Move modules folders

2025-09-11 14:00:31 +02:00 · 2025-09-11 14:00:31 +02:00 · c1101e7b45
commit c1101e7b45
parent 914909009c
183 changed files with 327 additions and 327 deletions
--- a/nixos/basics/automatic-garbage-collection.nix
+++ b/nixos/basics/automatic-garbage-collection.nix
@ -0,0 +1,6 @@
+{
+  nix.gc = {
+    automatic = true;
+    options = "--delete-older-than 7d";
+  };
+}
--- a/nixos/basics/btrfs-scrub.nix
+++ b/nixos/basics/btrfs-scrub.nix
@ -0,0 +1,13 @@
+{ lib, config, ... }:
+let
+  inherit (builtins) mapAttrs attrValues;
+  inherit (lib) filterAttrs unique;
+  btrfsFileSystems = filterAttrs (_k: v: v.fsType == "btrfs") config.fileSystems;
+  btrfsDevices = unique (attrValues (mapAttrs (_: v: v.device) btrfsFileSystems));
+in
+{
+  services.btrfs.autoScrub = {
+    enable = btrfsDevices != [ ];
+    fileSystems = btrfsDevices;
+  };
+}
--- a/nixos/basics/default.nix
+++ b/nixos/basics/default.nix
@ -0,0 +1,16 @@
+{
+  imports = [
+    ./git.nix
+    ./automatic-garbage-collection.nix
+    ./btrfs-scrub.nix
+    ./distributed.nix
+    ./docker.nix
+    ./extended-registry.nix
+    ./fstrim.nix
+    ./fwupd.nix
+    ./remote-deploy.nix
+    # ./resolved.nix
+    ./tailscale.nix
+    # ./zerotier.nix
+  ];
+}
--- a/nixos/basics/distributed.nix
+++ b/nixos/basics/distributed.nix
@ -0,0 +1,33 @@
+{
+  # security.sudo.wheelNeedsPassword = false;
+  nix.settings = {
+    # extra-substituters = [
+    #   "https://hyprland.cachix.org"
+    #   "s3://nix-cache?endpoint=heimdall.tsn:9000&scheme=http&parallel-compression=true&want-mass-query=true&priority=35"
+    #   # "s3://nix-cache?endpoint=s3.bertof.net"
+    # ];
+
+    trusted-users = [
+      "root"
+      "@wheel"
+    ];
+
+    trusted-public-keys = [
+      "thor:yRx3HglIxjUYocp4/jAP9dPWxWBEpgP6hqj1ofEfn1A="
+      "odin:ClRXzxmDZl2Y94SG4YlWXGiJDY4L9DgZq/3OLR5+i6k="
+      "loki:HN1P2nXzIkqitl95MvjcSHxtDo7Ao+I8M8U/RqQLC5k="
+      "baldur:iP+Cg3JIcjYES9cmk+nnpd+7Po+rPlwVKqpBOAyrD64="
+      "sif:sa5OcKWpwktvnwEWmOr8Y5R6qLFT0gqW7SxBWeW4eOI="
+
+      "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
+    ];
+
+    secret-key-files = [ "/etc/nix/key" ];
+
+    # substituters = [
+    #   "ssh-ng://thor.local"
+    #   "ssh-ng://odin.local"
+    #   "ssh-ng://loki.local"
+    # ];
+  };
+}
--- a/nixos/basics/docker.nix
+++ b/nixos/basics/docker.nix
@ -0,0 +1 @@
+{ virtualisation.docker.autoPrune.enable = true; }
--- a/nixos/basics/extended-registry.nix
+++ b/nixos/basics/extended-registry.nix
@ -0,0 +1,48 @@
+{
+  nix.registry = {
+    agenix = {
+      from = {
+        id = "agenix";
+        type = "indirect";
+      };
+      to = {
+        type = "github";
+        owner = "ryantm";
+        repo = "agenix";
+      };
+    };
+    ragenix = {
+      from = {
+        id = "ragenix";
+        type = "indirect";
+      };
+      to = {
+        type = "github";
+        owner = "yaxitech";
+        repo = "ragenix";
+      };
+    };
+    my-templates = {
+      from = {
+        id = "my-templates";
+        type = "indirect";
+      };
+      to = {
+        type = "github";
+        owner = "bertof";
+        repo = "flake-templates";
+      };
+    };
+    tex2nix = {
+      from = {
+        id = "tex2nix";
+        type = "indirect";
+      };
+      to = {
+        type = "github";
+        owner = "Mic92";
+        repo = "tex2nix";
+      };
+    };
+  };
+}
--- a/nixos/basics/fstrim.nix
+++ b/nixos/basics/fstrim.nix
@ -0,0 +1 @@
+{ services.fstrim.enable = true; }
--- a/nixos/basics/fwupd.nix
+++ b/nixos/basics/fwupd.nix
@ -0,0 +1 @@
+{ services.fwupd.enable = true; }
--- a/nixos/basics/git.nix
+++ b/nixos/basics/git.nix
@ -0,0 +1,3 @@
+{
+  programs.git = { enable = true; lfs.enable = true; };
+}
--- a/nixos/basics/remote-deploy.nix
+++ b/nixos/basics/remote-deploy.nix
@ -0,0 +1,16 @@
+{ lib, ... }:
+{
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      KbdInteractiveAuthentication = lib.mkDefault false;
+      PermitRootLogin = lib.mkDefault "prohibit-password";
+      PasswordAuthentication = lib.mkDefault false;
+    };
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKp1Rfb2acLM/5TDUahu+AdV/HVw+hoOTdQIeQIjV5p8"
+  ];
+}
--- a/nixos/basics/resolved.nix
+++ b/nixos/basics/resolved.nix
@ -0,0 +1,18 @@
+{
+  services.resolved = {
+    enable = true;
+    dnssec = "allow-downgrade";
+    # dnsovertls = "true";
+    fallbackDns = [
+      # CLOUDFLARE
+      "1.1.1.1"
+      "1.0.0.1"
+      "2606:4700:4700::1111"
+      "2606:4700:4700::1001"
+
+      #GOOGLE
+      "8.8.8.8"
+      "2001:4860:4860::8844"
+    ];
+  };
+}
--- a/nixos/basics/tailscale.nix
+++ b/nixos/basics/tailscale.nix
@ -0,0 +1,19 @@
+{ lib, ... }:
+let
+  hosts = import ../../hosts.nix;
+  tailscale_hosts = lib.attrsets.mapAttrs'
+    (
+      k: v: lib.attrsets.nameValuePair v [ k ]
+    )
+    hosts.tailscale.ipv4;
+in
+{
+  services.tailscale = {
+    enable = true;
+    permitCertUid = "filippoberto95@gmail.com";
+  };
+
+  networking.firewall.checkReversePath = "loose";
+
+  networking.hosts = tailscale_hosts;
+}
--- a/nixos/basics/zerotier.nix
+++ b/nixos/basics/zerotier.nix
@ -0,0 +1,16 @@
+# let
+#   hosts = import ../../hosts.nix;
+#   zerotier_hosts = lib.attrsets.mapAttrs'
+#     (
+#       k: v: lib.attrsets.nameValuePair v [ k ]
+#     )
+#     hosts.zerotier.ipv4;
+# in
+{
+  services.zerotierone = {
+    enable = true;
+    joinNetworks = [ "8056c2e21cf9c753" ];
+  };
+
+  # networking.hosts = zerotier_hosts;
+}
				`@ -0,0 +1 @@`
				`{ virtualisation.docker.autoPrune.enable = true; }`