# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./servarr.nix ./media.nix ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; # networking.hostName = "nixos"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.hostName = "laurel"; networking.firewall.allowedTCPPorts = [ 80 443 6197 ]; time.timeZone = "Europe/London"; i18n.defaultLocale = "en_US.UTF-8"; nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; # Enable sound. sound.enable = true; hardware.pulseaudio.enable = true; hardware.opengl = { enable = true; extraPackages = with pkgs; [ intel-media-driver vaapiIntel vaapiVdpau libvdpau-va-gl intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) ]; }; environment.systemPackages = [ pkgs.vim pkgs.wget pkgs.curl pkgs.jellyfin pkgs.jellyfin-web pkgs.jellyfin-ffmpeg pkgs.htop pkgs.ripgrep pkgs.git ]; users.users.op = { isNormalUser = true; extraGroups = [ "wheel" "tty" "syncthing" ]; home = "/home/op"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4oThdAy5wQtzCarxDPuzWX6ImYw0c1QfkF0+wZNE6o np@myrtle" ]; }; services.openssh.enable = true; services.tailscale.enable = true; services.nginx = { enable = true; user = "op"; }; services.invidious = { enable = false; port = 3333; domain = "tube.laurel"; settings = { db = { user = "invidious"; dbname = "invidious"; }; registration_enabled = true; login_enabled = true; admins = [ "op" ]; video_loop = false; autoplay = true; continue = false; continue_autoplay = false; player_style = "youtube"; listen = false; quality = "hd720"; comments = [ "youtube" ]; captions = [ "en" ]; unseen_only = true; local = true; }; }; services.nginx.virtualHosts."tube.laurel" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:${builtins.toString config.services.invidious.port}"; proxyWebsockets = true; extraConfig = '' proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; # so Invidious knows domain proxy_set_header Connection ""; # to keep alive ''; }; }; services.miniflux = { enable = true; adminCredentialsFile = "/etc/miniflux/admin"; config = { FETCH_YOUTUBE_WATCH_TIME = 1; PORT = 8383; BASE_URL = "http://rss.laurel"; }; }; services.nginx.virtualHosts."rss.laurel" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:${builtins.toString config.services.miniflux.config.PORT}"; }; }; services.nginx.virtualHosts."oppi.li" = { listen = [{ port = 8282; addr = "0.0.0.0"; }]; root = "/www/site/docs"; locations."/" = { tryFiles = "$uri $uri/ =404"; index = "index.html"; }; }; services.matrix-conduit = { enable = false; settings = { global = { allow_encryption = true; allow_federation = true; allow_registration = false; database_backend = "rocksdb"; server_name = "oppi.li"; address = "0.0.0.0"; port = 6197; enable_lightning_bolt = false; }; }; }; services.mautrix-whatsapp = { enable = true; settings = { homeserver = { address = "http://localhost:6197"; domain = "oppi.li"; }; appservice = { }; bridge = { encryption = { allow = true; default = true; require = true; }; history_sync = { request_full_sync = true; }; mute_bridging = true; permissions = { "*" = "user"; }; private_chat_portal_meta = true; provisioning = { shared_secret = "disable"; }; }; }; }; services.radicale = { enable = true; settings = { server.hosts = [ "0.0.0.0:5232" ]; auth = { type = "htpasswd"; htpasswd_filename = "/etc/radicale/users"; htpasswd_encryption = "bcrypt"; }; }; }; services.nginx.virtualHosts."radicale.laurel" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:5232"; }; }; services.syncthing = { enable = true; dataDir = "/syncthing"; }; services.nginx.virtualHosts."sync.laurel" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:8384"; }; }; services.readit = { enable = true; port = 9495; }; services.nginx.virtualHosts."read.laurel" = { listen = [{ port = 80; addr = "0.0.0.0"; }]; locations."/" = { proxyPass = "http://127.0.0.1:9495"; }; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? }