nix-config/server-configuration.nix

{
  config,
  lib,
  pkgs,
  ...
}:
let
  ip = "192.168.1.177";
  gateway = "192.168.1.1";
  username = "homelab";
in
{
  imports = [
    ./features/containers/default.nix
    ./features/multimedia/default.nix
    ./features/databases/default.nix
    ./features/services/default.nix
    ./features/backups.nix
    ./features/caddy.nix
    ./features/prometheus.nix
    ./features/samba-shares.nix
  ];

  # setting up networking!!
  networking = {
    interfaces = {
      ens18.ipv4.addresses = [
        {
          address = ip;
          prefixLength = 24;
        }
      ];
    };

    defaultGateway = gateway;
    nameservers = [
      "1.1.1.1"
      "1.0.0.1"
    ];
    nftables.enable = true;
    # firewall rules
    firewall = {
      enable = true;
      allowedTCPPorts = [
        22 # ssh
        8008 # matrix-synapse
        8448 # matrix-synapse
        5050 # calibre-web
        9091 # transmission
      ];
      allowedUDPPorts = [ ];
    };
  };

  #TODO: setup fail2ban
  services.fail2ban = {
    enable = true;
    ignoreIP = [ "192.168.1.0/24" ];
    extraPackages = [ ];
    jails = { };
  };

  users.groups.multimedia = {
    members = [
      "slskd"
      "radarr"
      "readarr"
      "sonarr"
      "transmission"
      "jellyfin"
      "bazarr"
      "calibre-web"
      username
    ];
  };

  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
  sops.age.generateKey = true;
  sops.defaultSopsFile = ./secrets/secrets.yaml;

  # define your secrets with 
  # `nix-shell -p sops --run "sops ./secrets/yoursecret.env"`

  environment.systemPackages = with pkgs; [
    jellyfin
    jellyfin-web
    jellyfin-ffmpeg
    transmission
    sonarr
    radarr
    prowlarr
    readarr
    jellyseerr
    homepage-dashboard
    slskd
    bazarr
    ethtool
    networkd-dispatcher
  ];

  system.autoUpgrade.enable = true;
  system.autoUpgrade.allowReboot = true;

  services.jellyfin = {
    enable = true;
    openFirewall = true;
  };

  services.tailscale = {
    enable = true;
    useRoutingFeatures = "server";
  };

  services = {
    networkd-dispatcher = {
      enable = true;
      rules."50-tailscale" = {
        onState = [ "routable" ];
        script = ''
          ${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off
        '';
      };
    };
  };
}
first commit 2024-07-08 19:11:59 +02:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`let`
splitted apps + rewrote everything from scratch 2024-07-14 15:48:01 +02:00			`ip = "192.168.1.177";`
more -arr config 2024-07-11 12:25:10 +02:00			`gateway = "192.168.1.1";`
splitted apps + rewrote everything from scratch 2024-07-14 15:48:01 +02:00			`username = "homelab";`
first commit 2024-07-08 19:11:59 +02:00			`in`
			`{`
splitted apps + rewrote everything from scratch 2024-07-14 15:48:01 +02:00			`imports = [`
TODO + fixed containers folder path 2024-07-18 17:17:39 +02:00			`./features/containers/default.nix`
huge refactoring 2024-08-12 15:56:45 +02:00			`./features/multimedia/default.nix`
			`./features/databases/default.nix`
			`./features/services/default.nix`
			`./features/backups.nix`
			`./features/caddy.nix`
added prometheus 2024-07-22 11:05:06 +02:00			`./features/prometheus.nix`
splitted configs in even more files 2024-07-15 16:27:23 +02:00			`./features/samba-shares.nix`
splitted apps + rewrote everything from scratch 2024-07-14 15:48:01 +02:00			`];`

first commit 2024-07-08 19:11:59 +02:00			`# setting up networking!!`
			`networking = {`
			`interfaces = {`
			`ens18.ipv4.addresses = [`
			`{`
			`address = ip;`
			`prefixLength = 24;`
			`}`
			`];`
			`};`

