.logind = {
lidSwitch = "ignore";
lidSwitchExternalPower = "ignore";
};
services.monero = {
enable = false;
dataDir = "/storage/monero";
};
# services.bitcoind = {
# enable = false;
# listen = true;
# dataDir = "/storage/bitcoind";
# dbCache = 5000;
# };
# services.clightning = {
# enable = false;
# dataDir = "/storage/clightning";
# };
# services.rtl = {
# enable = false;
# dataDir = "/storage/rtl";
# nightTheme = true;
# extraCurrency = "USD";
# nodes.clightning.enable = true;
# };
#mailserver = {
# enable = true;
# fqdn = "mail.cochrun.xyz";
# domains = [ "cochrun.xyz" ];
# enableManageSieve = true;
# mailDirectory = "/storage/vmail";
# mailboxes = {
# Archive = {
# auto = "subsribe";
# specialUse = "Archive";
# }
# Drafts = {
# auto = "subscribe";
# specialUse = "Drafts";
# };
# Junk = {
# auto = "subscribe";
# specialUse = "Junk";
# };
# Sent = {
# auto = "subscribe";
# specialUse = "Sent";
# };
# Trash = {
# auto = "no";
# specialUse = "Trash";
# };
# };
# useFsLayout = true;
# hierarchySeparator = "/";
# certificateScheme = 1;
# certificateFile = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.cochrun.xyz/mail.cochrun.xyz.crt";
# keyFile = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.cochrun.xyz/mail.cochrun.xyz.key";
# loginAccounts = {
# "chris@cochrun.xyz" = {
# hashedPasswordFile = "/home/chris/mailp";
# aliases = [
# "postmaster@cochrun.xyz"
# "cxda@cochrun.xyz"
# "ceth@cochrun.xyz"
# "clocb@cochrun.xyz"
# "higdry@cochrun.xyz"
# "clin@cochrun.xyz"
# ]
# }
# }
#}
# DDCLIENT
services.ddclient = {
enable = true;
configFile = /home/chris/ddclient.conf;
#domains = [
# "nc.cochrun.xyz"
# "home.cochrun.xyz"
# "mail.cochrun.xyz"
# "jelly.cochrun.xyz"
#];
# passwordFile = "/etc/nixos/ddclientp";
# protocol = "namecheap";
# use = "web, web=dynamicdns.park-your-domain.com/getip";
# server = "dynamicdns.park-your-domain.com";
# username = "cochrun.xyz";
#extraConfig = ''
#use=web, web=dynamicdns.park-your-domain.com/getip
#protocol=namecheap
#server=dynamicdns.park-your-domain.com
#login=livingseedco.shop
#password=e157e42337fc4ccd850d0a3904733f46
#@
#use=web, web=dynamicdns.park-your-domain.com/getip
#protocol=namecheap
#server=dynamicdns.park-your-domain.com
#login=cochrun.xyz
#password=94602c373f9f4743838bf567def2eb72
#@,nc.cochrun.xyz,home.cochrun.xyz,mail.cochrun.xyz,jelly.cochrun.xyz
#'';
};
services.nextcloud = {
enable = false;
home = "/storage/nextcloud";
https = true;
package = pkgs.nextcloud27;
phpPackage = pkgs.php;
hostName = "nc.cochrun.xyz";
caching = {
redis = true;
};
notify_push.enable = false;
autoUpdateApps.enable = true;
configureRedis = true;
phpOptions = {
upload_max_filesize = "1G";
post_max_size = "1G";
memory_limit = "2G";
"opcache.memory_consumption" = "256";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "128M";
};
extraOptions = {
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
"OC\\Preview\\Movie"
];
};
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit contacts calendar cookbook;
};
};
services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 8080; } ];
# CADDY
services.caddy = {
enable = true;
email = "chris@tfcconnection.org";
virtualHosts = {
"home.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:8123
'';
};
virtualHosts = {
"ai.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:11434
'';
};
virtualHosts = {
"photos.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:2283
'';
};
virtualHosts = {
"piped.cochrun.xyz".extraConfig = ''
reverse_proxy http://127.0.0.1:8085
'';
};
virtualHosts = {
"pipedapi.cochrun.xyz".extraConfig = ''
reverse_proxy http://127.0.0.1:8085
'';
};
virtualHosts = {
"pipedproxy.cochrun.xyz".extraConfig = ''
reverse_proxy http://127.0.0.1:8085
'';
};
virtualHosts = {
"inv.cochrun.xyz".extraConfig = ''
reverse_proxy http://127.0.0.1:3000
'';
};
virtualHosts = {
"mail.cochrun.xyz".extraConfig = ''
tls internal {
key_type rsa2048
}
respond "Hello DMS"
'' ;
};
virtualHosts = {
"jelly.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:8096
'';
};
virtualHosts = {
"tubesync.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:4848
'';
};
#virtualHosts = {
# "livingseedco.shop".extraConfig = ''
# reverse_proxy localhost:8282
# '';
#};
virtualHosts = {
"sonarr.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:7879
'';
};
virtualHosts = {
"radarr.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:7878
'';
};
virtualHosts = {
"192.168.1.2".extraConfig = ''
reverse_proxy localhost:9091
'';
};
virtualHosts = {
"rtl.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:3000
'';
};
virtualHosts = {
"ombi.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:3579
'';
};
virtualHosts = {
"workout.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:8001
header {
Access-Control-Allow-Origin *
}
'';
};
virtualHosts = {
"truthmatters.cc".extraConfig = ''
encode gzip
root * /srv/truthmatters
file_server
header {
Access-Control-Allow-Origin *
}
'';
};
virtualHosts = {
"new.luctorcrc.org".extraConfig = ''
encode gzip
root * /srv/luctorcrc
file_server
header {
Access-Control-Allow-Origin *
}
'';
};
virtualHosts = {
"nc.cochrun.xyz".extraConfig = ''
reverse_proxy localhost:8080
encode gzip
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
header {
Strict-Transport-Security "max-age=15768000; includeSubDomains; reload;"
Access-Control-Allow-Origin *
Referrer-Policy no-referrer-when-downgrade
}
'';
};
virtualHosts = {
"vpn.cochrun.xyz".extraConfig = ''
encode gzip
reverse_proxy localhost:51820
'';
};
virtualHosts = {
"vpnui.cochrun.xyz".extraConfig = ''
encode gzip
reverse_proxy localhost:51821
'';
};
};
systemd.services = {
nextcloud-cron = {
enable = true;
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php cron.php";
};
};
nextcloud-previews = {
enable = true;
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.docker}/bin/docker exec -u www-data -d nextcloud-app-1 php occ preview:pre-generate";
};
};
# mail-cert-renew = {
# enable = true;
# serviceConfig = {
# Type = "oneshot";
# ExecStart = with pkgs.docker "sh -c /home/chris/bin/mail-cert-renew";
# };
# };
};
systemd.timers = {
nextcloud-cron = {
enable = true;
partOf = ["nextcloud-cron.service"];
timerConfig = {
OnStartupSec = "2min";
OnUnitActiveSec = "5min";
Unit = "nextcloud-cron.service";
};
wantedBy = [ "timers.target" ];
};
nextcloud-previews = {
enable = true;
partOf = ["nextcloud-previews.service"];
timerConfig = {
OnStartupSec = "2min";
OnUnitActiveSec = "10min";
Unit = "nextcloud-previews.service";
};
wantedBy = [ "timers.target" ];
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
networking.enableIPv6 = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
# The nix-bitcoin release version that your config is compatible with.
# When upgrading to a backwards-incompatible release, nix-bitcoin will display an
# an error and provide instructions for migrating your config to the new release.
# nix-bitcoin.configVersion = "0.0.77";
}
Reference in a new issue View git blame Copy permalink