diff --git a/devices/home-server/configuration.nix b/devices/home-server/configuration.nix new file mode 100644 index 0000000..96b5297 --- /dev/null +++ b/devices/home-server/configuration.nix @@ -0,0 +1,107 @@ +{ ... }: +{ + imports = [ ./hardware-configuration.nix ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + services = { + adguardhome = { + enable = true; + port = 34778; + openFirewall = true; + }; + + fail2ban = { + enable = true; + ignoreIP = [ + "192.168.0.0/16" + ]; + }; + + cloudflare-dyndns = { + enable = true; + apiTokenFile = "/home/asakiyuki/.secret/CLOUDFLARE_TOKEN_KEY"; + frequency = "*:0/5"; + proxied = true; + ipv6 = false; + ipv4 = true; + deleteMissing = false; + domains = [ "ddns.asakiyuki.com" ]; + }; + + openssh = { + enable = true; + ports = [ 15523 ]; + authorizedKeysInHomedir = true; + authorizedKeysFiles = [ "/home/asakiyuki/.ssh/authorized_keys" ]; + settings = { + AllowUsers = [ + "asakiyuki" + "junko" + ]; + PasswordAuthentication = true; + KbdInteractiveAuthentication = false; + AllowAgentForwarding = false; + AllowStreamLocalForwarding = false; + X11Forwarding = false; + PermitRootLogin = "no"; + }; + }; + }; + + networking = { + useDHCP = false; + networkmanager.enable = true; + defaultGateway = "192.168.1.1"; + nameservers = [ + "8.8.8.8" + "1.1.1.1" + ]; + + interfaces = { + enp1s0 = { + useDHCP = false; + + ipv4.addresses = [ + { + address = "192.168.1.100"; + prefixLength = 24; + } + ]; + + ipv6.addresses = [ + { + address = "2402:800:62d0:1c26:abcd:1234:5678:9abc"; + prefixLength = 64; + } + ]; + }; + }; + + firewall = { + enable = true; + allowedUDPPorts = [ + 53 + 34778 + ]; + allowedTCPPorts = [ + 15523 + 53 + 8443 + 583 + 25565 + ]; + }; + }; + + nixpkgs.config.allowUnfree = true; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + time.timeZone = "Asia/Ho_Chi_Minh"; + system.stateVersion = "25.11"; +} diff --git a/devices/home-server/hardware-configuration.nix b/devices/home-server/hardware-configuration.nix new file mode 100644 index 0000000..8d19e80 --- /dev/null +++ b/devices/home-server/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/16cfcdf6-15bb-4b63-835f-044867999510"; + fsType = "ext4"; + }; + "/home/asakiyuki/HOST" = { + device = "/dev/disk/by-uuid/414e2a24-605f-47c3-a325-8db8a4934329"; + fsType = "ext4"; + }; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/cfa7f30f-f08a-4400-babe-41357586a6a0"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/flake.nix b/flake.nix index 2915e3b..504ac0a 100644 --- a/flake.nix +++ b/flake.nix @@ -65,7 +65,14 @@ (libs.root "/devices/ideapad-slim-5/configuration.nix") ]; }; + + home-server = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit self inputs libs; }; + modules = [ + (libs.root "/devices/home-server/configuration.nix") + ]; + }; }; }; } -