{ config, lib, pkgs, timeZone, ... }:
let
srvConfig = config.serverConfig;
in
{
options.serverConfig= {
userName = lib.mkOption {
type = lib.types.str;
description = "Main username for system";
};
hostName = lib.mkOption {
type = lib.types.str;
description = "Hostname for system";
};
hostId = lib.mkOption {
type = lib.types.str;
description = "Host ID";
};
email = lib.mkOption {
type = lib.types.str;
description = "Email for server box";
};
sshEnable = lib.mkOption {
default = false;
description = "Whether to enable ssh server";
};
nfsEnable = lib.mkOption {
default = false;
};
nfsRoot = lib.mkOption {
default = "/nfs_export";
type = lib.types.str;
};
nfsExports = lib.mkOption {
default = [];
description = "List of file paths provided as strings to the nfs exports";
};
nfsIpExport = lib.mkOption {
type = lib.types.str;
description = "Where to export the shares to i.e. 192.168.0.0/24 (export to local network)";
};
syncthingEnable = lib.mkOption {
default = false;
description = "Whether to enable syncThing host on this machine";
};
};
imports = [
./modules/user/main_user.nix
];
config = {
# Enable flakes feature
nix.settings.experimental-features = [
"nix-command" "flakes"
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostId = srvConfig.hostId;
hostName = srvConfig.hostName; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networkmanager.enable = true; # Easiest to use and most distros use this by default.
};
time.timeZone = timeZone;
main_user = {
enable = true;
userName = srvConfig.userName;
isDesktopUser = false;
};
environment.systemPackages = with pkgs; [
docker
docker-compose
zsh
];
programs.zsh.enable = true;
services.openssh = lib.mkIf srvConfig.sshEnable {
enable = true;
};
# nfs options breakdown: link for export options https://linux.die.net/man/5/exports
# rw - default read write
# sync - wait until requests are saved to disk to respond to clients, safer but slower
# no_subtree_check -
services.nfs.server = lib.mkIf srvConfig.nfsEnable {
enable = true;
exports = ''
${srvConfig.nfsRoot} ${srvConfig.nfsIpExport}(rw,fsid=root,no_subtree_check)
${lib.concatMapStringsSep "\n" (n: "${srvConfig.nfsRoot}${n} ${srvConfig.nfsIpExport}(rw,sync,no_subtree_check,no_root_squash)") srvConfig.nfsExports}
'';
};
# nfs port TODO make dependant on option enabled
# 2049 - nfs
# 8384 - syncthing
networking.firewall.allowedTCPPorts = [ 2049 8384 ];
services.syncthing = lib.mkIf srvConfig.syncthingEnable {
enable = true;
user = "myusername";
dataDir = "${srvConfig.nfsRoot}/kage/syncthing";
configDir = "${srvConfig.nfsRoot}/kage/.config/syncthing";
# overrideDevices = true; # overrides any devices added or deleted through the WebUI
# overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
# "supernote" = { id = "DEVICE-ID-GOES-HERE"; };
# "pixel" = { id = "DEVICE-ID-GOES-HERE2"; };
# "winmax" = { id = "id3"; };
# "nix-box" = { id = "id4"; };
};
folders = {
"supernote" = { # Name of folder in Syncthing, also the folder ID
path = "${srvConfig.nfsRoot}/kage/syncthing/supernote"; # Which folder to add to Syncthing
# devices = [ "supernote" "pixel" ]; # Which devices to share the folder with
};
"web" = { # Name of folder in Syncthing, also the folder ID
path = "${srvConfig.nfsRoot}/kage/syncthing/web"; # Which folder to add to Syncthing
# devices = [ "supernote" "pixel" "winmax" "nix-box" ]; # Which devices to share the folder with
};
};
};
};
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
system.stateVersion = "23.11"; # Did you read the comment?
};
}