clay53/cos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cos/nixnas/nixnas.nix
Clayton Hickey 9a1e9e0c31 add nixnas config
2025-11-19 21:01:46 -05:00

222 lines
5.1 KiB
Nix
Raw Blame History

{ config, pkgs, inputs, ... }:
let
wireguardIP = config.cos.wireguard.clientInternalIP;
wireguardInterface = config.cos.wireguard.interface;
sshPort = 22;
jellyfinDataDir = "/Block/jellyfin/jellyfin-data";
jellyfinCacheDir = "/Block/jellyfin/jellyfin-cache";
jellyfinPort = 8096;
hydraPort = 7839;
nextcloudPort = 8120;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
../cos.nix
];
cos.username = "clhickey";
cos.hostName = "nixnas";
cos.wireguard = {
enable = true;
privateKeyFile = "/Block/wireguard-keys/private";
};
cos.bikeability = {
enable = true;
dataDir = "/Block/bikeability";
tileserverHost = wireguardIP;
tileserverPort = 8000;
clientHost = wireguardIP;
clientPort = 8001;
openFirewall = true;
firewallInterface = wireguardInterface;
};
networking = {
firewall = {
interfaces = {
${wireguardInterface} = {
allowedTCPPorts = [
80
443
sshPort
jellyfinPort
hydraPort
nextcloudPort
];
allowedUDPPorts = [
config.networking.wireguard.interfaces.${wireguardInterface}.listenPort
];
};
};
};
};
services.openssh = {
enable = true;
openFirewall = false;
listenAddresses = [
{
addr = wireguardIP;
port = sshPort;
}
];
};
nixpkgs = {
overlays = [
(final: prev: {
jellyfin-ffmpeg = prev.jellyfin-ffmpeg.override {
ffmpeg_7-full = prev.ffmpeg_7-full.override {
withUnfree = true;
};
};
})
];
config.allowUnfree = true;
};
environment.systemPackages = with pkgs; [
inputs.cnvim.packages.x86_64-linux.default
wget
tilemaker
osmium-tool
osmctools
mbtileserver
git
gh
htop
wireguard-tools
fastfetch
];
services.jellyfin = {
enable = true;
cacheDir = jellyfinCacheDir;
dataDir = jellyfinDataDir;
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
services.postgresql.dataDir = "/Block/postgresql";
services.hydra = {
enable = true;
hydraURL = "http://hydra.claytonhickey.me";
notificationSender = "hydra@claytonhickey.me";
buildMachinesFiles = [];
useSubstitutes = true;
listenHost = "127.0.0.1";
port = hydraPort;
};
nix.buildMachines = [
{
hostName = "localhost";
protocol = null;
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
maxJobs = 4;
}
];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
extraApps = let apps = config.services.nextcloud.package.packages.apps; in {
contacts = apps.contacts;
calendar = apps.calendar;
#tasks = apps.tasks;
news = apps.news;
notes = apps.notes;
forms = apps.forms;
richdocuments = apps.richdocuments;
#onlyoffice = apps.onlyoffice;
};
extraAppsEnable = true;
hostName = "nextcloud.claytondoesthings.xyz";
https = true;
maxUploadSize = "1G";
config = {
adminpassFile = "${pkgs.writeText "adminpass" "@n2XuojRT9*&e5"}";
adminuser = "clay53";
dbtype = "sqlite";
};
home = "/Block/nextcloud";
settings = {
log_type = "file";
loglevel = 0;
trusted_proxies = [
"10.100.0.1"
];
trusted_domains = [
"${wireguardIP}:${builtins.toString nextcloudPort}"
];
};
};
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."hydra.claytonhickey.me" = {
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString hydraPort}";
};
services.nginx.virtualHosts."${config.services.nextcloud.hostName}" = {
listen = [ { addr=wireguardIP; port=nextcloudPort; } ];
};
services.onlyoffice = {
enable = false;
hostname = "localhost";
jwtSecretFile = "/Block/onlyoffice.jwt.secret";
};
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nixnas";
networking.networkmanager.enable = true;
time.timeZone = "America/New_York";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
users.users.clhickey = {
isNormalUser = true;
description = "Clayton Lopez Hickey";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [];
};
services.getty.autologinUser = "clhickey";
nix.settings.secret-key-files = "/Block/keys/nix/cache-priv-key.pem";
system.stateVersion = "25.05"; # Did you read the comment?
}
Reference in a new issue View git blame Copy permalink