Apr 15 20:55:32 jubjub systemd[1]: Starting Renew ACME certificate for domain.run...
Apr 15 20:55:32 jubjub (un-start)[41020]: acme-domain.run.service: Failed to determine group credentials: No such process
Apr 15 20:55:32 jubjub (un-start)[41020]: acme-domain.run.service: Failed at step GROUP spawning /nix/store/f008mkfkgqi40zgfp7bfs89kqncl3xgs-unit-script-acme-domain.run-start/bin/acme-domain.run-start: No such process
Apr 15 20:55:32 jubjub systemd[1]: acme-domain.run.service: Main process exited, code=exited, status=216/GROUP
Apr 15 20:55:32 jubjub systemd[1]: acme-domain.run.service: Failed with result 'exit-code'.
Apr 15 20:55:32 jubjub systemd[1]: Failed to start Renew ACME certificate for domain.run.

Edit this configuration file to define what should be installed on

your system. Help is available in the configuration.nix(5) man page, on

https://search.nixos.org/options and in the NixOS manual (nixos-help).

{
config,
lib,
pkgs,
...
}:

{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];

Use the systemd-boot EFI boot loader.

boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.zfs.extraPools = [ "jjpool" ];

Define a user account. Don't forget to set a password with ‘passwd’.

users.users = {
conor = {
isNormalUser = true;
home = "/home/conor";
description = "";
extraGroups = [
"wheel"
"plex"
];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
""
];
};
};

List packages installed in system profile. To search, run:

environment.systemPackages = with pkgs; [
git
gh
wget
openssl
neofetch
tmux
rsync
iotop
nmap
lsof
htop
powertop
nixfmt-rfc-style
wireguard-tools
bind
tcpdump
qbittorrent-nox
((vim_configurable.override { }).customize {
name = "vim";
# Install plugins for example for syntax highlighting of nix files
vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
start = [
vim-nix
vim-lastplace
];
opt = [ ];
};
vimrcConfig.customRC = ''
" your custom vimrc
set nocompatible
set backspace=indent,eol,start
set number
set title
" Turn on syntax highlighting by default
syntax on
" ...
'';
})
];

nixpkgs = {
config = {
allowUnfree = true;
};
};

List of programs to enable

programs = {
zsh = {
enable = true;
enableCompletion = true;
enableBashCompletion = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
histSize = 10000;

  shellAliases = {
    nixos = "cd ~/nixos-config";
    switch = "nixos-rebuild switch --flake .#jubjub --use-remote-sudo";
    garbage = "nix-collect-garbage --delete-older-than 7d";
    jja = "cd /mnt/data1/video";
    jjf = "cd /mnt/data1/files";
    jji = "cd /mnt/data1/inbox";
    jjm = "cd /mnt/data1/video/Movies";
    jjtv = "cd /mnt/data1/video/TV";
  };

};

};

List services that you want to enable:

services = {
# Start SSHD
openssh.enable = true;

# Setup AFP  Server
netatalk = {
  enable = true;
  settings = {
    audio = {
      path = "/mnt/data1/audio";
      "valid users" = "conor";
    };
    files = {
      path = "/mnt/data1/files";
      "valid users" = "conor";
    };
    inbox = {
      path = "/mnt/data1/inbox";
      "valid users" = "conor";
    };
    photo = {
      path = "/mnt/data1/photo";
      "valid users" = "conor";
    };
    video = {
      path = "/mnt/data1/video";
      "valid users" = "conor";
    };
    backup-itchy = {
      path = "/mnt/data1/backup/itchy";
      "valid users" = "conor";
      "time machine" = "yes";
    };
  };
};

# Enable Avahi Service
avahi = {
  enable = true;
  nssmdns4 = true;
  publish = {
    enable = true;
    userServices = true;
  };
};

# Enable Plex Media Server
plex.enable = true;
plex.openFirewall = true;

# Enable Resolved
resolved = {
  enable = true;
  fallbackDns = [
    "91.231.153.2"
    "192.211.0.2"
  ];
  extraConfig = ''
    DNSStubListener=no
  '';
};

};

networking = {
hostName = "jubjub"; # Define your hostname.
useNetworkd = true;
enableIPv6 = false;
nameservers = [
"91.231.153.2"
"192.211.0.2"
];
firewall = {
enable = true; # Enable firewall
allowedTCPPorts = [
80
443
548
8080
53897
];
allowedUDPPorts = [
5353
51820
];
};

wg-quick.interfaces = {
  wg0 = {
    address = [ "<redacted>" ];
    dns = [
      "<redacted>"
      "<redacted>"
    ];
    peers = [
      {
        allowedIPs = [ "0.0.0.0/0" ];
        endpoint = "<redacted>";
        publicKey = "<redacted>";

      }
    ];
    privateKeyFile = "/var/lib/lxxx-privkey";
    listenPort = 51820;
  };
};

};

systemd.services.qbittorrent =
let
qbittorrent = pkgs.qbittorrent.override { guiSupport = false; };
in
{
enable = true;
description = "qbittorrent daemon";
documentation = [ "man:qbittorrent-nox(1)" ];
wants = [ "network-online.target" ];
after = [
"network-online.target"
"nss-lookup.target"
];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${qbittorrent}/bin/qbittorrent-nox";
User = "conor";
};
};

Check if share folder is created and set

systemd.tmpfiles.rules = [
"d /mnt/data1 0755 conor users"
"Z /mnt/data1 0755 conor users"
];

This option defines the first version of NixOS you have installed on this particular machine,

and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.

Most users should NEVER change this value after the initial install, for any reason,

even if you've upgraded your system to a new NixOS release.

This value does NOT affect the Nixpkgs version your packages and OS are pulled from,

so changing it will NOT upgrade your system.

This value being lower than the current NixOS release does NOT mean your system is

out of date, out of support, or vulnerable.

Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,

and migrated your data accordingly.

For more information, see man configuration.nix or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .

system.stateVersion = "23.11"; # Did you read the comment?

nix = {
extraOptions = "experimental-features = nix-command flakes";
};

}

  security.acme = {
    acceptTerms = true;
    defaults.email = "conor+acme@domain.com";
    certs = {
      "conr.run" = {
        domain = "domain.com";
        group = "nginx";
        dnsProvider = "porkbun";
        environmentFile = "/var/lib/private/porkbun";
      };
    };
  }