nix-configs/nixos/hosts/homeserver/default.nix

{
  config,
  lib,
  pkgs,
  apple-silicon,
  ...
}:

{
  nixpkgs.overlays = [ apple-silicon.overlays.apple-silicon-overlay ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = false;

  hardware.asahi.useExperimentalGPUDriver = true;
  hardware.asahi.extractPeripheralFirmware = true;

  networking.hostName = "homeserver";
  networking.networkmanager.enable = true;

  users.groups.media = { };
  users.users.media = {
    group = "media";
    isNormalUser = true;
  };

  services.xserver.xkb.layout = "us";

  services.audiobookshelf = {
    enable = true;
    group = "media";
    host = "0.0.0.0";
    openFirewall = true;
    port = 8000;
    user = "media";
  };

  services.avahi = {
    enable = true;
    publish = {
      enable = true;
      addresses = true;
      workstation = true;
    };
  };

  services.calibre-server = {
    enable = true;
    extraFlags = [ "--enable-local-write" ];
    group = "media";
    libraries = [ "/srv/books" ];
    openFirewall = true;
    port = 8585;
    user = "media";
  };

  services.openssh = {
    enable = true;
    settings.PasswordAuthentication = false;
    settings.KbdInteractiveAuthentication = false;
    settings.PermitRootLogin = "no";
  };

  networking.firewall.allowedTCPPorts = [ 22 ];
  networking.firewall.allowedUDPPorts = [ ];

  system.stateVersion = "25.11";
}
feat: new host homeserver 2025-06-10 21:45:02 +01:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`apple-silicon,`
			`...`
			`}:`

			`{`
			`nixpkgs.overlays = [ apple-silicon.overlays.apple-silicon-overlay ];`

			`boot.loader.systemd-boot.enable = true;`
			`boot.loader.efi.canTouchEfiVariables = false;`

			`hardware.asahi.useExperimentalGPUDriver = true;`
			`hardware.asahi.extractPeripheralFirmware = true;`

			`networking.hostName = "homeserver";`
			`networking.networkmanager.enable = true;`

feat: adds audiobookshelf and calibre-server 2025-06-13 20:19:23 +01:00			`users.groups.media = { };`
			`users.users.media = {`
			`group = "media";`
			`isNormalUser = true;`
			`};`

feat: new host homeserver 2025-06-10 21:45:02 +01:00			`services.xserver.xkb.layout = "us";`

feat: adds audiobookshelf and calibre-server 2025-06-13 20:19:23 +01:00			`services.audiobookshelf = {`
			`enable = true;`
			`group = "media";`
			`host = "0.0.0.0";`
			`openFirewall = true;`
			`port = 8000;`
			`user = "media";`
			`};`

feat: enable avahi to publish local name on homeserver 2025-06-13 10:56:42 +01:00			`services.avahi = {`
			`enable = true;`
			`publish = {`
			`enable = true;`
			`addresses = true;`
			`workstation = true;`
			`};`
			`};`

feat: adds audiobookshelf and calibre-server 2025-06-13 20:19:23 +01:00			`services.calibre-server = {`
			`enable = true;`
			`extraFlags = [ "--enable-local-write" ];`
			`group = "media";`
			`libraries = [ "/srv/books" ];`
			`openFirewall = true;`
			`port = 8585;`
			`user = "media";`
			`};`

feat: disallow passwords for ssh 2025-06-10 22:45:06 +01:00			`services.openssh = {`
			`enable = true;`
			`settings.PasswordAuthentication = false;`
			`settings.KbdInteractiveAuthentication = false;`
			`settings.PermitRootLogin = "no";`
			`};`
feat: new host homeserver 2025-06-10 21:45:02 +01:00
			`networking.firewall.allowedTCPPorts = [ 22 ];`
			`networking.firewall.allowedUDPPorts = [ ];`

			`system.stateVersion = "25.11";`
			`}`