{ config, lib, pkgs, ... }: let duid = "00:01:00:01:21:a2:4e:a8:d0:bf:9c:45:a6:ec"; in { imports = [ # ../config/router.nix # ../config/borg-backup.nix ../config/keycloak.nix ../config/dns.nix ../config/web-server.nix ../config/cgit.nix ]; orbekk.router.enable = true; orbekk.monitoring-server.enable = true; orbekk.postfix.enable = true; orbekk.nextcloud.enable = true; orbekk.backups.enableServer = true; orbekk.backups.enableClient = true; orbekk.vpn.enable = true; orbekk.bridge.enable = false; orbekk.zomboid-server.enable = false; services.tlp.enable = true; environment.systemPackages = with pkgs; [ ipmitool ]; programs.mosh.enable = true; orbekk.hledger-web.enable = true; orbekk.hledger-web.journalFile = "/var/lib/hledger-web/hledger/anniekj.journal"; services.samba = { enable = true; extraConfig = '' guest account = readonly map to guest = bad user ''; shares = { public = { path = "/storage/upload"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes"; "create mask" = "0666"; "directory mask" = "0777"; "force user" = "readonly"; "force group" = "readonly"; }; }; }; services.transmission = { enable = true; home = "/storage/upload"; settings.peer-port = 56732; settings.rpc-bind-address = "0.0.0.0"; settings.rpc-whitelist = "172.20.*.*"; settings.alt-speed-time-enabled = true; settings.alt-speed-time-begin = 6 * 60; # 06:00 settings.alt-speed-time-end = 23 * 60 + 59; # 23:59 settings.alt-speed-up = 0; settings.alt-speed-down = 0; }; systemd.services.transmission.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn"; users.users.transmission.extraGroups = ["readonly"]; # services.tailscale.enable = true; # virtualisation.lxd.enable = true; boot = { kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ]; loader.grub.extraConfig = '' GRUB_TERMINAL="serial" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" serial --speed 115200 --unit=0 terminal_input serial terminal_output serial ''; loader.grub.enable = true; loader.grub.version = 2; # loader.grub.devices = [ "/dev/sda" "/dev/sdb" ]; loader.grub.mirroredBoots = [ { devices = [ "/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X" ]; path = "/mnt/boot1"; } { devices = [ "/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKHV0LS" ]; path = "/mnt/boot2"; } ]; }; networking = { hostName = lib.mkForce "dragon"; }; networking.firewall.enable = false; networking.interfaces.router-vport.useDHCP = true; networking.resolvconf.useLocalResolver = false; networking.dhcpcd.enable = true; networking.dhcpcd.extraConfig = '' clientid dragon ''; # Required to enable password authentication for one user. security.pam.services.sshd.unixAuth = lib.mkForce true; services.openssh = { enable = lib.mkDefault true; passwordAuthentication = false; extraConfig = '' Match User readonly PasswordAuthentication yes ''; }; users.users.breakds = { uid = 1101; shell = pkgs.bashInteractive; home = "/home/breakds"; createHome = false; isNormalUser = true; description = "Break Yang"; openssh.authorizedKeys.keyFiles = [ ../data/break_rsa.pub ]; }; system.stateVersion = lib.mkForce "17.09"; # hardware-configuration.nix boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usb_storage" "sd_mod" ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; boot.tmpOnTmpfs = true; fileSystems."/" = { device = "/dev/disk/by-label/nixos-ssd"; fsType = "ext4"; options = [ "noatime,discard" ]; }; fileSystems."/storage" = { device = "/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3"; fsType = "btrfs"; options = [ "subvol=storage,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKHV0LS-part3,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3,noatime,discard" ]; }; swapDevices = [ { label = "swap"; } ]; nix.settings.trusted-users = [ "builder" ]; nix.settings.max-jobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = "ondemand"; hardware.enableRedistributableFirmware = lib.mkDefault true; }