|
|
|
@ -0,0 +1,232 @@
|
|
|
|
|
{ config, pkgs, inputs, ... }:
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[
|
|
|
|
|
./domus-hardware.nix
|
|
|
|
|
inputs.sops-nix.nixosModules.sops
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Secrets
|
|
|
|
|
sops.defaultSopsFile = .secrets/secrets.yaml;
|
|
|
|
|
sops.defaultSopsFormat = "yaml";
|
|
|
|
|
sops.age.keyFile = "/home/alexuty/.config/sops/age/keys.txt";
|
|
|
|
|
sops.secrets."syncthing/devices/Primus"
|
|
|
|
|
sops.secrets."syncthing/devices/AbbyPuter"
|
|
|
|
|
sops.secrets."syncthing/devices/SteamDeck"
|
|
|
|
|
sops.secrets."syncthing/devices/Pixel8"
|
|
|
|
|
|
|
|
|
|
# Bootloader.
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
|
|
|
|
|
|
networking.hostName = "domus"; # Define your hostname.
|
|
|
|
|
|
|
|
|
|
# zsh
|
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
|
users.defaultUserShell = pkgs.zsh;
|
|
|
|
|
|
|
|
|
|
# Enable networking
|
|
|
|
|
networking.networkmanager.enable = true;
|
|
|
|
|
|
|
|
|
|
# Set your time zone.
|
|
|
|
|
time.timeZone = "America/New_York";
|
|
|
|
|
|
|
|
|
|
# Select internationalisation properties.
|
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
|
|
|
|
|
|
i18n.extraLocaleSettings = {
|
|
|
|
|
LC_ADDRESS = "en_US.UTF-8";
|
|
|
|
|
LC_IDENTIFICATION = "en_US.UTF-8";
|
|
|
|
|
LC_MEASUREMENT = "en_US.UTF-8";
|
|
|
|
|
LC_MONETARY = "en_US.UTF-8";
|
|
|
|
|
LC_NAME = "en_US.UTF-8";
|
|
|
|
|
LC_NUMERIC = "en_US.UTF-8";
|
|
|
|
|
LC_PAPER = "en_US.UTF-8";
|
|
|
|
|
LC_TELEPHONE = "en_US.UTF-8";
|
|
|
|
|
LC_TIME = "en_US.UTF-8";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Configure keymap in X11
|
|
|
|
|
services.xserver.xkb = {
|
|
|
|
|
layout = "es,us";
|
|
|
|
|
options = "eurosign:e,grp:win_space_toggle";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
|
|
|
users.users.alexuty = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
description = "Álex Santiago";
|
|
|
|
|
extraGroups = [ "networkmanager" "wheel" ];
|
|
|
|
|
linger = true;
|
|
|
|
|
openssh = {
|
|
|
|
|
authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEhNRjcduW2VQEv6q5DGOK6cA0Y0pwq+jkxaqun4rHu alexuty@primus"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
packages = with pkgs; [];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Allow unfree packages
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
|
|
|
|
|
# List packages installed in system profile.
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
cloudflared
|
|
|
|
|
fastfetch
|
|
|
|
|
git
|
|
|
|
|
htop
|
|
|
|
|
tldr
|
|
|
|
|
wget
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# Cloudflared workaround
|
|
|
|
|
systemd.user.services.cloudflared-workaround = {
|
|
|
|
|
name = "cloudflared-workaround.service";
|
|
|
|
|
enable = true;
|
|
|
|
|
after = [ "network.target" ];
|
|
|
|
|
wantedBy = [ "default.target" ];
|
|
|
|
|
description = "cloudflared workaround";
|
|
|
|
|
# script = "/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run";
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
ExecStart = ''/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Services
|
|
|
|
|
services = {
|
|
|
|
|
/*cloudflared = {
|
|
|
|
|
enable = true;
|
|
|
|
|
tunnels = {
|
|
|
|
|
"nixservers" = {
|
|
|
|
|
credentialsFile = "/root/.cloudflared[]].json";
|
|
|
|
|
default = "http_status:404";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};*/
|
|
|
|
|
grocy = {
|
|
|
|
|
enable = true; # Enable Grocy
|
|
|
|
|
hostName = "grocy.tld";
|
|
|
|
|
nginx.enableSSL = false; # Disable SSL for Grocy vhost (for now)
|
|
|
|
|
};
|
|
|
|
|
nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"grocy.tld" = {
|
|
|
|
|
listen = [
|
|
|
|
|
{ addr = "192.168.1.3";
|
|
|
|
|
port = 8080; }
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
"alexuty.me" = {
|
|
|
|
|
default = true;
|
|
|
|
|
root = "/var/www/alexuty";
|
|
|
|
|
serverName = "alexuty.me";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
openssh = {
|
|
|
|
|
settings = {
|
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
photoprism = {
|
|
|
|
|
address = "192.168.1.3";
|
|
|
|
|
enable = true; # Enable PhotoPrism
|
|
|
|
|
originalsPath = "/var/lib/private/photoprism/originals"; # Storage path of the original photos & videos
|
|
|
|
|
settings = {
|
|
|
|
|
# Authentication
|
|
|
|
|
PHOTOPRISM_ADMIN_USER = "admin"; # Name the admin user
|
|
|
|
|
# Storage
|
|
|
|
|
PHOTOPRISM_ORIGINALS_LIMIT = "-1"; # Disable maximum size
|
|
|
|
|
PHOTOPRISM_RESOLUTION_LIMIT = "-1"; # Disable maximum resolution
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
tailscale = {
|
|
|
|
|
enable = true; # Enable Tailscale
|
|
|
|
|
openFirewall = true; # Open the firewall
|
|
|
|
|
useRoutingFeatures = "server"; # Enable exit node capability
|
|
|
|
|
extraUpFlags = [ "--advertise-exit-node" ]; # Advertise the exit node onstartup
|
|
|
|
|
};
|
|
|
|
|
syncthing = {
|
|
|
|
|
enable = true; # Enable Syncthing
|
|
|
|
|
user = "syncthing";
|
|
|
|
|
dataDir = "/home/syncthing";
|
|
|
|
|
overrideDevices = true;
|
|
|
|
|
overrideFolders = true;
|
|
|
|
|
openDefaultPorts = true;
|
|
|
|
|
settings = {
|
|
|
|
|
devices = {
|
|
|
|
|
"Primus" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';};
|
|
|
|
|
"Abby Puter" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/AbbyPuter".path})'';};
|
|
|
|
|
"Steam Deck" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/SteamDeck".path})'';};
|
|
|
|
|
"Pixel 8" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';};
|
|
|
|
|
};
|
|
|
|
|
folders = {
|
|
|
|
|
"Filesharing" = {
|
|
|
|
|
id = "c214z-c1km3";
|
|
|
|
|
path = "~/SyncthingData/Filesharing";
|
|
|
|
|
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
|
|
|
|
|
};
|
|
|
|
|
"Mediashare" = {
|
|
|
|
|
id = "cahl5-vtsh5";
|
|
|
|
|
path = "~/SyncthingData/Mediashare";
|
|
|
|
|
devices = [ "Primus" "Abby Puter" ];
|
|
|
|
|
};
|
|
|
|
|
"Obsidian" = {
|
|
|
|
|
id = "hi6zs-qwbfq";
|
|
|
|
|
path = "~/SyncthingData/Obsidian";
|
|
|
|
|
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
|
|
|
|
|
versioning = {
|
|
|
|
|
type = "simple";
|
|
|
|
|
params.keep = "5";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
"PasswordDB" = {
|
|
|
|
|
id = "mfhng-tbayv";
|
|
|
|
|
path = "~/SyncthingData/PasswordDB";
|
|
|
|
|
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
|
|
|
|
|
versioning = {
|
|
|
|
|
type = "simple";
|
|
|
|
|
params.keep = "5";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
"Side Projects" = {
|
|
|
|
|
id = "9vse5-doq7d";
|
|
|
|
|
path = "~/SyncthingData/SideProjects";
|
|
|
|
|
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
|
|
|
|
|
versioning = {
|
|
|
|
|
type = "simple";
|
|
|
|
|
params.keep = "5";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
"University" = {
|
|
|
|
|
id = "7lzgh-tadkg";
|
|
|
|
|
path = "~/SyncthingData/University";
|
|
|
|
|
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
|
|
|
|
|
versioning = {
|
|
|
|
|
type = "simple";
|
|
|
|
|
params.keep = "5";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
|
|
|
|
|
|
# Enable the OpenSSH daemon.
|
|
|
|
|
services.openssh.enable = true;
|
|
|
|
|
|
|
|
|
|
# Open ports in the firewall.
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 2342 8384 8080 ];
|
|
|
|
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
|
|
|
|
# Or disable the firewall altogether.
|
|
|
|
|
# networking.firewall.enable = false;
|
|
|
|
|
|
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
|
|
|
|
|
|
}
|