diff --git a/overhaul/machines/common/configuration.nix b/overhaul/machines/common/configuration.nix new file mode 100644 index 0000000..65d3b93 --- /dev/null +++ b/overhaul/machines/common/configuration.nix @@ -0,0 +1,86 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + ../../pkgs/zsh.nix + ]; + + services.tailscale.enable = true; + + services.mullvad-vpn.enable = true; + services.mullvad-vpn.package = pkgs.mullvad-vpn; + networking.nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ]; + services.resolved = { + enable = true; + dnssec = "true"; + domains = [ "~." ]; + fallbackDns = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ]; + }; + + sops = { + defaultSopsFile = ../../secrets/secrets.yaml; + defaultSopsFormat = "yaml"; + age = { + sshKeyPaths = [ "/home/horseman/.ssh/id_ed25519" ]; + keyFile = "/home/horseman/.config/sops/age/keys.txt"; + generateKey = false; + }; + secrets = { + "syncthing/user".owner = "horseman"; + "syncthing/password".owner = "horseman"; + }; + templates = { + "syncuser".content = ''${config.sops.placeholder."syncthing/user"}''; + "syncpassword".content = ''${config.sops.placeholder."syncthing/password"}''; + }; + }; + + services.syncthing = { + enable = true; + user = "horseman"; + dataDir = "/home/horseman"; + configDir = "/home/horseman/.config/syncthing"; + overrideDevices = true; + overrideFolders = true; + settings = { + options = { + urAccepted = -1; + }; + gui = { + user = config.sops.templates."syncuser".content; + password = config.sops.templates."syncpassword".content; + }; + devices = { + "luna" = { + id = "MW4ZTAX-D7KDLRL-YHNGNCF-V6FW5L4-SCKQKES-BO7KV43-L5667GL-JHIYEAA"; + autoAcceptFolders = true; + name = "luna"; + }; + "terra" = { + id = "2QWRFLY-ZUY5C6C-X36R5CY-PJSGLYY-5HWIWJN-2YYWRPU-T66GJMU-GXTQ6QK"; + autoAcceptFolders = true; + name = "terra"; + }; + "solis" = { + id = "YOSYADZ-3OZ3XBH-7XEIK2W-DHAEIFD-5P5ZIHB-PAP74DH-T7GHLKT-O32YEA4"; + autoAcceptFolders = true; + name = "solis"; + }; + }; + folders = { + "Documents" = { + id = "documentFolder"; + path = "/home/horseman/Documents"; + devices = [ "luna" "terra" "solis" ]; + }; + }; + }; + }; + networking.firewall.allowedUDPPorts = [ 22000 21027 ]; + networking.firewall.allowedTCPPorts = [ 8384 22000 ]; +} diff --git a/overhaul/machines/luna/configuration.nix b/overhaul/machines/luna/configuration.nix new file mode 100644 index 0000000..cd2419d --- /dev/null +++ b/overhaul/machines/luna/configuration.nix @@ -0,0 +1,74 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.home-manager + ./hardware-configuration.nix + ../../pkgs/firefox.nix + ../common/configuration.nix + ]; + + home-manager = { + extraSpecialArgs = { inherit inputs outputs; }; + users = { + horseman = import ../../home-manager/apps.nix; + }; + }; + + networking.hostName = "luna"; + networking.networkmanager.enable = true; + networking.extraHosts = '' + 127.0.0.1 koala.rails.local members.rails.local leden.rails.local intro.rails.local + ''; + + services.xserver.enable = true; + services.desktopManager.plasma6.enable = true; + services.displayManager.sddm.enable = true; + services.displayManager.sddm.autoNumlock = true; + services.displayManager.defaultSession = "plasma"; + boot.loader.systemd-boot.enable = true; + boot.kernelModules = [ "snd-seq" "snd-rawmidi" ]; + + hardware.bluetooth.enable = true; + hardware.pulseaudio.enable = false; + services.jack = { + jackd.enable = false; + alsa.enable = true; + loopback.enable = false; + }; + + environment.plasma6.excludePackages = with pkgs.kdePackages; [ + kate + konsole + ]; + environment.gnome.excludePackages = with pkgs; [ + gnome-calendar + gnome-characters + nautilus + gnome-clocks + gnome-contacts + evince + file-roller + geary + gnome-system-monitor + eog + gnome-logs + gnome-maps + gnome-music + seahorse + gnome-text-editor + ]; + + + virtualisation.docker.enable = true; + + virtualisation.virtualbox.host.enable = true; + users.extraGroups.vboxusers.members = [ "horseman" ]; + + users.extraUsers.horseman.extraGroups = [ "jackaudio" ]; +} diff --git a/overhaul/machines/luna/hardware-configuration.nix b/overhaul/machines/luna/hardware-configuration.nix new file mode 100644 index 0000000..d3d28bb --- /dev/null +++ b/overhaul/machines/luna/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/c1447573-eee5-48ea-9937-84330065628b"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/B516-99F1"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/overhaul/machines/solis/configuration.nix b/overhaul/machines/solis/configuration.nix new file mode 100644 index 0000000..ed28772 --- /dev/null +++ b/overhaul/machines/solis/configuration.nix @@ -0,0 +1,62 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.home-manager + ./hardware-configuration.nix + ../common/configuration.nix + ../../modules/sleep-at-night.nix + ]; + + home-manager = { + extraSpecialArgs = { inherit inputs outputs; }; + users = { + horseman = import ../../home-manager/server-apps.nix; + }; + }; + + networking.hostName = "solis"; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + + virtualisation.docker.enable = true; + + services.resolved.enable = true; + services.resolved.extraConfig = "DNSStubListener=no\n"; + + systemd.timers."backupSyncthing" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + }; + }; + + systemd.services."backupSyncthing" = { + script = '' + /home/horseman/nix-config/misc/backup.sh + ''; + serviceConfig = { + Type = "oneshot"; + User = "horseman"; + }; + }; + + # services.sleep-at-night = { + # enable = true; + # shutdown = { + # hour = 00; + # minute = 30; + # }; + # wakeup = "08:00:00"; + # }; + + networking.firewall.enable = true; + networking.firewall.allowPing = true; +} diff --git a/overhaul/machines/solis/hardware-configuration.nix b/overhaul/machines/solis/hardware-configuration.nix new file mode 100644 index 0000000..02593b1 --- /dev/null +++ b/overhaul/machines/solis/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "ohci_pci" "ehci_pci" "pata_atiixp" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/74211087-d087-49d5-bc58-eb49748a51f0"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/bfe8c490-e8d7-438e-b95b-5bc5743bb23b"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/overhaul/machines/terra/configuration.nix b/overhaul/machines/terra/configuration.nix new file mode 100644 index 0000000..0e90857 --- /dev/null +++ b/overhaul/machines/terra/configuration.nix @@ -0,0 +1,109 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + inputs.home-manager.nixosModules.home-manager + ./hardware-configuration.nix + ./refind.nix + ../../pkgs/firefox.nix + ../common/configuration.nix + ]; + + # NVIDIA Drivers + hardware.graphics.enable32Bit = true; + hardware.graphics.enable = true; + services.xserver.videoDrivers = ["nvidia"]; + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = false; + powerManagement.finegrained = false; + open = true; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + # End NVIDIA + + + home-manager = { + extraSpecialArgs = { inherit inputs outputs; }; + users = { + horseman = import ../../home-manager/apps.nix; + }; + }; + + networking.hostName = "terra"; + + systemd.timers."enable-wol" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5m"; + OnUnitActiveSec = "1m"; + Unit = "enable-wol.service"; + }; + }; + + systemd.services."enable-wol" = { + script = '' + /home/horseman/nix-config/misc/startup.sh + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + + environment.systemPackages = with pkgs; [ + ethtool + ]; + + environment.plasma6.excludePackages = with pkgs.kdePackages; [ + kate + konsole + ]; + environment.gnome.excludePackages = with pkgs; [ + gnome-calendar + gnome-characters + nautilus + gnome-clocks + gnome-contacts + evince + file-roller + geary + gnome-system-monitor + eog + gnome-logs + gnome-maps + gnome-music + seahorse + gnome-text-editor + ]; + + services.xserver.enable = true; + services.desktopManager.plasma6.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.displayManager.sddm.enable = true; + services.displayManager.sddm.autoNumlock = true; + services.displayManager.sddm.wayland.enable = false; + services.displayManager.defaultSession = "plasma"; + boot.loader.systemd-boot.enable = true; + + programs.ssh.askPassword = lib.mkForce "/nix/store/qrzq7dqp8dkffb5dvi42q647dhm87ady-ksshaskpass-6.0.3/bin/ksshaskpass"; + + networking.networkmanager.enable = true; + + virtualisation.docker.enable = true; + + hardware.pulseaudio.enable = false; + services.jack = { + jackd.enable = true; + alsa.enable = false; + loopback.enable = true; + }; + + users.extraUsers.horseman.extraGroups = [ "jackaudio" ]; +} diff --git a/overhaul/machines/terra/hardware-configuration.nix b/overhaul/machines/terra/hardware-configuration.nix new file mode 100644 index 0000000..509f196 --- /dev/null +++ b/overhaul/machines/terra/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/4d963cda-4ec7-4cee-8e82-35402d385f54"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6AB6-63FD"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/53db744d-a858-49b0-a3a1-c7c576aba0c9"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/overhaul/machines/terra/refind.nix b/overhaul/machines/terra/refind.nix new file mode 100644 index 0000000..cdefb1d --- /dev/null +++ b/overhaul/machines/terra/refind.nix @@ -0,0 +1,13 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + environment.systemPackages = [ + pkgs.refind + pkgs.efibootmgr + ]; +} diff --git a/overhaul/modules/common/locale.nix b/overhaul/modules/common/locale.nix new file mode 100644 index 0000000..06c1336 --- /dev/null +++ b/overhaul/modules/common/locale.nix @@ -0,0 +1,21 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkIf mkOption types; + cfg = config.horseman.common.locale; +in { + options = { + horseman.common.locale = { + enable = mkEnableOption "Dutch locale settings"; + }; + }; + + config = mkIf cfg.enable { + time.timeZone = "Europe/Amsterdam"; + }; +} diff --git a/overhaul/modules/common/nix.nix b/overhaul/modules/common/nix.nix new file mode 100644 index 0000000..1815ef4 --- /dev/null +++ b/overhaul/modules/common/nix.nix @@ -0,0 +1,45 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkIf mkOption types; + cfg = config.horseman.common.nix; +in { + options = { + horseman.common.nix = { + enable = mkEnableOption "Nix settings"; + }; + }; + + config = mkIf cfg.enable { + nixpkgs = { + config = { + allowUnfree = true; + }; + }; + + nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs); + + programs.nix-ld.enable = true; + programs.nix-ld.libraries = with pkgs; []; + + nix.nixPath = ["/etc/nix/path"]; + environment.etc = + lib.mapAttrs' + (name: value: { + name = "nix/path/${name}"; + value.source = value.flake; + }) + config.nix.registry; + + nix.settings.trusted-users = [ "root" "horseman" ]; + nix.settings = { + experimental-features = "nix-command flakes"; + auto-optimise-store = true; + }; + }; +} diff --git a/overhaul/modules/terminal/zsh.nix b/overhaul/modules/terminal/zsh.nix new file mode 100644 index 0000000..1075c15 --- /dev/null +++ b/overhaul/modules/terminal/zsh.nix @@ -0,0 +1,56 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkIf mkOption types; + cfg = config.horseman.base.locale; +in { + options = { + horseman.terminal.zsh = { + enable = mkEnableOption "Enable ZSH and all associated plugins"; + }; + }; + + config = mkIf cfg.enable { + services.lorri.enable = true; + + users.defaultUserShell = pkgs.zsh; + environment.shells = with pkgs; [ zsh ]; + + programs.zsh = { + enable = true; + enableCompletion = true; + + histSize = 10000; + + shellAliases = { + clone-dotfiles = "cp /home/horseman/nix-config/config/dotfiles/.\* /home/horseman/"; + rebuild = "nix fmt && clone-dotfiles && sudo nixos-rebuild switch --flake"; + update = "sudo nix flake update && rebuild"; + compose = "sudo docker compose"; + wolpc = "wakeonlan D8:5E:D3:A8:B1:0A"; + capture-config = "nix run github:pjones/plasma-manager > ~/nix-config/home-manager/plasma.nix"; + reboot-to-windows = "sudo efibootmgr -n 0000"; + mkdir = "mkdir -p"; + }; + + ohMyZsh = { + enable = true; + plugins = [ + "git" + "zsh-interactive-cd" + "python" + "git-auto-fetch" + "wd" + ]; + theme = "jonathan"; + }; + + shellInit = "eval \"$(direnv hook zsh)\""; + }; + }; +} diff --git a/overhaul/modules/users/horseman.nix b/overhaul/modules/users/horseman.nix new file mode 100644 index 0000000..b61e16a --- /dev/null +++ b/overhaul/modules/users/horseman.nix @@ -0,0 +1,49 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: +let + inherit (lib) mkEnableOption mkIf mkOption types; + cfg = config.horseman.users.horseman; +in +{ + options = { + horseman.users.horseman = { + enable = mkEnableOption "User 'horseman'"; + }; + }; + + config = mkIf cfg.enable { + users.users = { + horseman = { + initialPassword = "correct horse battery staple"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtbmZFvOsukUtqKnRkzLqphpgA0HF/mCcH/6BtPah6G4v6gqu8za58w8/0//aGkurG3sfQ5YhphFMJYm26/QdCUvVYeC92LWC5mjWB/md+BOWCoZYoEL0NHuu5f+7EQcmxLYuIv7mzHB1T+fwgOyuoW6IKLLQcmokx4uyg8apUs0yaRr9rCmoxeYOlZlsE6pKS2E8YUEkCRUZ1PZW6ILHXOOaz3KQ7s429MPvKv+061SlyEZuyinzsS1+4e/j5fCddq9Ac2ar1TiIkFhmtpJfJ2iWzVAvpZ08KV4nHgews07jjuj0/dZufSXbWJI6fQCMRvETeQsDU0RB6AxO//6plSo6svsGa/XhZx55AZAotflc2EzIi5QPWa078xu8IR23/flj52gqCj3O7RxhZib+L4cCdAS8nSZkLw9VV2kROqf4JcRYsinfKetBBPJU3RYKDVq8uF23eliNw+5lYKJu5FzPVFmS/J+vAme/vHkHLNKz5CnZoABjeue4PEnpSyFCJhf4w94lbB9JBaxKuZoXvaPE7bKDTHWbVC9DKWrL+QqNP5tsiV3/jI9gx4ty9OihMv5p46ennD17AbMM6xi/yPjvX6jbDIo+jMswW1ndhH2Ka6PTRpx8G+BWgoEVjCoP/DptloE6B5EfZous8Yd+RBuRiqNk4WUB+6PWVO7ELfQ horseman" # luna + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmYI+jn1B69r4GUEeVE1/q+HSNcLzT+qG0nEpIjyO3VCsocLIJqT6cJtPKTh/j9RPySvz1lo2ZFemCeKBfsdHy95JoYqbAcoJ9jacH3X8LixIiGin6ew/h6QJONU1UAuxcEDoEyeHfmNBRdgaahNTWtgvFd1YhB4WQwN9THZ/axGdnWLi/y0y98aqERw98fGOhAzxqZyeGkWK5ByRiiGmfrmU7IsX916z5s9OPFYeIGvI3UPKL5awpQMrD/+VhtQjAy8guWbBKbN+7cVU/JQjhaPAeVC18iON++Ux6pGq1/yA+IFDb/fFofXD70vRYemg7zSVbf2ceBg8iSR2OdcZVPfhIKq7mx62TcYVY7aDlz7fFedl7tVhxRd5Ze7T/kbRQtbqL++3UQaZwnx6HoXGMvdIbKV/KHcmqjQQClzWZyk8oI+VbkF/nfTgShW/X0UQYzBSdsCb4XywzfnLRH4Ops/v7ZOc2zBApl7j1Oj+nW7dJ5/P6FgMw553tNXnEVXqGvdvalmDl/hjR3UVedm18ZKwu+6+1mcHsDGKCi5C79zVksr9IbFNICosA23xfrnKQYmncBzobbY4N39SToI9ulcukOJj26ooAG3RhHqSyOkcM3nTUbHwKb/19J+NAm2iT9ipNGurwwPO4VcJY36237es7MEkmQHfD1ZOo6biafw horseman" # terra + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCrgH3kBWwxoFms9ggilPmiKX9X0/AlWjGN7a+k3ddwfK0LvH9T8ueil1Zjw16P0XNMmy076bUBJJ89aVILXgYx+ngKmnIg32lqo5bafEpub1c3wtjGcwXtJnUXMwcqdIjkR2sfzuQPLXlob/Q+GsShm4TBEtzVTdpbCj768LyTtFx4vHZByyGtam0Ibb/6GVE1V2IcA/R+iQlCAqSjFxvSq1ll+wxsEUaT7b0ru1WhUXz0ITWoRkA8p0UjTl/uoXYcsPsqGR7dXgW7hNF087TOf+FsmiL+I6pbbB8+at5yq8I6l1lCwfLaMz2M5lHkn5jZiBuUDOXWpbbk1214iWrymAbpbVmNU68QVEcQkJTnfbRQ/56Nvq80emFgke6p4vcVnR9iVbaZDnOkMVH6HEs0Qc/rC38p9aISAdJvI49GWaz8fs1OgVi7mj9xA0QREc6/oalJ1F3BehPUk8v4uqww3u+I2AdWPp/6HO9zVU2mTrO30a8IbjOqFqMqdV+nYFxNbHIIIZ9acv95FGqIBCG0U9d8XVVFQ+kVWxkXxPk0uynzAsrXyiH3gzxHwy7stCxybZkTpQPjf+vSt4Tz3PRxnyq1OWTUzWmBVe0MCdZX5h/oQp6kI1Ys/t+UrP1G9NEIwGg+/zlpmGiV8Pm10b6gEXgv09BQPFGPsBbl4NRpQQ horseman" # solis + ]; + extraGroups = [ + "wheel" + "networkmanager" + "docker" + ]; + }; + }; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + + # lmao idk if I should remove this but it's funny so imma keep it + system.stateVersion = "23.11"; + }; +} diff --git a/overhaul/secrets/secrets.yaml b/overhaul/secrets/secrets.yaml new file mode 100644 index 0000000..e738999 --- /dev/null +++ b/overhaul/secrets/secrets.yaml @@ -0,0 +1,23 @@ +syncthing: + user: ENC[AES256_GCM,data:DfJyEnHAC74qvy8=,iv:q5A1to6eoBkXF6uRo+OWhVoP5WnkBnEVVd66tWAI7Sc=,tag:hK3OtNXX66BT8hpxtY1a0w==,type:str] + password: ENC[AES256_GCM,data:5So/Ay3zszQl58d1ub9PmTPs0wwERa28X0Osh0qSwjaHqOewxQ==,iv:zcRrxgcO+vGnVzuXMY8BXYrc+xFHh3/RZXvC7FBKLcY=,tag:GbPqK447lfS4ME3FXTVZaA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age167thunwadsswd0u37tajk85wy4x7sgw6sg3j2aspcax7essmge6qwen0uz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2S3hLRWQrSHBQdjNhbDV2 + VmwrbUVsc0IwaDZKUndOTEMxN0kwWUtaYzJrCjJtNUdBMkhDVDB0akg2TTlqS1lF + NWJESlorR28rUGZHeEh6dFJYcEFsQnMKLS0tIFY3b0ZDSzM3SGVCZW9xcnJLc296 + ckJwQ3EzU2JzdGhnWkNnRExRNlprM28KUHkZe8FvLOAt+UVqvgOxBQdApbEXQ44v + vXW8UtZuq7GjsP5qD2MK6oKs/ZDfe+PhqiWl4ONNHvpn8rmfbQDcRw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-10-08T16:55:41Z" + mac: ENC[AES256_GCM,data:VSOGYnpkU9gD/7JaCdIC84XHI5rHc4PhqSB64YvPehTrA4rgRGynMxSfvb+zRt+rIO8Qyhnt+i9zjsOLa9Z1F8xOx6f23oLRtguvYBNWJIhYaUvmS7lqPryvJGv3aoVvWkRAoSHyizIqXfmHvn0z/QfEst9PS72I4xf1pQu3trs=,iv:GJzYvWn1EOJ++QYW9jYrUfLAwTceAKFD078JWukMhH0=,tag:q62MpyvDneSYXSzu8S3qUQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index a13ea3c..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -# This file defines overlays -{inputs, ...}: { - # This one brings our custom packages from the 'pkgs' directory - additions = final: _prev: import ../pkgs {pkgs = final;}; - - # This one contains whatever you want to overlay - # You can change versions, add patches, set compilation flags, anything really. - # https://nixos.wiki/wiki/Overlays - modifications = final: prev: { - # example = prev.example.overrideAttrs (oldAttrs: rec { - # ... - # }); - }; - - # When applied, the unstable nixpkgs set (declared in the flake inputs) will - # be accessible through 'pkgs.unstable' - unstable-packages = final: _prev: { - unstable = import inputs.nixpkgs-unstable { - system = final.system; - config.allowUnfree = true; - }; - }; -}