Koen/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-config/machines/common/configuration.nix
KoenDR06 0fbc754084 Syncthing changes
2024-10-08 15:39:05 +02:00

137 lines
3.5 KiB
Nix
Raw Blame History

{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
../../pkgs/zsh.nix
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs);
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
dotnetCorePackages.sdk_9_0
];
nix.nixPath = ["/etc/nix/path"];
environment.etc =
lib.mapAttrs'
(name: value: {
name = "nix/path/${name}";
value.source = value.flake;
})
config.nix.registry;
nix.settings.trusted-users = [ "root" "horseman" ];
nix.settings = {
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
time.timeZone = "Europe/Amsterdam";
services.lorri.enable = true;
services.tailscale.enable = true;
services.mullvad-vpn.enable = true;
services.mullvad-vpn.package = pkgs.mullvad-vpn;
networking.nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
};
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age = {
sshKeyPaths = [ "/home/horseman/.ssh/id_ed25519" ];
keyFile = "/home/horseman/.config/sops/age/keys.txt";
generateKey = false;
};
secrets = {
"syncthing/luna".owner = "horseman";
"syncthing/terra".owner = "horseman";
"syncthing/solis".owner = "horseman";
"syncthing/user".owner = "horseman";
"syncthing/password".owner = "horseman";
};
templates = {
"syncluna".content = ''${config.sops.placeholder."syncthing/luna"}'';
"syncterra".content = ''${config.sops.placeholder."syncthing/terra"}'';
"syncsolis".content = ''${config.sops.placeholder."syncthing/solis"}'';
"syncuser".content = ''${config.sops.placeholder."syncthing/user"}'';
"syncpassword".content = ''${config.sops.placeholder."syncthing/password"}'';
};
};
services.syncthing = {
enable = true;
user = "horseman";
dataDir = "/home/horseman";
configDir = "/home/horseman/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
settings = {
gui = {
user = config.sops.templates."syncuser".content;
password = config.sops.templates."syncpassword".content;
};
devices = {
"luna" = { id = config.sops.templates."syncluna".content; };
"terra" = { id = config.sops.templates."syncterra".content; };
"solis" = { id = config.sops.templates."syncsolis".content; };
};
folders = {
"Documents" = {
path = "/home/horseman/Documents";
devices = [ "luna" "terra" "solis" ];
};
};
};
};
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
networking.firewall.allowedTCPPorts = [ 8384 22000 ];
users.users = {
horseman = {
initialPassword = "1234";
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../config/ssh/authorized_keys
];
extraGroups = [
"wheel"
"networkmanager"
"docker"
];
};
};
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
system.stateVersion = "23.11";
}
Reference in a new issue View git blame Copy permalink