Update homserver config

2023-06-25 12:21:00 +02:00 · 2023-06-25 12:21:00 +02:00 · eafad2af57
commit eafad2af57
parent 26694e1e52
5 changed files with 72 additions and 7 deletions
--- a/packages/nginx/homeserver.nix
+++ b/packages/nginx/homeserver.nix
@ -0,0 +1,13 @@
+{ ... }:
+
+{
+    services.nginx.enable = true;
+    services.nginx.virtualHosts."192.168.2.69" = {
+        root = "/mnt/mass/Torrents";
+        extraConfig = ''
+            autoindex on;
+        '';
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 ];
+}
--- a/packages/syncthing/homeserver.nix
+++ b/packages/syncthing/homeserver.nix
@ -0,0 +1,18 @@
+{ ... }:
+
+{
+    imports = [
+        ../../users/media.nix
+    ];
+
+    services.syncthing = {
+        enable = true;
+        user = "media";
+        dataDir = "/mnt/mass";
+        configDir = "/mnt/mass/Services/Syncthing";
+        guiAddress = "0.0.0.0:8384";
+    };
+
+    networking.firewall.allowedTCPPorts = [ 8384 22000 ];
+    networking.firewall.allowedUDPPorts = [ 22000 21027 ];
+}
--- a/systems/hardware/homeserver.nix
+++ b/systems/hardware/homeserver.nix
@ -29,6 +29,11 @@
      fsType = "zfs";
  };

+  fileSystems."/mnt/mass" = {
+      device = "/dev/disk/by-uuid/f04baac4-40a9-4115-b09d-83b252ee69ad";
+      fsType = "xfs";
+  };
+
  swapDevices = [ ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
--- a/systems/homeserver.nix
+++ b/systems/homeserver.nix
@ -7,20 +7,30 @@
        ./persist/homeserver.nix
        ../sets/meta/sysadmin.nix
        ../packages/vim/package.nix
+        ../packages/nginx/homeserver.nix
+        ../packages/syncthing/homeserver.nix
    ];

-    boot.loader = {
-        efi = {
-            canTouchEfiVariables = true;
+    boot = {
+        loader = {
+            efi = {
+                canTouchEfiVariables = true;
+            };
+            grub = {
+                enable = true;
+                efiSupport = true;
+                device = "nodev";
+            };
        };
-        grub = {
-            enable = true;
-            efiSupport = true;
-            device = "nodev";
+
+        kernel = {
+            sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
        };
    };

    networking = {
+        hostName = "homeserver";
+        enableIPv6 = false;
        hostId = "95f846dc";
        interfaces = {
            eno1.ipv4.addresses = [{
@ -34,5 +44,16 @@

    console = {
        keyMap = "uk";
+        nameservers = [ "1.1.1.1" "8.8.8.8" ];
+        defaultGateway = "192.168.2.1";
+        firewall = {
+            enable = true;
+            allowedTCPPorts = [ 22 ]; 
+        };
+    };
+
+    # To not mess up SSH sessions from weird terminals
+    environment.sessionVariables = rec {
+        TERM = "xterm";
    };
 }
--- a/users/media.nix
+++ b/users/media.nix
@ -0,0 +1,8 @@
+{ ... }:
+
+{
+    users.users.media = {
+        isNormalUser = true;
+        description = "media";
+    };
+}