{ config, pkgs, lib, disko, sydnix-cli, ... }: { imports = [ ./hardware.nix ./disks.nix ]; sydnix = { filesystemType = "btrfs"; users.users = [ "lain" "besties" ]; impermanence = { enable = true; directories = [ # "Warning: Neither /var/lib/nixos nor any of its parents are persisted. # This means all users/groups without specified uids/gids will have them # reassigned on reboot." "/var/lib/nixos" # We don't want to have different ssh keys on reboot, because ssh keys # are expected to consistently identify machines... I think. I mostly # just think it's annoying to edit ~/.ssh/known_hosts all the time. "/etc/ssh" ]; rollback = { enable = true; device = "/dev/sda2"; subvolume = "rootfs"; }; }; sops = { enable = true; keyFile = "/persist/private-keys/age/deertopia"; }; deertopia = { authelia.enable = true; bepasty.enable = true; jellyfin.enable = true; lldap.enable = true; nginx.enable = true; slskd.enable = true; webdav.enable = true; copyparty.enable = true; syncthing.enable = true; cache.enable = true; mullvad.enable = true; # A simple default webpage. This should probably live somewhere else. nginx.vhosts."www" = { vhostName = "deertopia.net"; vhost = { forceSSL = true; enableACME = true; locations."/" = { index = "index.html"; }; }; }; }; }; sydnix.sops.secrets.buffalo-nas-creds = {}; fileSystems."/nas/media" = { # DNS is seemingly unavailable to the mount service. device = "//192.168.68.62/media"; mountPoint = "/nas/media"; fsType = "cifs"; options = [ "vers=2.0" "cred=/run/secrets/buffalo-nas-creds" ]; }; boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; time.timeZone = "America/Denver"; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; # keyMap = "us"; useXkbConfig = true; # use xkb.options in tty. }; services.xserver.xkb.layout = "us"; services.xserver.xkb.options = "caps:escape"; environment.systemPackages = with pkgs; [ neovim git sshfs waypipe sydnix-cli.packages.x86_64-linux.default (import ../../scripts/port-tools { inherit pkgs; }) ]; services.openssh = { enable = true; settings = { PermitRootLogin = "yes"; X11Forwarding = true; # This server is connected to the internet! Port 22 is open!! # Aagghhhh!!! Stay safe! PasswordAuthentication = false; }; }; # TODO: Move to defaults. users.mutableUsers = false; nix = { settings = { trusted-users = [ "@wheel" ]; substituters = [ "https://nix-community.cachix.org" "https://cache.nixos.org" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; }; }; # This option defines the first version of NixOS you have installed on this # particular machine, and is used to maintain compatibility with application # data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any # reason, even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are # pulled from, so changing it will NOT upgrade your system - see # https://nixos.org/manual/nixos/stable/#sec-upgrading for how to actually do # that. # # This value being lower than the current NixOS release does NOT mean your # system is out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes # it would make to your configuration, and migrated your data accordingly. # # For more information, see `man configuration.nix` or # https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.05"; # Did you read the comment? }