lf3/server-conf
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
server-conf/systems/mio-mio-mate/default.nix

228 lines
4.9 KiB
Nix
Raw Blame History

{
modulesPath,
lib,
nixos-hardware,
pkgs,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.raspberry-pi-4
];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" ];
};
loader = {
generic-extlinux-compatible.enable = true;
};
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
hardware.raspberry-pi."4".fkms-3d.enable = true;
networking = {
useDHCP = lib.mkDefault true;
};
services.resolved.enable = false;
powerManagement.cpuFreqGovernor = "ondemand";
networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
53
];
allowedUDPPorts = [
80
443
53
];
};
services.nginx = {
enable = true;
virtualHosts = {
"manga.it3" = {
locations."/" = {
proxyPass = "http://localhost:8080/";
};
};
"pad.missing.ninja" = {
locations."/".proxyPass = "http://localhost:3333";
locations."/socket.io/" = {
proxyPass = "http://localhost:3333";
proxyWebsockets = true;
};
};
};
};
services.dnsmasq = {
enable = true;
settings = {
server = [
"8.8.8.8"
"8.8.4.4"
];
#dhcp-range = [ "192.168.0.2,192.168.0.254,5m" ];
#dhcp-option= [ "3,0.0.0.0" "6,0.0.0.0" ];
#domain-needed = true;
};
};
services.mediawiki = {
enable = true;
webserver = "nginx";
url = "http://wiki.it3";
nginx.hostName = "wiki.it3";
passwordFile = "${../../init/mediawiki}";
};
services.suwayomi-server = {
enable = true;
settings = {
server = {
systemTrayEnabled = true;
extensionRepos = [ "https://raw.githubusercontent.com/keiyoushi/extensions/repo/index.min.json" ];
webUIEnabled = true;
initialOpenInBrowserEnabled = true;
webUIInterface = "browser";
webUIFlavor = "WebUI";
};
};
};
services.freshrss = {
enable = true;
virtualHost = "rss.it3";
authType = "none";
baseUrl = "http://rss.it3";
};
services.openldap = {
enable = true;
# enable plain connections only
urlList = [ "ldap:///" ];
settings = {
attrs = {
olcLogLevel = "conns config";
};
children = {
"cn=schema".includes = [
"${pkgs.openldap}/etc/schema/core.ldif"
"${pkgs.openldap}/etc/schema/cosine.ldif"
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
];
"olcDatabase={1}mdb".attrs = {
objectClass = [
"olcDatabaseConfig"
"olcMdbConfig"
];
olcDatabase = "{1}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=ldap,dc=it3";
# your admin account, do not use writeText on a production system
olcRootDN = "cn=admin,dc=ldap,dc=it3";
olcRootPW.path = pkgs.writeText "olcRootPW" "pass";
olcAccess = [
# custom access rules for userPassword attributes
''
{0}to attrs=userPassword
by self write
by anonymous auth
by * none''
# allow read on anything else
''
{1}to *
by * read''
];
};
};
};
};
services.samba = {
enable = true;
securityType = "user";
openFirewall = true;
nsswins = true;
package = pkgs.sambaFull;
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = user
#use sendfile = yes
max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.0. 127.0.0.1 localhost 192.168.88. 192.168.12.
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
public = {
path = "/mnt/Shares/Public";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "jopejoe1";
"force group" = "users";
};
private = {
path = "/mnt/Shares/Private";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "jopejoe1";
"force group" = "users";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
networking.firewall.allowPing = true;
services.hedgedoc = {
enable = true;
settings = {
db = {
dialect = "sqlite";
torage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
};
domain = "pad.it3";
port = 3333;
useSSL = false;
protocolUseSSL = false;
};
};
}
Reference in a new issue View git blame Copy permalink