Alexuty
/
nixos-configuration
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Add domus files

Browse Source
main
Álex Santiago 3 months ago
parent 4e4bd32c67
commit 8d74f53843
2 changed files with 271 additions and 0 deletions
Show Stats Download Patch File Download Diff File

39
domus-hardware.nix
Unescape Escape View File

@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c63542f1-2560-4ff0-b006-962e01ed0c98";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0C38-195E";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9527d1f5-4e9a-4568-8247-c08e76dd1a2b"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

232
domus.nix
Unescape Escape View File

@ -0,0 +1,232 @@
{ config, pkgs, inputs, ... }:
{
imports =
[
./domus-hardware.nix
inputs.sops-nix.nixosModules.sops
];
# Secrets
sops.defaultSopsFile = .secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/alexuty/.config/sops/age/keys.txt";
sops.secrets."syncthing/devices/Primus"
sops.secrets."syncthing/devices/AbbyPuter"
sops.secrets."syncthing/devices/SteamDeck"
sops.secrets."syncthing/devices/Pixel8"
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "domus"; # Define your hostname.
# zsh
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/New_York";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "es,us";
options = "eurosign:e,grp:win_space_toggle";
};
# Define a user account. Don't forget to set a password with passwd.
users.users.alexuty = {
isNormalUser = true;
description = "Álex Santiago";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh = {
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEhNRjcduW2VQEv6q5DGOK6cA0Y0pwq+jkxaqun4rHu alexuty@primus"
];
};
packages = with pkgs; [];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile.
environment.systemPackages = with pkgs; [
cloudflared
fastfetch
git
htop
tldr
wget
];
# Cloudflared workaround
systemd.user.services.cloudflared-workaround = {
name = "cloudflared-workaround.service";
enable = true;
after = [ "network.target" ];
wantedBy = [ "default.target" ];
description = "cloudflared workaround";
# script = "/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run";
serviceConfig = {
ExecStart = ''/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run'';
};
};
# Services
services = {
/*cloudflared = {
enable = true;
tunnels = {
"nixservers" = {
credentialsFile = "/root/.cloudflared[]].json";
default = "http_status:404";
};
};
};*/
grocy = {
enable = true; # Enable Grocy
hostName = "grocy.tld";
nginx.enableSSL = false; # Disable SSL for Grocy vhost (for now)
};
nginx = {
enable = true;
recommendedTlsSettings = true;
virtualHosts = {
"grocy.tld" = {
listen = [
{ addr = "192.168.1.3";
port = 8080; }
];
};
"alexuty.me" = {
default = true;
root = "/var/www/alexuty";
serverName = "alexuty.me";
};
};
};
openssh = {
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
photoprism = {
address = "192.168.1.3";
enable = true; # Enable PhotoPrism
originalsPath = "/var/lib/private/photoprism/originals"; # Storage path of the original photos & videos
settings = {
# Authentication
PHOTOPRISM_ADMIN_USER = "admin"; # Name the admin user
# Storage
PHOTOPRISM_ORIGINALS_LIMIT = "-1"; # Disable maximum size
PHOTOPRISM_RESOLUTION_LIMIT = "-1"; # Disable maximum resolution
};
};
tailscale = {
enable = true; # Enable Tailscale
openFirewall = true; # Open the firewall
useRoutingFeatures = "server"; # Enable exit node capability
extraUpFlags = [ "--advertise-exit-node" ]; # Advertise the exit node onstartup
};
syncthing = {
enable = true; # Enable Syncthing
user = "syncthing";
dataDir = "/home/syncthing";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
settings = {
devices = {
"Primus" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';};
"Abby Puter" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/AbbyPuter".path})'';};
"Steam Deck" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/SteamDeck".path})'';};
"Pixel 8" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';};
};
folders = {
"Filesharing" = {
id = "c214z-c1km3";
path = "~/SyncthingData/Filesharing";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
};
"Mediashare" = {
id = "cahl5-vtsh5";
path = "~/SyncthingData/Mediashare";
devices = [ "Primus" "Abby Puter" ];
};
"Obsidian" = {
id = "hi6zs-qwbfq";
path = "~/SyncthingData/Obsidian";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
"PasswordDB" = {
id = "mfhng-tbayv";
path = "~/SyncthingData/PasswordDB";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
"Side Projects" = {
id = "9vse5-doq7d";
path = "~/SyncthingData/SideProjects";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
"University" = {
id = "7lzgh-tadkg";
path = "~/SyncthingData/University";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
};
};
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 80 443 2342 8384 8080 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
system.stateVersion = "23.11";
}
Write Preview
Loading…
Cancel
Save