Update
This commit is contained in:
Hadi
@@ -1,17 +1,24 @@
|
||||
{ pkgs, config, ... }: {
|
||||
{ config, ... }: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./variables.nix
|
||||
../modules/usb.nix
|
||||
|
||||
../modules/grub.nix
|
||||
../modules/timezone.nix
|
||||
../modules/utils.nix
|
||||
../modules/users.nix
|
||||
../modules/zsh.nix
|
||||
../modules/nix.nix
|
||||
../modules/auto-upgrade.nix
|
||||
|
||||
# internal
|
||||
./modules/internal/security.nix
|
||||
./modules/internal/openssh.nix
|
||||
./modules/internal/adguard.nix
|
||||
./modules/internal/cockpit.nix
|
||||
# ./modules/internal/adguard.nix # TODO
|
||||
# ./modules/internal/cockpit.nix
|
||||
|
||||
# exposed
|
||||
./modules/exposed/ntfy-sh.nix
|
||||
# ./modules/exposed/ntfy-sh.nix
|
||||
./modules/exposed/tailscale.nix
|
||||
./modules/exposed/kuma.nix
|
||||
./modules/exposed/cloudflare-dyndns.nix
|
||||
@@ -20,111 +27,15 @@
|
||||
./modules/exposed/vaultwarden.nix
|
||||
./modules/www
|
||||
|
||||
# jackflix
|
||||
./modules/jackflix
|
||||
|
||||
./secrets
|
||||
];
|
||||
|
||||
# Bootloader.
|
||||
boot = {
|
||||
loader.grub.enable = true;
|
||||
loader.grub.device = "/dev/sda";
|
||||
loader.grub.useOSProber = true;
|
||||
tmp.cleanOnBoot = true;
|
||||
kernelPackages =
|
||||
pkgs.linuxPackages_latest; # _zen, _hardened, _rt, _rt_latest, etc.
|
||||
};
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
|
||||
# Networking
|
||||
networking = { hostName = config.var.hostname; };
|
||||
|
||||
# Timezone and locale
|
||||
time.timeZone = config.var.timeZone;
|
||||
i18n.defaultLocale = config.var.defaultLocale;
|
||||
i18n.extraLocaleSettings = {
|
||||
LC_ADDRESS = config.var.extraLocale;
|
||||
LC_IDENTIFICATION = config.var.extraLocale;
|
||||
LC_MEASUREMENT = config.var.extraLocale;
|
||||
LC_MONETARY = config.var.extraLocale;
|
||||
LC_NAME = config.var.extraLocale;
|
||||
LC_NUMERIC = config.var.extraLocale;
|
||||
LC_PAPER = config.var.extraLocale;
|
||||
LC_TELEPHONE = config.var.extraLocale;
|
||||
LC_TIME = config.var.extraLocale;
|
||||
};
|
||||
|
||||
# Users
|
||||
users.users.${config.var.username} = {
|
||||
isNormalUser = true;
|
||||
description = "${config.var.username} account";
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [ config.var.sshPublicKey ];
|
||||
};
|
||||
|
||||
services = {
|
||||
xserver = {
|
||||
enable = true;
|
||||
xkb.layout = config.var.keyboardLayout;
|
||||
xkb.variant = "";
|
||||
};
|
||||
gnome.gnome-keyring.enable = true;
|
||||
};
|
||||
console.keyMap = config.var.keyboardLayout;
|
||||
|
||||
# Shell
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
loginShellInit = ''
|
||||
dbus-update-activation-environment --systemd DISPLAY
|
||||
'';
|
||||
};
|
||||
users.defaultUserShell = pkgs.zsh;
|
||||
|
||||
nix = {
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
substituters = [ "https://hyprland.cachix.org" ];
|
||||
trusted-public-keys = [
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
];
|
||||
};
|
||||
gc = if config.var.autoGarbageCollector then {
|
||||
automatic = true;
|
||||
persistent = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
} else
|
||||
{ };
|
||||
};
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
system.autoUpgrade = if config.var.autoUpgrade then {
|
||||
enable = true;
|
||||
dates = "04:00";
|
||||
flake = "${config.var.configDirectory}";
|
||||
flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ];
|
||||
allowReboot = false;
|
||||
} else
|
||||
{ };
|
||||
|
||||
services.libinput.enable = true;
|
||||
programs.dconf.enable = true;
|
||||
|
||||
# Faster rebuilding
|
||||
documentation = {
|
||||
enable = true;
|
||||
doc.enable = false;
|
||||
man.enable = true;
|
||||
dev.enable = false;
|
||||
};
|
||||
|
||||
services.dbus.enable = true;
|
||||
|
||||
# Don't touch this
|
||||
system.stateVersion = "24.05";
|
||||
}
|
||||
|
||||
@@ -8,12 +8,10 @@
|
||||
"vault.anotherhadi.com"
|
||||
"anotherhadi.com"
|
||||
"www.anotherhadi.com"
|
||||
"test.anotherhadi.com"
|
||||
"jack.anotherhadi.com"
|
||||
"ntfy.anotherhadi.com"
|
||||
"home.anotherhadi.com"
|
||||
"kuma.anotherhadi.com"
|
||||
"start.anotherhadi.com"
|
||||
];
|
||||
proxied = true;
|
||||
apiTokenFile = "/etc/cloudflare/apiToken";
|
||||
|
||||
@@ -12,7 +12,7 @@ in {
|
||||
};
|
||||
settings = {
|
||||
trusted_domains =
|
||||
[ "localhost" "127.0.0.1" "192.168.2.23" "cloud.anotherhadi.com" ];
|
||||
[ "localhost" "127.0.0.1" "192.168.1.99" "cloud.anotherhadi.com" ];
|
||||
};
|
||||
nginx.recommendedHttpHeaders = true;
|
||||
extraApps = {
|
||||
|
||||
@@ -2,6 +2,6 @@
|
||||
imports = [ ./home.anotherhadi.com.nix ./anotherhadi.com.nix ];
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"test.anotherhadi.com" = { root = "/var/www/test"; };
|
||||
# "test.anotherhadi.com" = { root = "/var/www/test"; };
|
||||
};
|
||||
}
|
||||
|
||||
@@ -18,14 +18,14 @@
|
||||
email = "112569860+anotherhadi@users.noreply.github.com";
|
||||
};
|
||||
|
||||
stateVersion = "24.05";
|
||||
|
||||
autoUpgrade = false;
|
||||
autoGarbageCollector = false;
|
||||
sops = true;
|
||||
obsidian = false;
|
||||
tailscale = true;
|
||||
|
||||
usbguard = false;
|
||||
usbguardRules = "";
|
||||
|
||||
sshPublicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPG9SE80ZyBcXZK/f5ypSKudaM5Jo3XtQikCnGo0jI5E hadi@nixy";
|
||||
|
||||
|
||||
Reference in New Issue
Block a user