{ config, pkgs, lib, disko, sydnix-cli, ... }: { imports = [ ./hardware-configuration.nix ./disko-config.nix ]; sydnix = { filesystemType = "btrfs"; users.users = [ "lain" "besties" ]; impermanence = { enable = true; directories = [ # "Warning: Neither /var/lib/nixos nor any of its parents are persisted. # This means all users/groups without specified uids/gids will have them # reassigned on reboot." "/var/lib/nixos" # We don't want to have different ssh keys on reboot, because ssh keys # are expected to consistently identify machines... I think. I mostly # just think it's annoying to edit ~/.ssh/known_hosts all the time. "/etc/ssh" ]; rollback = { enable = true; device = "/dev/sda2"; subvolume = "rootfs"; }; }; sops = { enable = true; keyFile = "/persist/vault/root/deertopia-key"; }; # git-annex = { # enable = true; # user.name = "annex"; # user.email = "annex@deertopia.net"; # keyFiles = [ # ../../public-keys/crumb-at-guix-rebound.pub # ../../public-keys/crumble-at-fruitbook.pub # ../../public-keys/lain-at-deertopia.pub # ]; # repos = { # "/persist/vault/jellyfin/Documents" = { # managed = true; # symlinkToAnnexHome = "documents"; # remotes = { # "guix-rebound" = "crumb@guix-rebound:Documents"; # }; # }; # "/persist/vault/jellyfin/Music" = { # managed = true; # symlinkToAnnexHome = "music"; # remotes = { # "guix-rebound" = "crumb@guix-rebound:Music"; # }; # }; # "/persist/deertopia.net/dav/org" = { # managed = true; # symlinkToAnnexHome = "org"; # remotes = { # "guix-rebound" = "crumb@guix-rebound:org"; # }; # }; # }; # }; syncthing = { enable = true; devices = { "guix-rebound".id = "Q5B6LIV-5HQMWWV-XFQL5IT-PHP7PVE-XFWUVHK-F6WJ42C-OPMR4M7-GFNK3AG"; }; folders = { "Music" = { path = "/persist/vault/jellyfin/Music"; devices = [ "guix-rebound" ]; ignorePerms = true; }; "org" = { path = "/persist/deertopia.net/dav/org"; devices = [ "guix-rebound" ]; ignorePerms = true; }; }; }; deertopia = { slskd.enable = true; jellyfin.enable = true; nginx.enable = true; webdav.enable = true; bepasty.enable = true; # A simple default webpage. This should probably live somewhere else. nginx.vhosts."www" = { vhostName = "deertopia.net"; vhost = { forceSSL = true; enableACME = true; locations."/" = { index = "index.html"; }; }; }; }; }; boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; time.timeZone = "America/Denver"; i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; # keyMap = "us"; useXkbConfig = true; # use xkb.options in tty. }; services.xserver.xkb.layout = "us"; services.xserver.xkb.options = "caps:escape"; environment.systemPackages = with pkgs; [ neovim git sshfs sydnix-cli.packages.x86_64-linux.default ]; services.openssh = { enable = true; settings = { PermitRootLogin = "yes"; X11Forwarding = true; # This server is connected to the internet! Port 22 is open!! # Aagghhhh!!! Stay safe! PasswordAuthentication = false; }; }; # TODO: Move to defaults. users.mutableUsers = false; # This option defines the first version of NixOS you have installed on this # particular machine, and is used to maintain compatibility with application # data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any # reason, even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are # pulled from, so changing it will NOT upgrade your system - see # https://nixos.org/manual/nixos/stable/#sec-upgrading for how to actually do # that. # # This value being lower than the current NixOS release does NOT mean your # system is out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes # it would make to your configuration, and migrated your data accordingly. # # For more information, see `man configuration.nix` or # https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.05"; # Did you read the comment? }