msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d203a71aaa92b28ad6e78e08d45b7e0debfea62a
sydnix/hosts/deertopia/configuration.nix
Madeleine Sydney d203a71aaa feat: Encryption
2025-02-18 15:59:17 -07:00

177 lines
4.8 KiB
Nix
Executable File
Raw Blame History

{ config, pkgs, lib, disko, sydnix-cli, ... }:
{
imports = [
./hardware-configuration.nix
./disko-config.nix
];
sydnix = {
filesystemType = "btrfs";
users.users = [
"lain"
"besties"
];
impermanence = {
enable = true;
directories = [
# "Warning: Neither /var/lib/nixos nor any of its parents are persisted.
# This means all users/groups without specified uids/gids will have them
# reassigned on reboot."
"/var/lib/nixos"
# We don't want to have different ssh keys on reboot, because ssh keys
# are expected to consistently identify machines... I think. I mostly
# just think it's annoying to edit ~/.ssh/known_hosts all the time.
"/etc/ssh"
];
rollback = {
enable = true;
device = "/dev/sda2";
subvolume = "rootfs";
};
};
sops = {
enable = true;
keyFile = "/persist/private-keys/age/deertopia";
};
# git-annex = {
# enable = true;
# user.name = "annex";
# user.email = "annex@deertopia.net";
# keyFiles = [
# ../../public-keys/crumb-at-guix-rebound.pub
# ../../public-keys/crumble-at-fruitbook.pub
# ../../public-keys/lain-at-deertopia.pub
# ];
# repos = {
# "/persist/vault/jellyfin/Documents" = {
# managed = true;
# symlinkToAnnexHome = "documents";
# remotes = {
# "guix-rebound" = "crumb@guix-rebound:Documents";
# };
# };
# "/persist/vault/jellyfin/Music" = {
# managed = true;
# symlinkToAnnexHome = "music";
# remotes = {
# "guix-rebound" = "crumb@guix-rebound:Music";
# };
# };
# "/persist/deertopia.net/dav/org" = {
# managed = true;
# symlinkToAnnexHome = "org";
# remotes = {
# "guix-rebound" = "crumb@guix-rebound:org";
# };
# };
# };
# };
syncthing = {
enable = true;
devices = {
"guix-rebound".id =
"Q5B6LIV-5HQMWWV-XFQL5IT-PHP7PVE-XFWUVHK-F6WJ42C-OPMR4M7-GFNK3AG";
};
folders = {
"Music" = {
path = "/persist/vault/jellyfin/Music";
devices = [ "guix-rebound" ];
ignorePerms = true;
};
"org" = {
path = "/persist/deertopia.net/dav/org";
devices = [ "guix-rebound" ];
ignorePerms = true;
};
};
};
deertopia = {
slskd.enable = true;
jellyfin.enable = true;
nginx.enable = true;
webdav.enable = true;
bepasty.enable = true;
# A simple default webpage. This should probably live somewhere else.
nginx.vhosts."www" = {
vhostName = "deertopia.net";
vhost = {
forceSSL = true;
enableACME = true;
locations."/" = {
index = "index.html";
};
};
};
};
};
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
time.timeZone = "America/Denver";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
# keyMap = "us";
useXkbConfig = true; # use xkb.options in tty.
};
services.xserver.xkb.layout = "us";
services.xserver.xkb.options = "caps:escape";
environment.systemPackages = with pkgs; [
neovim
git
sshfs
sydnix-cli.packages.x86_64-linux.default
];
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
X11Forwarding = true;
# This server is connected to the internet! Port 22 is open!!
# Aagghhhh!!! Stay safe!
PasswordAuthentication = false;
};
};
# TODO: Move to defaults.
users.mutableUsers = false;
# This option defines the first version of NixOS you have installed on this
# particular machine, and is used to maintain compatibility with application
# data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any
# reason, even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are
# pulled from, so changing it will NOT upgrade your system - see
# https://nixos.org/manual/nixos/stable/#sec-upgrading for how to actually do
# that.
#
# This value being lower than the current NixOS release does NOT mean your
# system is out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes
# it would make to your configuration, and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or
# https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.05"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink