{ config, pkgs, ... }: let enableDisplayManager = true; in { # Services configs services = { caddy = { enable = false; email = "jalle008@proton.me"; enableReload = true; user = "nix-apps"; group = "jallen-nas"; dataDir = "/media/nas/ssd/nix-app-data/caddy"; virtualHosts = { "authentik.mjallen.dev".extraConfig = '' reverse_proxy http://10.0.1.18:9000 ''; "jellyfin.mjallen.dev".extraConfig = '' reverse_proxy http://10.0.1.18:8096 ''; }; }; minecraft-server = { enable = true; eula = true; declarative = true; openFirewall = true; dataDir = "/media/nas/ssd/ssd_app_data/minecraft"; serverProperties = { enforce-whitelist = true; white-list = true; "enable-rcon" = true; "rcon.password" = "BogieDudie1"; # todo }; whitelist = { mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189"; AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda"; Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3"; SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427"; }; jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"; }; adguardhome = { enable = false; allowDHCP = true; port = 1880; openFirewall = true; settings = { dns = { upstream_dns = [ "https://dns10.quad9.net/dns-query" "1.1.1.1" "1.0.0.1" "8.8.8.8" "208.67.222.222" "208.67.220.220" ]; fallback_dns = [ "https://dns10.quad9.net/dns-query" "1.1.1.1" "1.0.0.1" "8.8.8.8" "208.67.222.222" "208.67.220.220" ]; bootstrap_dns = [ "9.9.9.10" "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.8.4.4" "208.67.222.222" "208.67.220.220" "149.112.112.10" "2620:fe::10" "2620:fe::fe:10" ]; }; dhcp = { enabled = true; interface_name = "wlp7s0"; dhcpv4 = { gateway_ip = "10.0.1.1"; subnet_mask = "255.255.255.0"; range_start = "10.0.1.151"; range_end = "10.0.1.250"; }; }; }; }; udisks2.enable = true; # Enable the X11 windowing system. xserver = { enable = enableDisplayManager; # Enable the Desktop Environment. desktopManager.lxqt.enable = enableDisplayManager; displayManager = { lightdm.enable = enableDisplayManager; #defaultSession = "plasma"; }; }; # Set to enable Flatpak flatpak.enable = false; # Enable RDP xrdp = { enable = enableDisplayManager; defaultWindowManager = "startplasma-x11"; openFirewall = enableDisplayManager; }; avahi = { enable = true; nssmdns4 = true; publish = { enable = true; addresses = true; domain = true; hinfo = true; userServices = true; workstation = true; }; extraServiceFiles = { # TODO is this needed? smb = '' %h _smb._tcp 445 ''; }; }; tailscale = { enable = true; openFirewall = true; useRoutingFeatures = "client"; extraUpFlags = [ "--advertise-exit-node" "--accept-dns=false" "--advertise-routes=10.0.1.0/24" "--hostname=jallen-nas" ]; extraSetFlags = [ "--advertise-exit-node" "--hostname=jallen-nas" "--webclient" ]; # authKeyFile = "/media/nas/ssd/nix-app-data/tailscale/auth"; }; btrfs = { autoScrub.enable = false; autoScrub.fileSystems = [ "/nix" "/root" "/etc" "/var/log" "/home" "/media/nas/ssd/nix-app-data" "/media/nas/ssd/ssd_app_data" "/media/nas/ssd/mariadb" "/media/nas/main/3d_printer" "/media/nas/main/backup" "/media/nas/main/documents" "/media/nas/main/nextcloud" "/media/nas/main/movies" "/media/nas/main/tv" "/media/nas/main/isos" ]; }; authentik = { enable = true; environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env"; }; postgresql = { enable = true; package = pkgs.postgresql_16; dataDir = "/media/nas/ssd/nix-app-data/postgresql"; ensureDatabases = [ "authentik" ]; ensureUsers = [ { name = "authentik"; ensureDBOwnership = true; } ]; }; redis = { servers = { authentik = { enable = true; port = 6379; }; manyfold = { enable = true; port = 6380; # user = "911";#"${config.users.users.nix-apps.name}:${config.users.groups.jallen-nas.name}"; }; }; }; grafana = { enable = true; settings.server = { http_port = 2342; domain = "10.0.1.18"; serve_from_sub_path = true; http_addr = ""; }; dataDir = "/media/nas/ssd/nix-app-data/grafana"; }; nix-serve = { enable = true; secretKeyFile = "/var/cache-priv-key.pem"; }; prometheus = { enable = true; port = 8000; exporters = { node = { enable = true; enabledCollectors = [ "diskstats" "systemd" ]; port = 8001; }; smartctl = { enable = true; group = "disk"; devices = [ "/dev/mapper/ssd1" "/dev/mapper/ssd2" "/dev/mapper/hdd1" "/dev/mapper/hdd2" "/dev/mapper/hdd3" "/dev/mapper/hdd4" "/dev/mapper/hdd5" ]; }; }; scrapeConfigs = [ { job_name = "jallen-nas"; static_configs = [ { targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" "127.0.0.1:${toString config.services.prometheus.exporters.smartctl.port}" ]; } ]; } ]; }; }; systemd.user.services = { protonmail-bridge = { description = "Protonmail Bridge"; enable = true; script = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive"; path = [ pkgs.pass pkgs.protonmail-bridge ]; wantedBy = [ "multi-user.target" ]; partOf = [ "multi-user.target" ]; }; }; systemd.services = { rsync-ssd = { path = [ pkgs.bash pkgs.rsync ]; script = '' rsync -rtpogvPlHzs --ignore-existing /media/nas/ssd /media/nas/main/backup/ssd ''; }; glances-server = { path = [ pkgs.bash pkgs.glances ]; script = '' glances -w ''; wantedBy = [ "multi-user.target" ]; }; }; }