ediblerope
77eafded92
Adds services/router.nix with systemd-networkd (eno1=WAN via DHCP,
eth0=LAN 10.0.0.1/24), nftables (NAT + firewall, default drop on WAN
in), dnsmasq (DHCP only — AdGuard Home keeps :53 for DNS), and sysctl
IP forwarding. NetworkManager is forced off on this host.
Port forwards live in ports.toml at the repo root and are imported via
builtins.fromTOML. Supports single ports, ranges ("26901-26902"), and
"both" protocol. Initial forwards: 22, 80, 443, 26900, 26901-26902.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
92 lines
2.7 KiB
Nix
92 lines
2.7 KiB
Nix
# Common.nix
|
|
{ config, pkgs, lib, inputs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
# Hosts #
|
|
./hosts/FredOS-Gaming.nix
|
|
./hosts/FredOS-Macbook.nix
|
|
./hosts/FredOS-Mediaserver.nix
|
|
|
|
# Generic settings #
|
|
./settings/gnome.nix
|
|
./settings/locale.nix
|
|
./settings/audio.nix
|
|
./settings/users.nix
|
|
./settings/shell.nix
|
|
./apps/zen.nix
|
|
|
|
# Services #
|
|
./services/server-permissions.nix
|
|
./services/game-servers.nix
|
|
./services/qbittorrent-nox.nix
|
|
./services/nginx.nix
|
|
./services/go2rtc.nix
|
|
./services/sonarr.nix
|
|
./services/radarr.nix
|
|
./services/prowlarr.nix
|
|
./services/jellyfin.nix
|
|
./services/bazarr.nix
|
|
./services/cloudflare-ddns.nix
|
|
./services/fail2ban.nix
|
|
./services/authelia.nix
|
|
./services/homepage.nix
|
|
./services/arr-interconnect.nix
|
|
./services/adguard.nix
|
|
./services/router.nix
|
|
];
|
|
|
|
### Make build time quicker
|
|
documentation.nixos.enable = false;
|
|
|
|
# Home Manager #
|
|
home-manager.useGlobalPkgs = true;
|
|
home-manager.useUserPackages = true;
|
|
home-manager.extraSpecialArgs = { inherit inputs; };
|
|
home-manager.users.fred = import ./home-manager/fred.nix;
|
|
|
|
#############################################################################
|
|
# Make boot time quicker
|
|
boot.loader.timeout = lib.mkDefault 5;
|
|
systemd.services.NetworkManager-wait-online.enable = false;
|
|
systemd.services.systemd-udev-settle.enable = false;
|
|
systemd.services.firewall = {
|
|
wantedBy = lib.mkForce [ ];
|
|
after = [ "multi-user.target" ];
|
|
};
|
|
|
|
boot.initrd.verbose = false;
|
|
#############################################################################
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
# Use latest kernel
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
# Allow unfree packages
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
# Enable network-manager
|
|
networking.networkmanager.enable = true;
|
|
|
|
# Fish shell
|
|
programs.fish.enable = true;
|
|
users.defaultUserShell = pkgs.fish;
|
|
|
|
# Shell aliases (work in both bash and fish)
|
|
environment.shellAliases = {
|
|
update = "bash -c 'OLD_SYSTEM=$(readlink /run/current-system) && sudo nixos-rebuild build $@ --flake github:ediblerope/nixos-config && sudo nixos-rebuild switch $@ --flake github:ediblerope/nixos-config && nvd diff $OLD_SYSTEM /run/current-system && (command -v record-update &>/dev/null && record-update $OLD_SYSTEM /run/current-system || true) && command -v matugen &>/dev/null && matugen image ~/.local/share/backgrounds/wallpaper.png --source-color-index 0 -m dark || true' --";
|
|
clean = "sudo nix-collect-garbage -d";
|
|
ll = "ls -alh";
|
|
clear = "command clear";
|
|
reboot = "sudo systemctl reboot";
|
|
};
|
|
|
|
# Add packages
|
|
environment.systemPackages = with pkgs; [
|
|
git
|
|
localsend
|
|
nvd
|
|
busybox
|
|
];
|
|
}
|