{ modulesPath, lib, nixos-hardware, pkgs, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") nixos-hardware.nixosModules.raspberry-pi-4 ]; boot = { initrd = { availableKernelModules = [ "xhci_pci" ]; }; loader = { generic-extlinux-compatible.enable = true; }; }; fileSystems."/" = { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; fsType = "ext4"; }; hardware.raspberry-pi."4".fkms-3d.enable = true; networking = { useDHCP = lib.mkDefault true; }; services.resolved.enable = false; powerManagement.cpuFreqGovernor = "ondemand"; networking.firewall = { enable = true; allowedTCPPorts = [ 80 443 53 ]; allowedUDPPorts = [ 80 443 53 ]; }; services.nginx = { enable = true; virtualHosts = { "manga.it3" = { locations."/" = { proxyPass = "http://localhost:8080/"; }; }; "pad.it3" = { locations."/".proxyPass = "http://localhost:3333"; locations."/socket.io/" = { proxyPass = "http://localhost:3333"; proxyWebsockets = true; }; }; }; }; services.dnsmasq = { enable = true; settings = { server = [ "8.8.8.8" "8.8.4.4" ]; #dhcp-range = [ "192.168.0.2,192.168.0.254,5m" ]; #dhcp-option= [ "3,0.0.0.0" "6,0.0.0.0" ]; #domain-needed = true; }; }; services.mediawiki = { enable = true; webserver = "nginx"; url = "http://wiki.it3"; nginx.hostName = "wiki.it3"; passwordFile = "${../../init/mediawiki}"; }; services.suwayomi-server = { enable = true; settings = { server = { systemTrayEnabled = true; extensionRepos = [ "https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json" ]; webUIEnabled = true; initialOpenInBrowserEnabled = true; webUIInterface = "browser"; webUIFlavor = "WebUI"; }; }; }; services.freshrss = { enable = true; virtualHost = "rss.it3"; authType = "none"; baseUrl = "http://rss.it3"; }; services.openldap = { enable = true; # enable plain connections only urlList = [ "ldap:///" ]; settings = { attrs = { olcLogLevel = "conns config"; }; children = { "cn=schema".includes = [ "${pkgs.openldap}/etc/schema/core.ldif" "${pkgs.openldap}/etc/schema/cosine.ldif" "${pkgs.openldap}/etc/schema/inetorgperson.ldif" ]; "olcDatabase={1}mdb".attrs = { objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; olcDatabase = "{1}mdb"; olcDbDirectory = "/var/lib/openldap/data"; olcSuffix = "dc=ldap,dc=it3"; # your admin account, do not use writeText on a production system olcRootDN = "cn=admin,dc=ldap,dc=it3"; olcRootPW.path = pkgs.writeText "olcRootPW" "pass"; olcAccess = [ # custom access rules for userPassword attributes '' {0}to attrs=userPassword by self write by anonymous auth by * none'' # allow read on anything else '' {1}to * by * read'' ]; }; }; }; }; services.samba = { enable = true; securityType = "user"; openFirewall = true; nsswins = true; package = pkgs.sambaFull; extraConfig = '' workgroup = WORKGROUP server string = smbnix netbios name = smbnix security = user #use sendfile = yes max protocol = smb2 # note: localhost is the ipv6 localhost ::1 hosts allow = 192.168.0. 127.0.0.1 localhost 192.168.88. 192.168.12. hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user ''; shares = { public = { path = "/mnt/Shares/Public"; browseable = "yes"; "read only" = "no"; "guest ok" = "yes"; "create mask" = "0644"; "directory mask" = "0755"; "force user" = "jopejoe1"; "force group" = "users"; }; private = { path = "/mnt/Shares/Private"; browseable = "yes"; "read only" = "no"; "guest ok" = "no"; "create mask" = "0644"; "directory mask" = "0755"; "force user" = "jopejoe1"; "force group" = "users"; }; }; }; services.samba-wsdd = { enable = true; openFirewall = true; }; networking.firewall.allowPing = true; services.hedgedoc = { enable = true; settings = { db = { dialect = "sqlite"; torage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; }; domain = "pad.it3"; port = 3333; useSSL = false; protocolUseSSL = false; }; }; }