Skip to content

Instantly share code, notes, and snippets.

@AcouBass
Last active Jan 10, 2021
Embed
What would you like to do?
Nixos Server
{ config, pkgs, lib, ... }:
{
imports =
[
#./flexget.nix
./znc.nix
./web.nix
];
hardware = {
enableRedistributableFirmware = true;
pulseaudio = {
tcp = {
enable = true;
anonymousClients.allowedIpRanges = [ "127.0.0.1" "192.168.0.15" "192.168.0.11" ];
};
};
};
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
raspberryPi = {
enable = true;
version = 3;
uboot.enable = true;
};
};
#kernelPackages = pkgs.linuxPackages_rpi;
initrd.kernelModules = [ "vc4" ];
kernelParams = [ "cma=32M" ];
};
fileSystems = {
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
"/home" = {
device = "/dev/sda1";
fsType = "ext4";
};
#### Deluge bind mount
"/var/lib/deluge" = {
device = "/home/deluge";
options = [ "bind" ];
};
#### NFS Shares
"/export/deluge" = {
device = "/home/deluge";
options = [ "bind" ];
};
"/export/pi" = {
device = "/home/pi";
options = [ "bind" ];
};
#"/home/mpd/music" = {
# device = "/home/pi/Music";
# options = [ "bind" ];
#};
};
swapDevices = [ { device = "/swapfile"; size=2048; } ];
networking = {
domain = "piecemaker.rocks";
hostName = "NixPi";
#interfaces.eth0.macAddress = "5a:ba:da:e8:e8:b1";
firewall = {
allowedTCPPorts = [ 58846 5000 6667 2049 111 20048 445 80 8384 6600 ];
allowedUDPPorts = [ 111 2049 20048 445 80 8384 6600 ];
allowedTCPPortRanges = [
{ from = 56881; to = 57200; }
];
allowedUDPPortRanges = [
{ from = 56881; to = 57200; }
];
};
#wireless = {
# enable = true;
# networks = { accesspoint = {
# psk = "passphrase";
# };
# };
# };
};
i18n = {
consoleKeyMap = "uk";
defaultLocale = "en_GB.UTF-8";
};
time.timeZone = "Europe/London";
programs = {
ssh = {
startAgent = false;
};
command-not-found.enable = true;
};
services = {
ddclient = {
enable = true;
domains = [ "my.domains" ];
password = "mysupersecretpassword";
protocol = "namecheap";
use = "web, web=dynamicdns.park-your-domain.com/getip";
username = "my.domains";
server = "dynamicdns.park-your-domain.com";
};
syncthing = {
enable = true;
user = "pi";
guiAddress = "0.0.0.0:8384";
openDefaultPorts = true;
configDir = "/home/pi/.config/syncthing";
};
samba = {
enable = true;
shares = {
TV = {
path = "/home/deluge/Videos/TV";
"read only" = true;
browseable = "yes";
"guest ok" = "yes";
comment = "TV Shows";
};
Movies = {
path = "/home/deluge/Videos/Movies";
"read only" = true;
browseable = "yes";
"guest ok" = "yes";
comment = "Movies";
};
Podcasts = {
path = "/home/deluge/Podcasts";
"read only" = true;
browseable = "yes";
"guest ok" = "yes";
comment = "Podcasts";
};
};
};
nfs.server = {
enable = true;
exports = ''
/export 192.168.0.15(rw,fsid=0,no_subtree_check)
/export/deluge 192.168.0.15(rw,nohide,insecure,no_subtree_check)
/export/pi 192.168.0.15(rw,nohide,insecure,no_subtree_check)
'';
};
deluge = {
enable = true;
};
openssh = {
enable = true;
startWhenNeeded = true;
passwordAuthentication = false;
};
mpd = {
startWhenNeeded = true;
enable = true;
user = "pi";
group = "users";
network.listenAddress = "any";
dataDir = "/home/pi/.mpd";
musicDirectory = "/home/pi/.mpd/rootdirectory";
extraConfig = ''
audio_output {
type "pulse"
name "Raspberry Pis MPD"
server "192.168.0.15"
}
'';
};
};
users = {
defaultUserShell = pkgs.zsh;
extraUsers = {
eddie = {
useDefaultShell = true;
isNormalUser = true;
extraGroups = [ "wheel" ];
};
deluge = {
extraGroups = [ "users" ];
};
pi = {
useDefaultShell = true;
isNormalUser = true;
extraGroups = [ "wheel" "deluge" "audio" "users" ];
};
};
};
system = {
autoUpgrade = {
channel = "https://nixos.org/channels/nixos-19.03";
enable = true;
};
};
security = {
sudo = {
wheelNeedsPassword = false;
};
pam = {
enableSSHAgentAuth = true;
};
};
environment.systemPackages = with pkgs; [ stow weechat screen ncmpcpp git greg htop certbot ];
nixpkgs.config.allowUnfree = true;
}
GNU nano 5.2 /etc/nixos/nextcloud.nix
{ config, pkgs, lib, ... }:
{
security.acme = {
email = "me@gmail.com";
acceptTerms = true;
certs = {
"cloud.my.domain" = {
