2024-07-08 19:11:59 +02:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
let
|
2024-07-14 15:48:01 +02:00
|
|
|
ip = "192.168.1.177";
|
2024-07-11 12:25:10 +02:00
|
|
|
gateway = "192.168.1.1";
|
2024-07-14 15:48:01 +02:00
|
|
|
username = "homelab";
|
2024-07-08 19:11:59 +02:00
|
|
|
in
|
|
|
|
|
{
|
2024-07-14 15:48:01 +02:00
|
|
|
imports = [
|
|
|
|
|
./features/arr-suite.nix
|
2024-07-22 11:06:31 +02:00
|
|
|
# ./features/authentik.nix
|
2024-07-17 14:30:30 +02:00
|
|
|
./features/caddy.nix
|
2024-07-15 16:27:23 +02:00
|
|
|
./features/calibre-web.nix
|
2024-07-18 17:17:39 +02:00
|
|
|
./features/containers/default.nix
|
2024-07-17 19:52:30 +02:00
|
|
|
# ./features/freshrss.nix using the docker container instead
|
2024-07-15 16:27:23 +02:00
|
|
|
./features/grafana.nix
|
2024-07-14 15:48:01 +02:00
|
|
|
./features/homelab-dashboard.nix
|
2024-07-22 11:05:06 +02:00
|
|
|
# ./features/nextcloud.nix
|
|
|
|
|
# ./features/photoprism.nix
|
|
|
|
|
./features/prometheus.nix
|
2024-07-15 16:27:23 +02:00
|
|
|
./features/samba-shares.nix
|
2024-07-31 11:41:04 +02:00
|
|
|
# ./features/searx.nix
|
2024-07-19 13:26:22 +02:00
|
|
|
./features/synapse-matrix.nix
|
2024-07-15 16:27:23 +02:00
|
|
|
./features/slskd.nix
|
2024-07-14 15:48:01 +02:00
|
|
|
./features/transmission.nix
|
2024-07-15 16:27:23 +02:00
|
|
|
./features/uptime-kuma.nix
|
2024-07-14 15:48:01 +02:00
|
|
|
];
|
|
|
|
|
|
2024-07-08 19:11:59 +02:00
|
|
|
# setting up networking!!
|
|
|
|
|
networking = {
|
|
|
|
|
interfaces = {
|
|
|
|
|
ens18.ipv4.addresses = [
|
|
|
|
|
{
|
|
|
|
|
address = ip;
|
|
|
|
|
prefixLength = 24;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2024-07-11 12:25:10 +02:00
|
|
|
defaultGateway = gateway;
|
2024-07-08 19:11:59 +02:00
|
|
|
nameservers = [
|
|
|
|
|
"1.1.1.1"
|
|
|
|
|
"1.0.0.1"
|
|
|
|
|
];
|
|
|
|
|
nftables.enable = true;
|
|
|
|
|
# firewall rules
|
|
|
|
|
firewall = {
|
|
|
|
|
enable = true;
|
2024-07-08 19:37:54 +02:00
|
|
|
allowedTCPPorts = [
|
2024-07-16 15:07:52 +02:00
|
|
|
22 # ssh
|
2024-07-16 15:57:38 +02:00
|
|
|
3001 # grafana
|
|
|
|
|
4001 # uptime-kuma
|
2024-07-15 16:27:23 +02:00
|
|
|
5030 # slskd
|
|
|
|
|
8080 # searxng
|
2024-07-22 11:05:06 +02:00
|
|
|
8008 # matrix-synapse
|
|
|
|
|
8448 # matrix-synapse
|
|
|
|
|
5050 # calibre-web
|
2024-07-16 16:08:25 +02:00
|
|
|
8400 # crafty-controller
|
2024-07-16 15:07:52 +02:00
|
|
|
9000 # authentik
|
2024-07-15 16:27:23 +02:00
|
|
|
9091 # transmission
|
2024-07-08 19:37:54 +02:00
|
|
|
];
|
2024-07-08 19:11:59 +02:00
|
|
|
allowedUDPPorts = [ ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-07-15 16:27:23 +02:00
|
|
|
#TODO: setup fail2ban
|
|
|
|
|
services.fail2ban = {
|
|
|
|
|
enable = true;
|
|
|
|
|
ignoreIP = [ "192.168.1.0/24" ];
|
|
|
|
|
extraPackages = [ ];
|
|
|
|
|
jails = { };
|
|
|
|
|
};
|
2024-07-11 12:25:10 +02:00
|
|
|
users.groups.multimedia = {
|
|
|
|
|
members = [
|
|
|
|
|
"slskd"
|
|
|
|
|
"radarr"
|
|
|
|
|
"readarr"
|
|
|
|
|
"sonarr"
|
|
|
|
|
"transmission"
|
|
|
|
|
"jellyfin"
|
2024-07-15 16:27:23 +02:00
|
|
|
"bazarr"
|
2024-07-22 12:03:11 +02:00
|
|
|
"calibre-web"
|
2024-07-14 15:48:01 +02:00
|
|
|
username
|
2024-07-11 12:25:10 +02:00
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2024-07-14 15:48:01 +02:00
|
|
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
2024-07-08 19:11:59 +02:00
|
|
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
|
|
|
|
sops.age.generateKey = true;
|
|
|
|
|
|
2024-07-11 12:25:10 +02:00
|
|
|
# define your secrets with
|
|
|
|
|
# `nix-shell -p sops --run "sops ./secrets/yoursecret.env"`
|
|
|
|
|
|
2024-07-08 19:11:59 +02:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
jellyfin
|
|
|
|
|
jellyfin-web
|
|
|
|
|
jellyfin-ffmpeg
|
|
|
|
|
transmission
|
|
|
|
|
sonarr
|
|
|
|
|
radarr
|
|
|
|
|
prowlarr
|
|
|
|
|
readarr
|
|
|
|
|
jellyseerr
|
|
|
|
|
homepage-dashboard
|
|
|
|
|
slskd
|
2024-07-15 16:27:23 +02:00
|
|
|
bazarr
|
2024-08-09 12:35:21 +02:00
|
|
|
ethtool
|
|
|
|
|
networkd-dispatcher
|
2024-07-08 19:11:59 +02:00
|
|
|
];
|
|
|
|
|
|
2024-08-01 17:12:07 +02:00
|
|
|
system.autoUpgrade.enable = true;
|
|
|
|
|
system.autoUpgrade.allowReboot = true;
|
2024-07-08 19:11:59 +02:00
|
|
|
services.jellyfin = {
|
|
|
|
|
enable = true;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-07-22 11:05:06 +02:00
|
|
|
services.tailscale = {
|
|
|
|
|
enable = true;
|
2024-08-09 12:35:21 +02:00
|
|
|
useRoutingFeatures = "server";
|
|
|
|
|
};
|
|
|
|
|
services = {
|
|
|
|
|
networkd-dispatcher = {
|
|
|
|
|
enable = true;
|
|
|
|
|
rules."50-tailscale" = {
|
|
|
|
|
onState = ["routable"];
|
|
|
|
|
script = ''
|
|
|
|
|
${pkgs.ethtool}/bin/ethtool -K ens18 rx-udp-gro-forwarding on rx-gro-list off
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-07-22 11:05:06 +02:00
|
|
|
};
|
2024-07-08 19:37:54 +02:00
|
|
|
}
|
