don/NixOS-Configs
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Activity
NixOS-Configs/workstation/configuration.nix
Don Harper 42a51e44f5 workstation | not mini, now harper
2022-11-24 16:22:07 -06:00

216 lines
6.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, ... }:
{
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot";
boot.kernelPackages = pkgs.linuxPackages_latest;
# Enable networking
networking.networkmanager.enable = true;
networking.networkmanager.wifi.powersave = true;
networking.useDHCP = false;
networking.extraHosts =
''
100.75.7.116 harper.tail rss.duckland.org vault.duckland.org git.duckland.org photos.duckland.org recipes.duckland.org vault.duckland.org dashy.duckland.org music.duckland.org bandwidth.duckland.org bandwidth2.duckland.org speed.duckland.org cloud.duckland.org plex.duckland.org smoke.duckland.org smart.duckland.org drone.home.duckland.org webhook.home.duckland.org cal.duckland.org gluetun.config.duckland.org jelly.duckland.org harper
'';
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.utf8";
# Splash screen
boot.plymouth.enable = false;
boot.plymouth.theme = "breeze";
# Enable doas instead of sudo
security.sudo.enable = false;
security.doas.enable = true;
security.doas.extraRules = [{
users = [ "don" ];
keepEnv = true;
noPass = true;
}];
# Enable the X11 windowing system.
#services.xserver.enable = false;
# Enable the GNOME Desktop Environment.
#services.xserver.displayManager.gdm.enable = true;
#services.xserver.desktopManager.gnome.enable = false;
# Configure keymap in X11
#services.xserver = {
#layout = "us";
#xkbVariant = "";
#};
services.avahi.enable = true;
services.avahi.nssmdns = true;
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
hardware.sane = {
enable = true;
extraBackends = [ pkgs.sane-airscan ];
};
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
xdg.portal.enable = true; # only needed if you are not doing Gnome
services.flatpak.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.don = {
isNormalUser = true;
description = "Don Harper";
extraGroups = [ "networkmanager" "wheel" "scanner" "lp" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd8AdVbQQ/Fmw+b9mI8EMYqIoRkwmSwAOtmlte3incL don@loki"
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
citrix_workspace
firefox
git-crypt
gitFull
gnupg
home-manager
keyutils
mosh
pulseaudio
python310
python310Packages.tldextract
python310Packages.pipx
python310Packages.setuptools
qutebrowser
syncthing
tailscale
tmux
tmuxp
topgrade
#vim
wget
zoom-us
];
programs.mtr.enable = true;
#-#| nixpkgs.overlays = [
#-#| ( self: super:
#-#| let
#-#| extraCerts = [ /etc/static/ssl/certs/ca-bundle.crt /etc/static/ssl/certs/ca-certificates.crt ];
#-#| in {
#-#| citrix_workspace = super.citrix_workspace.override {
#-#| inherit extraCerts;
#-#| };
#-#| qutebrowser = super.qutebrowser.override { enableWideVine = true; };
#-#| }
#-#| )
#-#| ];
services.tailscale.enable = true;
# create a oneshot job to authenticate to Tailscale
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey tskey-kX35vC1CNTRL-ZLmNBp4CQV3bu3SsLGjW56
'';
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
#permitRootLogin = "yes";
};
# Open ports in the firewall.
networking.firewall = {
enable = true;
# always allow traffic from your Tailscale network
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
# allow the Tailscale UDP port through the firewall
allowedUDPPorts = [ config.services.tailscale.port ];
# allow you to SSH in over the public internet
allowedTCPPorts = [ 22 ];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev)
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
# nixpkgs.config.firefox.enableGnomeExtenions = true;
# services.gnome.gnome-browser-connector.enable = true;
programs.msmtp = {
enable = true;
accounts = {
default = {
auth = true;
tls = true;
from = "duck@duckland.org";
host = "smtp.gmail.com";
user = "duckunix@gmail.com";
passwordeval = "cat /home/don/.smtp_password.txt";
};
};
};
nix.gc = {
automatic = true;
options = "-d";
};
}
Reference in a new issue View git blame Copy permalink