Compare commits
6 commits
6bf38b7814
...
a3721b311e
| Author | SHA1 | Date | |
|---|---|---|---|
 Katherina Walshe-Grey
|
a3721b311e | ||
|
Katherina Walshe-Grey
|
6fc5a2b1ea | ||
|
Katherina Walshe-Grey
|
2bcb07ee60 | ||
|
Katherina Walshe-Grey
|
3e9901bd2a | ||
|
Katherina Walshe-Grey
|
7899127c05 | ||
|
Katherina Walshe-Grey
|
8ed478edb7 |
|
|
@ -8,10 +8,6 @@ in {
|
||||||
tags = [ "local" ];
|
tags = [ "local" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
|
||||||
agenix = (import "${sources.agenix}" { inherit pkgs; }).agenix;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
agenix
|
agenix
|
||||||
colmena
|
colmena
|
||||||
|
|
|
||||||
|
|
@ -3,9 +3,13 @@
|
||||||
{
|
{
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "${name}.birdsong.network";
|
targetHost = "${name}.birdsong.network";
|
||||||
|
targetUser = "qenya";
|
||||||
tags = [ "remote" ];
|
tags = [ "remote" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Required for remote builds
|
||||||
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
../common/openssh.nix
|
../common/openssh.nix
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -12,9 +12,4 @@
|
||||||
services.fail2ban.enable = true;
|
services.fail2ban.enable = true;
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
# Allow remote root login only from home network
|
|
||||||
# TODO: Find a less hacky way of doing remote deployment
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys;
|
|
||||||
services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password";
|
|
||||||
}
|
}
|
||||||
5
common/sudo.nix
Normal file
5
common/sudo.nix
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
{ config, lib, pkgs,... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
security.sudo.execWheelOnly = true;
|
||||||
|
}
|
||||||
14
hive.nix
14
hive.nix
|
|
@ -6,12 +6,24 @@ in {
|
||||||
deployment.replaceUnknownProfiles = false;
|
deployment.replaceUnknownProfiles = false;
|
||||||
networking.hostName = name;
|
networking.hostName = name;
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config = {
|
||||||
|
allowUnfree = true;
|
||||||
|
packageOverrides = pkgs: {
|
||||||
|
agenix = (import sources.agenix { inherit pkgs; }).agenix;
|
||||||
|
vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager = {
|
||||||
|
useUserPackages = true;
|
||||||
|
useGlobalPkgs = true;
|
||||||
|
};
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
(import "${sources.home-manager}/nixos")
|
(import "${sources.home-manager}/nixos")
|
||||||
(import "${sources.agenix}/modules/age.nix")
|
(import "${sources.agenix}/modules/age.nix")
|
||||||
./pinning.nix
|
./pinning.nix
|
||||||
|
./common/sudo.nix
|
||||||
./common/utilities.nix
|
./common/utilities.nix
|
||||||
./users/qenya.nix
|
./users/qenya.nix
|
||||||
];
|
];
|
||||||
|
|
|
||||||
|
|
@ -1,39 +1,32 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
programs.vscode =
|
programs.vscode = {
|
||||||
let
|
enable = true;
|
||||||
system = builtins.currentSystem;
|
enableExtensionUpdateCheck = false;
|
||||||
sources = import ../npins;
|
enableUpdateCheck = false;
|
||||||
extensions = (import sources.nix-vscode-extensions).extensions.${system};
|
package = pkgs.vscodium;
|
||||||
in
|
extensions = (with pkgs.vscode-extensions; [
|
||||||
{
|
open-vsx.jnoortheen.nix-ide
|
||||||
enable = true;
|
open-vsx.ms-python.python
|
||||||
enableExtensionUpdateCheck = false;
|
open-vsx.robbowen.synthwave-vscode
|
||||||
enableUpdateCheck = false;
|
]);
|
||||||
package = pkgs.vscodium;
|
mutableExtensionsDir = false;
|
||||||
extensions = (with pkgs.vscode-extensions; [
|
userSettings = {
|
||||||
jnoortheen.nix-ide
|
"extensions.autoUpdate" = false;
|
||||||
ms-python.python
|
"git.autofetch" = true;
|
||||||
]) ++ (with extensions.open-vsx; [
|
"git.confirmSync" = false;
|
||||||
robbowen.synthwave-vscode
|
"git.enableSmartCommit" = true;
|
||||||
]);
|
"javascript.updateImportsOnFileMove.enabled" = "always";
|
||||||
mutableExtensionsDir = false;
|
"nix.enableLanguageServer" = true;
|
||||||
userSettings = {
|
"nix.serverPath" = "nil";
|
||||||
"extensions.autoUpdate" = false;
|
"nix.serverSettings".nil = {
|
||||||
"git.autofetch" = true;
|
diagnostics.ignored = [ "unused_binding" "unused_with" ];
|
||||||
"git.confirmSync" = false;
|
formatting.command = [ "nixpkgs-fmt" ];
|
||||||
"git.enableSmartCommit" = true;
|
|
||||||
"javascript.updateImportsOnFileMove.enabled" = "always";
|
|
||||||
"nix.enableLanguageServer" = true;
|
|
||||||
"nix.serverPath" = "nil";
|
|
||||||
"nix.serverSettings".nil = {
|
|
||||||
diagnostics.ignored = [ "unused_binding" "unused_with" ];
|
|
||||||
formatting.command = [ "nixpkgs-fmt" ];
|
|
||||||
};
|
|
||||||
"workbench.colorTheme" = "SynthWave '84";
|
|
||||||
};
|
};
|
||||||
|
"workbench.colorTheme" = "SynthWave '84";
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Language servers etc
|
# Language servers etc
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,7 @@
|
||||||
./home.nix
|
./home.nix
|
||||||
../../common/fonts.nix
|
../../common/fonts.nix
|
||||||
../../common/gaming.nix
|
../../common/gaming.nix
|
||||||
|
./syncthing.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,16 @@
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fileSystems."/config" =
|
||||||
|
{ device = "rpool/config";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/data" =
|
||||||
|
{ device = "rpool/data";
|
||||||
|
fsType = "zfs";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/home" =
|
fileSystems."/home" =
|
||||||
{ device = "rpool/home";
|
{ device = "rpool/home";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
|
|
@ -39,18 +49,13 @@
|
||||||
options = [ "fmask=0022" "dmask=0022" ];
|
options = [ "fmask=0022" "dmask=0022" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/data" =
|
|
||||||
{ device = "rpool/data";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/data/steam" =
|
fileSystems."/data/steam" =
|
||||||
{ device = "rpool/data/steam";
|
{ device = "rpool/data/steam";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/config" =
|
fileSystems."/data/syncthing" =
|
||||||
{ device = "rpool/config";
|
{ device = "rpool/data/syncthing";
|
||||||
fsType = "zfs";
|
fsType = "zfs";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
16
hosts/tohru/syncthing.nix
Normal file
16
hosts/tohru/syncthing.nix
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.syncthing = {
|
||||||
|
enable = true;
|
||||||
|
user = "qenya";
|
||||||
|
dataDir = "/data/syncthing";
|
||||||
|
overrideDevices = true;
|
||||||
|
overrideFolders = true;
|
||||||
|
settings = {
|
||||||
|
devices = {
|
||||||
|
"kilgharrah" = { id = "RDT7IGD-76FZ6LY-37PPB2W-DWPQRPR-LZ4AXF7-4GIIHYJ-RVXUUSG-ZXPN3AZ"; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue