bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-dotfiles/instances/freya/configuration.nix

116 lines
2.9 KiB
Nix
Raw Blame History

{ pkgs, ... }: {
age.secrets = {
garage_bertof_freya_key = { file = ../../secrets/garage_bertof_freya_key.age; owner = "bertof"; };
# garage_tiziano_loki_key = { file = ../../secrets/garage_tiziano_loki_key.age; owner = "tiziano"; };
};
console = { font = "Lat2-Terminus16"; keyMap = "it"; };
environment = {
pathsToLink = [ "/share/zsh" ];
systemPackages = builtins.attrValues { inherit (pkgs) helix tmux vim; };
};
hardware = {
bluetooth = { enable = true; package = pkgs.bluezFull; };
opengl = { enable = true; driSupport = true; };
raspberry-pi."4" = {
# audio.enable = true; # AUDIO
# fkms-3d.enable = true; # GPU
};
};
i18n.defaultLocale = "it_IT.UTF-8";
networking.hostName = "freya";
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
# 445 # SAMBA
# 139 # SAMBA
# 5357 # SAMBA-WSDD
# 8123 # HOME ASSISTANT
8384 # SYNCTHING
# 8385 # SYNCTHING
];
allowedUDPPorts = [
137 # SYNCTHING
138 # SYNCTHING
# 3702 # SAMBA-WSDD
];
# extraCommands =
# "iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
};
programs = {
dconf.enable = true;
gnupg.agent = { enable = true; enableSSHSupport = true; };
zsh.enable = true;
};
security.sudo.extraConfig = ''
Defaults pwfeedback
'';
services = {
avahi = {
enable = true;
openFirewall = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
userServices = true;
workstation = true;
};
extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
blueman.enable = true;
dbus.packages = [ pkgs.dconf ];
gnome.gnome-keyring.enable = true;
openssh = { enable = true; openFirewall = true; };
# xserver = {
# enable = true;
# desktopManager.retroarch = { enable = true; package = pkgs.retroarchFull; };
# };
};
time.timeZone = "Europe/Rome";
users.users = {
bertof = {
isNormalUser = true;
extraGroups = [
"audio"
"input"
"docker"
"libvirtd"
"network"
"networkmanager"
"usb"
"video"
"wheel"
];
shell = pkgs.zsh;
};
};
systemd.services.bertof-garage = {
description = "Mount S3 bucket in bertof's home";
wantedBy = [ "default.target" ];
wants = [ "network.target" "network-online.target" ];
after = [ "network.target" "network-online.target" "local-fs.target" ];
serviceConfig = {
AssertPathIsDirectory = "/home/bertof/s3";
ExecStart = "${pkgs.s3fs}/bin/s3fs -f -d bertof /home/bertof/s3 -o passwd_file=/home/bertof/s3_secret,use_path_request_style,url=http://localhost:3900";
Type = "exec";
User = "bertof";
};
};
system.stateVersion = "22.11";
}
Reference in a new issue View git blame Copy permalink