API tools faq
paste
mounty

TPX1.nix

mounty
Dec 7th, 2025
51
0
330 days
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JSON 6.63 KB | Software | 0 0
raw download clone embed print report
  1. # Edit this configuration file to define what should be installed on
  2. # your system.  Help is available in the configuration.nix(5) man page
  3. # and in the NixOS manual (accessible by running ‘nixos-help’).
  4.  
  5. { config, pkgs, ... }:
  6.  
  7. {
  8.     imports = [ ./hardware-configuration.nix ];
  9.  
  10.     # Use the systemd-boot EFI boot loader.
  11.     boot.loader.systemd-boot.enable = true;
  12.     boot.loader.efi.canTouchEfiVariables = true;
  13.  
  14.     boot.extraModulePackages = [ config.boot.kernelPackages.evdi ];
  15.     boot.initrd.kernelModules = [ "evdi" ];
  16.  
  17.     # Use latest kernel.
  18.     boot.kernelPackages = pkgs.linuxPackages_6_17;
  19.  
  20.     boot.resumeDevice = "/dev/disk/by-label/swap";
  21.     # Needed for myStream distribution directory creation.
  22.     boot.kernel.sysctl."fs.protected_hardlinks" = false;
  23.  
  24.     swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
  25.  
  26.     networking.networkmanager = {
  27.         enable = true;
  28.         plugins = [ pkgs.networkmanager-openvpn ];
  29.     };
  30.     networking.hostName = "ida";
  31.  
  32.     # Set your time zone.
  33.     time.timeZone = "Australia/Brisbane";
  34.  
  35.     # The global useDHCP flag is deprecated, therefore explicitly set to false here.
  36.     # Per-interface useDHCP will be mandatory in the future.
  37.     networking.useDHCP = false;
  38.  
  39.     # Select internationalisation properties.
  40.     i18n.defaultLocale = "en_US.UTF-8";
  41.  
  42.     fileSystems."/mnt/az-storage" =
  43.         { device = "//ngv.file.core.windows.net/office";
  44.             fsType = "cifs";
  45.             options = ["nofail" "user" "vers=3.0" "credentials=/home/mounty/NGV/az-storage.cred" "dir_mode=0777" "file_mode=0777" "serverino"];
  46.         };
  47.  
  48.     fileSystems."/mnt/mymedia" =
  49.         { device = "172.16.47.8:/Media";
  50.             fsType = "nfs";
  51.             options = [ "nofail" "user" "nfsvers=3" "ro" "x-systemd.requires=openvpn-office.service" "x-systemd.automount" "x-systemd.idle-timeout=600" ];
  52.         };
  53.  
  54.     services.xserver = {
  55.         enable = true;
  56.         videoDrivers = [ "displaylink" ];
  57.         xkb.layout = "us";
  58.     };
  59.  
  60.     services.desktopManager.gnome.enable = true;
  61.  
  62.     services.displayManager.gdm.enable = true;
  63.  
  64.     services.libinput.enable = true;
  65.  
  66.     services.printing.enable = true;
  67.  
  68.     nixpkgs.config.allowUnfree = true;
  69.     nixpkgs.config.android_sdk.accept_license = true;
  70.  
  71.     # Enable sound.
  72.     services.pulseaudio.enable = false;
  73.     services.pipewire = {
  74.         enable = true;
  75.         pulse.enable = true;
  76.     };
  77.  
  78.     services.httpd = {
  79.         enable = false;
  80.         adminAddr = "[email protected]";
  81.         mpm = "prefork";
  82.         phpPackage = pkgs.php82;
  83.         extraModules = [ "deflate" ];
  84.         enablePHP = true;
  85.  
  86.         virtualHosts."localhost" = {
  87.             documentRoot = "/home/mounty/vault/vtigercrm";
  88.             extraConfig = ''
  89.                 <FilesMatch \.php$>
  90.                     SetHandler "proxy:unix:/run/phpfpm-nextcloud/nextcloud.sock|fcgi://localhost/"
  91.                 </FilesMatch>
  92.                 <Directory />
  93.                 DirectoryIndex index.php
  94.                 Require all granted
  95.                 </Directory>
  96.             '';
  97.             # want ssl + a let's encrypt certificate? add `forceSSL = true;` right here
  98.         };
  99.     };
  100.  
  101.     users.users.mounty = {
  102.         description = "Michael Mounteney";
  103.         group = "users";
  104.         uid = 573;
  105.         home = "/home/mounty";
  106.         homeMode = "700";
  107.         shell = pkgs.bash;
  108.         createHome = false;
  109.         extraGroups = [ "wheel" "scanner" "lp" ]; # Enable ‘sudo’ for the user.
  110.     };
  111.  
  112.     users.groups.trove = {
  113.         gid = 1002;
  114.     };
  115.  
  116.     # For mystream
  117.     users.users.trove = {
  118.         isNormalUser = true;
  119.         name = "trove";
  120.         description = "Mystream content owner";
  121.         group = "trove";
  122.         uid = 1002;
  123.         createHome = false;
  124.         shell = pkgs.shadow;
  125.     };
  126.  
  127.     # List packages installed in system profile. To search, run:
  128.     # $ nix search wget
  129.     environment.systemPackages = with pkgs; [
  130.         # hardware and firmware
  131.         displaylink
  132.         pciutils usbutils efibootmgr f2fs-tools glmark2
  133.         # CLI
  134.         nix-index binutils-unwrapped
  135.         mariadb.client postgresql
  136.         file
  137.         powershell
  138.         gnupg unzip zip zlib.dev unrar
  139.         tcpdump
  140.         jq
  141.         tree
  142.         azure-cli
  143.         loki grafana-loki
  144.         # Programming CLI
  145.         gcc15 rustc rustup cargo nodejs jdk openjdk kotlin php83
  146.         jujutsu
  147.         git gh mercurial vim-full subversion fossil
  148.         # python python3Full
  149.         (python312.withPackages(ps: with ps; [
  150.             pip
  151.             setuptools
  152.             psycopg2
  153.             flask-sqlalchemy
  154.             sqlalchemy
  155.             flask
  156.             requests
  157.             websocket-client
  158.             paramiko
  159.         ]))
  160.         jetbrains.idea-ultimate maven gradle spring-boot-cli android-studio-full
  161.         awscli stripe-cli
  162.         # Desktop
  163.         gnome-screenshot
  164.         gnome-tweaks
  165.         shotwell
  166.         gnome-sound-recorder
  167.         gnumeric
  168.         libreoffice
  169.         simplescreenrecorder
  170.         vlc
  171.         tigervnc
  172.         gimp
  173.         ffmpeg
  174.         wine
  175.         anki
  176.         dosbox
  177.         # mystream
  178.         yt-dlp
  179.         # Network CLI
  180.         bind wget curl openssl putty inetutils networkmanager teamviewer x11vnc
  181.         # Documentation
  182.         graphviz
  183.         (pkgs.texlive.combine {
  184.             inherit (pkgs.texlive) scheme-full pgf ;
  185.         })
  186.         # Browsers
  187.         firefox chromium
  188.     ];
  189.  
  190.     programs.geary.enable = false;
  191.  
  192.     programs.nix-ld.enable = true;
  193.  
  194.     services.postgresql = {
  195.         enable = true;
  196.         package = pkgs.postgresql_14;
  197.         dataDir = "/home/postgres";
  198.         enableTCPIP = true;
  199.         initialScript = pkgs.writeText "backend-initScript" ''
  200.             CREATE ROLE mediaman WITH LOGIN PASSWORD 'zem56$W7' CREATEDB;
  201.             CREATE DATABASE mystream;
  202.             GRANT ALL PRIVILEGES ON DATABASE mystream TO mediaman;
  203.             '';
  204.     };
  205.  
  206.     services.teamviewer.enable = true;
  207.  
  208.     programs.evolution = {
  209.         enable = true;
  210.         plugins = [ pkgs.evolution-ews ];
  211.     };
  212.  
  213.     # Some programs need SUID wrappers, can be configured further or are
  214.     # started in user sessions.
  215.     # programs.mtr.enable = true;
  216.     # programs.gnupg.agent = {
  217.     #   enable = true;
  218.     #   enableSSHSupport = true;
  219.     # };
  220.     programs.command-not-found.enable = true;
  221.  
  222.     services.ntp.enable = true;
  223.  
  224.     services.openssh = {
  225.         enable = true;
  226.         settings = {
  227.             PasswordAuthentication = false;
  228.         };
  229.         ports = [ 3887 ];
  230.     };
  231.  
  232.     systemd.services.dlm.wantedBy = [ "multi-user.target" ];
  233.  
  234.     # Open ports in the firewall.
  235.     # networking.firewall.allowedTCPPorts = [ ... ];
  236.     # networking.firewall.allowedUDPPorts = [ ... ];
  237.     # Or disable the firewall altogether.
  238.     networking.firewall.enable = false;
  239.  
  240.     # Enables deployment of Kitten to Azure with private net and DNS
  241.     networking.extraHosts = ''
  242. 10.245.0.10 ngv-rabbit.azurewebsites.net ngv-rabbit.scm.azurewebsites.net
  243. 10.245.0.9  ngv-kitten.azurewebsites.net ngv-kitten.scm.azurewebsites.net
  244. 10.245.0.8  wifi-hotspot.azurewebsites.net wifi-hotspot.scm.azurewebsites.net
  245. 10.245.0.7  wifi-hotspot-admin.azurewebsites.net wifi-hotspot-admin.scm.azurewebsites.net
  246. 10.245.0.4  5p.azurewebsites.net 5p.scm.azurewebsites.net
  247. 172.16.255.34   tuleap.ngv.com.au
  248. 3.106.222.95    vtest.ngv.com.au
  249. 192.168.177.26  logan.mycamp.local
  250.     '';
  251.  
  252.     # This value determines the NixOS release from which the default
  253.     # settings for stateful data, like file locations and database versions
  254.     # on your system were taken. It‘s perfectly fine and recommended to leave
  255.     # this value at the release version of the first install of this system.
  256.     # Before changing this value read the documentation for this option
  257.     # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  258.     system.stateVersion = "25.05";
  259. }
  260.  
Tags: nixos
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!