DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3464e55e0e1c70b062db0087e3e027594816dd59
cyper-nix/nixos/default.nix
T

166 lines
3.6 KiB
Nix
Raw Blame History

{
pkgs,
inputs,
lib,
config,
primaryUser,
isServer,
...
}:
{
imports = [
./fonts.nix
./sops.nix
./locale.nix
./tailscale.nix
./ssh.nix
]
++ lib.optionals (!isServer) [
./regreet.nix
./plymouth.nix
./audio.nix
# ./webcam.nix
./virt.nix
./catppuccin.nix
];
nix = {
settings = {
trusted-users = [
"root"
primaryUser
];
experimental-features = [
"nix-command"
"flakes"
];
max-jobs = "auto";
cores = 0;
http-connections = 4;
download-buffer-size = 268435456;
substituters = [
"https://cache.nixos.org"
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
"https://cyper-cache.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cyper-cache.cachix.org-1:pOpeWFEjGHg9XvqRg+DQpYnGRQNp+z+QEF8Ev2mbSoM="
];
};
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
# TODO: Get rid of this
virtualisation = lib.mkIf isServer {
vmVariant = {
virtualisation = {
forwardPorts = [
{
from = "host";
host.port = 2222;
guest.port = 22;
}
];
qemu.networkingOptions = [
"-device virtio-net-pci,netdev=net0"
"-netdev user,id=net0,net=10.0.2.0/24,dhcpstart=10.0.2.15"
];
};
systemd.network.networks."10-ethernet" = lib.mkForce {
matchConfig.Name = "ens*";
networkConfig = {
Address = "10.0.2.15/24";
Gateway = "10.0.2.2";
DNS = "8.8.8.8";
DHCP = "no";
};
};
};
};
documentation = {
enable = true;
doc.enable = false;
man.enable = false;
info.enable = false;
};
nixpkgs.config.allowUnfree = true;
programs = {
fish.enable = true;
}
// lib.optionalAttrs (!isServer) {
dconf.enable = true;
hyprland = {
enable = false;
package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland;
};
steam.enable = true;
appimage = {
enable = true;
binfmt = true;
};
};
security = lib.mkIf (!isServer) {
pam.services.swaylock = { };
polkit.enable = true;
apparmor.enable = false;
};
services = {
prometheus.exporters.node = {
enable = true;
port = 9002;
};
gnome = lib.mkIf (!isServer) {
tinysparql.enable = true;
localsearch.enable = true;
};
};
sops.secrets.cachix_auth_token = { };
systemd.services.cachix-push = {
description = "Push new store paths to Cachix";
after = [ "multi-user.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.bash}/bin/bash -c 'CACHIX_AUTH_TOKEN=$(cat ${config.sops.secrets.cachix_auth_token.path}) ${pkgs.nix}/bin/nix path-info --recursive /run/current-system | CACHIX_AUTH_TOKEN=$(cat ${config.sops.secrets.cachix_auth_token.path}) ${pkgs.cachix}/bin/cachix push cyper-cache'";
};
};
networking.firewall.allowedTCPPorts = [
9002
3100
];
users.users.${primaryUser} = {
home = "/home/${primaryUser}";
shell = pkgs.fish;
isNormalUser = true;
extraGroups = [
"wheel"
]
++ lib.optionals (!isServer) [
"video"
"audio"
"libvirtd"
"input"
];
};
}
Reference in New Issue View Git Blame Copy Permalink