Alexuty
/
nixos-configuration
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8d74f53843'
${ noResults }
nixos-configuration/domus.nix

233 lines
6.8 KiB
Nix
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

{ config, pkgs, inputs, ... }:
{
imports =
[
./domus-hardware.nix
inputs.sops-nix.nixosModules.sops
];
# Secrets
sops.defaultSopsFile = .secrets/secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.age.keyFile = "/home/alexuty/.config/sops/age/keys.txt";
sops.secrets."syncthing/devices/Primus"
sops.secrets."syncthing/devices/AbbyPuter"
sops.secrets."syncthing/devices/SteamDeck"
sops.secrets."syncthing/devices/Pixel8"
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "domus"; # Define your hostname.
# zsh
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "America/New_York";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "es,us";
options = "eurosign:e,grp:win_space_toggle";
};
# Define a user account. Don't forget to set a password with passwd.
users.users.alexuty = {
isNormalUser = true;
description = "Álex Santiago";
extraGroups = [ "networkmanager" "wheel" ];
linger = true;
openssh = {
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEhNRjcduW2VQEv6q5DGOK6cA0Y0pwq+jkxaqun4rHu alexuty@primus"
];
};
packages = with pkgs; [];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile.
environment.systemPackages = with pkgs; [
cloudflared
fastfetch
git
htop
tldr
wget
];
# Cloudflared workaround
systemd.user.services.cloudflared-workaround = {
name = "cloudflared-workaround.service";
enable = true;
after = [ "network.target" ];
wantedBy = [ "default.target" ];
description = "cloudflared workaround";
# script = "/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run";
serviceConfig = {
ExecStart = ''/run/current-system/sw/bin/cloudflared tunnel --config=/home/alexuty/cloudflared.yml --no-autoupdate run'';
};
};
# Services
services = {
/*cloudflared = {
enable = true;
tunnels = {
"nixservers" = {
credentialsFile = "/root/.cloudflared[]].json";
default = "http_status:404";
};
};
};*/
grocy = {
enable = true; # Enable Grocy
hostName = "grocy.tld";
nginx.enableSSL = false; # Disable SSL for Grocy vhost (for now)
};
nginx = {
enable = true;
recommendedTlsSettings = true;
virtualHosts = {
"grocy.tld" = {
listen = [
{ addr = "192.168.1.3";
port = 8080; }
];
};
"alexuty.me" = {
default = true;
root = "/var/www/alexuty";
serverName = "alexuty.me";
};
};
};
openssh = {
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
photoprism = {
address = "192.168.1.3";
enable = true; # Enable PhotoPrism
originalsPath = "/var/lib/private/photoprism/originals"; # Storage path of the original photos & videos
settings = {
# Authentication
PHOTOPRISM_ADMIN_USER = "admin"; # Name the admin user
# Storage
PHOTOPRISM_ORIGINALS_LIMIT = "-1"; # Disable maximum size
PHOTOPRISM_RESOLUTION_LIMIT = "-1"; # Disable maximum resolution
};
};
tailscale = {
enable = true; # Enable Tailscale
openFirewall = true; # Open the firewall
useRoutingFeatures = "server"; # Enable exit node capability
extraUpFlags = [ "--advertise-exit-node" ]; # Advertise the exit node onstartup
};
syncthing = {
enable = true; # Enable Syncthing
user = "syncthing";
dataDir = "/home/syncthing";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
settings = {
devices = {
"Primus" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';};
"Abby Puter" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/AbbyPuter".path})'';};
"Steam Deck" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/SteamDeck".path})'';};
"Pixel 8" = { id = ''$(cat ${config.sops.secrets."syncthing/devices/Primus".path})'';};
};
folders = {
"Filesharing" = {
id = "c214z-c1km3";
path = "~/SyncthingData/Filesharing";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
};
"Mediashare" = {
id = "cahl5-vtsh5";
path = "~/SyncthingData/Mediashare";
devices = [ "Primus" "Abby Puter" ];
};
"Obsidian" = {
id = "hi6zs-qwbfq";
path = "~/SyncthingData/Obsidian";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
"PasswordDB" = {
id = "mfhng-tbayv";
path = "~/SyncthingData/PasswordDB";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
"Side Projects" = {
id = "9vse5-doq7d";
path = "~/SyncthingData/SideProjects";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
"University" = {
id = "7lzgh-tadkg";
path = "~/SyncthingData/University";
devices = [ "Primus" "Abby Puter" "Steam Deck" "Pixel 8" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
};
};
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 80 443 2342 8384 8080 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
system.stateVersion = "23.11";
}
Reference in New Issue View Git Blame Copy Permalink