more -arr config 2024-07-11 12:25:10 +02:00			`defaultGateway = gateway;`
first commit 2024-07-08 19:11:59 +02:00			`nameservers = [`
			`"1.1.1.1"`
			`"1.0.0.1"`
			`];`
			`nftables.enable = true;`
			`# firewall rules`
			`firewall = {`
			`enable = true;`
fixed typo 2024-07-08 19:37:54 +02:00			`allowedTCPPorts = [`
opened missing port 2024-07-16 15:07:52 +02:00			`22 # ssh`
added prometheus 2024-07-22 11:05:06 +02:00			`8008 # matrix-synapse`
			`8448 # matrix-synapse`
			`5050 # calibre-web`
splitted configs in even more files 2024-07-15 16:27:23 +02:00			`9091 # transmission`
fixed typo 2024-07-08 19:37:54 +02:00			`];`
first commit 2024-07-08 19:11:59 +02:00			`allowedUDPPorts = [ ];`
			`};`
			`};`

splitted configs in even more files 2024-07-15 16:27:23 +02:00			`#TODO: setup fail2ban`
			`services.fail2ban = {`
			`enable = true;`
			`ignoreIP = [ "192.168.1.0/24" ];`
			`extraPackages = [ ];`
			`jails = { };`
			`};`
removed caddy open ports 2024-08-09 19:36:17 +02:00
more -arr config 2024-07-11 12:25:10 +02:00			`users.groups.multimedia = {`
			`members = [`
			`"slskd"`
			`"radarr"`
			`"readarr"`
			`"sonarr"`
			`"transmission"`
			`"jellyfin"`
splitted configs in even more files 2024-07-15 16:27:23 +02:00			`"bazarr"`
added calibre web user to multimedia group 2024-07-22 12:03:11 +02:00			`"calibre-web"`
splitted apps + rewrote everything from scratch 2024-07-14 15:48:01 +02:00			`username`
more -arr config 2024-07-11 12:25:10 +02:00			`];`
			`};`

splitted apps + rewrote everything from scratch 2024-07-14 15:48:01 +02:00			`sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];`
first commit 2024-07-08 19:11:59 +02:00			`sops.age.keyFile = "/var/lib/sops-nix/key.txt";`
			`sops.age.generateKey = true;`
huge refactoring 2024-08-12 15:56:45 +02:00			`sops.defaultSopsFile = ./secrets/secrets.yaml;`
first commit 2024-07-08 19:11:59 +02:00
more -arr config 2024-07-11 12:25:10 +02:00			`# define your secrets with`
			# `nix-shell -p sops --run "sops ./secrets/yoursecret.env"`

first commit 2024-07-08 19:11:59 +02:00			`environment.systemPackages = with pkgs; [`
			`jellyfin`
			`jellyfin-web`
			`jellyfin-ffmpeg`
			`transmission`
			`sonarr`
			`radarr`
			`prowlarr`
			`readarr`
			`jellyseerr`
			`homepage-dashboard`
			`slskd`
splitted configs in even more files 2024-07-15 16:27:23 +02:00			`bazarr`
added tailwind config 2024-08-09 12:35:21 +02:00			`ethtool`
			`networkd-dispatcher`
first commit 2024-07-08 19:11:59 +02:00			`];`

enabled auto update 2024-08-01 17:12:07 +02:00			`system.autoUpgrade.enable = true;`
			`system.autoUpgrade.allowReboot = true;`
huge refactoring 2024-08-12 15:56:45 +02:00
first commit 2024-07-08 19:11:59 +02:00			`services.jellyfin = {`
			`enable = true;`
			`openFirewall = true;`
			`};`

added prometheus 2024-07-22 11:05:06 +02:00			`services.tailscale = {`
			`enable = true;`
added tailwind config 2024-08-09 12:35:21 +02:00			`useRoutingFeatures = "server";`
			`};`
removed caddy open ports 2024-08-09 19:36:17 +02:00
added tailwind config 2024-08-09 12:35:21 +02:00			`services = {`
			`networkd-dispatcher = {`
			`enable = true;`
			`rules."50-tailscale" = {`
huge refactoring 2024-08-12 15:56:45 +02:00			`onState = [ "routable" ];`
added tailwind config 2024-08-09 12:35:21 +02:00			`script = ''`
			`${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off`
			`'';`
			`};`
			`};`
added prometheus 2024-07-22 11:05:06 +02:00			`};`
fixed typo 2024-07-08 19:37:54 +02:00			`}`