xin/hosts/stan/default.nix

164 lines
3.8 KiB
Nix
Raw Normal View History

2022-08-29 09:48:47 -06:00
{ config, pkgs, ... }:
let
pubKeys = [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa"
];
2022-11-07 11:53:06 -07:00
userBase = {
openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
};
2022-09-11 09:44:34 -06:00
myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
peerixUser = if builtins.hasAttr "peerix" config.users.users then
config.users.users.peerix.name
else
"root";
2022-08-29 09:48:47 -06:00
in {
2022-08-31 07:54:25 -06:00
_module.args.isUnstable = true;
imports = [ ./hardware-configuration.nix ];
2022-08-29 09:48:47 -06:00
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
};
initrd = {
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device =
"/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf";
luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile =
"/crypto_keyfile.bin";
secrets = { "/crypto_keyfile.bin" = null; };
};
kernelParams = [ "intel_idle.max_cstate=4" ];
kernelPackages = pkgs.linuxPackages;
2022-08-29 09:48:47 -06:00
};
preDNS.enable = false;
networking = {
hostName = "stan";
hosts = {
"172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ];
"127.0.0.1" = [ "borg.calyptix.dev" "localhost" ];
2022-08-31 08:02:16 -06:00
"192.168.122.249" = [ "arst.arst" "vm" ];
2022-10-28 10:25:36 -06:00
"192.168.54.1" = [ "router.arst" "router" ];
};
2022-08-29 09:48:47 -06:00
networkmanager.enable = true;
firewall = {
allowedTCPPorts = [ 22 ];
checkReversePath = "loose";
};
};
i18n.defaultLocale = "en_US.utf8";
kde.enable = true;
defaultUsers.enable = false;
jetbrains.enable = true;
sshFidoAgent.enable = true;
2022-08-29 09:48:47 -06:00
sops.secrets = {
tskey = {
sopsFile = config.xin-secrets.stan.secrets;
2022-08-29 09:48:47 -06:00
owner = "root";
mode = "400";
};
vm_pass = {
sopsFile = config.xin-secrets.stan.main;
owner = "root";
group = "wheel";
mode = "400";
};
2022-08-30 15:56:37 -06:00
peerix_private_key = {
sopsFile = config.xin-secrets.stan.peerix;
owner = "${peerixUser}";
group = "wheel";
2022-08-30 15:56:37 -06:00
mode = "400";
};
2022-08-29 09:48:47 -06:00
};
systemd.services = {
"tailscale-init" = {
wantedBy = [ "tailscaled.service" ];
after = [ "tailscaled.service" ];
serviceConfig = {
ExecStart =
"${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.tskey.path}";
};
};
};
users.users.root = userBase;
2022-08-29 09:48:47 -06:00
users.users.abieber = {
isNormalUser = true;
description = "Aaron Bieber";
shell = pkgs.zsh;
extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
} // userBase;
2022-08-29 09:48:47 -06:00
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
barrier
brave
2022-10-10 09:49:11 -06:00
firefox
2022-08-29 09:48:47 -06:00
fzf
google-chrome-dev
ispell
keychain
matterhorn
mosh
mupdf
nmap
oathToolkit
2022-10-18 07:06:44 -06:00
obsidian
2022-08-29 09:48:47 -06:00
obs-studio
openvpn
2022-09-29 11:27:52 -06:00
remmina
2022-10-10 09:49:11 -06:00
rustdesk
2022-08-29 09:48:47 -06:00
sshfs
2022-08-31 08:55:28 -06:00
tcpdump
2022-08-29 09:48:47 -06:00
virt-manager
wireshark
2022-08-31 07:53:26 -06:00
zig
(callPackage ../../pkgs/zutty.nix { })
2022-08-29 09:48:47 -06:00
];
virtualisation.libvirtd.enable = true;
programs = {
dconf.enable = true;
zsh.enable = true;
};
2022-08-30 15:56:37 -06:00
tsPeerix = {
2022-09-01 12:14:46 -06:00
enable = false;
2022-08-30 15:56:37 -06:00
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
2022-09-01 08:09:01 -06:00
interfaces = [ "wlp170s0" "ztksevmpn3" ];
2022-08-30 15:56:37 -06:00
};
2022-08-29 09:48:47 -06:00
services = {
2022-09-11 09:44:34 -06:00
emacs = {
enable = false;
package = myEmacs;
install = true;
};
2022-08-29 09:48:47 -06:00
printing.enable = true;
fwupd.enable = true;
unifi.enable = true;
openntpd.enable = true;
resolved = {
enable = true;
dnssec = "allow-downgrade";
};
};
2022-11-08 14:54:41 -07:00
system.autoUpgrade.allowReboot = false;
2022-08-29 09:48:47 -06:00
system.stateVersion = "22.05"; # Did you read the comment?
}