{ config, lib, pkgs, ... }: let duid = "00:01:00:01:21:a2:4e:a8:d0:bf:9c:45:a6:ec"; vpnPrefix = "2001:470:8e2e:1000"; in { imports = [ ../config/keycloak.nix ../config/dns.nix ../config/web-server.nix ../config/cgit.nix ]; orbekk.router.enable = true; orbekk.monitoring-server.enable = true; orbekk.postfix.enable = true; orbekk.nextcloud.enable = true; orbekk.backups.enableServer = true; orbekk.backups.enableClient = true; orbekk.zomboid-server.enable = false; services.minecraft-server.declarative = true; services.minecraft-server.enable = true; services.minecraft-server.eula = true; services.minecraft-server.openFirewall = true; services.minecraft-server.serverProperties = { difficulty = 3; }; services.minecraft-server.package = pkgs.unstable.minecraft-server; services.minecraft-server.whitelist = { wnetzel = "f9686a28-a896-4548-8bcc-976548b13b9c"; kjo0 = "3168d17e-f808-457c-a613-2217533b6e99"; }; services.avahi.enable = true; services.avahi.nssmdns = true; services.avahi.openFirewall = true; services.avahi.publish.enable = true; services.avahi.publish.hinfo = true; services.avahi.publish.userServices = true; services.tlp.enable = true; services.tlp.settings = { # Operation mode when no power supply can be detected: AC, BAT. TLP_DEFAULT_MODE="BAT"; # Operation mode select: 0=depend on power source, 1=always use TLP_DEFAULT_MODE TLP_PERSISTENT_DEFAULT=1; }; environment.systemPackages = with pkgs; [ mujmap rss2email ipmitool ]; programs.mosh.enable = true; orbekk.hledger-web.enable = true; orbekk.hledger-web.journalFile = "/var/lib/hledger-web/hledger/anniekj.journal"; services.samba = { enable = true; securityType = "user"; extraConfig = '' workgroup = WORKGROUP server string = dragon netbios name = dragon security = user guest account = readonly map to guest = bad user ''; shares = { annie = { path = "/storage/annie"; browseable = "yes"; "read only" = "no"; "guest ok" = "no"; "create mask" = "0666"; "directory mask" = "0777"; "force user" = "annie"; "force group" = "readonly"; }; public = { path = "/storage/upload"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes"; "create mask" = "0666"; "directory mask" = "0777"; "force user" = "readonly"; "force group" = "readonly"; }; }; }; services.transmission = { enable = true; home = "/storage/upload"; settings.peer-port = 56732; settings.rpc-bind-address = "0.0.0.0"; settings.rpc-whitelist = "172.20.*.*"; settings.alt-speed-time-enabled = true; settings.alt-speed-time-begin = 6 * 60; # 06:00 settings.alt-speed-time-end = 23 * 60 + 59; # 23:59 settings.alt-speed-up = 0; settings.alt-speed-down = 0; }; systemd.services.transmission.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn"; users.users.transmission.extraGroups = ["readonly"]; boot = { kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ]; loader.grub.extraConfig = '' GRUB_TERMINAL="serial" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" serial --speed 115200 --unit=0 terminal_input serial terminal_output serial ''; loader.grub.enable = true; loader.grub.device = "/dev/disk/by-id/usb-Kingston_DataTraveler_2.0_5B751B9A49E4-0:0"; }; networking = { hostName = lib.mkForce "dragon"; }; networking.firewall.enable = false; networking.interfaces.router-vport = { useDHCP = true; ipv4.addresses = [{address = "172.20.20.2"; prefixLength = 24;}]; }; networking.interfaces.wg-vpn-vport = { useDHCP = true; ipv6.addresses = [{address = "2001:470:8e2e:1000::d"; prefixLength = 127; }]; ipv6.routes = [ {address = "${vpnPrefix}::"; prefixLength = 64; via = "${vpnPrefix}::c"; } ]; }; networking.resolvconf.useLocalResolver = false; networking.dhcpcd.enable = true; networking.dhcpcd.extraConfig = '' clientid dragon ''; # Required to enable password authentication for one user. security.pam.services.sshd.unixAuth = lib.mkForce true; services.openssh = { enable = lib.mkDefault true; settings.PasswordAuthentication = false; extraConfig = '' Match User readonly PasswordAuthentication yes ''; }; users.users.breakds = { uid = 1101; shell = pkgs.bashInteractive; home = "/home/breakds"; createHome = false; isNormalUser = true; description = "Break Yang"; openssh.authorizedKeys.keyFiles = [ ../data/break_rsa.pub ]; }; system.stateVersion = lib.mkForce "17.09"; # hardware-configuration.nix boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usb_storage" "sd_mod" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; boot.tmp.useTmpfs = true; fileSystems."/" = { device = "/dev/disk/by-label/nixos-ssd"; fsType = "ext4"; options = [ "noatime,discard" ]; }; # fileSystems."/mnt/storage-old" = { # device = "/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3"; # fsType = "btrfs"; # options = [ # "subvol=storage,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKHV0LS-part3,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3,noatime,discard" # ]; # }; fileSystems."/storage" = { device = "/dev/disk/by-label/storage-ssd"; fsType = "btrfs"; options = ["discard=async"]; }; swapDevices = [ { label = "swap"; } ]; nix.settings.trusted-users = [ "builder" ]; nix.settings.max-jobs = lib.mkDefault 8; hardware.enableRedistributableFirmware = lib.mkDefault true; }