{ config, pkgs, ... }: { disabledModules = [ "services/misc/n8n.nix" ]; imports = [ # Include the results of the hardware scan. ./hardware.nix ]; nix = { settings = { auto-optimise-store = true; experimental-features = ["nix-command" "flakes"]; }; }; boot = { tmp.cleanOnBoot = true; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; supportedFilesystems = ["zfs"]; kernelModules = [ "coretemp" "kvm-amd" "it87" ]; zfs.extraPools = ["Primary"]; }; services = { zfs.autoScrub.enable = true; tailscale.enable = true; openssh.enable = true; xserver.videoDrivers = [ "nvidia" ]; n8n = { enable = true; openFirewall = true; webhookUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/"; settings = { editorBaseUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/"; }; }; nfs.server.enable = true; samba-wsdd.enable = true; samba = { enable = true; securityType = "user"; extraConfig = '' workgroup = WORKGROUP server string = smbnix netbios name = smbnix security = user #use sendfile = yes #max protocol = smb2 # note: localhost is the ipv6 localhost ::1 hosts allow = 100. 192.168.50. 127.0.0.1 localhost hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user ''; shares = { media = { path = "/Primary/media"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes"; "create mask" = "0644"; "directory mask" = "0755"; }; becki = { path = "/Primary/becki"; browseable = "yes"; "read only" = "no"; "guest ok" = "no"; "create mask" = "0644"; "directory mask" = "0755"; "admin users" = "becki"; }; shared = { path = "/Primary/shared"; browseable = "yes"; "read only" = "no"; "guest ok" = "no"; "create mask" = "0644"; "directory mask" = "0755"; }; gabriel = { path = "/Primary/gabriel"; browseable = "yes"; "read only" = "no"; "guest ok" = "no"; "create mask" = "0644"; "directory mask" = "0755"; "admin users" = "gsimmer"; }; }; }; plex = { enable = true; openFirewall = true; }; nginx = { enable = true; recommendedGzipSettings = true; recommendedBrotliSettings = true; recommendedZstdSettings = true; recommendedOptimisation = true; # We can only proxy one port with Tailscale Funnel so we abuse locations instead. virtualHosts."vancouver.gmem.ca" = { default = true; enableACME = false; forceSSL = false; locations."/" = { root = "/var/www/"; extraConfig = '' error_page 404 /404.html; ''; }; locations."/git/" = { proxyWebsockets = false; # needed if you need to use WebSocket extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ''; proxyPass = "http://127.0.0.1:8973/"; }; locations."/n8n/" = { proxyPass = "http://127.0.0.1:5678/"; proxyWebsockets = true; # needed if you need to use WebSocket extraConfig = '' proxy_pass_header Authorization; ''; }; }; }; gitea = { enable = true; stateDir = "/Primary/gitea"; package = pkgs.forgejo; settings = { server = { ROOT_URL = "https://vancouver.scorpion-ghost.ts.net/git/"; HTTP_PORT = 8973; }; service = { DISABLE_REGISTRATION = true; COOKIE_SECURE = true; }; actions = { ENABLED = true; }; federation = { ENABLED = true; }; }; }; gitea-actions-runner = { instances = { vancouver = { name = "vancouver"; enable = true; labels = [ "debian-latest:docker://node:18-bullseye" "nix:docker://nixos/nix" ]; url = "https://vancouver.scorpion-ghost.ts.net/git"; token = ""; }; }; }; }; networking = { hostId = "e1e29bf4"; hostName = "vancouver"; domain = "gmem.ca"; firewall = { trustedInterfaces = ["tailscale0"]; checkReversePath = "loose"; enable = false; }; nftables.enable = true; }; environment.systemPackages = with pkgs; [ vim wget git htop tailscale home-manager lm_sensors screen nix-output-monitor cifs-utils # atuin ]; time.timeZone = "Europe/London"; nixpkgs.config.allowUnfree = true; hardware = { opengl.enable = true; nvidia.modesetting.enable = true; pulseaudio.enable = false; }; programs = { zsh.enable = true; fish.enable = true; }; environment.shells = with pkgs; [ zsh fish ]; users.users = { gsimmer = { shell = pkgs.fish; isNormalUser = true; home = "/Primary/gabriel"; extraGroups = [ "wheel" "libvirtd" "qemu-libvirtd" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICCc6k8tl2ahB3HtjpGK403Wkk+nQKgIhSgdBXxmXdsEAAAABHNzaDo=" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMO7u+6hBN3XJfRFZCxADyLJfI8zGO2pj9AxkF0FecSR8GFuzP77wyUzmHosQcxe/P/N1TeNdfIDCatogqft9w4=" ]; }; becki = { shell = pkgs.fish; isNormalUser = true; home = "/Primary/becki"; }; root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr" ]; }; home-manager.users.gsimmer = { pkgs, ... }: { programs.git = { userName = "Gabriel Simmer"; userEmail = "git@gmem.ca"; }; programs.bash.enable = false; home.stateVersion = "23.05"; }; virtualisation = { docker = { enable = true; rootless = { enable = true; setSocketVariable = true; }; }; libvirtd.enable = true; }; sound.enable = true; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; jack.enable = true; }; system.stateVersion = "23.05"; }