# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # networking.hostName = "nixos"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. # time.timeZone = "Europe/Amsterdam"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. # i18n.defaultLocale = "en_US.UTF-8"; # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; # useXkbConfig = true; # use xkb.options in tty. # }; # Enable the X11 windowing system. # services.xserver.enable = true; # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; # Enable CUPS to print documents. # services.printing.enable = true; # Enable sound. # hardware.pulseaudio.enable = true; # OR # services.pipewire = { # enable = true; # pulse.enable = true; # }; # Enable touchpad support (enabled default in most desktopManager). # services.libinput.enable = true; users.groups.scanner = {}; users.groups.step = {}; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.eliribble = { isNormalUser = true; description = "Eli Ribble"; extraGroups = [ "docker" "networkmanager" "podman" "wheel" ]; # Enable ‘sudo’ for the user. # packages = with pkgs; [ # firefox # tree # ]; }; users.users.scanner = { group = "scanner"; isNormalUser = false; isSystemUser = true; description = "User for the scanner to log in to samba"; }; users.users.step = { group = "step"; isNormalUser = false; isSystemUser = true; description = "User for step-ca certs"; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ chezmoi dig fish git htop #mongodb neovim nginx python3 step-ca step-cli tmux #unifi8 wget ]; networking.hostName = "quinn"; # Allow specific unfree packages nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "mongodb" "unifi-controller" ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # Make neovim the default editor programs.neovim.enable = true; programs.neovim.defaultEditor = true; # List services that you want to enable: services.nginx = { enable = true; virtualHosts."pihole.home.arpa" = { addSSL = false; enableACME = false; locations."/".extraConfig = '' proxy_pass http://127.0.0.1:10000; client_body_buffer_size 128k; client_max_body_size 10G; #Timeout if the real server is dead proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; # Advanced Proxy Config send_timeout 5m; proxy_read_timeout 360; proxy_send_timeout 360; proxy_connect_timeout 360; proxy_headers_hash_max_size 512; proxy_headers_hash_bucket_size 128; # Basic Proxy Config proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Uri $request_uri; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Scheme $scheme; proxy_http_version 1.1; # proxy_set_header Connection ""; proxy_cache_bypass $cookie_session; proxy_no_cache $cookie_session; proxy_buffers 64 256k; proxy_buffer_size 128k; proxy_busy_buffers_size 256k; # If behind reverse proxy, forwards the correct IP set_real_ip_from 10.0.0.0/8; set_real_ip_from 172.16.0.0/12; set_real_ip_from 192.168.0.0/16; set_real_ip_from fc00::/7; real_ip_header X-Forwarded-For; real_ip_recursive on; ''; }; }; # Enable the OpenSSH daemon. services.openssh.enable = true; # Set up a samba share for the scanner services.samba = { enable = true; openFirewall = true; extraConfig = '' workgroup = WORKGROUP server string smbnix netbios name = smbnix security = user guest account = nobody map to guest = bad user ''; shares = { public = { path = "/mnt/shares/public"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes"; "create mask" = "0644"; "directory mask" = "0755"; "force user" = "username"; "force group" = "groupname"; }; private = { path = "/mnt/shares/private"; browseable = "yes"; "read only" = "no"; "guest ok" = "no"; "create mask" = "0644"; "directory mask" = "0755"; "force user" = "username"; "force group" = "groupname"; }; }; }; services.samba-wsdd = { enable = true; openFirewall = true; }; # Enable Tailscale services.tailscale.enable = true; # Enable the Unifi controller service #services.unifi.enable = true; #services.unifi.unifiPackage = pkgs.unifi8; # Open ports in the firewall. networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; allowedUDPPortRanges = [ #{ from = 4000; to = 4007; } #{ from = 8000; to = 8010; } ]; }; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.05"; # Did you read the comment? # Enable podman since we are on NixOS 21.05 virtualisation.docker.enable = false; virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.containers = { pihole = { autoStart = true; environment = { TZ = "America/Phoenix"; DNSMASQ_LISTENING = "all"; }; image = "docker.io/pihole/pihole:2024.07.0"; ports = [ "192.168.1.5:53:53/tcp" "192.168.1.5:53:53/udp" "192.168.1.5:67:67" "127.0.0.1:10000:80" ]; volumes = [ "/etc/pihole/config:/etc/pihole" "/etc/pihole/dnsmasq.d:/etc/dnsmasq.d" ]; }; }; virtualisation.podman.enable = true; virtualisation.podman.dockerSocket.enable = true; virtualisation.podman.defaultNetwork.settings.dns_enabled = true; }