2023-06-26 15:25:26 +01:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
|
|
|
|
{
|
2023-07-14 16:32:54 +01:00
|
|
|
disabledModules = [ "services/misc/n8n.nix" ];
|
2023-06-26 15:25:26 +01:00
|
|
|
imports =
|
|
|
|
[ # Include the results of the hardware scan.
|
|
|
|
./hardware.nix
|
|
|
|
<home-manager/nixos>
|
2023-07-14 16:32:54 +01:00
|
|
|
<n8n.nix>
|
2023-06-26 15:25:26 +01:00
|
|
|
];
|
2023-07-14 16:32:54 +01:00
|
|
|
|
2023-06-26 15:25:26 +01:00
|
|
|
nix = {
|
|
|
|
settings = {
|
|
|
|
auto-optimise-store = true;
|
|
|
|
experimental-features = ["nix-command" "flakes"];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
boot = {
|
|
|
|
tmp.cleanOnBoot = true;
|
|
|
|
loader = {
|
|
|
|
systemd-boot.enable = true;
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
};
|
|
|
|
supportedFilesystems = ["zfs"];
|
|
|
|
kernelModules = [ "coretemp" "kvm-amd" "it87" ];
|
|
|
|
zfs.extraPools = ["Primary"];
|
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
|
|
|
zfs.autoScrub.enable = true;
|
|
|
|
tailscale.enable = true;
|
|
|
|
openssh.enable = true;
|
|
|
|
xserver.videoDrivers = [ "nvidia" ];
|
2023-06-28 16:57:26 +01:00
|
|
|
n8n = {
|
|
|
|
enable = true;
|
|
|
|
openFirewall = true;
|
2023-07-14 16:32:54 +01:00
|
|
|
webhookUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/";
|
|
|
|
settings = {
|
|
|
|
editorBaseUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/";
|
|
|
|
};
|
2023-06-28 16:57:26 +01:00
|
|
|
};
|
2023-06-26 15:25:26 +01:00
|
|
|
nfs.server.enable = true;
|
|
|
|
samba-wsdd.enable = true;
|
|
|
|
samba = {
|
|
|
|
enable = true;
|
|
|
|
securityType = "user";
|
|
|
|
extraConfig = ''
|
|
|
|
workgroup = WORKGROUP
|
|
|
|
server string = smbnix
|
|
|
|
netbios name = smbnix
|
|
|
|
security = user
|
|
|
|
#use sendfile = yes
|
|
|
|
#max protocol = smb2
|
|
|
|
# note: localhost is the ipv6 localhost ::1
|
|
|
|
hosts allow = 100. 192.168.50. 127.0.0.1 localhost
|
|
|
|
hosts deny = 0.0.0.0/0
|
|
|
|
guest account = nobody
|
|
|
|
map to guest = bad user
|
|
|
|
'';
|
|
|
|
shares = {
|
|
|
|
media = {
|
|
|
|
path = "/Primary/media";
|
|
|
|
browseable = "yes";
|
|
|
|
"read only" = "no";
|
|
|
|
"guest ok" = "yes";
|
|
|
|
"create mask" = "0644";
|
|
|
|
"directory mask" = "0755";
|
|
|
|
};
|
|
|
|
becki = {
|
|
|
|
path = "/Primary/becki";
|
|
|
|
browseable = "yes";
|
|
|
|
"read only" = "no";
|
|
|
|
"guest ok" = "no";
|
|
|
|
"create mask" = "0644";
|
|
|
|
"directory mask" = "0755";
|
|
|
|
"admin users" = "becki";
|
|
|
|
};
|
|
|
|
shared = {
|
|
|
|
path = "/Primary/shared";
|
|
|
|
browseable = "yes";
|
|
|
|
"read only" = "no";
|
|
|
|
"guest ok" = "no";
|
|
|
|
"create mask" = "0644";
|
|
|
|
"directory mask" = "0755";
|
|
|
|
};
|
|
|
|
gabriel = {
|
|
|
|
path = "/Primary/gabriel";
|
|
|
|
browseable = "yes";
|
|
|
|
"read only" = "no";
|
|
|
|
"guest ok" = "no";
|
|
|
|
"create mask" = "0644";
|
|
|
|
"directory mask" = "0755";
|
|
|
|
"admin users" = "gsimmer";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
plex = {
|
|
|
|
enable = true;
|
|
|
|
openFirewall = true;
|
|
|
|
};
|
2023-06-28 16:57:26 +01:00
|
|
|
nginx = {
|
|
|
|
enable = true;
|
2023-07-15 12:03:11 +01:00
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedBrotliSettings = true;
|
|
|
|
recommendedZstdSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
|
2023-07-14 16:32:54 +01:00
|
|
|
# We can only proxy one port with Tailscale Funnel so we abuse locations instead.
|
|
|
|
virtualHosts."vancouver.gmem.ca" = {
|
|
|
|
default = true;
|
|
|
|
enableACME = false;
|
|
|
|
forceSSL = false;
|
2023-07-15 12:03:11 +01:00
|
|
|
locations."/" = {
|
|
|
|
root = "/var/www/";
|
|
|
|
extraConfig = ''
|
|
|
|
error_page 404 /404.html;
|
|
|
|
'';
|
|
|
|
};
|
2023-07-14 16:32:54 +01:00
|
|
|
locations."/git/" = {
|
|
|
|
proxyWebsockets = false; # needed if you need to use WebSocket
|
|
|
|
extraConfig =
|
|
|
|
''
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
'';
|
|
|
|
proxyPass = "http://127.0.0.1:8973/";
|
|
|
|
};
|
|
|
|
locations."/n8n/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:5678/";
|
2023-06-28 16:57:26 +01:00
|
|
|
proxyWebsockets = true; # needed if you need to use WebSocket
|
|
|
|
extraConfig =
|
2023-07-14 16:32:54 +01:00
|
|
|
''
|
|
|
|
proxy_pass_header Authorization;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
gitea = {
|
|
|
|
enable = true;
|
|
|
|
stateDir = "/Primary/gitea";
|
|
|
|
package = pkgs.forgejo;
|
|
|
|
settings = {
|
|
|
|
server = {
|
|
|
|
ROOT_URL = "https://vancouver.scorpion-ghost.ts.net/git/";
|
|
|
|
HTTP_PORT = 8973;
|
|
|
|
};
|
|
|
|
service = {
|
|
|
|
DISABLE_REGISTRATION = true;
|
|
|
|
COOKIE_SECURE = true;
|
2023-06-28 16:57:26 +01:00
|
|
|
};
|
2023-07-15 12:03:11 +01:00
|
|
|
actions = {
|
|
|
|
ENABLED = true;
|
|
|
|
};
|
2023-07-19 11:59:28 +01:00
|
|
|
federation = {
|
|
|
|
ENABLED = true;
|
|
|
|
};
|
2023-06-28 16:57:26 +01:00
|
|
|
};
|
|
|
|
};
|
2023-07-15 18:30:28 +01:00
|
|
|
gitea-actions-runner = {
|
|
|
|
instances = {
|
|
|
|
vancouver = {
|
|
|
|
name = "vancouver";
|
|
|
|
enable = true;
|
|
|
|
labels = [
|
|
|
|
"debian-latest:docker://node:18-bullseye"
|
2023-07-19 11:59:28 +01:00
|
|
|
"nix:docker://nixos/nix"
|
2023-07-15 18:30:28 +01:00
|
|
|
];
|
|
|
|
url = "https://vancouver.scorpion-ghost.ts.net/git";
|
2023-07-15 22:53:47 +01:00
|
|
|
token = "";
|
2023-07-15 18:30:28 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2023-06-28 16:57:26 +01:00
|
|
|
};
|
|
|
|
|
2023-06-26 15:25:26 +01:00
|
|
|
|
|
|
|
networking = {
|
|
|
|
hostId = "e1e29bf4";
|
|
|
|
hostName = "vancouver";
|
|
|
|
domain = "gmem.ca";
|
|
|
|
firewall = {
|
|
|
|
trustedInterfaces = ["tailscale0"];
|
|
|
|
checkReversePath = "loose";
|
|
|
|
enable = false;
|
|
|
|
};
|
|
|
|
nftables.enable = true;
|
|
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
vim
|
|
|
|
wget
|
|
|
|
git
|
|
|
|
htop
|
|
|
|
tailscale
|
|
|
|
home-manager
|
|
|
|
lm_sensors
|
|
|
|
screen
|
|
|
|
nix-output-monitor
|
2023-07-14 16:32:54 +01:00
|
|
|
cifs-utils
|
|
|
|
# atuin
|
2023-06-26 15:25:26 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
time.timeZone = "Europe/London";
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
hardware = {
|
|
|
|
opengl.enable = true;
|
|
|
|
nvidia.modesetting.enable = true;
|
|
|
|
pulseaudio.enable = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
programs = {
|
|
|
|
zsh.enable = true;
|
|
|
|
fish.enable = true;
|
|
|
|
};
|
|
|
|
environment.shells = with pkgs; [ zsh fish ];
|
|
|
|
|
|
|
|
users.users = {
|
|
|
|
gsimmer = {
|
|
|
|
shell = pkgs.fish;
|
|
|
|
isNormalUser = true;
|
|
|
|
home = "/Primary/gabriel";
|
|
|
|
extraGroups = [ "wheel" "libvirtd" "qemu-libvirtd" ];
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr"
|
|
|
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICCc6k8tl2ahB3HtjpGK403Wkk+nQKgIhSgdBXxmXdsEAAAABHNzaDo="
|
|
|
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMO7u+6hBN3XJfRFZCxADyLJfI8zGO2pj9AxkF0FecSR8GFuzP77wyUzmHosQcxe/P/N1TeNdfIDCatogqft9w4="
|
|
|
|
];
|
|
|
|
};
|
|
|
|
becki = {
|
|
|
|
shell = pkgs.fish;
|
|
|
|
isNormalUser = true;
|
|
|
|
home = "/Primary/becki";
|
|
|
|
};
|
|
|
|
root.openssh.authorizedKeys.keys = [
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
home-manager.users.gsimmer = { pkgs, ... }: {
|
|
|
|
programs.git = {
|
|
|
|
userName = "Gabriel Simmer";
|
|
|
|
userEmail = "git@gmem.ca";
|
|
|
|
};
|
|
|
|
programs.bash.enable = false;
|
|
|
|
|
|
|
|
home.stateVersion = "23.05";
|
|
|
|
};
|
|
|
|
|
|
|
|
virtualisation = {
|
|
|
|
docker = {
|
|
|
|
enable = true;
|
|
|
|
rootless = {
|
|
|
|
enable = true;
|
|
|
|
setSocketVariable = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
libvirtd.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
sound.enable = true;
|
|
|
|
security.rtkit.enable = true;
|
|
|
|
services.pipewire = {
|
|
|
|
enable = true;
|
|
|
|
alsa.enable = true;
|
|
|
|
alsa.support32Bit = true;
|
|
|
|
pulse.enable = true;
|
|
|
|
jack.enable = true;
|
|
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
|
|
}
|