me like nix
1{
2 pkgs,
3 config,
4 ...
5}:
6
7{
8 imports = [
9 # Include the results of the hardware scan.
10 ./hardware-configuration.nix
11 ../common/common.nix
12 ];
13
14 networking.hostName = "mira"; # Define your hostname.
15 # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
16
17 # Configure network proxy if necessary
18 # networking.proxy.default = "http://user:password@proxy:port/";
19 # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
20
21 # this is like a network devices discovery thing
22 services.avahi = {
23 enable = true;
24 nssmdns4 = true;
25 openFirewall = true;
26 };
27
28 services.openssh = {
29 enable = true;
30 ports = [ 5431 ];
31 settings = {
32 PasswordAuthentication = false;
33 KbdInteractiveAuthentication = false;
34 PermitRootLogin = "no";
35 AllowUsers = [ "sean" ];
36 };
37 };
38
39 users.users.sean.openssh.authorizedKeys.keys = [
40 "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDCIqgZ7kedxo+mOW7YG73Vp3zel3h180y3GKvHtRsXfGlpIIvRDy7pgCBQ4AGXYD4y78URQmFohYSAPqCPOPaWcU2un3XG9KvCzEsHmsbskPonitUmCiKvrKkb6oW4jCBtd7AEtBn+AiajAQFtPZ7NN2Df3AmTypvR6Irg7R+nxnfc9NTIHmGvxSDyWcbb4pguL20sctUSqGL6xGh8q/bqhdOThSimM+z9bEUNxK/5rPhwkNniMrp4pJcUrUiAh5/4DiRFG6KT+oeg+/myoz/Z1sPvAs7u/8JDQI4RshRD8Hu0oTkRBN6Hxj478q2SXbeBUZlD6IdjP3RhGpmSecoDdtWqKbpuV3eVRtQtba3KL86GBeV/bugaOdJ1Aud+1SOFJreAAuvxzMMKT+cdQZk6oOPP148DA/No+mDm/2S43lcdCXh79wA6YRAmKQ8jmZxTCtPutrvuZK1rguvvUlEoG/vhdNHh7eDa4Td07V6bjCRPUl8qk/e4M0E3pwsTlZc="
41 ];
42
43 programs.steam = {
44 enable = true;
45 };
46
47 # List services that you want to enable:
48 nixarr = {
49 enable = true;
50 mediaDir = "/mnt/storage1/nixarr/media";
51 vpn = {
52 enable = true;
53 wgConf = "/mnt/storage1/nixarr/wireguard.conf";
54 };
55
56 jellyfin = {
57 enable = true;
58 openFirewall = true;
59 };
60
61 transmission = {
62 enable = true;
63 vpn.enable = true;
64 };
65 sabnzbd = {
66 enable = true;
67 vpn.enable = true;
68 openFirewall = true;
69 };
70
71 prowlarr.enable = true;
72 radarr.enable = true;
73 sonarr.enable = true;
74 jellyseerr = {
75 enable = true;
76 openFirewall = true;
77 };
78
79 recyclarr = {
80 enable = true;
81 configuration = {
82 sonarr = {
83 series = {
84 base_url = "http://localhost:8989";
85 api_key = "!env_var SONARR_API_KEY";
86 quality_definition = {
87 type = "series";
88 };
89 delete_old_custom_formats = true;
90 custom_formats = [
91 {
92 trash_ids = [
93 "85c61753df5da1fb2aab6f2a47426b09" # BR-DISK
94 "9c11cd3f07101cdba90a2d81cf0e56b4" # LQ
95 ];
96 assign_scores_to = [
97 {
98 name = "WEB-DL (1080p)";
99 score = -10000;
100 }
101 ];
102 }
103 ];
104 };
105 };
106 radarr = {
107 movies = {
108 base_url = "http://localhost:7878";
109 api_key = "!env_var RADARR_API_KEY";
110 quality_definition = {
111 type = "movie";
112 };
113 delete_old_custom_formats = true;
114 custom_formats = [
115 {
116 trash_ids = [
117 "570bc9ebecd92723d2d21500f4be314c" # Remaster
118 "eca37840c13c6ef2dd0262b141a5482f" # 4K Remaster
119 ];
120 assign_scores_to = [
121 {
122 name = "HD Bluray + WEB";
123 score = 25;
124 }
125 ];
126 }
127 ];
128 };
129 };
130 };
131 };
132 };
133
134 # MQTT broker for Home Assistant (Tasmota devices)
135 services.mosquitto = {
136 enable = true;
137 listeners = [
138 {
139 acl = [ "pattern readwrite #" ];
140 omitPasswordAuth = true;
141 settings.allow_anonymous = true;
142 }
143 ];
144 };
145
146 # Home Assistant service
147 services.home-assistant = {
148 enable = true;
149 extraComponents = [
150 "esphome"
151 "met"
152 "radio_browser"
153 "homekit"
154 "homekit_controller"
155 "isal"
156 "mqtt"
157 "tasmota"
158 "wiz"
159 ];
160 config = {
161 homeassistant = {
162 time_zone = "America/Toronto";
163 };
164 default_config = { };
165 zeroconf = { };
166 # MQTT configuration - broker must be set up via UI
167 mqtt = { };
168 };
169 };
170
171 # Enable the OpenSSH daemon.
172 # services.openssh.enable = true;
173
174 # Open ports in the firewall.
175 networking.firewall.allowedTCPPorts = [
176 8096 # jellyfin
177 5055 # jellyseer
178 3000 # vite dev port
179 1883 # MQTT for Tasmota devices
180 config.services.home-assistant.config.http.server_port
181 ];
182 networking.firewall.allowedUDPPorts = [
183 ];
184 # networking.firewall.enable = false;
185
186 # This value determines the NixOS release from which the default
187 # settings for stateful data, like file locations and database versions
188 # on your system were taken. It‘s perfectly fine and recommended to leave
189 # this value at the release version of the first install of this system.
190 # Before changing this value read the documentation for this option
191 # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
192 system.stateVersion = "25.05"; # Did you read the comment?
193
194}