{ config, pkgs, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; homelab = { apps.technitiumDNS.enable = true; users.deploy.enable = true; }; # Use the systemd-boot EFI boot loader. boot.loader = { systemd-boot.enable = true; efi = { canTouchEfiVariables = true; efiSysMountPoint = "/boot/efi"; }; }; console = { font = "Lat2-Terminus16"; keyMap = "us"; }; # List packages installed in the system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ cifs-utils ]; hardware = { enableRedistributableFirmware = true; enableAllFirmware = true; pulseaudio.enable = true; opengl.enable = true; }; # Select internationalisation properties. i18n.defaultLocale = "en_GB.utf8"; networking = { hostName = "Niko"; domain = "depeuter.dev"; enableIPv6 = true; # Open ports in the firewall. firewall = { enable = true; }; networkmanager.enable = true; extraHosts = '' 192.168.0.11 jelly.depeuter.dev ''; }; nixpkgs.config.allowUnfree = true; # List services that you want to enable: services = { # Cage, a wayland kiosk service cage = { enable = true; environment = { # Do not fail when there are no input devices. # WLR_LIBINPUT_NO_DEVICES = "1"; }; extraArguments = [ "-d" # Don't draw client side decorations, when possible # "-m" "last" # Use only the last connected output "-s" # Allow VT switching ]; program = "/home/jellyfin-mpv-shim/start.sh"; user = config.users.users.jellyfin-mpv-shim.name; }; tailscale = { enable = true; useRoutingFeatures = "server"; authKeyFile = "/etc/nixos/tailscale-authkey"; extraUpFlags = [ "--advertise-routes=192.168.0.0/24" "--exit-node" ]; }; # Fix DNS issues. See: # https://github.com/tailscale/tailscale/issues/4254 # resolved.enable = true; }; sound.enable = true; # Define a user account. Don't forget to set a password with 'passwd'. users.users.jellyfin-mpv-shim = { description = "Jellyfin MPV Shim User"; isNormalUser = true; extraGroups = [ config.users.groups.audio.name config.users.groups.video.name ]; packages = with pkgs; [ jellyfin-mpv-shim mpv socat ]; }; systemd.services."cage-tty1".serviceConfig.Restart = "always"; system.stateVersion = "24.05"; virtualisation = { # Enable Android emulator # waydroid.enable = true; docker = { enable = true; autoPrune.enable = true; }; oci-containers = { backend = "docker"; containers = { reverse-proxy = { hostname = "traefik"; image = "traefik:v3.0"; cmd = [ "--api.insecure=true" # Add Docker provider "--providers.docker=true" "--providers.docker.exposedByDefault=false" # Add web entrypoint "--entrypoints.web.address=:80/tcp" "--entrypoints.web.http.redirections.entrypoint.to=websecure" "--entrypoints.web.http.redirections.entrypoint.scheme=https" # Add websecure entrypoint "--entrypoints.websecure.address=:443/tcp" "--entrypoints.websecure.http.tls=true" "--entrypoints.websecure.http.tls.certResolver=letsencrypt" "--entrypoints.websecure.http.tls.domains[0].main=depeuter.dev" "--entrypoints.websecure.http.tls.domains[0].sans=*.depeuter.dev" "--entrypoints.websecure.http.tls.domains[1].sans=*.niko.depeuter.dev" # Certificates "--certificatesresolvers.letsencrypt.acme.dnschallenge=true" "--certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare" "--certificatesresolvers.letsencrypt.acme.email=tibo.depeuter@telenet.be" "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" ]; ports = [ "80:80/tcp" "443:443/tcp" # "8080:8080/tcp" # The Web UI (enabled by --api.insecure=true) ]; environment = { # TODO Hide this! "CLOUDFLARE_DNS_API_TOKEN" = "6Vz64Op_a6Ls1ljGeBxFoOVfQ-yB-svRbf6OyPv2"; }; environmentFiles = [ ]; volumes = [ "/var/run/docker.sock:/var/run/docker.sock:ro" # So that Traefik can listen to the Docker events "letsencrypt:/letsencrypt" ]; labels = { "traefik.enable" = "true"; "traefik.http.routers.traefik.rule" = "Host(`traefik.niko.depeuter.dev`)"; "traefik.http.services.traefik.loadbalancer.server.port" = "8080"; }; autoStart = true; }; }; }; }; }