From 8d74f53843283f7e10b22d32d64bc355d8db80c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lex=20Santiago?= Date: Fri, 21 Jun 2024 01:18:49 -0400 Subject: [PATCH] Add domus files --- domus-hardware.nix | 39 ++++++++ domus.nix | 232 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 271 insertions(+) create mode 100644 domus-hardware.nix create mode 100644 domus.nix diff --git a/domus-hardware.nix b/domus-hardware.nix new file mode 100644 index 0000000..66ef316 --- /dev/null +++ b/domus-hardware.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c63542f1-2560-4ff0-b006-962e01ed0c98"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0C38-195E"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/9527d1f5-4e9a-4568-8247-c08e76dd1a2b"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/domus.nix b/domus.nix new file mode 100644 index 0000000..ee332a1 --- /dev/null +++ b/domus.nix @@ -0,0 +1,232 @@ +{ config, pkgs, inputs, ... }: + +{ + imports = + [ + ./domus-hardware.nix + inputs.sops-nix.nixosModules.sops + ]; + + # Secrets + sops.defaultSopsFile = .secrets/secrets.yaml; + sops.defaultSopsFormat = "yaml"; + sops.age.keyFile = "/home/alexuty/.config/sops/age/keys.txt"; + sops.secrets."syncthing/devices/Primus" + sops.secrets."syncthing/devices/AbbyPuter" + sops.secrets."syncthing/devices/SteamDeck" + sops.secrets."syncthing/devices/Pixel8" + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "domus"; # Define your hostname. + + # zsh + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/New_York"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "es,us"; + options = "eurosign:e,grp:win_space_toggle"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.alexuty = { + isNormalUser = true; + description = "Álex Santiago"; + extraGroups = [ "networkmanager" "wheel" ]; + linger = true; + openssh = { + authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEhNRjcduW2VQEv6q5DGOK6cA0Y0pwq+jkxaqun4rHu alexuty@primus" + ]; + }; + packages = with pkgs; []; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. + environment.systemPackages = with pkgs; [ + cloudflared + fastfetch + git + htop + tldr + wget + ]; + + # Cloudflared workaround + systemd.user.services.cloudflared-workaround = { + name = "cloudflared-workaround.service"; + enable = true; + after = [ "network.target" ]; + wantedBy = [ "default.target" ]; + description = "cloudflared workaround"; + # script = "/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run"; + serviceConfig = { + ExecStart = ''/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run''; + }; + }; + + # Services + services = { + /*cloudflared = { + enable = true; + tunnels = { + "nixservers" = { + credentialsFile = "/root/.cloudflared[]].json"; + default = "http_status:404"; + }; + }; + };*/ + grocy = { + enable = true; # Enable Grocy + hostName = "grocy.tld"; + nginx.enableSSL = false; # Disable SSL for Grocy vhost (for now) + }; + nginx = { + enable = true; + recommendedTlsSettings = true; + virtualHosts = { + "grocy.tld" = { + listen = [ + { addr = "192.168.1.3"; + port = 8080; } + ]; + }; + "alexuty.me" = { + default = true; + root = "/var/www/alexuty"; + serverName = "alexuty.me"; + }; + }; + }; + openssh = { + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + photoprism = { + address = "192.168.1.3"; + enable = true; # Enable PhotoPrism + originalsPath = "/var/lib/private/photoprism/originals"; # Storage path of the original photos & videos + settings = { + # Authentication + PHOTOPRISM_ADMIN_USER = "admin"; # Name the admin user + # Storage + PHOTOPRISM_ORIGINALS_LIMIT = "-1"; # Disable maximum size + PHOTOPRISM_RESOLUTION_LIMIT = "-1"; # Disable maximum resolution + }; + }; + tailscale = { + enable = true; # Enable Tailscale + openFirewall = true; # Open the firewall + useRoutingFeatures = "server"; # Enable exit node capability + extraUpFlags = [ "--advertise-exit-node" ]; # Advertise the exit node onstartup + }; + syncthing = { + enable = true; # Enable Syncthing + user = "syncthing"; + dataDir = "/home/syncthing"; + overrideDevices = true; + overrideFolders = true; + openDefaultPorts = true; + settings = { + devices = { + "Primus" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';}; + "Abby Puter" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/AbbyPuter".path})'';}; + "Steam Deck" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/SteamDeck".path})'';}; + "Pixel 8" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';}; + }; + folders = { + "Filesharing" = { + id = "c214z-c1km3"; + path = "~/SyncthingData/Filesharing"; + devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; + }; + "Mediashare" = { + id = "cahl5-vtsh5"; + path = "~/SyncthingData/Mediashare"; + devices = [ "Primus" "Abby Puter" ]; + }; + "Obsidian" = { + id = "hi6zs-qwbfq"; + path = "~/SyncthingData/Obsidian"; + devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; + versioning = { + type = "simple"; + params.keep = "5"; + }; + }; + "PasswordDB" = { + id = "mfhng-tbayv"; + path = "~/SyncthingData/PasswordDB"; + devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; + versioning = { + type = "simple"; + params.keep = "5"; + }; + }; + "Side Projects" = { + id = "9vse5-doq7d"; + path = "~/SyncthingData/SideProjects"; + devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; + versioning = { + type = "simple"; + params.keep = "5"; + }; + }; + "University" = { + id = "7lzgh-tadkg"; + path = "~/SyncthingData/University"; + devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; + versioning = { + type = "simple"; + params.keep = "5"; + }; + }; + }; + }; + }; + }; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 80 443 2342 8384 8080 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + system.stateVersion = "23.11"; + +}