~abyxcos/nas.nix

2e552a2fefacb8c3cb282e3899990e2245ce1cfd — abyxcos 1 year, 3 months ago 9b53793
Enable samba sharing.
1 files changed, 95 insertions(+), 52 deletions(-)

M configuration.nix
M configuration.nix => configuration.nix +95 -52
@@ 45,6 45,7 @@
		hostName = "nas"; # Define your hostname.
		hostId = "e058e4cd";
		networkmanager.enable = true;
		enableIPv6 = true;

		interfaces = {
			enp0s20f0.useDHCP = true;


@@ 93,59 94,95 @@
    extraGroups = [ "wheel" "libvirtd" ]; # Enable ‘sudo’ for the user.
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    nixos-option
    lm_sensors
    wget curl vim tmux htop lsof tree
    unzip
    git ripgrep
    clang llvm gcc binutils file
    go
    navidrome jellyfin
  ];

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
	# List packages installed in system profile. To search, run:
	# $ nix search wget
	environment.systemPackages = with pkgs; [
		nixos-option
		lm_sensors
		wget curl vim tmux htop lsof tree
		unzip
		git ripgrep
		clang llvm gcc binutils file
		go
		navidrome jellyfin
		beets
		step-ca step-cli
		headscale
	];

	# Some programs need SUID wrappers, can be configured further or are
	# started in user sessions.
	# programs.mtr.enable = true;
	# programs.gnupg.agent = {
	#   enable = true;
	#   enableSSHSupport = true;
	# };

	# List services that you want to enable:

	services = {
		zfs = {
			autoScrub.enable = true;
			autoSnapshot.enable = true;
		};

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  services = {
    zfs = {
      autoScrub.enable = true;
      autoSnapshot.enable = true;
    };

    openssh = {
      enable = true;
    };

    cron = {
      enable = true;
      systemCronJobs = [
        "* 3 * * *	abyxcos	cd /mnt/guava/backups/git && /bin/sh /home/abyxcos/src/backup_scripts/backup_git.sh"
      ];
    };

    navidrome = {
      enable = true;
      settings = {
        Address = "0.0.0.0";
        MusicFolder = "/mnt/guava/music";
      };
    };

    jellyfin = {
      enable = true;
    };
  };
		openssh = {
			enable = true;
		};

		cron = {
			enable = true;
			systemCronJobs = [
				"* 3 * * *	abyxcos	cd /mnt/guava/backups/git && /bin/sh /home/abyxcos/src/backup_scripts/backup_git.sh"
			];
		};

		navidrome = {
			enable = true;
			settings = {
				Address = "0.0.0.0";
				MusicFolder = "/mnt/guava/music";
			};
		};

		jellyfin = {
			enable = true;
		};

		samba = {
			enable = true;
			openFirewall = true;
			shares.guava = {
				path = "/mnt/guava";
				writeable = "yes";
				browseable = "yes";
			};
		};

		#step-ca = {
		#	enable = true;
		#	intermediatePasswordFile = "/run/keys/smallstep-password";
		#};

		# https://carjorvaz.com/posts/setting-up-headscale-on-nixos/
		# https://github.com/gurucomputing/headscale-ui
		headscale = {
			enable = true;
			address = "0.0.0.0";
			port = 7610;
			#serverUrl = "https://headscale.local";
			#dns.baseDomain = "headscale.local";
		};

		nginx.virtualHosts."headscale.local" = {
			#forceSSL = true;
			#enableACME = true;
			locations."/" = {
				proxyPass = "http://localhost:${toString config.services.headscale.port}";
				proxyWebsockets = true;
			};
		};
	};

	# Optimise the disk storage usage
	nix.settings.auto-optimise-store = true;


@@ 155,6 192,12 @@
		options = "--delete-older-than 60d";
	};

	# Set up ACME certs
	security.acme = {
		acceptTerms = true;
		defaults.email = "abyxcos@mnetic.ch";
	};

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave