2024-03-05 21:21:27 +02:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
inputs,
|
|
|
|
|
system,
|
|
|
|
|
...
|
|
|
|
|
}: let
|
2024-02-23 01:56:51 +02:00
|
|
|
settings = import ./settings.nix {};
|
|
|
|
|
in {
|
2024-03-05 21:21:27 +02:00
|
|
|
imports = [
|
|
|
|
|
./hardware-configuration.nix
|
|
|
|
|
./containers.nix
|
|
|
|
|
./caddy.nix
|
2024-04-03 10:45:06 +03:00
|
|
|
inputs.lastfm-status.nixosModules.${system}.default
|
2024-03-29 22:56:23 +02:00
|
|
|
inputs.common-modules.nixosModules.nixos-upgrade
|
|
|
|
|
inputs.common-modules.nixosModules.qbittorrent-nox
|
|
|
|
|
inputs.common-modules.nixosModules.unpackerr
|
2024-03-05 21:21:27 +02:00
|
|
|
inputs.nix-minecraft.nixosModules.minecraft-servers
|
|
|
|
|
];
|
2024-02-23 01:56:51 +02:00
|
|
|
|
|
|
|
|
nixpkgs = {
|
2024-03-05 21:21:27 +02:00
|
|
|
overlays = [inputs.nix-minecraft.overlay];
|
2024-02-23 01:56:51 +02:00
|
|
|
config.allowUnfree = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-03-11 16:36:53 +02:00
|
|
|
system.autoUpgrade = {
|
2024-02-23 01:56:51 +02:00
|
|
|
enable = true;
|
|
|
|
|
allowReboot = true;
|
|
|
|
|
flake = "/etc/nixos";
|
2024-03-28 12:06:22 +02:00
|
|
|
updateFlake = true;
|
|
|
|
|
failureNotification = {
|
|
|
|
|
enable = true;
|
|
|
|
|
ntfyUrlFile = "/etc/secrets/failureNotification.env";
|
|
|
|
|
};
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nix = {
|
|
|
|
|
gc = {
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = "weekly";
|
|
|
|
|
};
|
|
|
|
|
optimise = {
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = ["06:00"];
|
|
|
|
|
};
|
|
|
|
|
settings = {
|
|
|
|
|
experimental-features = ["nix-command" "flakes"];
|
|
|
|
|
auto-optimise-store = true;
|
|
|
|
|
allowed-users = [
|
|
|
|
|
"@wheel"
|
|
|
|
|
"owo"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
|
supportedFilesystems = ["ntfs" "btrfs" "mergerfs"];
|
2024-03-08 10:45:58 +02:00
|
|
|
tmp.cleanOnBoot = true;
|
2024-02-23 01:56:51 +02:00
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
|
loader = {
|
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services = {
|
|
|
|
|
tailscaled.environment = {
|
|
|
|
|
TS_NO_LOGS_NO_SUPPORT = "true";
|
|
|
|
|
};
|
2024-03-11 16:10:26 +02:00
|
|
|
|
2024-02-23 01:56:51 +02:00
|
|
|
modded-mc-server = {
|
|
|
|
|
enable = true;
|
|
|
|
|
path = with pkgs; [
|
|
|
|
|
openjdk17-bootstrap
|
|
|
|
|
mcrcon
|
|
|
|
|
];
|
2024-03-28 12:06:22 +02:00
|
|
|
serviceConfig = rec {
|
2024-02-23 01:56:51 +02:00
|
|
|
User = "owo";
|
|
|
|
|
WorkingDirectory = "/home/owo/Documents/aof7";
|
|
|
|
|
ExecStart = pkgs.writeShellScript "start.sh" ''
|
2024-03-28 12:06:22 +02:00
|
|
|
cd ${WorkingDirectory}
|
2024-02-23 01:56:51 +02:00
|
|
|
java -jar serverstarter-2.4.0.jar
|
|
|
|
|
'';
|
|
|
|
|
ExecStop = pkgs.writeShellScript "stop.sh" ''
|
|
|
|
|
mcrcon -H localhost -P 25575 -p "12345" stop
|
|
|
|
|
|
|
|
|
|
while kill -0 $MAINPID 2>/dev/null
|
|
|
|
|
do
|
|
|
|
|
sleep 0.5
|
|
|
|
|
done
|
|
|
|
|
'';
|
|
|
|
|
Restart = "always";
|
|
|
|
|
};
|
2024-03-05 21:21:27 +02:00
|
|
|
wantedBy = ["default.target"];
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
fileSystems = {
|
|
|
|
|
"/mnt/important" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/dd9449e5-3d28-4029-8434-aae3b7314e35";
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
};
|
|
|
|
|
"/mnt/drive4" = {
|
2024-03-28 12:48:43 +02:00
|
|
|
device = "/dev/disk/by-uuid/a7874217-07af-485c-9e60-2370c305771e"; # 18tb hdd
|
2024-02-23 01:56:51 +02:00
|
|
|
fsType = "btrfs";
|
|
|
|
|
};
|
|
|
|
|
"/mnt/drive3" = {
|
2024-03-28 12:48:43 +02:00
|
|
|
device = "/dev/disk/by-uuid/ba80a5be-d676-4cba-8fc8-aa21af116b88"; # 18tb hdd
|
2024-02-23 01:56:51 +02:00
|
|
|
fsType = "btrfs";
|
|
|
|
|
};
|
|
|
|
|
"/mnt/drive2" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/3203fc16-136f-4b17-b844-7584394ea870"; # 18tb hdd
|
|
|
|
|
fsType = "ext4";
|
|
|
|
|
};
|
|
|
|
|
"/mnt/drive1" = {
|
|
|
|
|
