cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nix fmt

Browse source
This commit is contained in:
cy 2024-12-15 01:59:29 -05:00
parent eb77443d9c
commit ce32eab887
7 changed files with 78 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nix/home/yt/foot.nix
View file

@ -1,6 +1,4 @@
{ {...}: {
...
}: {
programs.foot = { programs.foot = {
enable = true; enable = true;
settings = { settings = {

5
nix/home/yt/tmux.nix
View file

@ -1,7 +1,4 @@
{ {pkgs, ...}: {
pkgs,
...
}: {
programs.tmux = { programs.tmux = {
enable = true; enable = true;
baseIndex = 1; baseIndex = 1;

2
nix/home/yt/ytnix.nix
View file

@ -123,7 +123,7 @@
borderRadius = 10; borderRadius = 10;
font = "DejaVu Sans Mono 11"; font = "DejaVu Sans Mono 11";
padding = "10"; padding = "10";
textColor= "#777777"; textColor = "#777777";
extraConfig = '' extraConfig = ''
background-color=#c00000 background-color=#c00000
border-color=#ff0000 border-color=#ff0000

12
nix/home/yt/zsh/default.nix
View file

@ -1,15 +1,13 @@
{ {...}: {
...
}: {
programs.zsh = { programs.zsh = {
enable = true; enable = true;
autosuggestion = { autosuggestion = {
enable = true; enable = true;
strategy = [ "history" "completion" ]; strategy = ["history" "completion"];
}; };
syntaxHighlighting = { syntaxHighlighting = {
enable = true; enable = true;
highlighters = [ "brackets" ]; highlighters = ["brackets"];
}; };
autocd = true; autocd = true;
defaultKeymap = "emacs"; defaultKeymap = "emacs";
@ -31,7 +29,7 @@
size = 50000; size = 50000;
append = true; append = true;
}; };
historySubstringSearch= { historySubstringSearch = {
enable = true; enable = true;
searchUpKey = "^p"; searchUpKey = "^p";
searchDownKey = "^n"; searchDownKey = "^n";
@ -87,7 +85,7 @@
programs.zoxide = { programs.zoxide = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
options = [ "--cmd cd" ]; options = ["--cmd cd"];
}; };
programs.eza = { programs.eza = {

