{ pkgs, ... }: let enableDisplayManager = true; in { # Services configs services = { minecraft-server = { enable = false; eula = true; declarative = true; openFirewall = true; dataDir = "/media/nas/ssd/ssd_app_data/minecraft"; serverProperties = { enforce-whitelist = true; white-list = true; "enable-rcon" = true; "rcon.password" = "BogieDudie1"; # todo }; whitelist = { mjallen18 = "03d9fba9-4453-4ad1-afa6-c67738685189"; AlpineScent = "76ff084d-2e66-4877-aec2-d6b278431bda"; Fortltude = "61a01913-8b10-4d64-b7ce-7958088cd6d3"; SpicyNick = "8bb5976f-6fd9-4fa5-8697-6ecb4ee38427"; }; jvmOpts = "-Xms4092M -Xmx4092M -XX:+UseG1GC -XX:ParallelGCThreads=2 -XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10"; }; adguardhome = { enable = false; allowDHCP = true; port = 1880; openFirewall = true; settings = { dns = { upstream_dns = [ "https://dns10.quad9.net/dns-query" "1.1.1.1" "1.0.0.1" "8.8.8.8" "208.67.222.222" "208.67.220.220" ]; fallback_dns = [ "https://dns10.quad9.net/dns-query" "1.1.1.1" "1.0.0.1" "8.8.8.8" "208.67.222.222" "208.67.220.220" ]; bootstrap_dns = [ "9.9.9.10" "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.8.4.4" "208.67.222.222" "208.67.220.220" "149.112.112.10" "2620:fe::10" "2620:fe::fe:10" ]; }; dhcp = { enabled = true; interface_name = "wlp7s0"; dhcpv4 = { gateway_ip = "10.0.1.1"; subnet_mask = "255.255.255.0"; range_start = "10.0.1.151"; range_end = "10.0.1.250"; }; }; }; }; udisks2.enable = true; # Enable the X11 windowing system. xserver = { enable = enableDisplayManager; # Enable the Desktop Environment. desktopManager.lxqt.enable = enableDisplayManager; displayManager = { lightdm.enable = enableDisplayManager; #defaultSession = "plasma"; }; }; # Set to enable Flatpak flatpak.enable = false; # Enable RDP xrdp = { enable = enableDisplayManager; defaultWindowManager = "startplasma-x11"; openFirewall = enableDisplayManager; }; avahi = { enable = true; nssmdns4 = true; publish = { enable = true; addresses = true; domain = true; hinfo = true; userServices = true; workstation = true; }; extraServiceFiles = { # TODO is this needed? smb = '' %h _smb._tcp 445 ''; }; }; tailscale = { enable = true; openFirewall = true; useRoutingFeatures = "client"; extraUpFlags = [ "--advertise-exit-node" "--accept-dns=false" "--advertise-routes=10.0.1.0/24" "--hostname=jallen-nas" ]; extraSetFlags = [ "--advertise-exit-node" "--hostname=jallen-nas" "--webclient" ]; # authKeyFile = "/media/nas/ssd/nix-app-data/tailscale/auth"; }; btrfs = { autoScrub.enable = false; autoScrub.fileSystems = [ "/nix" "/root" "/etc" "/var/log" "/home" "/media/nas/ssd/nix-app-data" "/media/nas/ssd/ssd_app_data" "/media/nas/ssd/mariadb" "/media/nas/main/3d_printer" "/media/nas/main/backup" "/media/nas/main/documents" "/media/nas/main/nextcloud" "/media/nas/main/movies" "/media/nas/main/tv" "/media/nas/main/isos" ]; }; authentik = { enable = true; environmentFile = "/media/nas/ssd/nix-app-data/authentik/.env"; }; postgresql = { enable = true; package = pkgs.postgresql_16; dataDir = "/media/nas/ssd/nix-app-data/postgresql"; ensureDatabases = [ "authentik" ]; ensureUsers = [ { name = "authentik"; ensureDBOwnership = true; } ]; }; redis = { servers = { authentik = { enable = true; port = 6379; }; manyfold = { enable = true; port = 6380; # user = "911";#"${config.users.users.nix-apps.name}:${config.users.groups.jallen-nas.name}"; }; }; }; nix-serve = { enable = false; secretKeyFile = "/var/cache-priv-key.pem"; }; }; systemd.user.services = { protonmail-bridge = { description = "Protonmail Bridge"; enable = true; script = "${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive"; path = [ pkgs.pass pkgs.protonmail-bridge ]; wantedBy = [ "multi-user.target" ]; partOf = [ "multi-user.target" ]; }; }; systemd.services = { system-update-check = { description = "Check for system configuration updates"; # Required packages for the service path = with pkgs; [ git nixos-rebuild openssh ]; # Service configuration serviceConfig = { Type = "oneshot"; User = "root"; WorkingDirectory = "/etc/nixos"; # Adjust this path to your config location }; # The script that runs to check for updates script = '' # Store the current commit hash OLD_HASH=$(git rev-parse HEAD) # Fetch updates from remote git fetch origin main # Adjust branch name if needed # Get the new commit hash NEW_HASH=$(git rev-parse origin/main) # If there are changes, pull and rebuild if [ "$OLD_HASH" != "$NEW_HASH" ]; then echo "Updates found, pulling changes..." git pull origin main # Get commit message and timestamp for the tag COMMIT_MSG=$(git log -1 --pretty=%B | head -n1 | tr -dc '[:alnum:][:space:]-' | tr '[:space:]' '-') TIMESTAMP=$(date +%Y%m%d-%H%M) SHORT_HASH=$(git rev-parse --short HEAD) # Create a profile name using the timestamp, short hash, and commit message PROFILE_NAME="$TIMESTAMP-$SHORT_HASH-$COMMIT_MSG" # Rebuild the system nixos-rebuild boot --profile-name "$PROFILE_NAME" echo "System rebuilt with profile: $PROFILE_NAME" else echo "No updates found" fi ''; }; rsync-ssd = { path = [ pkgs.bash pkgs.rsync ]; script = '' rsync -rtpogvPlHzs --ignore-existing /media/nas/ssd /media/nas/main/backup/ssd ''; }; glances-server = { path = [ pkgs.bash pkgs.glances ]; script = '' glances -w ''; wantedBy = [ "multi-user.target" ]; }; }; # Create a timer to run the service periodically systemd.timers.system-update-check = { description = "Timer for system configuration updates"; wantedBy = [ "timers.target" ]; # Timer configuration timerConfig = { OnCalendar = "daily"; # Check every day Persistent = true; # Run immediately if last run was missed Unit = "system-update-check.service"; }; }; }