{ config, pkgs, inputs, ... }: { imports = [ ./domus-hardware.nix inputs.sops-nix.nixosModules.sops ]; # Secrets sops.defaultSopsFile = ./secrets/secrets.yaml; sops.defaultSopsFormat = "yaml"; sops.age.keyFile = "/home/alexuty/.config/sops/age/keys.txt"; sops.secrets."syncthing/devices/Primus" = { }; sops.secrets."syncthing/devices/AbbyPuter" = { }; sops.secrets."syncthing/devices/SteamDeck" = { }; sops.secrets."syncthing/devices/Pixel8" = { }; # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "domus"; # Define your hostname. # zsh programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; # Enable networking networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "America/New_York"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "en_US.UTF-8"; LC_IDENTIFICATION = "en_US.UTF-8"; LC_MEASUREMENT = "en_US.UTF-8"; LC_MONETARY = "en_US.UTF-8"; LC_NAME = "en_US.UTF-8"; LC_NUMERIC = "en_US.UTF-8"; LC_PAPER = "en_US.UTF-8"; LC_TELEPHONE = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8"; }; # Configure keymap in X11 services.xserver.xkb = { layout = "es,us"; options = "eurosign:e,grp:win_space_toggle"; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.alexuty = { isNormalUser = true; description = "Álex Santiago"; extraGroups = [ "networkmanager" "wheel" ]; linger = true; openssh = { authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEhNRjcduW2VQEv6q5DGOK6cA0Y0pwq+jkxaqun4rHu alexuty@primus" ]; }; packages = with pkgs; []; }; # Allow unfree packages nixpkgs.config.allowUnfree = true; # List packages installed in system profile. environment.systemPackages = with pkgs; [ cloudflared fastfetch git htop tldr wget ]; # Cloudflared workaround systemd.user.services.cloudflared-workaround = { name = "cloudflared-workaround.service"; enable = true; after = [ "network.target" ]; wantedBy = [ "default.target" ]; description = "cloudflared workaround"; # script = "/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run"; serviceConfig = { ExecStart = ''/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run''; }; }; # Services services = { /*cloudflared = { enable = true; tunnels = { "nixservers" = { credentialsFile = "/root/.cloudflared[]].json"; default = "http_status:404"; }; }; };*/ grocy = { enable = true; # Enable Grocy hostName = "grocy.tld"; nginx.enableSSL = false; # Disable SSL for Grocy vhost (for now) }; nginx = { enable = true; recommendedTlsSettings = true; virtualHosts = { "grocy.tld" = { listen = [ { addr = "192.168.1.3"; port = 8080; } ]; }; "alexuty.me" = { default = true; root = "/var/www/alexuty"; serverName = "alexuty.me"; }; }; }; openssh = { settings = { PasswordAuthentication = false; PermitRootLogin = "no"; }; }; photoprism = { address = "192.168.1.3"; enable = true; # Enable PhotoPrism originalsPath = "/var/lib/private/photoprism/originals"; # Storage path of the original photos & videos settings = { # Authentication PHOTOPRISM_ADMIN_USER = "admin"; # Name the admin user # Storage PHOTOPRISM_ORIGINALS_LIMIT = "-1"; # Disable maximum size PHOTOPRISM_RESOLUTION_LIMIT = "-1"; # Disable maximum resolution }; }; tailscale = { enable = true; # Enable Tailscale openFirewall = true; # Open the firewall useRoutingFeatures = "server"; # Enable exit node capability extraUpFlags = [ "--advertise-exit-node" ]; # Advertise the exit node onstartup }; syncthing = { enable = true; # Enable Syncthing user = "syncthing"; dataDir = "/home/syncthing"; overrideDevices = true; overrideFolders = true; openDefaultPorts = true; settings = { devices = { "Primus" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';}; "Abby Puter" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/AbbyPuter".path})'';}; "Steam Deck" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/SteamDeck".path})'';}; "Pixel 8" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';}; }; folders = { "Filesharing" = { id = "c214z-c1km3"; path = "~/SyncthingData/Filesharing"; devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; }; "Mediashare" = { id = "cahl5-vtsh5"; path = "~/SyncthingData/Mediashare"; devices = [ "Primus" "Abby Puter" ]; }; "Obsidian" = { id = "hi6zs-qwbfq"; path = "~/SyncthingData/Obsidian"; devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; versioning = { type = "simple"; params.keep = "5"; }; }; "PasswordDB" = { id = "mfhng-tbayv"; path = "~/SyncthingData/PasswordDB"; devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; versioning = { type = "simple"; params.keep = "5"; }; }; "Side Projects" = { id = "9vse5-doq7d"; path = "~/SyncthingData/SideProjects"; devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; versioning = { type = "simple"; params.keep = "5"; }; }; "University" = { id = "7lzgh-tadkg"; path = "~/SyncthingData/University"; devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ]; versioning = { type = "simple"; params.keep = "5"; }; }; }; }; }; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Enable the OpenSSH daemon. services.openssh.enable = true; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 80 443 2342 8384 8080 22000 ]; networking.firewall.allowedUDPPorts = [ 22000 21027 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; system.stateVersion = "23.11"; }