elias/nixos-knossos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-knossos/configuration.nix
tootbrute 2eb97ddc2c transmission fixed
2025-05-07 15:50:08 +08:00

227 lines
7.4 KiB
Nix
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, ... }:
# NixOS Homelab
# ===================
# The goal of this build is to get a basic good setup in NixOS that
# does similiar things to something like Yunohost but in a
# declarative fashion.
#
# Comments or suggestions to https://fedi.arkadi.one/@tootbrute
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./services/jellyfin.nix
./services/calibre-web.nix
./services/glances.nix
./services/fail2ban.nix
./services/transmission.nix
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
# ZFS SSH Remote Unlock, ethernet only
# https://wiki.nixos.org/wiki/ZFS
boot = {
initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
hostKeys = [ /boot/host_ecdsa_key ];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfnE4JwpIyghoFYurZLjFkzc5G4l1FeS76yYITg9wUB elias@tux" #little hp - tux
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Q/NC0RHEUjx2WHrZPw0xnCjOCFv5uz53099lknZmG elias@fedora" #desktop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3Ihu9CsCL17FuHl6EqyMDT5BPjh8GlLTWHM+Y1D1I7 elias@bluenix" #bluenix
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv96m1nCz3D0lzjzeGa+n4m3krEyl7KZ0tstjIZdTkq elias@bluefin" #acer
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8zlxSVOTCnAgb4U5vkC3ietH3Jd9gLE+FA6UOZp64J elias@arkadi.one" #arkadi
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVWt9UsavFfdwQzklW/zSlwGwQXaDvFk+MdzsCp0gnp tootbrute@tutanota.com" #greynix
];
# to login: ssh -p 2222 root@192.168.15.180 "zfs load-key -a && killall zfs"
};
};
};
#above can i simplify this list of authorizedKeys?
# example: https://discourse.nixos.org/t/unlock-encrypted-zfs-via-ssh-on-boot/40582
# authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
# ZFS
services.zfs.autoScrub.enable = true;
# Nix settings
nix = {
settings = {
#experimental-features = [ "nix-command" "flakes" ];
download-buffer-size = "2G";
warn-dirty = false;
};
# garbage collection
gc = {
automatic = true;
};
optimise = {
automatic = true;
};
};
# Networking
networking.hostName = "knossos"; # Define your hostname.
networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.hostId = "0631374f"; # for ZFS
# Enable networking
#networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Asia/Taipei";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "zh_TW.UTF-8";
LC_IDENTIFICATION = "zh_TW.UTF-8";
LC_MEASUREMENT = "zh_TW.UTF-8";
LC_MONETARY = "zh_TW.UTF-8";
LC_NAME = "zh_TW.UTF-8";
LC_NUMERIC = "zh_TW.UTF-8";
LC_PAPER = "zh_TW.UTF-8";
LC_TELEPHONE = "zh_TW.UTF-8";
LC_TIME = "zh_TW.UTF-8";
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
#fix later
# Configure keymap in X11
# services.xserver = {
# xkb.layout = "us";
# xkb.Variant = "";
# };
# Define a user account. Don't forget to set a password with passwd.
users.users.elias = {
isNormalUser = true;
description = "Tootbrute";
extraGroups = [ "networkmanager" "wheel" "docker"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCbK2VQVSzh/e6qrq66iQnrXGET2JeQsyP+lKhUntlMqTiqMjUAT2cmjIOpspde/VsR60E88FjHpmy1dxrWtvldcLvUXmfjB2Id8zkj28gqPlLlMGyzQQ8M1hokVySFR3sBQESNsow67zg4zgdZESsNplSoxzrGg10Yowo3U6pLv6o/OjrfHeZaeFphEpgjQ+jdNkMS6sAPUKkzCg4zh+24M5cYNSvbXEv1OmSOUq4kZGL96xDt+Ke0rZnew/NBW7m5umh49q4Q0SPwbTf02UFMjAEPBKWREWvjBbreEN9AHytcaWk340bdX5UAsO1W8oA0qj1hrHrsEIw8n9WxoVzTDJrLW1zDFWWQ1L6xKoaawtcpDqg2lmcjaMIwEFvj7HSgn7/Y/UfTV5Gyhed968VqNlC4v4vEXQ5a44T5PFQLmo80PZ6xka4Rsa46n1vIFSdVu3JDr81s3U5pO3QxJMykUzY9Cs7jtQ/AeV9n4Bu6fm1gJzi2G/72SxJJ8OV4BU= elias@socrates" #acer at school
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfnE4JwpIyghoFYurZLjFkzc5G4l1FeS76yYITg9wUB elias@tux" #little hp - tux
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Q/NC0RHEUjx2WHrZPw0xnCjOCFv5uz53099lknZmG elias@fedora" #desktop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3Ihu9CsCL17FuHl6EqyMDT5BPjh8GlLTWHM+Y1D1I7 elias@bluenix" #bluenix
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILv96m1nCz3D0lzjzeGa+n4m3krEyl7KZ0tstjIZdTkq elias@bluefin" #acer
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8zlxSVOTCnAgb4U5vkC3ietH3Jd9gLE+FA6UOZp64J elias@arkadi.one"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVWt9UsavFfdwQzklW/zSlwGwQXaDvFk+MdzsCp0gnp tootbrute@tutanota.com" #greynix
];
linger = true;
packages = with pkgs; [];
};
# SSH Login Message
users.motd = "
||
||
|| //` `||''|, .|''|, ('''' ('''' .|''|, (''''
||<< || || || || `'') `'') || || `'')
.|| \\. .|| ||. `|..|' `...' `...' `|..|' `...'
";
# Disable sudo password for the wheel group
security.sudo.wheelNeedsPassword = false;
# Enable automatic login for the user.
#services.getty.autologinUser = "elias";
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
fastfetch
htop
btop
hollywood
curl
wget
restic
git
neovim
tmux #like screen
wiper #like ncdu
systemctl-tui #systemd tui
diskonaut #see how much space is used
tcpdump #for wireguard test
];
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Tailscale
services.tailscale = {
enable = true;
#permitCertUid = "caddy";
};
# Cron
services.cron.enable = true;
services.cron.systemCronJobs = [
"00 * * * * root curl https://hc-ping.com/0bbb3afb-196a-4d12-894f-599099029cfc"
];
# Docker
# maybe I don't need? haven't used Docker yet. Disabled for now
virtualisation = {
docker = {
enable = true;
autoPrune = {
enable = true;
dates = "weekly";
};
# rootless = {
# enable = true;
# setSocketVariable = true;
# };
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.firewall = {
# enable the firewall
enable = true;
# allow all ports from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
#or allow you to SSH in over the public internet
allowedTCPPorts = [ 22 80 443 ];
# allow the Tailscale UDP port through the firewall
allowedUDPPorts = [ config.services.tailscale.port ];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
}
Reference in a new issue View git blame Copy permalink