diff --git a/heimserver/configuration.nix b/heimserver/configuration.nix index b79a65e..b5017f8 100644 --- a/heimserver/configuration.nix +++ b/heimserver/configuration.nix @@ -14,7 +14,6 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - specialArgs.inputs.vscode-server.nixosModules.default ]; # System basics @@ -45,44 +44,45 @@ # i18n.defaultLocale = "en_US.UTF-8"; # Networking - networking.hostName = "nixos-server"; - networking.useDHCP = false; - networking.hostId = "5506a8e7"; - networking.interfaces.eth0.ipv4.addresses = [ - { - address = "192.168.69.69"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "192.168.69.1"; - #networking.nameservers = [ "1.1.1.1" ]; - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ - 22 - 53 - 80 - 443 - 2222 # forgejo ssh - 8184 # forgejo frontend - 8123 # homeassistant - 5580 # homeassistant matter - 2283 # immich - 3003 # immich ml - 1984 # frigate go2rtc - 8971 # frigate - 8554 # frigate rtsp - 8555 # frigate rtsp - 2055 # ntopng sink - 8182 # ntopng frontend - 3000 # adguardhome frontend - 8183 # adguardhome frontend - 9000 - ]; - networking.firewall.allowedUDPPorts = [ - 53 - 8555 # frigate rtsp - 2055 # ntopng sink - ]; + networking = { + hostName = "heimserver"; + useDHCP = false; + hostId = "5506a8e7"; + interfaces.eth0.ipv4.addresses = [ + { + address = "192.168.69.69"; + prefixLength = 24; + } + ]; + defaultGateway = "192.168.69.1"; + #nameservers = [ "1.1.1.1" ]; + firewall.enable = true; + firewall.allowedTCPPorts = [ + 22 + 53 + 80 + 443 + 2222 # forgejo ssh + 8184 # forgejo frontend + 8123 # homeassistant + 5580 # homeassistant matter + 2283 # immich + 3003 # immich ml + 1984 # frigate go2rtc + 8971 # frigate + 8554 # frigate rtsp + 8555 # frigate rtsp + 2055 # ntopng sink + 8182 # ntopng frontend + 8183 # adguardhome frontend + 9000 + ]; + firewall.allowedUDPPorts = [ + 53 + 8555 # frigate rtsp + 2055 # ntopng sink + ]; + }; # Users users.users.root = { @@ -100,7 +100,6 @@ # Packages environment.systemPackages = with pkgs; [ - vim nano wget curl @@ -228,6 +227,12 @@ }; }; + # systemd.services.forgejo.preStart = + # '' + # ${lib.getExe cfg.package} admin user create --admin --email "root@localhost" --username crazychaoz --password temp123 || true + # ''; + + # services.borgbackup.jobs."forgejo" = { # paths = config.services.forgejo.repositoryRoot; # repo = "/backup/forgejo"; @@ -256,10 +261,6 @@ }; }; - # systemd.services.forgejo.preStart = - # '' - # ${lib.getExe cfg.package} admin user create --admin --email "root@localhost" --username crazychaoz --password temp123 || true - # ''; # Virtualisation virtualisation = { @@ -307,7 +308,19 @@ "--privileged" ]; }; - + containers.mosquitto = { + #autoStart = true; + volumes = [ + "mosquitto:/mosquitto" + "/run/dbus:/run/dbus:ro" + "/etc/localtime:/etc/localtime:ro" + ]; + # Note: The image will not be updated on rebuilds, unless the version label changes + image = "eclipse-mosquitto"; + extraOptions = [ + "--network=host" + ]; + }; containers.frigate = { #autoStart = true; volumes = [ @@ -323,19 +336,6 @@ "--network=host" ]; }; - containers.mosquitto = { - #autoStart = true; - volumes = [ - "mosquitto:/mosquitto" - "/run/dbus:/run/dbus:ro" - "/etc/localtime:/etc/localtime:ro" - ]; - # Note: The image will not be updated on rebuilds, unless the version label changes - image = "eclipse-mosquitto"; - extraOptions = [ - "--network=host" - ]; - }; containers.netflow2ng = { # Note: The image will not be updated on rebuilds, unless the version label changes image = "synfinatic/netflow2ng:v0.1.0"; @@ -362,7 +362,7 @@ interfaces = [ "tcp://0.0.0.0:5556" ]; extraConfig = '' --dns-mode 1 - --local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN"''; + --local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN,192.168.42.0/24=Wireguard"''; }; services.influxdb.enable = true; @@ -395,6 +395,7 @@ "nix-command" "flakes" ]; + nix.gc = { automatic = true; dates = "weekly";