blaine
/
infra


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124
							# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Boot
  boot.loader.timeout = 1;
  boot.loader.systemd-boot.enable = true; 

  # Set hostname
  networking.hostName = "{% if 'bootstrap' not in group_names %}{{ inventory_hostname }}{% else %}nixos-kodi{% endif %}";

  # Set time zone.
  time.timeZone = "America/Los_Angeles";


  # Network settings
  networking.interfaces.{{ ansible_default_ipv4.interface }}.useDHCP = true;
  networking.enableIPv6 = false;
  networking.firewall.allowedTCPPorts = [ 
    8080 # kodi webUI
    5377 # wsdd
  ];
  networking.firewall.allowedUDPPorts = [
    8080 # kodi webUI
    5377 # wsdd
  ];


  # Kodi
  services.xserver.enable = true;
  services.xserver.desktopManager.kodi.enable = true;
  services.xserver.desktopManager.kodi.package = pkgs.kodi.withPackages (p: with p; [ kodi pvr-hts ]);
  services.xserver.displayManager.autoLogin.enable = true;
  services.xserver.displayManager.autoLogin.user = "kodi";
  services.xserver.displayManager.job.preStart = "/run/current-system/sw/bin/systemctl start network-online.target";
  users.users.kodi.isNormalUser = true;


  # Inhibit Screen/Power Off
  services.logind.extraConfig = "HandlePowerKey=ignore";
  services.xserver.displayManager.sessionCommands = ''
    xset dpms 0 0 0
    xset s off -dpms
  '';
 
  # Hardware
  sound.enable = true;
  hardware.pulseaudio.enable = true;
  boot.kernelPackages = pkgs.linuxPackages_latest; # Nix defaults to LTS kernel

  # Packages
  environment.systemPackages = with pkgs; [
    python3
    vim 
    nano
    htop
    glances
    nethogs
    tmux
    inxi
  ];


  # SSH
  services.openssh.enable = true;
  users.users.root.openssh.authorizedKeys.keys = [
{% for pubkey in ssh_root_keys %}
    "{{ pubkey }}"
{% endfor %}
  ];

  # NixOS Auto Upgrades and Cleanup
  nix.gc.automatic = true;
  nix.gc.dates = "monthly";
  system.autoUpgrade.enable = true;
  system.autoUpgrade.allowReboot = true;
  system.autoUpgrade.dates = "weekly";


  services.samba-wsdd.enable = true; # makes shares visible for windows 10 clients
  services.samba = {
    enable = true;
    openFirewall = true;
    securityType = "user";
    extraConfig = ''
      workgroup = WORKGROUP
      server string = smb{{ inventory_hostname }}
      netbios name = smb{{ inventory_hostname }}
      security = user
      guest account = kodi
      map to guest = bad user
    '';
    shares = {
      kodi = {
        path = "/home/kodi";
        browseable = "yes";
        "read only" = "no";
        "guest ok" = "yes";
        "force user" = "kodi";
        "force group" = "users";
        "create mask" = "0644";
        "directory mask" = "0755";
      };
    };
  };


  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.11"; # Did you read the comment?

}