70 lines
1.4 KiB
Nix
70 lines
1.4 KiB
Nix
{
|
|
modulesPath,
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
...
|
|
}:
|
|
|
|
{
|
|
boot.loader.systemd-boot = {
|
|
enable = true;
|
|
configurationLimit = 10;
|
|
};
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
networking.hostName = "ellie-server";
|
|
networking.useNetworkd = true;
|
|
|
|
systemd.network.enable = true;
|
|
|
|
hardware.graphics = {
|
|
enable = true;
|
|
};
|
|
hardware.nvidia = {
|
|
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
|
modesetting.enable = true;
|
|
open = false;
|
|
};
|
|
|
|
services.resolved.enable = true;
|
|
|
|
services.openssh = {
|
|
openFirewall = false;
|
|
};
|
|
|
|
networking.nftables.enable = true;
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowPing = true;
|
|
|
|
checkReversePath = true;
|
|
rejectPackets = true;
|
|
allowedTCPPorts = [ ];
|
|
interfaces."enp34s0".allowedTCPPorts = [ ];
|
|
extraInputRules = ''
|
|
ip saddr 192.168.1.0/24 tcp dport {22, 8096, 8920, 3000, 8282, 9696, 8989, 7878, 80} accept
|
|
tcp dport {22, 8096, 8920, 3000, 8282, 9696, 8989, 7878, 80} drop
|
|
|
|
ip saddr 192.168.1.0/24 udp dport 5353 accept
|
|
udp dport 5353 drop
|
|
'';
|
|
};
|
|
|
|
users.groups.media = { };
|
|
#users.users.radarr.extraGroups = [ "media" ];
|
|
#users.users.sonarr.extraGroups = [ "media" ];
|
|
#users.users.jellyfin.extraGroups = [ "media" ];
|
|
|
|
sops.age.keyFile = "/home/ellie/.config/sops/age/keys.txt";
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
git
|
|
vim
|
|
dropbear
|
|
age
|
|
sops
|
|
];
|
|
|
|
system.stateVersion = "25.05";
|
|
}
|