logistic-bot/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix/void.nix

344 lines
9.3 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
mms,
...
}: {
imports = [
./hardware-configuration-void.nix
./common.nix
mms.module
];
networking.hostName = "void"; # Define your hostname.
services.samba = {
enable = true;
openFirewall = true;
securityType = "user";
settings.global = {
workgroup = "WORKGROUP";
"server string" = "void";
"netbios name" = "void";
security = "user";
"hosts allow" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"log level" = 4;
#"smb encrypt" = "mandatory";
};
shares."Music" = {
path = "/pile/Music";
browsable = "yes";
"read only" = "yes";
"guest ok" = "no";
"read list" = "@music";
};
};
users.users.music = {
group = "music";
isNormalUser = true;
};
# enqble i2c-dev kernel module for control of backlight in external monitor
# https://discourse.nixos.org/t/how-to-enable-ddc-brightness-control-i2c-permissions/20800/3
boot.extraModulePackages = [
config.boot.kernelPackages.ddcci-driver
];
boot.kernelModules = ["i2c-dev" "ddcci_backlight"];
hardware.i2c.enable = true;
# package for controlling brightness on external monitor
environment.systemPackages = [
pkgs.ddcutil
];
# mount external drive
fileSystems."/external".label = "external";
fileSystems."/external".options = ["nofail" "x-systemd.automount"];
# backup
services.borgbackup.jobs."external" = {
paths = [
"/home"
"/var"
"/pile"
];
exclude = [
"/home/*/.local/share/Steam"
"**/*cache"
"**/*Cache"
"**/*trash"
"**/*Trash"
"/home/*/.mozilla/firefox"
"/home/*/GOG Games"
"**/target"
"**/result"
"/var/log"
];
repo = "/external/voidbackup";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borgbackup/passphrase";
};
compression = "auto,lzma";
startAt = "daily";
persistentTimer = true;
extraCreateArgs = ["--stats" "--info" "--list" "--filter" "AMEC"];
extraPruneArgs = ["--stats" "--info" "--list"];
removableDevice = true;
prune.keep = {
within = "1d";
daily = 7;
weekly = 4;
monthly = 12;
};
};
systemd.services."borgbackup-job-external" = {
unitConfig = {
RequiresMountsFor = "/external";
Requires = "external.mount";
};
};
# postgresql backup
services.postgresqlBackup = {
enable = true;
backupAll = true;
location = "/var/backup/postgresql";
};
systemd.timers."postgresqlBackup".unitConfig.Persistent = true;
# minecraft TerraFirmaGreg server
services.modded-minecraft-servers = {
eula = true;
instances.terrafirmagreg = {
enable = true;
rsyncSSHKeys = [""];
serverConfig = {
server-port = 25565;
motd = "Welcome to logistic-bot's TerraFirmaGreg server";
allow-flight = true;
allow-nether = false;
difficulty = 0;
enable-rcon = false;
level-type = "tfc\:overworld";
view-distance = 24;
};
jvmPackage = pkgs.jdk17;
jvmMaxAllocation = "8196M";
jvmInitialAllocation = "2048M";
# "Borrowed" from AllTheMods Discord
jvmOpts = builtins.concatStringsSep " " [
"-XX:+UseG1GC"
"-XX:+ParallelRefProcEnabled"
"-XX:MaxGCPauseMillis=200"
"-XX:+UnlockExperimentalVMOptions"
"-XX:+DisableExplicitGC"
"-XX:+AlwaysPreTouch"
"-XX:G1NewSizePercent=40"
"-XX:G1MaxNewSizePercent=50"
"-XX:G1HeapRegionSize=16M"
"-XX:G1ReservePercent=15"
"-XX:G1HeapWastePercent=5"
"-XX:G1MixedGCCountTarget=4"
"-XX:InitiatingHeapOccupancyPercent=20"
"-XX:G1MixedGCLiveThresholdPercent=90"
"-XX:G1RSetUpdatingPauseTimePercent=5"
"-XX:SurvivorRatio=32"
"-XX:+PerfDisableSharedMem"
"-XX:MaxTenuringThreshold=1"
];
};
};
services.miniflux = {
enable = true;
config = {
LISTEN_ADDR = "localhost:8700";
BASE_URL = "http://miniflux.005540.xyz";
CREATE_ADMIN = 1;
};
adminCredentialsFile = "/home/khais/.miniflux.password";
};
services.jellyfin = {
enable = true;
openFirewall = true;
user = "khais";
};
services.forgejo = {
enable = true;
database.type = "postgres";
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "forgejo.005540.xyz";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://forgejo.005540.xyz/";
HTTP_PORT = 3000;
};
