{ config, pkgs, lib, disko, sydnix-cli, ... }: { imports = [ ./hardware.nix ./disks.nix ]; sydnix = { filesystemType = "btrfs"; stylix.enable = true; users.users = [ "lain" "msyds" # "liv" ]; impermanence = { enable = true; directories = [ # "Warning: Neither /var/lib/nixos nor any of its parents are persisted. # This means all users/groups without specified uids/gids will have them # reassigned on reboot." "/var/lib/nixos" # We don't want to have different ssh keys on reboot, because ssh keys # are expected to consistently identify machines... I think. I mostly # just think it's annoying to edit ~/.ssh/known_hosts all the time. "/etc/ssh" # TODO: move "/home/liv" ]; rollback = { enable = true; device = "/dev/sda2"; subvolume = "rootfs"; }; }; sops = { enable = true; keyFile = "/persist/private-keys/age/deertopia"; }; deertopia = { authelia.enable = true; quiver.enable = true; www.enable = true; bepasty.enable = true; jellyfin.enable = false; lldap.enable = true; lldap.pam.enable = true; nginx.enable = true; slskd.enable = true; webdav.enable = true; copyparty.enable = true; syncthing.enable = true; cache.enable = true; # mullvad.enable = true; murmur.enable = true; servarr = { enable = true; prowlarr.enable = true; jellyfin.enable = true; transmission.enable = true; sonarr.enable = true; lidarr.enable = true; radarr.enable = true; # sabnzbd.enable = true; # slskd.enable = true; }; }; }; sydnix.sops.secrets.buffalo-nas-creds = {}; boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; time.timeZone = "America/Denver"; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; # keyMap = "us"; useXkbConfig = true; # use xkb.options in tty. }; services.xserver.xkb.layout = "us"; services.xserver.xkb.options = "caps:escape"; environment.systemPackages = with pkgs; [ neovim git sshfs waypipe sydnix-cli.packages.x86_64-linux.default (import ../../scripts/port-tools { inherit pkgs; }) (import ../../scripts/vpn-tools { inherit pkgs; }) ]; services.openssh = { enable = true; settings = { PermitRootLogin = "yes"; X11Forwarding = true; # This server is connected to the internet! Port 22 is open!! # Aagghhhh!!! Stay safe! PasswordAuthentication = false; }; }; users.mutableUsers = true; nix = { settings = { trusted-users = [ "@wheel" ]; substituters = [ "https://nix-community.cachix.org" "https://cache.nixos.org" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; }; }; # This option defines the first version of NixOS you have installed on this # particular machine, and is used to maintain compatibility with application # data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any # reason, even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are # pulled from, so changing it will NOT upgrade your system - see # https://nixos.org/manual/nixos/stable/#sec-upgrading for how to actually do # that. # # This value being lower than the current NixOS release does NOT mean your # system is out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes # it would make to your configuration, and migrated your data accordingly. # # For more information, see `man configuration.nix` or # https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.05"; # Did you read the comment? }