Update

2024-06-08 01:56:21 +02:00
parent 1ccb720f3b
commit 88fb9d078b
31 changed files with 200 additions and 48 deletions
--- a/hosts/laptop/configuration.nix
+++ b/hosts/laptop/configuration.nix
@@ -1,16 +1,17 @@
 { pkgs, config, ... }:
 let
  variable = import ../../variables.nix;
-  imports = [ ./hardware-configuration.nix ];
-  # Weird variable name to avoid conflict with the `imports` variable...
-  secondImports =
-    if variable.enableNvidia then imports ++ [ ./nvidia.nix ] else imports;
-  thirdImports = if variable.enablePrime then
-    secondImports ++ [ ./prime.nix ]
-  else
-    secondImports;
+  baseImports = [ ./hardware-configuration.nix ];
+
+  extraImports = [
+    (if variable.enableNvidia then ./nvidia.nix else null)
+    (if variable.enablePrime then ./prime.nix else null)
+  ];
+
+  filteredImports = builtins.filter (x: x != null) extraImports;
+
 in {
-  imports = thirdImports;
+  imports = baseImports ++ filteredImports;

  # Bootloader.
  boot = {
@@ -59,6 +60,20 @@ in {
  programs.zsh.enable = true;
  users.defaultUserShell = pkgs.zsh;

+  loginShellInit = ''
+    dbus-update-activation-environment --systemd DISPLAY
+    eval $(gnome-keyring-daemon --start --components=ssh,secrets)
+    eval $(ssh-agent)
+  '';
+
+  # faster rebuilding
+  documentation = {
+    enable = true;
+    doc.enable = false;
+    man.enable = true;
+    dev.enable = false;
+  };
+
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

--- a/hosts/server/firewall.nix
+++ b/hosts/server/firewall.nix
@@ -1,5 +1,11 @@
 {

+  services.fail2ban = {
+    enable = true;
+    maxretry = 3;
+    ignoreIP = [ "127.0.0.0/8" "10.0.0.0/8" "192.168.0.0/16" ];
+  };
+
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 22 ];
--- a/hosts/server/ntfy.nix
+++ b/hosts/server/ntfy.nix
@@ -0,0 +1 @@
+{ services.ntfy = { enable = true; }; }
--- a/hosts/server/vaultwarden.nix
+++ b/hosts/server/vaultwarden.nix
@@ -0,0 +1,21 @@
+let
+  port = 8222;
+  signup = false;
+in {
+  services.vaultwarden = {
+    enable = true;
+    config = {
+      DOMAIN = "https://bw.anotherhadi.com";
+      SIGNUPS_ALLOWED = signup;
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = port;
+      ROCKET_LOG = "critical";
+    };
+  };
+
+  services.nginx.virtualHosts."bw.anotherhadi.com" = {
+    locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
+  };
+
+  networking.firewall.allowedTCPPorts = [ port ];
+}