93
nix/hosts/chunk/default.nix
View file

@ -1,26 +1,30 @@
{ config, lib, pkgs, inputs, ... }:
{ {
disabledModules = [ "services/web-servers/caddy/default.nix" ]; config,
imports = lib,
[ pkgs,
./hardware-configuration.nix inputs,
"${inputs.testpkgs}/nixos/modules/services/web-servers/caddy" ...
../common.nix }: {
]; disabledModules = ["services/web-servers/caddy/default.nix"];
imports = [
./hardware-configuration.nix
"${inputs.testpkgs}/nixos/modules/services/web-servers/caddy"
../common.nix
];
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
sops.secrets = { sops.secrets = {
"borg/crash" = { }; "borg/crash" = {};
"ntfy" = { }; "ntfy" = {};
"rclone" = { }; "rclone" = {};
"vaultwarden" = { }; "vaultwarden" = {};
"caddy" = { }; "caddy" = {};
"hedgedoc" = { }; "hedgedoc" = {};
"wireguard/private" = { }; "wireguard/private" = {};
"wireguard/psk" = { }; "wireguard/psk" = {};
"wireguard/pskphone" = { }; "wireguard/pskphone" = {};
"miniflux" = { }; "miniflux" = {};
"gitlab/root" = { "gitlab/root" = {
owner = config.users.users.git.name; owner = config.users.users.git.name;
group = config.users.users.git.group; group = config.users.users.git.group;
@ -52,21 +56,23 @@
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 22 80 443 53 853 ]; allowedTCPPorts = [22 80 443 53 853];
allowedUDPPorts = [ 443 51820 53 853 ]; # 51820 is wireguard allowedUDPPorts = [443 51820 53 853]; # 51820 is wireguard
trustedInterfaces = [ "wg0" "br-2a019a56bbcc" ]; # the second one is docker, idk if this changes trustedInterfaces = ["wg0" "br-2a019a56bbcc"]; # the second one is docker, idk if this changes
}; };
networking.interfaces.ens18 = { networking.interfaces.ens18 = {
ipv6.addresses = [{ ipv6.addresses = [
address = "2a0f:85c1:840:2bfb::1"; {
prefixLength = 64; address = "2a0f:85c1:840:2bfb::1";
}]; prefixLength = 64;
}
];
}; };
networking.defaultGateway6 = { networking.defaultGateway6 = {
address = "2a0f:85c1:840::1"; address = "2a0f:85c1:840::1";
interface = "ens18"; interface = "ens18";
}; };
networking.nameservers = [ "127.0.0.1" "::1" ]; networking.nameservers = ["127.0.0.1" "::1"];
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
@ -78,14 +84,12 @@
users.users.yt = { users.users.yt = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker"]; extraGroups = ["wheel" "networkmanager" "docker"];
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"];
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" ];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
programs.zsh.enable = true; programs.zsh.enable = true;
users.users.root.openssh.authorizedKeys.keys = users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"];
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
@ -148,8 +152,8 @@
services.borgbackup.jobs = { services.borgbackup.jobs = {
crashRsync = { crashRsync = {
paths = [ "/root" "/home" "/var/backup" "/var/lib" "/var/log" "/opt" "/etc" "/vw-data" ]; paths = ["/root" "/home" "/var/backup" "/var/lib" "/var/log" "/opt" "/etc" "/vw-data"];
exclude = [ "**/.cache" "**/node_modules" "**/cache" "**/Cache" "/var/lib/docker/overlay*" ]; exclude = ["**/.cache" "**/node_modules" "**/cache" "**/Cache" "/var/lib/docker/overlay*"];
repo = "de3911@de3911.rsync.net:borg/crash"; repo = "de3911@de3911.rsync.net:borg/crash";
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
@ -161,7 +165,7 @@
}; };
compression = "auto,zstd"; compression = "auto,zstd";
startAt = "daily"; startAt = "daily";
extraCreateArgs = [ "--stats" ]; extraCreateArgs = ["--stats"];
# warnings are often not that serious # warnings are often not that serious
failOnWarnings = false; failOnWarnings = false;
postHook = '' postHook = ''
@ -198,9 +202,9 @@
systemd.services.immich-mount = { systemd.services.immich-mount = {
enable = true; enable = true;
description = "Mount the immich data remote"; description = "Mount the immich data remote";
after = [ "network-online.target" ]; after = ["network-online.target"];
requires = [ "network-online.target" ]; requires = ["network-online.target"];
wantedBy = [ "default.target" ]; wantedBy = ["default.target"];
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos";
@ -213,9 +217,9 @@
systemd.services.nextcloud-mount = { systemd.services.nextcloud-mount = {
enable = true; enable = true;
description = "Mount the nextcloud data remote"; description = "Mount the nextcloud data remote";
after = [ "network-online.target" ]; after = ["network-online.target"];
requires = [ "network-online.target" ]; requires = ["network-online.target"];
wantedBy = [ "default.target" ]; wantedBy = ["default.target"];
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --uid 33 --gid 0 --allow-other --file-perms 0770 --dir-perms 0770 --transfers=32 rsyncnet:nextcloud /mnt/nextcloud"; ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --uid 33 --gid 0 --allow-other --file-perms 0770 --dir-perms 0770 --transfers=32 rsyncnet:nextcloud /mnt/nextcloud";
@ -259,11 +263,11 @@
enable = true; enable = true;
enableIPv6 = true; enableIPv6 = true;
externalInterface = "ens18"; externalInterface = "ens18";
internalInterfaces = [ "wg0" ]; internalInterfaces = ["wg0"];
}; };
networking.wg-quick.interfaces.wg0 = { networking.wg-quick.interfaces.wg0 = {
address = [ "10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64" ]; address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
listenPort = 51820; listenPort = 51820;
privateKeyFile = "/run/secrets/wireguard/private"; privateKeyFile = "/run/secrets/wireguard/private";
postUp = '' postUp = ''
@ -285,12 +289,12 @@
peers = [ peers = [
{ {
publicKey = "qUhWoTPVC7jJdDEJLYY92OeiwPkaf8I5pv5kkMcSW3g="; publicKey = "qUhWoTPVC7jJdDEJLYY92OeiwPkaf8I5pv5kkMcSW3g=";
allowedIPs = [ "10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128" ]; allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
presharedKeyFile = "/run/secrets/wireguard/psk"; presharedKeyFile = "/run/secrets/wireguard/psk";
} }
{ {
publicKey = "JIGi60wzLw717Cim1dSFoLCdJz5rePa5AIFfuisJI0k="; publicKey = "JIGi60wzLw717Cim1dSFoLCdJz5rePa5AIFfuisJI0k=";
allowedIPs = [ "10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128" ]; allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
presharedKeyFile = "/run/secrets/wireguard/pskphone"; presharedKeyFile = "/run/secrets/wireguard/pskphone";
} }
]; ];
@ -342,4 +346,3 @@
}; };
}; };
} }

32
nix/hosts/chunk/hardware-configuration.nix
View file

@ -1,24 +1,28 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’ # Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/profiles/qemu-guest.nix") lib,
]; pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/6fff5dd4-8d7a-43fa-85be-eec74ef2089e"; device = "/dev/disk/by-uuid/6fff5dd4-8d7a-43fa-85be-eec74ef2089e";
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ ]; swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

8
nix/hosts/ytnix/default.nix
View file

@ -54,8 +54,8 @@
nameservers = ["31.59.129.225" "2a0f:85c1:840:2bfb::1"]; nameservers = ["31.59.129.225" "2a0f:85c1:840:2bfb::1"];
resolvconf.enable = true; resolvconf.enable = true;
firewall = { firewall = {
allowedUDPPorts = [ 51820 ]; # for wireguard allowedUDPPorts = [51820]; # for wireguard
trustedInterfaces = [ "wg0" ]; trustedInterfaces = ["wg0"];
}; };
}; };
programs.nm-applet.enable = true; programs.nm-applet.enable = true;
@ -266,12 +266,12 @@
# wireguard setup # wireguard setup
networking.wg-quick.interfaces.wg0 = { networking.wg-quick.interfaces.wg0 = {
address = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64" ]; address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
privateKeyFile = "/run/secrets/wireguard/private"; privateKeyFile = "/run/secrets/wireguard/private";
peers = [ peers = [
{ {
publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0="; publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
allowedIPs = [ "0.0.0.0/0" "::/0" ]; allowedIPs = ["0.0.0.0/0" "::/0"];
endpoint = "31.59.129.225:51820"; endpoint = "31.59.129.225:51820";
persistentKeepalive = 25; persistentKeepalive = 25;
presharedKeyFile = "/run/secrets/wireguard/psk"; presharedKeyFile = "/run/secrets/wireguard/psk";