Alexuty
/
nixos-configuration
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd07336f337'
${ noResults }
nixos-configuration/domus.nix

233 lines
6.8 KiB
Nix
Raw Normal View History Unescape Escape

Add domus files
3 months ago
{ config, pkgs, inputs, ... }:
{
imports =
[
./domus-hardware.nix
inputs.sops-nix.nixosModules.sops
];
# Secrets
oopsie 2
3 months ago
sops.defaultSopsFile = ./secrets/secrets.yaml;
Add domus files
3 months ago
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/alexuty/.config/sops/age/keys.txt";
oopsie
3 months ago
sops.secrets."syncthing/devices/Primus" = { };
sops.secrets."syncthing/devices/AbbyPuter" = { };
sops.secrets."syncthing/devices/SteamDeck" = { };
sops.secrets."syncthing/devices/Pixel8" = { };
Add domus files
3 months ago
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "domus"; # Define your hostname.
# zsh
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/New_York";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "es,us";
options = "eurosign:e,grp:win_space_toggle";
};
# Define a user account. Don't forget to set a password with passwd.
users.users.alexuty = {
isNormalUser = true;
description = "Álex Santiago";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh = {
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEhNRjcduW2VQEv6q5DGOK6cA0Y0pwq+jkxaqun4rHu alexuty@primus"
];
};
packages = with pkgs; [];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile.
environment.systemPackages = with pkgs; [
cloudflared
fastfetch
git
htop
tldr
wget
];
# Cloudflared workaround
systemd.user.services.cloudflared-workaround = {
name = "cloudflared-workaround.service";
enable = true;
after = [ "network.target" ];
wantedBy = [ "default.target" ];
description = "cloudflared workaround";
# script = "/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run";
serviceConfig = {
ExecStart = ''/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run'';
};
};
# Services
services = {
/*cloudflared = {
enable = true;
tunnels = {
"nixservers" = {
credentialsFile = "/root/.cloudflared[]].json";
default = "http_status:404";
};
};
};*/
grocy = {
enable = true; # Enable Grocy
hostName = "grocy.tld";
nginx.enableSSL = false; # Disable SSL for Grocy vhost (for now)
};
nginx = {
enable = true;
recommendedTlsSettings = true;
virtualHosts = {
"grocy.tld" = {
listen = [
{ addr = "192.168.1.3";
port = 8080; }
];
};
"alexuty.me" = {
default = true;
root = "/var/www/alexuty";
serverName = "alexuty.me";
};
};
};
openssh = {
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
photoprism = {
address = "192.168.1.3";
enable = true; # Enable PhotoPrism
originalsPath = "/var/lib/private/photoprism/originals"; # Storage path of the original photos & videos
settings = {
# Authentication
PHOTOPRISM_ADMIN_USER = "admin"; # Name the admin user
# Storage
PHOTOPRISM_ORIGINALS_LIMIT = "-1"; # Disable maximum size
PHOTOPRISM_RESOLUTION_LIMIT = "-1"; # Disable maximum resolution
};
};
tailscale = {
enable = true; # Enable Tailscale
openFirewall = true; # Open the firewall
useRoutingFeatures = "server"; # Enable exit node capability
extraUpFlags = [ "--advertise-exit-node" ]; # Advertise the exit node onstartup
};
syncthing = {
enable = true; # Enable Syncthing
user = "syncthing";
dataDir = "/home/syncthing";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
settings = {
devices = {
"Primus" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';};
"Abby Puter" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/AbbyPuter".path})'';};
"Steam Deck" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/SteamDeck".path})'';};
"Pixel 8" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';};
};
folders = {
"Filesharing" = {
id = "c214z-c1km3";
path = "~/SyncthingData/Filesharing";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
};
"Mediashare" = {
id = "cahl5-vtsh5";
path = "~/SyncthingData/Mediashare";
devices = [ "Primus" "Abby Puter" ];
};
"Obsidian" = {
id = "hi6zs-qwbfq";
path = "~/SyncthingData/Obsidian";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
"PasswordDB" = {
id = "mfhng-tbayv";
path = "~/SyncthingData/PasswordDB";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
"Side Projects" = {
id = "9vse5-doq7d";
path = "~/SyncthingData/SideProjects";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
"University" = {
id = "7lzgh-tadkg";
path = "~/SyncthingData/University";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
};
};
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 80 443 2342 8384 8080 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
system.stateVersion = "23.11";
}