device = "/dev/disk/by-uuid/23aa13b8-3e1a-4cd7-890d-68a54d8f13fa"; # 16tb hdd
|
|
|
|
|
fsType = "btrfs";
|
|
|
|
|
};
|
|
|
|
|
"/mnt/media" = {
|
|
|
|
|
device = "/mnt/drive1/media:/mnt/drive2/media:/mnt/drive3/media:/mnt/drive4/media";
|
|
|
|
|
fsType = "fuse.mergerfs";
|
|
|
|
|
depends = [
|
|
|
|
|
"/mnt/drive1"
|
|
|
|
|
"/mnt/drive2"
|
|
|
|
|
"/mnt/drive3"
|
|
|
|
|
"/mnt/drive4"
|
|
|
|
|
];
|
|
|
|
|
options = [
|
|
|
|
|
"cache.files=partial"
|
|
|
|
|
"dropcacheonclose=true"
|
|
|
|
|
"category.create=mfs"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "server";
|
|
|
|
|
networkmanager.enable = true;
|
|
|
|
|
nameservers = [
|
2024-04-11 10:12:37 +03:00
|
|
|
"127.0.0.1"
|
2024-03-05 21:21:27 +02:00
|
|
|
"1.1.1.1"
|
|
|
|
|
"1.0.0.1" # cloudflare
|
2024-02-23 01:56:51 +02:00
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
time.timeZone = "Europe/Tallinn";
|
|
|
|
|
|
|
|
|
|
i18n = {
|
|
|
|
|
defaultLocale = "en_GB.UTF-8";
|
|
|
|
|
extraLocaleSettings = {
|
|
|
|
|
LC_ADDRESS = "et_EE.UTF-8";
|
|
|
|
|
LC_IDENTIFICATION = "et_EE.UTF-8";
|
|
|
|
|
LC_MEASUREMENT = "et_EE.UTF-8";
|
|
|
|
|
LC_MONETARY = "et_EE.UTF-8";
|
|
|
|
|
LC_NAME = "et_EE.UTF-8";
|
|
|
|
|
LC_NUMERIC = "et_EE.UTF-8";
|
|
|
|
|
LC_PAPER = "et_EE.UTF-8";
|
|
|
|
|
LC_TELEPHONE = "et_EE.UTF-8";
|
|
|
|
|
LC_TIME = "et_EE.UTF-8";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.xserver = {
|
|
|
|
|
enable = true;
|
|
|
|
|
xkb = {
|
|
|
|
|
variant = "";
|
|
|
|
|
layout = "us";
|
|
|
|
|
};
|
|
|
|
|
videoDrivers = ["nvidia"];
|
|
|
|
|
|
|
|
|
|
# Enable the KDE Plasma Desktop Environment.
|
|
|
|
|
desktopManager.plasma5.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sound.enable = true;
|
|
|
|
|
hardware.pulseaudio.enable = false;
|
|
|
|
|
security = {
|
|
|
|
|
sudo.wheelNeedsPassword = false;
|
|
|
|
|
rtkit.enable = true;
|
|
|
|
|
};
|
|
|
|
|
services.pipewire = {
|
|
|
|
|
enable = true;
|
|
|
|
|
alsa.enable = true;
|
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
|
pulse.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hardware = {
|
|
|
|
|
opengl = {
|
|
|
|
|
enable = true;
|
|
|
|
|
driSupport = true;
|
|
|
|
|
driSupport32Bit = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nvidia = {
|
|
|
|
|
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
|
|
|
|
modesetting.enable = true;
|
|
|
|
|
open = false;
|
|
|
|
|
nvidiaSettings = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
virtualisation = {
|
|
|
|
|
docker = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enableNvidia = true;
|
|
|
|
|
autoPrune.enable = true;
|
|
|
|
|
liveRestore = false;
|
|
|
|
|
};
|
|
|
|
|
podman = {
|
|
|
|
|
enable = true;
|
|
|
|
|
autoPrune.enable = true;
|
|
|
|
|
};
|
2024-03-06 14:38:51 +02:00
|
|
|
|
|
|
|
|
# replaces podman.enableNvidia
|
|
|
|
|
containers.cdi.dynamic.nvidia.enable = true;
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
mergerfs
|
|
|
|
|
mergerfs-tools
|
|
|
|
|
ffmpeg # nextcloud
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
programs = {
|
|
|
|
|
git.enable = true;
|
|
|
|
|
fish.enable = true;
|
|
|
|
|
mosh.enable = true;
|
|
|
|
|
gnome-disks.enable = true;
|
|
|
|
|
ssh.startAgent = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
security.acme = {
|
|
|
|
|
acceptTerms = true;
|
2024-03-22 13:52:30 +02:00
|
|
|
defaults.email = "ssl@catnip.ee";
|
2024-02-23 01:56:51 +02:00
|
|
|
|
|
|
|
|
certs = {
|
|
|
|
|
${config.services.coturn.realm} = {
|
2024-03-27 14:45:33 +02:00
|
|
|
webroot = settings.turnAcmeDir;
|
2024-02-23 01:56:51 +02:00
|
|
|
postRun = "systemctl restart coturn.service";
|
2024-03-27 14:45:33 +02:00
|
|
|
group = config.systemd.services.coturn.serviceConfig.Group;
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services.mautrix-telegram.path = with pkgs; [
|
2024-03-05 21:21:27 +02:00
|
|
|
lottieconverter # for animated stickers conversion, unfree package
|
|
|
|
|
ffmpeg # if converting animated stickers to webm (very slow!)
|
2024-02-23 01:56:51 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services = {
|
2024-04-21 20:33:17 +03:00
|
|
|
displayManager.sddm.enable = true;
|
|
|
|
|
|
2024-03-30 00:15:16 +02:00
|
|
|
lastfm-status = {
|
|
|
|
|
enable = true;
|
|
|
|
|
port = settings.ports.lastfm;
|
|
|
|
|
};
|
2024-03-28 12:39:11 +02:00
|
|
|
unpackerr = {
|
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
|
|
# Stores UN_SONARR_0_API_KEY, UN_RADARR_0_API_KEY
|
|
|
|
|
environmentFile = "/etc/secrets/unpackerr.env";
|
|
|
|
|
user = "owo";
|
|
|
|
|
group = "users";
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
debug = false;
|
|
|
|
|
quiet = false;
|
|
|
|
|
|
|
|
|
|
# How often to poll sonarr and radarr.
|
|
|
|
|
# Recommend 1m-5m. Uses Go Duration.
|
|
|
|
|
interval = "2m";
|
|
|
|
|
|
|
|
|
|
start_delay = "1m";
|
|
|
|
|
retry_delay = "5m";
|
|
|
|
|
|
|
|
|
|
parallel = 1;
|
|
|
|
|
|
|
|
|
|
# Use these configurations to control the file modes used for newly extracted
|
|
|
|
|
# files and folders. Recommend 0644/0755 or 0666/0777.
|
|
|
|
|
file_mode = "0644";
|
|
|
|
|
dir_mode = "0755";
|
|
|
|
|
|
|
|
|
|
sonarr = [
|
|
|
|
|
{
|
|
|
|
|
url = "http://localhost:8989";
|
|
|
|
|
paths = ["/mnt/drive1/torrents/downloads" "/mnt/drive2/torrents" "/mnt/drive3/torrents" "/mnt/drive4/torrents"];
|
|
|
|
|
protocols = "torrent";
|
|
|
|
|
timeout = "100s";
|
|
|
|
|
delete_delay = "10m";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
radarr = [
|
|
|
|
|
{
|
|
|
|
|
url = "http://localhost:7878";
|
|
|
|
|
paths = ["/mnt/drive1/torrents/downloads" "/mnt/drive2/torrents" "/mnt/drive3/torrents" "/mnt/drive4/torrents"];
|
|
|
|
|
protocols = "torrent";
|
|
|
|
|
timeout = "100s";
|
|
|
|
|
delete_delay = "10m";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-03-28 10:53:22 +02:00
|
|
|
qbittorrent-nox = {
|
|
|
|
|
enable = true;
|
|
|
|
|
openFirewall = true;
|
2024-04-16 10:12:07 +03:00
|
|
|
user = "owo";
|
|
|
|
|
group = "users";
|
2024-03-28 10:53:22 +02:00
|
|
|
webuiPort = settings.ports.qbittorrent;
|
|
|
|
|
torrentingPort = settings.ports.qbittorrent-torrent;
|
|
|
|
|
};
|
2024-03-08 10:19:23 +02:00
|
|
|
scrutiny = {
|
|
|
|
|
enable = true;
|
2024-03-11 12:17:26 +02:00
|
|
|
collector.enable = true;
|
2024-03-08 10:19:23 +02:00
|
|
|
settings.web.listen.port = settings.ports.scrutiny;
|
|
|
|
|
};
|
2024-02-23 01:56:51 +02:00
|
|
|
minecraft-servers = {
|
|
|
|
|
enable = true;
|
|
|
|
|
eula = true;
|
|
|
|
|
|
|
|
|
|
servers = let
|
|
|
|
|
drasl = "https://drasl.snailcore.net";
|
|
|
|
|
in {
|
|
|
|
|
paper-vanilla = {
|
|
|
|
|
enable = true;
|
2024-03-22 13:08:54 +02:00
|
|
|
|
|
|
|
|
# Pin to specific version of minecraft if you are using plugins, e.g paperServers.paper-1_20_4
|
2024-02-23 01:56:51 +02:00
|
|
|
package = pkgs.paper-server;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
autoStart = true;
|
|
|
|
|
jvmOpts = "-Xmx2G -Xms1G -Dminecraft.api.env=custom -Dminecraft.api.auth.host=${drasl}/auth -Dminecraft.api.account.host=${drasl}/account -Dminecraft.api.session.host=${drasl}/session -Dminecraft.api.services.host=${drasl}/services";
|
|
|
|
|
serverProperties = {
|
|
|
|
|
motd = "catnip enthutiasts";
|
|
|
|
|
spawn-protection = 0;
|
|
|
|
|
max-players = 69;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-03-06 12:41:16 +02:00
|
|
|
|
|
|
|
|
# /var/lib/gitea-runner
|
2024-02-23 01:56:51 +02:00
|
|
|
gitea-actions-runner = {
|
|
|
|
|
package = pkgs.forgejo-actions-runner;
|
|
|
|
|
instances = {
|
|
|
|
|
forge = {
|
|
|
|
|
enable = true;
|
|
|
|
|
url = "https://forge.catnip.ee";
|
|
|
|
|
name = "runner";
|
|
|
|
|
labels = [
|
2024-04-01 13:21:33 +03:00
|
|
|
"latest-debian:docker://node:current"
|
|
|
|
|
"latest-alpine:docker://node:current-alpine"
|
2024-02-23 01:56:51 +02:00
|
|
|
];
|
|
|
|
|
tokenFile = "/etc/secrets/gitea-actions-runner.env";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-03-06 12:41:16 +02:00
|
|
|
|
|
|
|
|
# /var/lib/forgejo/
|
2024-02-23 01:56:51 +02:00
|
|
|
forgejo = {
|
|
|
|
|
enable = true;
|
|
|
|
|
database.type = "postgres";
|
2024-03-22 14:00:21 +02:00
|
|
|
mailerPasswordFile = "/etc/secrets/forge-email";
|
2024-02-23 01:56:51 +02:00
|
|
|
settings = {
|
|
|
|
|
server = {
|
|
|
|
|
DOMAIN = "forge.catnip.ee";
|
|
|
|
|
HTTP_PORT = settings.ports.forgejo;
|
|
|
|
|
SSH_PORT = 2222;
|
|
|
|
|
START_SSH_SERVER = true;
|
|
|
|
|
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}";
|
|
|
|
|
};
|
2024-03-22 14:00:21 +02:00
|
|
|
mailer = {
|
|
|
|
|
ENABLED = true;
|
|
|
|
|
FROM = "forge@catnip.ee";
|
|
|
|
|
PROTOCOL = "smtps";
|
|
|
|
|
SMTP_ADDR = "mx1.sly.ee";
|
|
|
|
|
SMTP_PORT = 465;
|
|
|
|
|
USER = "forge@catnip.ee";
|
|
|
|
|
};
|
2024-02-23 01:56:51 +02:00
|
|
|
service = {
|
|
|
|
|
DISABLE_REGISTRATION = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# /var/lib/nextcloud
|
|
|
|
|
nextcloud = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.nextcloud28;
|
|
|
|
|
hostName = "cloud.catnip.ee";
|
|
|
|
|
https = true;
|
|
|
|
|
configureRedis = true;
|
|
|
|
|
config = {
|
|
|
|
|
adminuser = "admin";
|
|
|
|
|
dbhost = "localhost:${toString config.services.mysql.replication.masterPort}";
|
|
|
|
|
dbtype = "mysql";
|
|
|
|
|
adminpassFile = "/etc/secrets/nextcloud";
|
|
|
|
|
};
|
|
|
|
|
autoUpdateApps.enable = true;
|
|
|
|
|
database.createLocally = true;
|
|
|
|
|
extraApps = with config.services.nextcloud.package.packages.apps; {
|
2024-04-20 23:52:12 +03:00
|
|
|
inherit contacts calendar tasks mail;
|
|
|
|
|
integration_github = pkgs.fetchNextcloudApp {
|
2024-02-23 01:56:51 +02:00
|
|
|
url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
|
|
|
|
|
sha256 = "sha256-hmcMaEtsn/+UZumVLNTsWy3WBKGryAGrDWJ5RZWmTWY=";
|
2024-03-27 14:18:17 +02:00
|
|
|
license = "agpl3Only";
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
extraAppsEnable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
enable_previews = true;
|
|
|
|
|
enabledPreviewProviders = [
|
|
|
|
|
"OC\\Preview\\OpenDocument"
|
|
|
|
|
"OC\\Preview\\PDF"
|
|
|
|
|
"OC\\Preview\\MSOffice2003"
|
|
|
|
|
"OC\\Preview\\MSOfficeDoc"
|
|
|
|
|
"OC\\Preview\\Image"
|
|
|
|
|
"OC\\Preview\\Photoshop"
|
|
|
|
|
"OC\\Preview\\TIFF"
|
|
|
|
|
"OC\\Preview\\SVG"
|
|
|
|
|
"OC\\Preview\\Font"
|
|
|
|
|
"OC\\Preview\\MP3"
|
|
|
|
|
"OC\\Preview\\Movie"
|
|
|
|
|
"OC\\Preview\\MKV"
|
|
|
|
|
"OC\\Preview\\MP4"
|
|
|
|
|
"OC\\Preview\\AVI"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# /var/lib/mysql
|
|
|
|
|
mysql = {
|
|
|
|
|
enable = true;
|
|
|
|
|
ensureDatabases = [
|
|
|
|
|
"nextcloud"
|
|
|
|
|
];
|
2024-03-05 21:21:27 +02:00
|
|
|
ensureUsers = [
|
|
|
|
|
{
|
|
|
|
|
name = "nextcloud";
|
|
|
|
|
ensurePermissions = {
|
|
|
|
|
"nextcloud.*" = "ALL PRIVILEGES";
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
nginx.virtualHosts.${config.services.nextcloud.hostName} = {
|
2024-03-05 21:21:27 +02:00
|
|
|
