{ config, inputs, outputs, pkgs, ... }: { imports = [ ./hardware-configuration.nix inputs.home-manager.nixosModules.home-manager ../../modules/docker ../../modules/ups ../../modules/restic ../../modules/samba ../../modules/openssh ../../modules/jellyfin ../../modules/actual-server ../../modules/immich ../../modules/cockpit ]; # General time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "en_US.UTF-8"; # Boot boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot.configurationLimit = 10; boot.supportedFilesystems = [ "zfs" ]; boot.zfs.forceImportRoot = false; boot.zfs.extraPools = [ "main" ]; # Secrets age = { identityPaths = [ "${config.users.users.dennis.home}/.ssh/id_ed25519" ]; secrets."restic/password".file = ../../secrets/restic/password.age; }; # Nix Settings # Perform garbage collection weekly to maintain low disk usage nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 1w"; }; nix.settings.auto-optimise-store = true; programs.bash = { enable = true; }; # Networking networking.hostName = "dnsc-server"; networking.hostId = "380f584e"; networking.networkmanager.enable = true; # Fix due to https://github.com/NixOS/nixpkgs/issues/180175 systemd.services.NetworkManager-wait-online.enable = false; # Firewall networking.firewall = { enable = true; allowedTCPPorts = [ 22 443 ]; allowedUDPPorts = [ 22 443 ]; }; # My user account users.users.dennis = { description = "dennis"; isNormalUser = true; extraGroups = [ "wheel" "networkmanager" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKnmuxDkpDIku5t1Tykz21u78xoQ7LJR8JEcfth32LGu dennis@dnsc-work" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF8LXdDU3C4PcCHb/BEm1xQIZyo2KTR5Dcuw6ni+SxmH dennis@dnsc-machine" ]; }; security.sudo.enable = true; # Home Manager Setup home-manager = { extraSpecialArgs = { inherit inputs outputs; }; backupFileExtension = "backup"; users = { dennis = import ../../home/server.nix; }; }; # Enable new Nix CLI and flakes nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Install system wide packages environment.systemPackages = with pkgs; [ git btop neovim wget jellyfin jellyfin-web jellyfin-ffmpeg usbutils restic mkcert actual-server cockpit ]; # GnuPG programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # ZFS services.zfs = { autoSnapshot.enable = true; trim.enable = true; }; # Caddy services.caddy = { enable = true; virtualHosts."media.home.lan".extraConfig = '' reverse_proxy http://127.0.0.1:8096 tls internal ''; virtualHosts."finance.home.lan".extraConfig = '' encode gzip zstd reverse_proxy http://127.0.0.1:9002 tls internal ''; virtualHosts."photos.home.lan".extraConfig = '' reverse_proxy http://127.0.0.1:9003 tls internal ''; }; # Environment variables environment.variables.EDITOR = "nvim"; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.11"; }