87 lines
1.9 KiB
Nix
87 lines
1.9 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports = [ ./hardware-configuration.nix ];
|
|
|
|
# Bootloader
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
device = "/dev/sda";
|
|
useOSProber = false;
|
|
};
|
|
|
|
# Networking
|
|
networking.hostName = "home-server";
|
|
networking.networkmanager.enable = true;
|
|
|
|
# Static IP configuration
|
|
networking.interfaces.enp1s0 = {
|
|
useDHCP = false;
|
|
ipv4.addresses = [{
|
|
address = "192.168.1.100";
|
|
prefixLength = 24;
|
|
}];
|
|
};
|
|
networking.defaultGateway = "192.168.1.1";
|
|
networking.nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
|
|
|
# Additional services for a home server
|
|
services = {
|
|
# Network file sharing
|
|
samba = {
|
|
enable = true;
|
|
securityType = "user";
|
|
extraConfig = ''
|
|
workgroup = WORKGROUP
|
|
server string = Home Server
|
|
netbios name = HOME-SERVER
|
|
security = user
|
|
use sendfile = yes
|
|
max protocol = smb2
|
|
# note: localhost is the ipv4 localhost address
|
|
hosts allow = 192.168.1. 127.0.0.1 localhost
|
|
hosts deny = 0.0.0.0/0
|
|
'';
|
|
shares = {
|
|
public = {
|
|
path = "/mnt/data/public";
|
|
browseable = "yes";
|
|
"read only" = "no";
|
|
"guest ok" = "yes";
|
|
"create mask" = "0644";
|
|
"directory mask" = "0755";
|
|
};
|
|
private = {
|
|
path = "/mnt/data/private";
|
|
browseable = "yes";
|
|
"read only" = "no";
|
|
"guest ok" = "no";
|
|
"create mask" = "0644";
|
|
"directory mask" = "0755";
|
|
"valid users" = "laurent";
|
|
};
|
|
};
|
|
};
|
|
|
|
# Media server
|
|
jellyfin.enable = true;
|
|
};
|
|
|
|
# Firewall settings
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
22 # SSH
|
|
445 # SMB
|
|
139 # SMB
|
|
8096 # Jellyfin
|
|
];
|
|
allowedUDPPorts = [
|
|
137 # SMB
|
|
138 # SMB
|
|
];
|
|
};
|
|
|
|
# System state version
|
|
system.stateVersion = "24.05";
|
|
} |