# You can temporarily allow registration to create an admin user.
service.DISABLE_REGISTRATION = false;
service.REGISTER_MANUAL_CONFIRM = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
};
};
services.paperless = {
enable = true;
address = "localhost";
port = 28981;
passwordFile = "/etc/nixos/secrets/paperless-password";
consumptionDir = "/var/lib/paperless-upload";
settings = {
PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBNAME = "paperless";
PAPERLESS_DBUSER = "paperless";
PAPERLESS_DBPASS = "paperless";
PAPERLESS_OCR_LANGUAGE = "fra+eng+deu";
PAPERLESS_FILENAME_FORMAT = "{created_year}/{correspondent}/{title}";
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
# do not fail to import documents that have a digital signature
# https://github.com/paperless-ngx/paperless-ngx/discussions/4047#discussioncomment-7019544
invalidate_digital_signatures = true;
};
PAPERLESS_TIME_ZONE = "Europe/Paris";
PAPERLESS_CONSUMER_ENABLE_BARCODES = "true";
PAPERLESS_CONSUMER_ENABLE_ASN_BARCODE = "true";
PAPERLESS_CONSUMER_BARCODE_SCANNER = "ZXING";
PAPERLESS_TASK_WORKERS = "4";
PAPERLESS_THREADS_PER_WORKER = "1";
PAPERLESS_WORKER_TIMEOUT = "18000";
};
};
users.groups.paperless-upload = {};
users.users.paperless = {
extraGroups = [ "paperless-upload" ];
};
users.users.paperless-upload = {
isNormalUser = true;
homeMode = "770";
extraGroups = [ "paperless" ];
};
system.activationScripts.makePaperlessUploadDir = lib.stringAfter [ "var" ] ''
mkdir -m 775 -p /var/lib/paperless-upload
chown paperless:paperless /var/lib/paperless-upload/
'';
# immich
services.immich = {
enable = true;
port = 2283;
mediaLocation = "/pile/Photos/immich";
settings.server.externalDomain = "http://immich.005540.xyz";
};
system.activationScripts.makeImmichMediaDir = lib.stringAfter [ "var" ] ''
mkdir -m 775 -p /pile/Photos/immich
chown immich:immich /pile/Photos/immich
'';
users.users.immich.extraGroups = ["video" "render"];
# dynamic dns
services.ddclient = {
enable = true;
protocol = "namecheap";
passwordFile = "/etc/nixos/secrets/ddclient/password";
server = "dynamicdns.park-your-domain.com";
username = "005540.xyz";
domains = ["@" "*"];
use = "web";
extraConfig = ''
web=dynamicdns.park-your-domain.com/getip
'';
};
security.acme = {
acceptTerms = true;
defaults = {
email = "khais.colin+letsencrypt@gmail.com";
dnsProvider = "namecheap";
};
};
services.audiobookshelf = {
enable = true;
};
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [
80
443
];
# reverse proxy
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
logError = "stderr info";
virtualHosts = {
"void.hummingbird-stork.ts.net" = {
locations."/".proxyPass = "http://localhost:8096";
};
"jellyfin.005540.xyz" = {
locations."/".proxyPass = "http://localhost:8096";
enableACME = true;
addSSL = true;
};
"forgejo.005540.xyz" = {
locations."/".proxyPass = "http://localhost:3000";
enableACME = true;
addSSL = true;
};
"miniflux.005540.xyz" = {
locations."/".proxyPass = "http://localhost:8700";
enableACME = true;
addSSL = true;
};
"paperless.005540.xyz" = {
locations."/".proxyPass = "http://localhost:28981";
enableACME = true;
addSSL = true;
};
"immich.005540.xyz" = {
locations."/".proxyPass = "http://localhost:2283";
locations."/".proxyWebsockets = true;
extraConfig = ''
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
enableACME = true;
addSSL = true;
};
"audiobookshelf.005540.xyz" = {
locations."/".proxyPass = "http://localhost:8000";
locations."/".proxyWebsockets = true;
enableACME = true;
addSSL = true;
};
};
};
}
Reference in a new issue View git blame Copy permalink