listen = [
|
|
|
|
|
{
|
|
|
|
|
addr = "127.0.0.1";
|
|
|
|
|
port = settings.ports.nextcloud;
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
tailscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
useRoutingFeatures = "server";
|
|
|
|
|
extraUpFlags = [
|
|
|
|
|
"--advertise-exit-node"
|
|
|
|
|
];
|
|
|
|
|
permitCertUid = "caddy";
|
|
|
|
|
port = 0;
|
|
|
|
|
};
|
|
|
|
|
blocky = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
caching = {
|
|
|
|
|
minTime = "5m";
|
2024-03-05 21:21:27 +02:00
|
|
|
maxTime = "30m";
|
2024-02-23 01:56:51 +02:00
|
|
|
prefetching = true;
|
|
|
|
|
};
|
|
|
|
|
ports.dns = 53;
|
2024-04-11 10:12:37 +03:00
|
|
|
upstreams.groups.default = [
|
|
|
|
|
"1.1.1.1"
|
|
|
|
|
"1.0.0.1"
|
|
|
|
|
];
|
|
|
|
|
bootstrapDns = [
|
|
|
|
|
"tcp+udp:1.1.1.1"
|
|
|
|
|
"https://1.1.1.1/dns-query"
|
2024-02-23 01:56:51 +02:00
|
|
|
];
|
|
|
|
|
customDNS = let
|
2024-03-05 21:21:27 +02:00
|
|
|
localDomains = names: ip:
|
|
|
|
|
builtins.listToAttrs (map (x: {
|
|
|
|
|
name = x;
|
|
|
|
|
value = ip;
|
|
|
|
|
})
|
|
|
|
|
names);
|
2024-02-23 01:56:51 +02:00
|
|
|
in {
|
|
|
|
|
mapping = localDomains [
|
|
|
|
|
"catnip.ee"
|
|
|
|
|
"files"
|
|
|
|
|
"qbittorrent"
|
|
|
|
|
"scrutiny"
|
|
|
|
|
"archive"
|
|
|
|
|
|
2024-03-05 21:21:27 +02:00
|
|
|
"sonarr"
|
|
|
|
|
"radarr"
|
|
|
|
|
"prowlarr"
|
|
|
|
|
"bazarr"
|
2024-04-05 10:41:54 +03:00
|
|
|
"lidarr"
|
2024-02-23 01:56:51 +02:00
|
|
|
] "100.93.150.89";
|
|
|
|
|
};
|
|
|
|
|
conditional = let
|
2024-03-05 21:21:27 +02:00
|
|
|
opennic = names: ip:
|
|
|
|
|
builtins.listToAttrs (map (x: {
|
|
|
|
|
name = x;
|
|
|
|
|
value = ip;
|
|
|
|
|
})
|
|
|
|
|
names);
|
2024-02-23 01:56:51 +02:00
|
|
|
in {
|
|
|
|
|
mapping = opennic [
|
|
|
|
|
"epic"
|
|
|
|
|
"geek"
|
|
|
|
|
"chan"
|
|
|
|
|
"fur"
|
|
|
|
|
"cyb"
|
|
|
|
|
"oss"
|
|
|
|
|
"pirate"
|
|
|
|
|
"neo"
|
|
|
|
|
"libre"
|
|
|
|
|
"dyn"
|
|
|
|
|
"glue"
|
|
|
|
|
"indy"
|
|
|
|
|
"bbs"
|
|
|
|
|
"gopher"
|
|
|
|
|
"null"
|
|
|
|
|
"o"
|
|
|
|
|
"oz"
|
|
|
|
|
"parody"
|
|
|
|
|
"bazar"
|
|
|
|
|
"coin"
|
|
|
|
|
"lib"
|
|
|
|
|
"emc"
|
|
|
|
|
"ku"
|
|
|
|
|
"uu"
|
|
|
|
|
"ti"
|
|
|
|
|
"te"
|
2024-03-05 21:21:27 +02:00
|
|
|
] "138.197.140.189";
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
blocking = {
|
2024-04-11 10:12:37 +03:00
|
|
|
blackLists = {
|
|
|
|
|
ads = [
|
|
|
|
|
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-23 01:56:51 +02:00
|
|
|
clientGroupsBlock.default = [
|
|
|
|
|
"ads"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-03-06 13:46:28 +02:00
|
|
|
|
2024-04-05 10:41:54 +03:00
|
|
|
lidarr.enable = true; # port 8686, /var/lib/lidarr
|
2024-03-06 13:46:28 +02:00
|
|
|
prowlarr.enable = true; # port 9696, /var/lib/prowlarr
|
|
|
|
|
radarr.enable = true; # port 7878, /var/lib/radarr
|
|
|
|
|
sonarr.enable = true; # port 8989, /var/lib/sonarr
|
2024-03-05 21:21:27 +02:00
|
|
|
bazarr = {
|
|
|
|
|
# /var/lib/bazarr/
|
2024-02-23 01:56:51 +02:00
|
|
|
enable = true;
|
|
|
|
|
listenPort = settings.ports.bazarr;
|
|
|
|
|
};
|
2024-03-06 13:46:28 +02:00
|
|
|
|
2024-02-23 01:56:51 +02:00
|
|
|
plex = {
|
|
|
|
|
enable = true;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
dataDir = "${settings.server_configs}/plex";
|
|
|
|
|
};
|
|
|
|
|
coturn = rec {
|
|
|
|
|
enable = true;
|
|
|
|
|
no-cli = true;
|
|
|
|
|
no-tcp-relay = true;
|
|
|
|
|
min-port = 49000;
|
|
|
|
|
max-port = 50000;
|
|
|
|
|
use-auth-secret = true;
|
|
|
|
|
static-auth-secret-file = "/etc/secrets/coturn";
|
|
|
|
|
|
|
|
|
|
realm = "turn.catnip.ee";
|
|
|
|
|
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
|
|
|
|
|
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
# for debugging
|
|
|
|
|
verbose
|
|
|
|
|
# ban private IP ranges
|
|
|
|
|
no-multicast-peers
|
|
|
|
|
denied-peer-ip=0.0.0.0-0.255.255.255
|
|
|
|
|
denied-peer-ip=10.0.0.0-10.255.255.255
|
|
|
|
|
denied-peer-ip=100.64.0.0-100.127.255.255
|
|
|
|
|
denied-peer-ip=127.0.0.0-127.255.255.255
|
|
|
|
|
denied-peer-ip=169.254.0.0-169.254.255.255
|
|
|
|
|
denied-peer-ip=172.16.0.0-172.31.255.255
|
|
|
|
|
denied-peer-ip=192.0.0.0-192.0.0.255
|
|
|
|
|
denied-peer-ip=192.0.2.0-192.0.2.255
|
|
|
|
|
denied-peer-ip=192.88.99.0-192.88.99.255
|
|
|
|
|
denied-peer-ip=192.168.0.0-192.168.255.255
|
|
|
|
|
denied-peer-ip=198.18.0.0-198.19.255.255
|
|
|
|
|
denied-peer-ip=198.51.100.0-198.51.100.255
|
|
|
|
|
denied-peer-ip=203.0.113.0-203.0.113.255
|
|
|
|
|
denied-peer-ip=240.0.0.0-255.255.255.255
|
|
|
|
|
denied-peer-ip=::1
|
|
|
|
|
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
|
|
|
|
|
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
|
|
|
|
|
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
|
|
|
|
|
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
|
|
|
|
|
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
|
|
|
|
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
|
|
|
|
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
# /var/lib/postgresql
|
|
|
|
|
postgresql = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = pkgs.postgresql_15;
|
|
|
|
|
initialScript = pkgs.writeText "backend-initScript" ''
|
|
|
|
|
CREATE USER "matrix-synapse";
|
|
|
|
|
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
|
|
|
|
LOCALE 'C'
|
|
|
|
|
ENCODING 'UTF8'
|
|
|
|
|
TEMPLATE template0;
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
identMap = ''
|
|
|
|
|
superuser_map root matrix-synapse
|
|
|
|
|
superuser_map matrix-synapse matrix-synapse
|
|
|
|
|
|
|
|
|
|
superuser_map root matrix-sliding-sync
|
|
|
|
|
superuser_map matrix-sliding-sync matrix-sliding-sync
|
|
|
|
|
|
|
|
|
|
superuser_map root forgejo
|
|
|
|
|
superuser_map forgejo forgejo
|
|
|
|
|
|
|
|
|
|
superuser_map root postgres
|
|
|
|
|
superuser_map postgres postgres
|
|
|
|
|
'';
|
|
|
|
|
authentication = pkgs.lib.mkOverride 10 ''
|
|
|
|
|
#type database DBuser auth-method optional_ident_map
|
|
|
|
|
local sameuser all peer map=superuser_map
|
|
|
|
|
'';
|
|
|
|
|
};
|
2024-03-06 12:41:16 +02:00
|
|
|
|
|
|
|
|
# /var/lib/mautrix-telegram
|
2024-02-23 01:56:51 +02:00
|
|
|
mautrix-telegram = {
|
|
|
|
|
enable = true;
|
|
|
|
|
environmentFile = "/etc/secrets/mautrix-telegram.env";
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
homeserver = {
|
|
|
|
|
address = "http://localhost:${toString settings.ports.synapse}";
|
|
|
|
|
domain = "catnip.ee";
|
|
|
|
|
};
|
|
|
|
|
appservice = {
|
|
|
|
|
address = "http://localhost:${toString settings.ports.mautrix-telegram}";
|
|
|
|
|
port = settings.ports.mautrix-telegram;
|
|
|
|
|
provisioning.enabled = false;
|
|
|
|
|
id = "telegram";
|
|
|
|
|
public = {
|
|
|
|
|
enabled = true;
|
|
|
|
|
prefix = "/telegram";
|
|
|
|
|
external = "https://matrix.catnip.ee/telegram";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
bridge = {
|
2024-04-21 20:57:51 +03:00
|
|
|
encryption.allow = true;
|
2024-02-23 01:56:51 +02:00
|
|
|
permissions = {
|
|
|
|
|
"@admin:catnip.ee" = "admin";
|
|
|
|
|
"@kaya:catnip.ee" = "admin";
|
|
|
|
|
"catnip.ee" = "full";
|
2024-04-21 20:57:51 +03:00
|
|
|
"*" = "relaybot";
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
backfill = {
|
|
|
|
|
enable = true;
|
|
|
|
|
forward_limits = {
|
|
|
|
|
initial = {
|
|
|
|
|
user = -1;
|
|
|
|
|
normal_group = -1;
|
|
|
|
|
supergroup = 1000;
|
|
|
|
|
channel = 1000;
|
|
|
|
|
};
|
|
|
|
|
sync = {
|
|
|
|
|
user = -1;
|
|
|
|
|
normal_group = -1;
|
|
|
|
|
supergroup = 1000;
|
|
|
|
|
channel = 1000;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
animated_sticker = {
|
|
|
|
|
target = "gif";
|
|
|
|
|
args = {
|
|
|
|
|
width = 256;
|
|
|
|
|
height = 256;
|
2024-03-05 21:21:27 +02:00
|
|
|
fps = 30; # only for webm
|
|
|
|
|
background = "020202"; # only for gif, transparency not supported
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
telegram = {
|
|
|
|
|
device_info = {
|
|
|
|
|
device_model = "GooglePixel 6";
|
|
|
|
|
system_version = "SDK 32";
|
|
|
|
|
app_version = "8.7.4 (26367)";
|
|
|
|
|
lang_code = "en";
|
|
|
|
|
system_lang_code = "en";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
matrix-sliding-sync = {
|
|
|
|
|
enable = true;
|
|
|
|
|
createDatabase = true;
|
2024-03-06 16:04:52 +02:00
|
|
|
environmentFile = "/etc/secrets/matrix-sliding-sync.env";
|
2024-02-23 01:56:51 +02:00
|
|
|
settings = {
|
|
|
|
|
SYNCV3_SERVER = "https://matrix.catnip.ee";
|
|
|
|
|
SYNCV3_BINDADDR = "127.0.0.1:${toString settings.ports.matrix-sliding-sync}";
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-03-06 12:41:16 +02:00
|
|
|
|
|
|
|
|
# /var/lib/matrix-synapse
|
2024-02-23 01:56:51 +02:00
|
|
|
matrix-synapse = {
|
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
|
|
extraConfigFiles = [
|
|
|
|
|
"/etc/secrets/synapse.yaml"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
enable_registration = true;
|
|
|
|
|
registration_requires_token = true;
|
|
|
|
|
max_upload_size = "250M";
|
|
|
|
|
server_name = "catnip.ee";
|
|
|
|
|
public_baseurl = "https://matrix.catnip.ee/";
|
2024-03-06 17:39:08 +02:00
|
|
|
|
2024-03-22 15:16:50 +02:00
|
|
|
# Note: email submodule is defined in /etc/secrets/synapse.yaml as matrix doesnt merge the fields and it will fail to run
|
|
|
|
|
# email = {
|
|
|
|
|
# smtp_host = "mx1.sly.ee";
|
|
|
|
|
# smtp_user = "matrix@catnip.ee";
|
|
|
|
|
# smtp_pass = "";
|
|
|
|
|
# force_tls = true;
|
|
|
|
|
# notif_from = "Matrix <matrix@catnip.ee>";
|
|
|
|
|
# app_name = "Catnip.ee matrix";
|
|
|
|
|
# };
|
|
|
|
|
|
2024-03-06 17:39:08 +02:00
|
|
|
server_notices = {
|
|
|
|
|
system_mxid_localpart = "server";
|
|
|
|
|
system_mxid_display_name = "Server Notices";
|
|
|
|
|
system_mxid_avatar_url = "mxc://catnip.ee/LhehrbXOjfnhaJvFEWsXPtnm";
|
|
|
|
|
room_name = "Server Notices";
|
|
|
|
|
auto_join = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-02-23 01:56:51 +02:00
|
|
|
database = {
|
|
|
|
|
name = "psycopg2";
|
|
|
|
|
args = {
|
|
|
|
|
database = "matrix-synapse";
|
|
|
|
|
user = "matrix-synapse";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
app_service_config_files = [
|
|
|
|
|
# sudo rm /var/lib/matrix-synapse/telegram-registration.yaml
|
|
|
|
|
# sudo cp /var/lib/mautrix-telegram/telegram-registration.yaml /var/lib/matrix-synapse/
|
|
|
|
|
# sudo chown matrix-synapse:matrix-synapse /var/lib/matrix-synapse/telegram-registration.yaml
|
|
|
|
|
# sudo systemctl restart matrix-synapse
|
|
|
|
|
"/var/lib/matrix-synapse/telegram-registration.yaml"
|
2024-04-21 23:29:30 +03:00
|
|
|
"/var/lib/mautrix-discord/registration.yaml"
|
2024-02-23 01:56:51 +02:00
|
|
|
];
|
2024-03-05 21:21:27 +02:00
|
|
|
listeners = [
|
|
|
|
|
{
|
|
|
|
|
bind_addresses = ["127.0.0.1"];
|
|
|
|
|
port = settings.ports.synapse;
|
|
|
|
|
resources = [
|
|
|
|
|
{
|
|
|
|
|
compress = true;
|
|
|
|
|
names = ["client" "federation"];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
tls = false;
|
|
|
|
|
type = "http";
|
|
|
|
|
x_forwarded = true;
|
|
|
|
|
}
|
|
|
|
|
];
|
2024-02-23 01:56:51 +02:00
|
|
|
turn_uris = [
|
|
|
|
|
"turn:${config.services.coturn.realm}:3478?transport=udp"
|
|
|
|
|
"turn:${config.services.coturn.realm}:3478?transport=tcp"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
turn_user_lifetime = "1h";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# /var/lib/ntfy-sh/
|
|
|
|
|
ntfy-sh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
listen-http = ":${toString settings.ports.ntfy}";
|
|
|
|
|
base-url = "https://ntfy.catnip.ee";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# /var/lib/jellyfin
|
|
|
|
|
jellyfin.enable = true;
|
|
|
|
|
|
|
|
|
|
cloudflare-dyndns = {
|
|
|
|
|
enable = true;
|
|
|
|
|
apiTokenFile = "/etc/secrets/cloudflare-dyndns.env";
|
|
|
|
|
domains = [
|
|
|
|
|
"catnip.ee"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.firewall = {
|
|
|
|
|
enable = true;
|
|
|
|
|
allowedUDPPortRanges = with config.services.coturn; [{
|
|
|
|
|
from = min-port;
|
|
|
|
|
to = max-port;
|
|
|
|
|
}];
|
|
|
|
|
allowedUDPPorts = [
|
2024-03-05 22:57:26 +02:00
|
|
|
config.services.blocky.settings.ports.dns
|
|
|
|
|
|
|
|
|
|
# coturn
|
|
|
|
|
3478
|
|
|
|
|
5349
|
2024-02-23 01:56:51 +02:00
|
|
|
];
|
|
|
|
|
allowedTCPPorts = [
|
2024-03-05 22:57:26 +02:00
|
|
|
config.services.blocky.settings.ports.dns
|
|
|
|
|
|
2024-03-28 18:16:00 +02:00
|
|
|
# HTTP/HTTPS
|
2024-03-05 21:21:27 +02:00
|
|
|
80
|
2024-03-05 22:57:26 +02:00
|
|
|
443
|
|
|
|
|
|
|
|
|
|
# coturn
|
2024-03-05 21:21:27 +02:00
|
|
|
3478
|
2024-03-05 22:57:26 +02:00
|
|
|
5349
|
|
|
|
|
|
2024-02-23 01:56:51 +02:00
|
|
|
settings.ports.privoxy
|
|
|
|
|
25566 # modded minecraft
|
2024-03-05 22:57:26 +02:00
|
|
|
|
|
|
|
|
config.services.forgejo.settings.server.SSH_PORT
|
2024-02-23 01:56:51 +02:00
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users = {
|
|
|
|
|
defaultUserShell = pkgs.fish;
|
2024-03-27 14:45:33 +02:00
|
|
|
|
|
|
|
|
groups = {
|
|
|
|
|
# caddy user needs to be part of coturn's group for certs
|
|
|
|
|
${config.systemd.services.coturn.serviceConfig.Group}.members = [
|
|
|
|
|
config.systemd.services.caddy.serviceConfig.User
|
|
|
|
|
];
|
|
|
|
|
};
|
2024-02-23 01:56:51 +02:00
|
|
|
users.owo = {
|
2024-03-05 21:21:27 +02:00
|
|
|
isNormalUser = true;
|
|
|
|
|
extraGroups = ["networkmanager" "wheel" "docker"];
|
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi"
|
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi"
|
|
|
|
|
];
|
|
|
|
|
packages = with pkgs; [
|
|
|
|
|
firefox
|
|
|
|
|
helix
|
|
|
|
|
mpv
|
|
|
|
|
croc
|
|
|
|
|
ffmpeg
|
|
|
|
|
speedtest-cli
|
|
|
|
|
htop
|
|
|
|
|
progress
|
|
|
|
|
duperemove
|
|
|
|
|
tmux
|
|
|
|
|
];
|
2024-02-23 01:56:51 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-03-06 15:20:38 +02:00
|
|
|
system.stateVersion = "23.05";
|
2024-02-23 01:56:51 +02:00
|
|
|
}
|
