qenya/nixfiles
1
0
Fork 0
Code Issues 5 Pull requests Actions Activity

Compare commits

base: qenya:a3721b311e8aabbebfab76088f8279f2ea3499b5
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost
..
compare: qenya:6bf38b7814aef843595efbf2d53b983e25143236
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost

No commits in common. "a3721b311e8aabbebfab76088f8279f2ea3499b5" and "6bf38b7814aef843595efbf2d53b983e25143236" have entirely different histories.
a3721b311e ... 6bf38b7814

9 changed files with 48 additions and 75 deletions
Show stats Expand all files Collapse all files

4
colmena/local.nix
View file

@ -8,6 +8,10 @@ in {
tags = [ "local" ]; tags = [ "local" ];
}; };
nixpkgs.config.packageOverrides = pkgs: {
agenix = (import "${sources.agenix}" { inherit pkgs; }).agenix;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
agenix agenix
colmena colmena

4
colmena/remote.nix
View file

@ -3,13 +3,9 @@
{ {
deployment = { deployment = {
targetHost = "${name}.birdsong.network"; targetHost = "${name}.birdsong.network";
targetUser = "qenya";
tags = [ "remote" ]; tags = [ "remote" ];
}; };
# Required for remote builds
security.sudo.wheelNeedsPassword = false;
imports = [ imports = [
../common/openssh.nix ../common/openssh.nix
]; ];

5
common/openssh.nix
View file

@ -12,4 +12,9 @@
services.fail2ban.enable = true; services.fail2ban.enable = true;
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [ 22 ];
# Allow remote root login only from home network
# TODO: Find a less hacky way of doing remote deployment
users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys;
services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password";
} }

5
common/sudo.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs,... }:
{
security.sudo.execWheelOnly = true;
}

14
hive.nix
View file

@ -6,24 +6,12 @@ in {
deployment.replaceUnknownProfiles = false; deployment.replaceUnknownProfiles = false;
networking.hostName = name; networking.hostName = name;
nixpkgs.config = { nixpkgs.config.allowUnfree = true;
allowUnfree = true;
packageOverrides = pkgs: {
agenix = (import sources.agenix { inherit pkgs; }).agenix;
vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture
};
};
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
};
imports = [ imports = [
(import "${sources.home-manager}/nixos") (import "${sources.home-manager}/nixos")
(import "${sources.agenix}/modules/age.nix") (import "${sources.agenix}/modules/age.nix")
./pinning.nix ./pinning.nix
./common/sudo.nix
./common/utilities.nix ./common/utilities.nix
./users/qenya.nix ./users/qenya.nix
]; ];

55
home/vscode.nix
View file

@ -1,32 +1,39 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
programs.vscode = { programs.vscode =
enable = true; let
enableExtensionUpdateCheck = false; system = builtins.currentSystem;
enableUpdateCheck = false; sources = import ../npins;
package = pkgs.vscodium; extensions = (import sources.nix-vscode-extensions).extensions.${system};
extensions = (with pkgs.vscode-extensions; [ in
open-vsx.jnoortheen.nix-ide {
open-vsx.ms-python.python enable = true;
open-vsx.robbowen.synthwave-vscode enableExtensionUpdateCheck = false;
]); enableUpdateCheck = false;
mutableExtensionsDir = false; package = pkgs.vscodium;
userSettings = { extensions = (with pkgs.vscode-extensions; [
"extensions.autoUpdate" = false; jnoortheen.nix-ide
"git.autofetch" = true; ms-python.python
"git.confirmSync" = false; ]) ++ (with extensions.open-vsx; [
"git.enableSmartCommit" = true; robbowen.synthwave-vscode
"javascript.updateImportsOnFileMove.enabled" = "always"; ]);
"nix.enableLanguageServer" = true; mutableExtensionsDir = false;
"nix.serverPath" = "nil"; userSettings = {
"nix.serverSettings".nil = { "extensions.autoUpdate" = false;
diagnostics.ignored = [ "unused_binding" "unused_with" ]; "git.autofetch" = true;
formatting.command = [ "nixpkgs-fmt" ]; "git.confirmSync" = false;
"git.enableSmartCommit" = true;
"javascript.updateImportsOnFileMove.enabled" = "always";
"nix.enableLanguageServer" = true;
"nix.serverPath" = "nil";
"nix.serverSettings".nil = {
diagnostics.ignored = [ "unused_binding" "unused_with" ];
formatting.command = [ "nixpkgs-fmt" ];
};
"workbench.colorTheme" = "SynthWave '84";
}; };
"workbench.colorTheme" = "SynthWave '84";
}; };
};
# Language servers etc # Language servers etc
home.packages = with pkgs; [ home.packages = with pkgs; [

1
hosts/tohru/configuration.nix
View file

@ -7,7 +7,6 @@
./home.nix ./home.nix
../../common/fonts.nix ../../common/fonts.nix
../../common/gaming.nix ../../common/gaming.nix
./syncthing.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

19
hosts/tohru/hardware-configuration.nix
View file

@ -28,16 +28,6 @@
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/config" =
{ device = "rpool/config";
fsType = "zfs";
};
fileSystems."/data" =
{ device = "rpool/data";
fsType = "zfs";
};
fileSystems."/home" = fileSystems."/home" =
{ device = "rpool/home"; { device = "rpool/home";
fsType = "zfs"; fsType = "zfs";
@ -49,13 +39,18 @@
options = [ "fmask=0022" "dmask=0022" ]; options = [ "fmask=0022" "dmask=0022" ];
}; };
fileSystems."/data" =
{ device = "rpool/data";
fsType = "zfs";
};
fileSystems."/data/steam" = fileSystems."/data/steam" =
{ device = "rpool/data/steam"; { device = "rpool/data/steam";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/data/syncthing" = fileSystems."/config" =
{ device = "rpool/data/syncthing"; { device = "rpool/config";
fsType = "zfs"; fsType = "zfs";
}; };

16
hosts/tohru/syncthing.nix
View file

@ -1,16 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.syncthing = {
enable = true;
user = "qenya";
dataDir = "/data/syncthing";
overrideDevices = true;
overrideFolders = true;
settings = {
devices = {
"kilgharrah" = { id = "RDT7IGD-76FZ6LY-37PPB2W-DWPQRPR-LZ4AXF7-4GIIHYJ-RVXUUSG-ZXPN3AZ"; };
};
};
};
}