nixos-config/config/hosts/nixos76/default.nix

221 lines
6.9 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# This file merged the original configuration.nix and hardware-configuration.nix files, refactoring common system config out
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.hostName = "nixos76"; # Define your hostname.
# What was this for? maybe wireguard?
networking.firewall = {
allowedUDPPorts = [ 51820 22000 ]; # Clients and peers can use the same port, see listenport
allowedTCPPorts = [ 22000 48412 62109 ];
};
# Enable WireGuard
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [ "10.100.0.2/24" ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = "/home/alex/wireguard-keys/private";
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# Public key of the server (not a file path).
publicKey = "aD40D1jcgLbIZGkA1AoXkwpmP6hSWcttf3ptq4GRjC0=";
# Forward all the traffic via VPN.
allowedIPs = [ "0.0.0.0/0" ];
# Or forward only particular subnets
#allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ];
# Set this to the server IP and port.
endpoint = "192.168.1.226:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
# Add LUKS external drive mount
environment.etc.crypttab = {
enable = true;
text = ''
# /etc/crypttab: mappings for encrypted partitions.
#
# Each mapped device will be created in /dev/mapper, so your /etc/fstab
# should use the /dev/mapper/<name> paths for encrypted devices.
#
# See crypttab(5) for the supported syntax.
#
# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf). The same applies
# to encrypted swap, which should be set up with mkinitcpio-openswap
# for resume support.
#
# <name> <device> <password> <options>
# luks-d515fd8a-a021-4a1e-bd21-5793c3c3a771 UUID=d515fd8a-a021-4a1e-bd21-5793c3c3a771 /crypto_keyfile.bin luks
externaldrive UUID=b9e3979c-9362-4242-a835-6dd702dfb0ee /etc/externalHD_keyfile.bin luks
'';
};
fileSystems."/media/external".device = "/dev/mapper/externaldrive";
# Enable the X11 windowing system.
# services.xserver.enable = true;
services.xserver.desktopManager.xfce.enable = true;
services.displayManager.defaultSession = "xfce";
# hardware.graphics.enable = true;
# hardware.graphics.extraPackages = [
# pkgs.intel-media-driver
# ];
# hardware.graphics.extraPackages32 = [
# pkgs.intel-media-driver
# pkgs.pkgsi686Linux.libva
# ];
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable blueooth
# hardware.bluetooth.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio = {
# enable = true;
# package = pkgs.pulseaudioFull;
# support32Bit = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alex = {
# isNormalUser = true;
# extraGroups = [ "wheel" "networkmanager" ]; # Enable sudo for the user.
# };
fileSystems."/home/alex/Documents" = {
device = "/media/external/Documents";
options = [ "bind" ];
};
fileSystems."/home/alex/Games" = {
device = "/media/external/Games";
options = [ "bind" ];
};
fileSystems."/home/alex/Git" = {
device = "/media/external/Git";
options = [ "bind" ];
};
fileSystems."/home/alex/Lutris" = {
device = "/media/external/Lutris";
options = [ "bind" ];
};
fileSystems."/home/alex/Music" = {
device = "/media/external/Music";
options = [ "bind" ];
};
fileSystems."/home/alex/Pictures" = {
device = "/media/external/Pictures";
options = [ "bind" ];
};
fileSystems."/home/alex/Videos" = {
device = "/media/external/Videos";
options = [ "bind" ];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# atau-wallpapers
blueman
dxvk
envsubst
font-manager
gparted
lshw
mesa
nodejs_20
pavucontrol
unzip
vim
vulkan-extension-layer
wget
];
# Syncthing
services = {
syncthing = {
enable = true;
user = "alex";
dataDir = "/home/alex/Sync";
configDir = "/home/alex/Sync/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
settings = {
devices = {
"atauno" = { id = "TXSURD2-XCKOLDG-DJ76OOK-JZXOE3Q-XXTNOIM-XR5LB2B-YWBV2ER-6KRFIQN"; };
};
folders = {
# "Documents" = {
# # Name of folder in Syncthing, also the folder ID
# path = "/home/myusername/Documents"; # Which folder to add to Syncthing
# devices = [ "device1" "device2" ]; # Which devices to share the folder with
# };
"vaults" = {
id = "bbqnm-caya2";
path = "/home/alex/vaults";
devices = [ "atauno" ];
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
};
services.blueman.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}