batteredbunny/server.nix
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions
server.nix/configuration.nix

429 lines
12 KiB
Nix
Raw Blame History

{ config
, pkgs
, inputs
, settings
, ...
}: {
imports = [
./hardware-configuration.nix
./containers
./caddy
./gui.nix
./drives.nix
./games/palworld.nix
./games/minecraft
./services/mautrix.nix
./services/jellyfin.nix
./services/mastodon.nix
./services/archivebox.nix
./services/cross-seed.nix
./services/forgejo.nix
./services/wakapi.nix
./services/blocky.nix
./services/coturn.nix
./services/feishin.nix
./services/ntfy.nix
./services/nextcloud.nix
./services/unpackerr.nix
./services/qbittorrent.nix
./services/grafana.nix
./services/pds
./services/gonic.nix
./services/youtuee.nix
./services/confess.nix
./services/lastfm-status.nix
inputs.common-modules.nixosModules.nixos-upgrade
];
nixpkgs = {
config.allowUnfree = true;
overlays = [
inputs.nix-minecraft-plugin-upgrade.overlays.default
];
};
system.autoUpgrade = {
enable = true;
allowReboot = true;
flake = "/etc/nixos";
updateFlake = true;
# minecraft plugin auto update
extraCommands =
let
plugins = [
"simple-voice-chat" # https://modrinth.com/plugin/simple-voice-chat
"worldedit" # https://modrinth.com/plugin/worldedit
];
pluginFile = "games/minecraft/paper-vanilla-plugins.nix";
in
''
nix-minecraft-plugin-upgrade --loader paper --game-version 1.21.1 --project ${builtins.concatStringsSep " --project " plugins} --file ${pluginFile}
git add ${pluginFile}
git commit ${pluginFile} -m "Updated ${pluginFile}"
'';
};
nix = {
gc = {
automatic = true;
dates = "weekly";
};
optimise = {
automatic = true;
dates = [ "06:00" ];
};
settings = {
sandbox = false; # Caddy cannot be built in a sandbox because it retrieves external dependencies (i.e. cloudflare-dns module)
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
allowed-users = [
"@wheel"
"owo"
];
};
};
boot = {
supportedFilesystems = [ "btrfs" "mergerfs" ];
tmp.cleanOnBoot = true;
# Nvidia driver on latest kernel
# kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot = {
enable = true;
configurationLimit = 5;
};
efi.canTouchEfiVariables = true;
};
};
systemd.services.tailscaled.environment = {
TS_NO_LOGS_NO_SUPPORT = "true";
};
networking = {
hostName = "server";
networkmanager.enable = true;
resolvconf = {
enable = true;
useLocalResolver = true; # prefers tailscale dns otherwise
};
nameservers = [
"127.0.0.1"
# cloudflare
"1.1.1.1"
"1.0.0.1"
];
interfaces.enp0s31f6q = {
ipv6.addresses = [{
address = "2001:7d0:84a6:5900:263a:6e9b:63e4:3b82";
prefixLength = 64;
}];
ipv4.addresses = [{
address = "192.168.1.131";
prefixLength = 24;
}];
};
firewall = {
enable = true;
allowedTCPPorts = [
# HTTP/HTTPS
80
443
];
};
};
time.timeZone = "Europe/Tallinn";
i18n = {
defaultLocale = "en_GB.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "et_EE.UTF-8";
LC_IDENTIFICATION = "et_EE.UTF-8";
LC_MEASUREMENT = "et_EE.UTF-8";
LC_MONETARY = "et_EE.UTF-8";
LC_NAME = "et_EE.UTF-8";
LC_NUMERIC = "et_EE.UTF-8";
LC_PAPER = "et_EE.UTF-8";
LC_TELEPHONE = "et_EE.UTF-8";
LC_TIME = "et_EE.UTF-8";
};
};
hardware = {
nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
open = false; # enable soon
};
nvidia-container-toolkit.enable = true;
};
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
environment.systemPackages = with pkgs; [
mergerfs
mergerfs-tools
];
programs = {
mosh.enable = true;
git.enable = true;
fish.enable = true;
ssh.startAgent = true;
};
security = {
sudo.wheelNeedsPassword = false;
acme = {
acceptTerms = true;
defaults.email = "ssl@catnip.ee";
};
};
services = {
borgbackup.jobs."borgbase" = {
paths = [
# maybe only include /var/lib?
"/var/lib/lidarr"
"/var/lib/sonarr"
"/var/lib/radarr"
"/var/lib/bazarr"
"/var/lib/private/prowlarr"
"/var/lib/mysql"
"/var/lib/postgresql"
"/var/lib/private/drasl"
"/var/lib/acme"
"/var/lib/tailscale"
"/var/lib/private/scrutiny"
"/var/lib/caddy"
"/var/lib/syncthing"
"/var/lib/matrix-synapse"
"/var/lib/plex"
"/var/lib/influxdb2"
"/etc/secrets"
"/etc/nixos"
"/srv/minecraft"
"/home/owo/Documents/server_configs/archivebox"
"/home/owo/Documents/server_configs/epicgames-freegames-node"
"/home/owo/Documents/server_configs/palworld"
"/home/owo/Documents/server_configs/plextraktsync"
"/home/owo/Documents/server_configs/sonic"
];
exclude = [
"/var/lib/lidarr/.config/Lidarr/MediaCover"
"/var/lib/sonarr/.config/NzbDrone/MediaCover"
"/var/lib/radarr/.config/Radarr/MediaCover"
"/var/lib/plex/transcode"
"/var/lib/plex/Plex Media Server/Media"
"/var/lib/matrix-synapse/media_store/remote_content"
"/var/lib/matrix-synapse/media_store/remote_thumbnail"
];
repo = "ssh://uq9l5635@uq9l5635.repo.borgbase.com/./repo";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /etc/secrets/borgpass";
};
environment.BORG_RSH = "ssh -i /home/owo/.ssh/id_rsa";
compression = "auto,lzma";
startAt = "daily";
};
syncthing = {
enable = true;
guiAddress = "0.0.0.0:8384";
openDefaultPorts = true;
};
scrutiny = {
enable = true;
collector.enable = true;
settings.web.listen.port = 4012;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
extraSetFlags = [
"--advertise-exit-node"
];
permitCertUid = "caddy";
port = 0;
};
lidarr.enable = true; # port 8686, /var/lib/lidarr
prowlarr.enable = true; # port 9696, /var/lib/prowlarr
radarr.enable = true; # port 7878, /var/lib/radarr
sonarr.enable = true; # port 8989, /var/lib/sonarr
bazarr.enable = true; # port 6767, /var/lib/bazarr
# /var/lib/plex
plex = {
enable = true;
openFirewall = true; # 32400
};
# /var/lib/postgresql
postgresql = {
enable = true;
package = pkgs.postgresql_16;
enableTCPIP = true;
initialScript = pkgs.writeText "backend-initScript" ''
CREATE USER "matrix-synapse";
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
LOCALE 'C'
ENCODING 'UTF8'
TEMPLATE template0;
'';
identMap = ''
superuser_map root mastodon
superuser_map mastodon mastodon
superuser_map root matrix-synapse
superuser_map matrix-synapse matrix-synapse
superuser_map root forgejo
superuser_map forgejo forgejo
superuser_map root postgres
superuser_map postgres postgres
superuser_map root wakapi
superuser_map wakapi wakapi
superuser_map root nextcloud
superuser_map nextcloud nextcloud
'';
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method optional_ident_map
local sameuser all peer map=superuser_map
'';
};
# /var/lib/matrix-synapse
matrix-synapse = {
enable = true;
extraConfigFiles = [
"/etc/secrets/synapse.yaml"
];
settings = {
enable_registration = true;
registration_requires_token = true;
max_upload_size = "250M";
server_name = "catnip.ee";
public_baseurl = "https://matrix.catnip.ee/";
# Note: email submodule is defined in /etc/secrets/synapse.yaml as matrix doesnt merge the fields and it will fail to run
# email = {
# smtp_host = "mx1.sly.ee";
# smtp_user = "matrix@catnip.ee";
# smtp_pass = "";
# force_tls = true;
# notif_from = "Matrix <matrix@catnip.ee>";
# app_name = "Catnip.ee matrix";
# };
server_notices = {
system_mxid_localpart = "server";
system_mxid_display_name = "Server Notices";
system_mxid_avatar_url = "mxc://catnip.ee/LhehrbXOjfnhaJvFEWsXPtnm";
room_name = "Server Notices";
auto_join = true;
};
database = {
name = "psycopg2";
args = {
database = "matrix-synapse";
user = "matrix-synapse";
};
};
listeners = [
{
bind_addresses = [ "127.0.0.1" ];
port = 8008;
resources = [
{
compress = true;
names = [ "client" "federation" ];
}
];
tls = false;
type = "http";
x_forwarded = true;
}
];
turn_uris = [
"turn:${config.services.coturn.realm}:3478?transport=udp"
"turn:${config.services.coturn.realm}:3478?transport=tcp"
];
turn_user_lifetime = "1h";
};
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
cloudflare-dyndns = {
enable = true;
apiTokenFile = "/etc/secrets/cloudflare-dyndns.env";
ipv4 = true;
ipv6 = true;
domains = [
"catnip.ee"
];
};
};
users = {
defaultUserShell = pkgs.fish;
users = {
owo = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "docker" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDhXnulnINZ/hBBwHhzl35UsFcFUwxwaaFVFwCgIgOHmlJhknhpq5UQDbV6JoouFMgN48uBDD5/vcYjvS0UYFMBTox0MmJK+Yt4AnNusHkf8j1XCiXxHsicQilxJgu7yZJJRd2TAIqWlautW+VjuXOssN08x0pvtiupefDz6Li7A4SnS1iGsNTgypJaemquEYRge3hC043kaubuSgqNKknK65zA9aLp9h31r9W5K6N+k+ll+TPyyWZdsJMnaqWmoIS1+fpAdG5wMPZbR503dLPFzdprwy8FSoTzkD8aKyEdtzzQboS3b7s2DfFvOy3uoKy5bcMOl6Fm1dos90TFiOjCQmF9+WKG8qteeAtizd04Fmi8JRipODCgkvDFj8YAHaB2w5+xNpCYwJTOdHQZflOo25725aIDXZ2afg3evSdVZgJ0PPiWs6fnJMqbJCrzLsBxfN7vAbWzHHTBIuXrtidwY/x/XTs5n4mm4OukyOQF5YjYXy39WIlzjk3uMR0m8ec= lain@navi" # desktop
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTbuZLmu2F2EWMl1cXwZqYQwuFDyMyPf+d6MospDs+UaFzKFJdtDlb5+uFkkz9gHf8rCBOnXi6bLGgZNxUhTgEBka0RQVCIqRDjOJAWtwG0zLg/mQ9c1Ug2/9kH/PRjy+GGGzz3GVw7HNZNUjAkNr/kIX4t0L8uBqqkgcM/woBH8S/rV3Xs30XWi9mNkx1J4Z5fqtBBeF2GAd02i2PsUMnGfZSwwJy3mhBhI+Vw5mtsS1QJWd9LrsRfLbtzVHWm4MGr3O0F34ij8BV1uzaHfopn0vKilI/dq8HfjuYjKr33CB5f3C1OdcuFfwqE3ZDxZcaOshqXimt9MrYLXaMv0i7I7a3r33ij2hl9d9oh3Z72yt+wAAdgTJ23Xrwzr4P9Iu4BsayG5bQC6IVLv3Eef5TcPKSXmmtCr2hFLYUMQmlPptrUOf1tmB/7oYo3vJe2cz07PxuxZZ20F3MXugoUTfsnuwAH2chT4xL/TnS4Kbs12QoPFjdG1v/0Z8fVD1ysoU= mina@navi" # laptop
];
packages = with pkgs; [
firefox
helix
mpv
croc
ffmpeg
speedtest-cli
htop
progress
duperemove
tmux
du-dust # du alternative
dogedns # dig alternative
nix-minecraft-plugin-upgrade
];
};
};
};
system.stateVersion = "23.05";
}
Reference in a new issue View git blame Copy permalink