Compare commits
No commits in common. "a3721b311e8aabbebfab76088f8279f2ea3499b5" and "6bf38b7814aef843595efbf2d53b983e25143236" have entirely different histories.
a3721b311e
...
6bf38b7814
|
|
@ -8,6 +8,10 @@ in {
|
|||
tags = [ "local" ];
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
agenix = (import "${sources.agenix}" { inherit pkgs; }).agenix;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
agenix
|
||||
colmena
|
||||
|
|
|
|||
|
|
@ -3,13 +3,9 @@
|
|||
{
|
||||
deployment = {
|
||||
targetHost = "${name}.birdsong.network";
|
||||
targetUser = "qenya";
|
||||
tags = [ "remote" ];
|
||||
};
|
||||
|
||||
# Required for remote builds
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
imports = [
|
||||
../common/openssh.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -12,4 +12,9 @@
|
|||
services.fail2ban.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
|
||||
# Allow remote root login only from home network
|
||||
# TODO: Find a less hacky way of doing remote deployment
|
||||
users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys;
|
||||
services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password";
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
{ config, lib, pkgs,... }:
|
||||
|
||||
{
|
||||
security.sudo.execWheelOnly = true;
|
||||
}
|
||||
14
hive.nix
14
hive.nix
|
|
@ -6,24 +6,12 @@ in {
|
|||
deployment.replaceUnknownProfiles = false;
|
||||
networking.hostName = name;
|
||||
|
||||
nixpkgs.config = {
|
||||
allowUnfree = true;
|
||||
packageOverrides = pkgs: {
|
||||
agenix = (import sources.agenix { inherit pkgs; }).agenix;
|
||||
vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture
|
||||
};
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
useUserPackages = true;
|
||||
useGlobalPkgs = true;
|
||||
};
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
imports = [
|
||||
(import "${sources.home-manager}/nixos")
|
||||
(import "${sources.agenix}/modules/age.nix")
|
||||
./pinning.nix
|
||||
./common/sudo.nix
|
||||
./common/utilities.nix
|
||||
./users/qenya.nix
|
||||
];
|
||||
|
|
|
|||
|
|
@ -1,32 +1,39 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
programs.vscode = {
|
||||
enable = true;
|
||||
enableExtensionUpdateCheck = false;
|
||||
enableUpdateCheck = false;
|
||||
package = pkgs.vscodium;
|
||||
extensions = (with pkgs.vscode-extensions; [
|
||||
open-vsx.jnoortheen.nix-ide
|
||||
open-vsx.ms-python.python
|
||||
open-vsx.robbowen.synthwave-vscode
|
||||
]);
|
||||
mutableExtensionsDir = false;
|
||||
userSettings = {
|
||||
"extensions.autoUpdate" = false;
|
||||
"git.autofetch" = true;
|
||||
"git.confirmSync" = false;
|
||||
"git.enableSmartCommit" = true;
|
||||
"javascript.updateImportsOnFileMove.enabled" = "always";
|
||||
"nix.enableLanguageServer" = true;
|
||||
"nix.serverPath" = "nil";
|
||||
"nix.serverSettings".nil = {
|
||||
diagnostics.ignored = [ "unused_binding" "unused_with" ];
|
||||
formatting.command = [ "nixpkgs-fmt" ];
|
||||
programs.vscode =
|
||||
let
|
||||
system = builtins.currentSystem;
|
||||
sources = import ../npins;
|
||||
extensions = (import sources.nix-vscode-extensions).extensions.${system};
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
enableExtensionUpdateCheck = false;
|
||||
enableUpdateCheck = false;
|
||||
package = pkgs.vscodium;
|
||||
extensions = (with pkgs.vscode-extensions; [
|
||||
jnoortheen.nix-ide
|
||||
ms-python.python
|
||||
]) ++ (with extensions.open-vsx; [
|
||||
robbowen.synthwave-vscode
|
||||
]);
|
||||
mutableExtensionsDir = false;
|
||||
userSettings = {
|
||||
"extensions.autoUpdate" = false;
|
||||
"git.autofetch" = true;
|
||||
"git.confirmSync" = false;
|
||||
"git.enableSmartCommit" = true;
|
||||
"javascript.updateImportsOnFileMove.enabled" = "always";
|
||||
"nix.enableLanguageServer" = true;
|
||||
"nix.serverPath" = "nil";
|
||||
"nix.serverSettings".nil = {
|
||||
diagnostics.ignored = [ "unused_binding" "unused_with" ];
|
||||
formatting.command = [ "nixpkgs-fmt" ];
|
||||
};
|
||||
"workbench.colorTheme" = "SynthWave '84";
|
||||
};
|
||||
"workbench.colorTheme" = "SynthWave '84";
|
||||
};
|
||||
};
|
||||
|
||||
# Language servers etc
|
||||
home.packages = with pkgs; [
|
||||
|
|
|
|||
|
|
@ -7,7 +7,6 @@
|
|||
./home.nix
|
||||
../../common/fonts.nix
|
||||
../../common/gaming.nix
|
||||
./syncthing.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
|
|
|||
|
|
@ -28,16 +28,6 @@
|
|||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/config" =
|
||||
{ device = "rpool/config";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/data" =
|
||||
{ device = "rpool/data";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "rpool/home";
|
||||
fsType = "zfs";
|
||||
|
|
@ -49,13 +39,18 @@
|
|||
options = [ "fmask=0022" "dmask=0022" ];
|
||||
};
|
||||
|
||||
fileSystems."/data" =
|
||||
{ device = "rpool/data";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/data/steam" =
|
||||
{ device = "rpool/data/steam";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/data/syncthing" =
|
||||
{ device = "rpool/data/syncthing";
|
||||
fileSystems."/config" =
|
||||
{ device = "rpool/config";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,16 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
user = "qenya";
|
||||
dataDir = "/data/syncthing";
|
||||
overrideDevices = true;
|
||||
overrideFolders = true;
|
||||
settings = {
|
||||
devices = {
|
||||
"kilgharrah" = { id = "RDT7IGD-76FZ6LY-37PPB2W-DWPQRPR-LZ4AXF7-4GIIHYJ-RVXUUSG-ZXPN3AZ"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue