kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:Kropatz/dotfiles

Browse Source
This commit is contained in:
Kopatz
2025-10-24 11:50:07 +02:00
parent 945322d6b5 71dc7a59e3
commit c278107991
7 changed files with 62 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
home-manager/nixvim/lsp.nix
View File

@@ -23,7 +23,7 @@
}; };
}; };
html.enable = true; html.enable = true;
dartls.enable = true; dartls.enable = true; # handled by flutter-tools
ts_ls.enable = true; ts_ls.enable = true;
pylsp.enable = true; pylsp.enable = true;
lua_ls.enable = true; lua_ls.enable = true;

2
modules/services/kavita.nix
View File

@@ -31,7 +31,7 @@ in {
githubRunnerEnabled = config.services.github-runners ? oberprofis.enable; githubRunnerEnabled = config.services.github-runners ? oberprofis.enable;
in in
lib.mkIf cfg.enable { lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 5000 ]; # not needed with nginx networking.firewall.allowedTCPPorts = [ 5000 ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
(if githubRunnerEnabled then (if githubRunnerEnabled then
"d ${baseDir} 0750 kavita github-actions-runner -" "d ${baseDir} 0750 kavita github-actions-runner -"

60
modules/services/samba.nix
View File

@@ -1,36 +1,42 @@
{ {
#services.samba-wsdd.enable = true; # make shares visible for windows 10 clients #services.samba-wsdd = {
#networking.firewall.allowedTCPPorts = [ # enable = true;
#5357 # wsdd # openFirewall = true;
#]; #};
#networking.firewall.allowedUDPPorts = [
#3702 # wsdd users.users.franz = {
#]; isNormalUser = true;
services.samba.openFirewall = true; home = "/home/franz";
hashedPassword = "$y$j9T$opts2crrOHbRzHsFzOh/S1$LU3zmC4tKOw43THlOSw6qDXPse.l1ZvcxolN3EP7/ED";
};
# add user to samba with smbpasswd -a
services.samba = { services.samba = {
enable = true; enable = true;
securityType = "user"; openFirewall = true;
invalidUsers = [ invalidUsers = [
"root" "root"
]; ];
extraConfig = '' settings = {
disable netbios = yes global = {
smb ports = 445 "workgroup" = "WORKGROUP";
workgroup = WORKGROUP "server string" = "smbnix";
server string = smbnix "netbios name" = "smbnix";
security = user "security" = "user";
#use sendfile = yes #"use sendfile" = "yes";
#max protocol = smb2 #"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1 # note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.0. 192.168.174.1 127.0.0.1 localhost "hosts allow" = "192.168.0. 127.0.0.1 localhost";
hosts deny = 0.0.0.0/0 "hosts deny" = "0.0.0.0/0";
guest account = nobody "guest account" = "nobody";
map to guest = bad user "map to guest" = "bad user";
''; };
shares = { "franz" = {
homes = { "path" = "/hdd/shares/franz";
browseable = "no"; "valid users" = "franz";
writable = "yes"; "public" = "no";
"writable" = "yes";
"printable" = "no";
}; };
}; };
}; };

2
pkgs/ente-frontend/default.nix
View File

@@ -7,7 +7,7 @@ buildNpmPackage rec {
src = "${(fetchGit { src = "${(fetchGit {
url = "git@github.com:oberprofis/ente.git"; url = "git@github.com:oberprofis/ente.git";
ref = "master"; ref = "master";
rev = "f82b14a08080865be3c31144787ffaf8509a018a"; rev = "cb63e1e20fd9fde401fa9d3f09b36c572b17ff34";
})}/website/tracker-site"; })}/website/tracker-site";
npmDepsHash = "sha256-fYTRhIU+8pdIm3wC5wJRcDUhgN3d+mmvfmVzuu0pjLQ="; npmDepsHash = "sha256-fYTRhIU+8pdIm3wC5wJRcDUhgN3d+mmvfmVzuu0pjLQ=";

24
systems/amd-server-vm/configuration.nix
View File

@@ -10,6 +10,7 @@
../../modules/misc/motd.nix ../../modules/misc/motd.nix
../../modules/misc/kernel.nix ../../modules/misc/kernel.nix
../../modules/services/duckdns.nix ../../modules/services/duckdns.nix
../../modules/services/samba.nix
../../modules/services/ddclient-cloudflare.nix ../../modules/services/ddclient-cloudflare.nix
./disk-config.nix ./disk-config.nix
./mail.nix ./mail.nix
@@ -108,6 +109,23 @@
# 8888 = scheibenmeister skip button # 8888 = scheibenmeister skip button
networking.firewall.allowedTCPPorts = [ 25565 25566 8888 ]; networking.firewall.allowedTCPPorts = [ 25565 25566 8888 ];
networking.nftables.tables.ip_drop = {
family = "inet";
content = ''
set blocked-ip4 {
typeof ip saddr
flags interval
auto-merge
elements = { 45.144.212.240 }
}
chain input {
# -100 priority to run before the default filter input chain (0)
type filter hook input priority -100; policy accept;
ip saddr @blocked-ip4 log prefix "nftables drop: " level info counter drop
}
'';
};
networking.hostName = "server-vm"; # Define your hostname. networking.hostName = "server-vm"; # Define your hostname.
#services.murmur = { #services.murmur = {
@@ -135,6 +153,12 @@
options = [ "defaults" "nofail" "noatime" ]; options = [ "defaults" "nofail" "noatime" ];
}; };
fileSystems."/hdd" = {
device = "/dev/disk/by-uuid/99954059-3801-4abb-a536-0e7802a3e6b4";
fsType = "ext4";
options = [ "defaults" "nofail" "noatime" ];
};
# Configure console keymap # Configure console keymap
console.keyMap = "us"; console.keyMap = "us";

1
systems/amd-server/configuration.nix
View File

@@ -73,6 +73,7 @@
}; };
firewall.allowedTCPPorts = [ 25565 25566 ]; # localsend firewall.allowedTCPPorts = [ 25565 25566 ]; # localsend
}; };
security.pki.certificates = [ security.pki.certificates = [

2
systems/pc/configuration.nix
View File

@@ -207,7 +207,7 @@
services.printing.enable = false; services.printing.enable = false;
services.printing.drivers = [ pkgs.brlaser ]; services.printing.drivers = [ pkgs.brlaser ];
services.avahi = { services.avahi = {
enable = true; enable = false;
nssmdns4 = true; nssmdns4 = true;
openFirewall = true; openFirewall = true;
}; };