-
-
Save stephenjudkins/3aa7e7228bee861ec9dcf27e256ee217 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { config, pkgs, ... }: | |
| { | |
| imports = | |
| [ | |
| ./hardware-configuration.nix | |
| ]; | |
| boot.loader.systemd-boot.enable = true; | |
| boot.loader.efi.canTouchEfiVariables = true; | |
| networking.hostName = "snowfall"; | |
| networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. | |
| networking.wireless.networks = { "flexible oyster" = { psk = "[redacted]"; }; }; | |
| time.timeZone = "America/Los_Angeles"; | |
| services.printing.enable = true; | |
| services.printing = { | |
| drivers = [ pkgs.brlaser ]; | |
| browsing = true; | |
| defaultShared = true; | |
| listenAddresses = [ "*:631" ]; | |
| allowFrom = [ "all" ]; | |
| }; | |
| hardware.printers = { | |
| ensurePrinters = [{ | |
| name = "BrotherLaser"; | |
| deviceUri = "usb://Brother/DCP-7065DN?serial=U62712H1N770069"; | |
| model = "drv:///brlaser.drv/br7065dn.ppd"; | |
| }]; | |
| ensureDefaultPrinter = "BrotherLaser"; | |
| }; | |
| users.mutableUsers = false; | |
| users.users.stephen = { | |
| isNormalUser = true; | |
| extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. | |
| openssh.authorizedKeys.keys = [ | |
| "[redacted]" | |
| ]; | |
| }; | |
| environment.systemPackages = with pkgs; [ | |
| vim | |
| wget | |
| tailscale | |
| ]; | |
| services.openssh = { | |
| enable = true; | |
| passwordAuthentication = false; | |
| kbdInteractiveAuthentication = false; | |
| }; | |
| services.avahi = { | |
| enable = true; | |
| nssmdns = true; | |
| ipv4 = true; | |
| ipv6 = true; | |
| openFirewall = true; | |
| publish = { | |
| enable = true; | |
| userServices = true; | |
| addresses = true; | |
| workstation = true; | |
| }; | |
| }; | |
| services.tailscale.enable = true; | |
| services.tailscale.port = 41641; | |
| # enable hardware acceleration for jellyfin transcoding, etc | |
| nixpkgs.config.packageOverrides = pkgs: { | |
| vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; | |
| }; | |
| hardware.opengl = { | |
| enable = true; | |
| extraPackages = with pkgs; [ | |
| intel-media-driver | |
| vaapiIntel | |
| vaapiVdpau | |
| libvdpau-va-gl | |
| intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) | |
| ]; | |
| }; | |
| services.jellyfin = { | |
| enable = true; | |
| openFirewall = true; | |
| }; | |
| services.samba = { | |
| enable = true; | |
| shares = { | |
| public = { | |
| public = true; | |
| path = "/space/jellyfin/data/"; | |
| browseable = "yes"; | |
| "guest ok" = "yes"; | |
| "read only" = true; | |
| }; | |
| }; | |
| openFirewall = true; | |
| extraConfig = '' | |
| browseable = yes | |
| workgroup = WORKGROUP | |
| server role = standalone server | |
| map to guest = Bad Password | |
| ''; | |
| }; | |
| networking.firewall.allowedUDPPorts = [ | |
| 41641 # tailscale | |
| 631 # cups | |
| 5357 # samba/wssd | |
| ]; | |
| networking.firewall.allowedTCPPorts = [ | |
| 631 # cups | |
| 3702 # samba/wssd | |
| ]; | |
| # Or disable the firewall altogether. | |
| # networking.firewall.enable = false; | |
| # Copy the NixOS configuration file and link it from the resulting system | |
| # (/run/current-system/configuration.nix). This is useful in case you | |
| # accidentally delete configuration.nix. | |
| # system.copySystemConfiguration = true; | |
| system.stateVersion = "22.11"; # don't need to change this upon upgrade! | |
| nix.settings.experimental-features = [ "nix-command" "flakes" ]; | |
| security.sudo.wheelNeedsPassword = false; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment