Created
November 8, 2017 22:16
-
-
Save BigValen/c30b2de9714808eb3519b19d66e4f7ec to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Edit this configuration file to define what should be installed on | |
| # your system. Help is available in the configuration.nix(5) man page | |
| # and in the NixOS manual (accessible by running ‘nixos-help’). | |
| { config, pkgs, ... }: | |
| { | |
| imports = | |
| [ # Include the results of the hardware scan. | |
| ./hardware-configuration.nix | |
| ]; | |
| nix.gc.automatic = true; | |
| nix.gc.dates = "weekly"; | |
| nix.gc.options = "--delete-older-than 10d"; | |
| # boot.kernelPackages = pkgs.linuxPackages_4_4; | |
| boot.loader.grub.enable = true; | |
| boot.loader.grub.version = 2; | |
| boot.loader.grub.device = "/dev/sdc"; | |
| swapDevices = [ { device = "/dev/zvol/rpool/swap"; } ]; | |
| # ZFS settings | |
| boot.supportedFilesystems = [ "zfs " ]; | |
| boot.zfs.devNodes = "/dev/disk/by-id"; | |
| networking = { | |
| defaultGateway = "192.168.0.1"; | |
| domain = "sutton.magicbluesmoke.net"; | |
| hostName = "nas"; | |
| hostId = "deadbeef"; | |
| interfaces.eno1 = { | |
| ip4 = [ | |
| { address="192.168.0.24"; prefixLength = 24; } | |
| # { address="192.168.0.84"; prefixLength = 24; } | |
| ]; | |
| }; | |
| #interfaces.eno2 = { | |
| # ip4 = [ | |
| # { useDhcp = true; }; | |
| # ]; | |
| #}; | |
| firewall = { | |
| allowedTCPPorts = [ 80 53 443 3445 5201 32400 4949 445 139 8000 9090 ]; | |
| allowedUDPPorts = [ 53 514 5201 ]; | |
| allowPing = true; | |
| allowedUDPPortRanges = [{from = 60000; to = 61000;}]; | |
| }; | |
| #nameservers = [ "127.0.0.1" "8.8.4.4" ]; | |
| nameservers = [ "8.8.4.4" "8.8.8.8" ]; | |
| }; | |
| # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. | |
| security.sudo = { | |
| wheelNeedsPassword = false; | |
| enable = true; | |
| configFile = '' | |
| Defaults:root,%wheel env_keep+=TERMINFO_DIRS | |
| Defaults:root,%wheel env_keep+=TERMINFO | |
| Defaults env_keep+=SSH_AUTH_SOCK | |
| root ALL=(ALL) SETENV: ALL | |
| %wheel ALL=(ALL:ALL) NOPASSWD: ALL, SETENV: ALL | |
| looney ALL=(ALL) SETENV: ALL | |
| ''; | |
| }; | |
| # Select internationalisation properties. | |
| # i18n = { | |
| # consoleFont = "Lat2-Terminus16"; | |
| # consoleKeyMap = "us"; | |
| # defaultLocale = "en_US.UTF-8"; | |
| # }; | |
| # Set your time zone. | |
| time.timeZone = "Europe/Dublin"; | |
| environment.systemPackages = with pkgs; [ | |
| # Debug tools | |
| tcpdump | |
| zlib | |
| cacert | |
| # System tools | |
| parted psmisc atop | |
| rrdtool | |
| git | |
| python | |
| mailutils john | |
| wget | |
| curl | |
| bind | |
| logrotate | |
| ipmitool | |
| ]; | |
| # List services that you want to enable: | |
| services = { | |
| bind = { | |
| cacheNetworks = [ "192.168.0.0/23" "127.0.0.0/8"] ; | |
| enable = true; | |
| forwarders = [ "8.8.4.4" "8.8.8.8" ] ; | |
| zones = [ | |
| { file = ./db.sutton.magicbluesmoke.net; master = true; name = "sutton.magicbluesmoke.net"; slaves = []; } | |
| { file = ./db.192.168.0; master = true; name = "0.168.192.in-addr.arpa"; slaves = []; } | |
| ]; | |
| ipv4Only = true; | |
| }; | |
| cron = { | |
| enable = true; | |
| mailto = "john.looney@gmail.com"; | |
| }; | |
| dhcpd4 = { | |
| enable = true; | |
| interfaces = ["eno1"]; | |
| extraConfig = '' | |
| option domain-name-servers 8.8.4.4, 8.8.8.8; | |
| option domain-name "sutton.magicbluesmoke.net"; | |
| option domain-search "sutton.magicbluesmoke.net"; | |
| option routers 192.168.0.1; | |
| subnet 192.168.0.0 netmask 255.255.255.0 { | |
| range 192.168.0.10 192.168.0.230; | |
| default-lease-time 86400; | |
| max-lease-time 2592000; | |
| } | |
| ''; | |
| }; | |
| httpd = { | |
| enablePHP = true; | |
| virtualHosts = | |
| [ | |
| { hostName = "nas.sutton.magicbluesmoke.net"; | |
| documentRoot = "/home/webroot"; | |
| serverAliases = [ "nas" ]; | |
| adminAddr = "alice@example.org"; | |
| enableUserDir = true; | |
| extraConfig = " | |
| ScriptAlias /cgi-bin/ /home/webroot/cgi-bin/ "; | |
| } | |
| ]; | |
| enable = true; | |
| adminAddr = "john.looney@gmail.com"; | |
| }; | |
| locate = { | |
| enable = true; | |
| }; | |
| munin-node = { | |
| enable = true; | |
| extraConfig = '' | |
| cidr_allow 192.168.1.0/24 | |
| allow ^192.168.0.24$ | |
| log_file /var/log/munin/munin.log | |
| user root | |
| ''; | |
| }; | |
| logrotate = { enable = true; }; | |
| munin-cron = { | |
| enable = true; | |
| hosts = '' | |
| [${config.networking.hostName}] | |
| address localhost | |
| ''; | |
| }; | |
| mysql.package = pkgs.mysql; | |
| mysql.enable = false; | |
| openssh.enable = true; | |
| postfix = { | |
| enable = true; | |
| }; | |
| plex = { | |
| package = pkgs.plex; | |
| enable = false; | |
| }; | |
| smartd = { | |
| enable = true; | |
| notifications.mail.recipient = "john.looney@gmail.com"; | |
| notifications.mail.enable = true; | |
| }; | |
| samba = { | |
| enable = true; | |
| syncPasswordsByPam = true; | |
| shares = { | |
| Books = { | |
| path = "/home/Books"; | |
| "read only" = "yes"; | |
| "browseable" = "yes"; | |
| "guest ok" = "yes"; | |
| }; | |
| DVDS = { | |
| path = "/home/DVDS"; | |
| "read only" = "yes"; | |
| "browseable" = "yes"; | |
| "guest ok" = "yes"; | |
| }; | |
| Music = { | |
| path = "/home/Music"; | |
| "read only" = "yes"; | |
| "browseable" = "yes"; | |
| "guest ok" = "yes"; | |
| "available" = "yes"; | |
| "public" = "yes"; | |
| }; | |
| Video = { | |
| path = "/home/Video"; | |
| "read only" = "yes"; | |
| "browseable" = "yes"; | |
| "guest ok" = "yes"; | |
| }; | |
| HomeVideos = { | |
| path = "/home/HomeVideo"; | |
| "read only" = "yes"; | |
| "browseable" = "yes"; | |
| "guest ok" = "yes"; | |
| }; | |
| julie = { | |
| comment = "Julie's Homedir"; | |
| path = "/home/julie"; | |
| "valid users" = "julie"; | |
| # "admin users" = "julie"; | |
| writeable = "Yes"; | |
| }; | |
| looney = { | |
| comment = "John's Homedir"; | |
| path = "/home/looney"; | |
| "valid users" = "looney"; | |
| # "admin users" = "looney"; | |
| writeable = "Yes"; | |
| }; | |
| }; | |
| extraConfig = '' | |
| [global] | |
| guest account = home | |
| map to guest = Bad User | |
| security = user | |
| load printers = no | |
| printing = bsd | |
| printcap name = /dev/null | |
| disable spoolss = yes | |
| browseable = yes | |
| writeable = yes | |
| printable = no | |
| server string = nas | |
| workgroup = WORKGROUP | |
| netbios name = nas | |
| # Debug logging information | |
| log level = 2 | |
| log file = /var/log/samba/log.%m | |
| max log size = 50 | |
| debug timestamp = yes | |
| ''; | |
| }; | |
| zfs.autoSnapshot.enable = true; | |
| }; | |
| # Define a user account. Don't forget to set a password with ‘passwd’. | |
| users.extraGroups = { | |
| kvm = {}; | |
| }; | |
| users.extraUsers = { | |
| looney = { | |
| isNormalUser = true; | |
| uid = 1000; | |
| extraGroups = [ "wheel" ]; | |
| openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAA5zDlOeoMtTE0htz1a63/lG9WlT+H/G8y4TjG+bn3Ma8xWZIoS5WB1dCvyCren620RchZNJmc47A5p+eWtqm9ctwghN+WJVjBk5N6gI9VfU3np+OjJECDMsJTtEjJeqJ6LDXv5cavafOEsL/uFG1noZRJ94ug88uIcmUevyy85nh3QfoGXCrPjd3Th6zCfCHDopDn+ykQiAgJv+oUYxrYUkxnOJXKmdD3i1sm2De8lbtEJA/rgBFjRRL+xG0TQ6bp4Xfl0lA6LCUfcDlq+RO6/l8bS9i2sQZk+Jm++AnhFoBltwQC20J5 looney@looney2-l.dub.corp.google.com" ]; | |
| }; | |
| home = { | |
| isNormalUser = true; | |
| uid = 502; | |
| }; | |
| }; | |
| virtualisation = { | |
| docker = { | |
| enable = true; | |
| enableOnBoot = true; | |
| storageDriver = "zfs"; | |
| autoPrune = { | |
| enable = true; | |
| }; | |
| }; | |
| }; | |
| system.autoUpgrade.enable = true; | |
| nix.extraOptions = "auto-optimise-store = true"; | |
| nixpkgs.config = { | |
| allowUnfree = true; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment