nixcfg/hosts/mauville/default.nix

222 lines
5.9 KiB
Nix
Raw Normal View History

2024-03-12 22:14:08 -04:00
# Custom desktop with AMD Ryzen 5 2600, 16GB RAM, AMD Rx 6700, and 1TB SSD + 2TB HDD.
{
2024-04-07 22:16:33 -04:00
config,
input,
2024-04-07 22:16:33 -04:00
lib,
pkgs,
self,
2024-04-07 22:16:33 -04:00
...
}: let
acmeEmail = "alyraffauf@gmail.com";
hostName = "mauville";
domain = "raffauflabs.com";
mediaDirectory = "/mnt/Media";
archiveDirectory = "/mnt/Archive";
in {
imports = [
./hardware-configuration.nix
./home.nix
self.nixosModules.default
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = hostName; # Define your hostname.
alyraffauf = {
apps = {
steam.enable = true;
podman.enable = true;
virt-manager.enable = true;
};
containers = {
nixos = {
navidrome.enable = true;
};
oci = {
audiobookshelf.enable = true;
freshRSS.enable = true;
2024-05-16 09:28:39 -04:00
jellyfin.enable = false;
plexMediaServer.enable = true;
transmission.enable = true;
};
};
desktop = {
enable = true;
2024-04-28 21:57:06 -04:00
greetd = {
enable = true;
session = config.programs.sway.package + "/bin/sway";
};
sway.enable = true;
};
user = {
2024-04-26 22:55:43 -04:00
aly = {
enable = true;
password = "$y$j9T$SHPShqI2IpRE101Ey2ry/0$0mhW1f9LbVY02ifhJlP9XVImge9HOpf23s9i1JFLIt9";
};
dustin = {
enable = true;
password = "$y$j9T$3mMCBnUQ.xjuPIbSof7w0.$fPtRGblPRSwRLj7TFqk1nzuNQk2oVlgvb/bE47sghl.";
};
};
services = {
binaryCache.enable = true;
2024-04-23 21:24:05 -04:00
ollama = {
enable = true;
2024-04-27 10:51:59 -04:00
gpu = "amd";
2024-04-23 21:24:05 -04:00
listenAddress = "0.0.0.0:11434";
};
2024-04-26 22:38:29 -04:00
syncthing = {
enable = true;
syncMusic = true;
syncMusicPath = "${mediaDirectory}/Music";
};
2024-04-30 14:53:17 -04:00
tailscale.enable = true;
};
2024-05-02 09:08:35 -04:00
scripts = {
hoenn.enable = true;
};
system = {
plymouth.enable = true;
zramSwap = {
enable = true;
size = 100;
};
};
};
networking = {
2024-04-22 21:49:08 -04:00
firewall = let
transmissionPort = config.alyraffauf.containers.oci.transmission.port;
bitTorrentPort = config.alyraffauf.containers.oci.transmission.bitTorrentPort;
in {
allowedTCPPorts = [80 443 transmissionPort bitTorrentPort];
allowedUDPPorts = [bitTorrentPort];
};
# My router doesn't expose settings for NAT loopback
# So we have to use this workaround.
extraHosts = ''
127.0.0.1 music.${domain}
127.0.0.1 nixcache.${domain}
127.0.0.1 plex.${domain}
127.0.0.1 podcasts.${domain}
127.0.0.1 news.${domain}
'';
};
security.acme = {
acceptTerms = true;
defaults.email = acmeEmail;
};
services = {
2024-05-24 19:28:13 -04:00
fail2ban.enable = true;
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
virtualHosts."music.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:4533";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."news.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
2024-04-22 21:49:08 -04:00
proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.freshRSS.port}";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
proxy_redirect off;
# Forward the Authorization header for the Google Reader API.
proxy_set_header Authorization $http_authorization;
proxy_pass_header Authorization;
'';
};
};
virtualHosts."nixcache.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${
toString config.services.nix-serve.port
}";
};
virtualHosts."plex.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
2024-04-22 21:49:08 -04:00
proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.plexMediaServer.port}";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = ''
proxy_buffering off;
'';
};
};
virtualHosts."podcasts.${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
2024-04-22 21:49:08 -04:00
proxyPass = "http://127.0.0.1:${toString config.alyraffauf.containers.oci.audiobookshelf.port}";
# proxyWebsockets = true; # This breaks audiobookshelf.
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect http:// https://;
proxy_buffering off;
client_max_body_size 500M;
'';
};
};
};
samba = {
enable = true;
securityType = "user";
openFirewall = true;
shares = {
Media = {
comment = "Media @ ${hostName}";
path = mediaDirectory;
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
Archive = {
comment = "Archive @ ${hostName}";
path = archiveDirectory;
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0755";
"directory mask" = "0755";
};
};
};
samba-wsdd = {
enable = true;
openFirewall = true;
};
};
2024-03-16 13:23:59 -04:00
system.stateVersion = "23.11";
}