095e9f4f6b
- Add .gitignore for common languages, tools, and OS/editor artifacts - Configure .gitattributes for Git LFS (fonts, images, archives, ISOs) - Add README with repo description - Add flake.nix defining inputs and outputs for NixOS, Home Manager, and related modules - Introduce home-manager configs: - Base home.nix with packages, services, and programs - Hyprland WM configuration (waybar, fuzzel, keybindings, theming) - Vim (nixvim) setup with LSP and plugins - Zsh setup with aliases, Oh My Zsh, clipboard helpers - Systemd user services (e.g., librespot) - Add scripts (GPU monitor, RAM build helper, install automation) - Add host configurations: - Nixbook (Apple laptop) with hardware, disko, and install script - Nixstation (desktop) with firewall, virtualization, Btrfs scrub timer - Nixtest (test VM) with QEMU + Alpine-based install test harness - Common modules (network, NVIDIA, rclone, screen, keychron, users) - Include statix config for linting
116 lines
2.5 KiB
Nix
116 lines
2.5 KiB
Nix
{ pkgs, ... }:
|
|
{
|
|
networking = {
|
|
hostName = "Nixstation";
|
|
networkmanager.enable = true;
|
|
|
|
firewall = {
|
|
enable = true;
|
|
allowPing = true;
|
|
allowedTCPPorts = [
|
|
2375
|
|
4780
|
|
11470
|
|
25565
|
|
];
|
|
allowedUDPPorts = [
|
|
8888
|
|
8899
|
|
];
|
|
};
|
|
};
|
|
|
|
services = {
|
|
tailscale.enable = true;
|
|
openssh.enable = true;
|
|
# openssh.settings.X11Forwarding = true;
|
|
};
|
|
|
|
virtualisation.docker = {
|
|
enable = true;
|
|
package = pkgs.docker_25;
|
|
storageDriver = "btrfs";
|
|
daemon.settings = {
|
|
hosts = [ "unix:///var/run/docker.sock" ];
|
|
features.cdi = true;
|
|
userland-proxy = false;
|
|
experimental = true;
|
|
metrics-addr = "0.0.0.0:9323";
|
|
};
|
|
|
|
# daemon.settings = {
|
|
|
|
# hosts = [
|
|
# "unix:///var/run/docker.sock"
|
|
# ];
|
|
|
|
# features = {
|
|
# cdi = true;
|
|
# };
|
|
|
|
# userland-proxy = false;
|
|
# experimental = true;
|
|
# metrics-addr = "0.0.0.0:9323";
|
|
|
|
# default-runtime = "nvidia";
|
|
# runtimes = {
|
|
# nvidia = {
|
|
# path = "nvidia-container-runtime";
|
|
# };
|
|
# nvidia-cdi = {
|
|
# path = "nvidia-container-runtime.cdi";
|
|
# };
|
|
# nvidia-legacy = {
|
|
# path = "nvidia-container-runtime.legacy";
|
|
# };
|
|
# };
|
|
# };
|
|
};
|
|
|
|
services.samba = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
|
|
settings = {
|
|
global = {
|
|
"workgroup" = "WORKGROUP";
|
|
"server string" = "smbnix";
|
|
"netbios name" = "smbnix";
|
|
|
|
# "use sendfile" = "yes";
|
|
# "max protocol" = "smb2";
|
|
# note: localhost is the ipv6 localhost ::1
|
|
"hosts allow" = "192.168.0. 192.168. 192.168.122.55 127.0.0.1 localhost";
|
|
"hosts deny" = "0.0.0.0/0";
|
|
"guest account" = "nobody";
|
|
"map to guest" = "bad user";
|
|
security = "user";
|
|
# shared = {
|
|
# path = "/home/thiago/Downloads/oblivion";
|
|
# browseable = true;
|
|
# writable = false;
|
|
# guestOk = true;
|
|
# "force user" = "thiago";
|
|
# };
|
|
};
|
|
|
|
# shares = {
|
|
# OneDrive = ''
|
|
# path = "/run/media/thiago/hdd0/OneDrive/"
|
|
# browseable = "yes"
|
|
# "read only" = "no"
|
|
# "guest ok" = "no"
|
|
# "create mask" = "0644"
|
|
# "directory mask" = "0755"
|
|
# "force user" = "thiago"
|
|
# "force group" = "users"
|
|
# '';
|
|
# };
|
|
};
|
|
};
|
|
|
|
services.samba-wsdd = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
};
|
|
}
|