group = "nginx";
};
};
};
services.nextcloud = {
enable = true;
hostName = "cloud.my.domain";
https = true;
autoUpdateApps.enable = true;
autoUpdateApps.startAt = "05:00:00";
config = {
overwriteProtocol = "https";
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = "/var/nextcloud-db-pass";
adminpassFile = "/var/nextcloud-admin-pass";
adminuser = "admin";
};
};
services.postgresql = {
enable = true;
# Ensure the database, user, and permissions always exist
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{ name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
}
{ config, pkgs, lib, ... }:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts = {
"znc.piecemaker.rocks" = {
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
return = "301 https://$host$request_uri";
};
};
};
};
}
{ config, pkgs, lib, ... }:
{
security.acme ={
email = "my@email.com";
acceptTerms = true;
certs = {
"znc.piecemaker.rocks" = {
webroot = "/var/lib/acme/.challenges";
postRun = ''
cp full.pem "${config.services.znc.dataDir}/znc.pem"
'';
group = "znc";
allowKeysForGroup = true;
};
};
nixpkgs.config.bitlbee.enableLibPurple = true;
services = {
bitlbee = {
enable = true;
plugins = [ pkgs.bitlbee-facebook pkgs.bitlbee-steam pkgs.bitlbee-mastodon ];
libpurple_plugins = [pkgs.purple-hangouts ];
};
znc = {
enable = true;
openFirewall = true;
mutable = false;
useLegacyConfig = false;
modulePackages = [ pkgs.zncModules.backlog pkgs.zncModules.clientbuffer ];
config = {
#BindHost = "znc.piecemaker.rocks";
LoadModule = [ "adminlog" ];
User.eddie = {
#BindHost = "znc.piecemaker.rocks";
LoadModule = [ "chansaver" "controlpanel" ];
Nick = "Acou_Bass";
AltNick = "Piece_Maker";
Ident = "eddie";
Admin = true;
Pass.password = {
Hash = "passhash";
Method = "sha256";
Salt = "passalt";
};
Network = {
freenode = {
LoadModule = [ "backlog" "keepnick" "nickserv" "route_replies" "perform" "clientbuffer" ];
Nick = "Acou_Bass";
AltNick = "Piece_Maker";
Server = "chat.freenode.net +6697 password";
Chan = { "##nixheads" = {}; "#postmarketos-offtopic" = {}; "#DasLinux" = {}; "#antergos" = {}; "#bedrock" = {}; "#e" = {}; "#firefox" = {}; "#gemini-pda" = {};
"#irishlucklinux" = {}; "#kde" = {}; "#kde-chat" = {}; "#linuxchattr" = {}; "#gamingonlinux" = {}; "#mediagoblin" = {}; "#musnix" = {}; "#nixos" = {}; "#nixos-aarch64" = {}; "#nixos-nur" = {}; "#plasma" = {}; "#postmarketos" =
{}; "#rockbox" = {}; "#sailfishos" = {}; "#sailfishos-porters" = {}; "#sfdroid" = {}; "#social" = {}; "#ubports" = {}; "#ubuntu" = {}; "#weechat" = {}; "#znc" = {}; };
JoinDelay = 2;
};
gitter = {
LoadModule = [ "chansaver" "nickserv" "route_replies" "clientbuffer" "backlog" "keepnick" ];
Nick = "AcouBass";
Server = "irc.gitter.im +6667 password";
Chan = { "#OpenRCT2/OpenRCT2/non-dev" = {}; };
JoinDelay = 2;
};
swiftirc = {
LoadModule = [ "backlog" "keepnick" "nickserv" "route_replies" "perform" "clientbuffer" ];
Nick = "Acou_Bass";
Server = "irc.swiftirc.net +6697 password";
Chan = { "#any" = {}; "#aerdrie" = {}; };
JoinDelay = 2;
};
bitlbee = {
LoadModule = [ "autoattach" "nickserv" "route_replies" "perform" "clientbuffer" ];
Nick = "eddie";
RealName = "eddie";
Server = "localhost 6667 password";
Chan = { "&bitlbee" = {}; };
JoinDelay = 2;
};
geekshed = {
LoadModule = [ "backlog" "keepnick" "nickserv" "route_replies" "perform" "clientbuffer" ];
Nick = "Piece_Maker";
AltNick = "Acou_Bass";
Server = "irc.geekshed.net +6697 password";
Chan = { "#jupiterbroadcasting" = {}; };
JoinDelay = 2;
};
gimpnet = {
LoadModule = [ "backlog" "keepnick" "nickserv" "route_replies" "perform" "clientbuffer" ];
Nick = "Piece_Maker";
AltNick = "Acou_Bass";
Server = "irc.gnome.org +6697 password";
Chan = { "#gnome" = {}; };
JoinDelay =2;
};
oftc = {
LoadModule = [ "backlog" "keepnick" "nickserv" "route_replies" "perform" "clientbuffer" ];
Nick = "Piece_Maker";
AltNick = "Acou_Bass";
Server = "irc.oftc.net +6697 password";
Chan = { "#bitlbee" = {}; };
JoinDelay = 2;
};
};
};
};
};
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment