VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Compare commits

base: VSinerva:f14637d878916b830371375e3904e906db3c8196
Branches Tags
VSinerva:main
...
compare: VSinerva:2172fc6f9508bacdc3df1121eea454c652a1e99c
Branches Tags
VSinerva:main

32 commits
f14637d878 ... 2172fc6f95

Author SHA1 Message Date
Vili Sinervä
2172fc6f95
Change to using main channel for flakes 2025-06-05 00:57:12 +03:00
Vili Sinervä
ac436e4fd2
Migrate helium to flakes 2025-06-05 00:52:43 +03:00
Vili Sinervä
8d9f10347e
Migrate gaming to flakes 2025-06-05 00:43:19 +03:00
Vili Sinervä
ab643fb514
Migrate idacloud to flakes 2025-06-05 00:37:07 +03:00
Vili Sinervä
82276bd493
Migrate cert-store to flakes 2025-06-05 00:33:25 +03:00
Vili Sinervä
451b9e65f5
Migrate forgejo to flakes 2025-06-05 00:31:14 +03:00
Vili Sinervä
948ab97bc3
Migrate exoplasim to flakes 2025-06-05 00:25:36 +03:00
Vili Sinervä
c6add0f9f8
Migrate nextcloud to flakes 2025-06-05 00:21:11 +03:00
Vili Sinervä
0a557eadcb
Migrate vaultwarden to flakes 2025-06-05 00:18:18 +03:00
Vili Sinervä
61227d07df
Migrate syncthing to flakes 2025-06-05 00:03:53 +03:00
Vili Sinervä
a4b95111ab
Migrate siit-dc to flakes 2025-06-04 23:54:47 +03:00
Vili Sinervä
35b438b115
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a59eb7800787c926045d51b70982ae285faa2346?narHash=sha256-q8jG2HJWgooWa9H0iatZqBPF3bp0504e05MevFmnFLY%3D' (2025-05-31)
  → 'github:NixOS/nixpkgs/8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef?narHash=sha256-OGcDEz60TXQC%2BgVz5sdtgGJdKVYr6rwdzQKuZAJQpCA%3D' (2025-06-04)
• Updated input 'nixvim':
    'github:nix-community/nixvim/d063d0dd5e0b82d8be4dd4bc00b887ac1f92e4b2?narHash=sha256-P/ldKE0SCGKH6pEVJoW2MJJo2dZCZe10d/h1ree66c0%3D' (2025-06-02)
  → 'github:nix-community/nixvim/1d8724144cef98dad6638e0b6333cc84d0b2f5c3?narHash=sha256-ebxyRA7rK6Jb3eXvz%2B0QcyKLHzUnUQWRFDbKleLdLZ8%3D' (2025-06-04)
 2025-06-04 23:51:42 +03:00
Vili Sinervä
ac593a2a20
Change flake url to Forgejo 2025-06-04 02:47:14 +03:00
Vili Sinervä
c56dc6547b
Flake lock update 2025-06-04 02:40:07 +03:00
Vili Sinervä
7b943a438d
Adjust how the config is split across files 2025-06-04 02:40:06 +03:00
Vili Sinervä
3146539366
Fix autoUpgrade 2025-06-04 02:40:05 +03:00
Vili Sinervä
e364af4c2a
Fix contents of alacritty and xresources 2025-06-04 02:40:05 +03:00
Vili Sinervä
0594229e45
Re-add syncthing to lithium 2025-06-04 02:40:04 +03:00
Vili Sinervä
c78f18c942
Fix nix shell indicator 2025-06-04 02:40:03 +03:00
Vili Sinervä
f971a392fc
Flake lock update 2025-06-04 02:40:03 +03:00
Vili Sinervä
79d460d08f
Finalize lithium flakes test 2025-06-04 02:40:02 +03:00
Vili Sinervä
dea7fcbf96
Reorganize configuration and prep for flakes 2025-06-04 02:39:59 +03:00
Vili Sinervä
78439054dd
Pin flakes registry 2025-06-04 02:38:26 +03:00
Vili Sinervä
e3f3b47602
Create flake config for all hosts 2025-06-04 02:38:25 +03:00
Vili Sinervä
f9d537522d
Prepare config for flake usage 2025-06-04 02:38:23 +03:00
Vili Sinervä
f6ac5c862a
Remove impermanence for now 2025-06-04 02:37:40 +03:00
Vili Sinervä
de8301ba4a
Rename directories for better organization 2025-06-04 02:37:37 +03:00
Vili Sinervä
9d1bd2941f
Initial flake for lithium 2025-06-04 02:36:24 +03:00
Vili Sinervä
24aac9708b
Way too massive refactoring 2025-06-04 02:36:21 +03:00
Vili Sinervä
113d68be68
Update stateVersion in config template 2025-06-04 02:34:38 +03:00
Vili Sinervä
0a78188848
Refactor server files 2025-06-04 02:34:36 +03:00
Vili Sinervä
c3f87354a9
Reorganize custom ISO files 2025-06-04 02:31:08 +03:00
86 changed files with 1300 additions and 696 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
result result
*-iso
*.iso *.iso

168
desktop.nix
View file

@ -1,168 +0,0 @@
{ config, pkgs, ... }:
let
Xresources = "${pkgs.writeText "Xresources" ''
Xft.dpi: 96
Xft.antialias: true
Xft.hinting: true
Xft.rgba: rgb
Xft.autohint: false
Xft.hintstyle: hintslight
Xft.lcdfilter: lcddefault
Xcursor.theme: xcursor-breeze
Xcursor.size: 0
''}";
in
{
assertions = [
{
assertion = config.users.users ? "vili";
message = "User 'vili' needed for desktop!";
}
];
imports = [ ./program-config-files/firefox.nix ];
environment.systemPackages = with pkgs; [
alacritty
i3status
rofi
arandr
telegram-desktop
signal-desktop
discord
vlc
pavucontrol
viewnior
xfce.mousepad
pcmanfm
libreoffice
evince
brightnessctl
networkmanagerapplet
flameshot
speedcrunch
bitwarden
zotero
kile
texliveFull
imagemagick
ghostscript
kdePackages.okular
];
programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
security = {
pam = {
rssh.enable = true;
services = {
sudo.rssh = true;
};
};
sudo.execWheelOnly = true;
};
programs.i3lock.enable = true;
services = {
displayManager = {
defaultSession = "none+i3";
autoLogin.enable = true;
autoLogin.user = "vili";
};
xserver = {
enable = true;
displayManager = {
lightdm.enable = true;
sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${Xresources}'';
};
windowManager.i3 = {
enable = true;
extraPackages = [ ];
configFile = "${
(import ./program-config-files/i3.nix {
inherit config;
inherit pkgs;
})
}";
};
};
printing.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
pipewire.enable = false;
pulseaudio.enable = true;
};
nixpkgs.config.pulseaudio = true;
security.polkit.enable = true;
xdg.mime.defaultApplications = {
"application/pdf" = "org.gnome.Evince.desktop";
"text/plain" = "org.xfce.mousepad.desktop";
"text/x-tex" = "org.kde.kile.desktop";
"inode/directory" = "pcmanfm.description";
};
qt = {
enable = true;
style = "adwaita-dark";
platformTheme = "gnome";
};
system.userActivationScripts.mkDesktopSettingsSymlinks.text =
let
home = "/home/vili/";
paths = [
rec {
dir = "${home}.config/pcmanfm/default/";
file = "pcmanfm.conf";
full = "${dir}${file}";
source = "${./program-config-files/pcmanfm.conf}";
}
rec {
dir = "${home}.config/libfm/";
file = "libfm.conf";
full = "${dir}${file}";
source = "${./program-config-files/libfm.conf}";
}
rec {
dir = "${home}.config/gtk-3.0/";
file = "bookmarks";
full = "${dir}${file}";
source = "${./program-config-files/gtk-bookmarks}";
}
rec {
dir = "${home}";
file = ".gtkrc-2.0";
full = "${dir}${file}";
source = "${./program-config-files/gtkrc-2.0}";
}
rec {
dir = "${home}.config/gtk-3.0/";
file = "settings.ini";
full = "${dir}${file}";
source = "${./program-config-files/gtk-3-4-settings.ini}";
}
rec {
dir = "${home}.config/gtk-4.0/";
file = "settings.ini";
full = "${dir}${file}";
source = "${./program-config-files/gtk-3-4-settings.ini}";
}
];
in
toString (
map (path: ''
mkdir -p ${path.dir}
if test -e ${path.full} -a ! -L ${path.full}; then
mv -f ${path.full} ${path.full}.old
fi
ln -sf ${path.source} ${path.full}
'') paths
);
}

171
flake.lock generated Normal file
View file

@ -0,0 +1,171 @@
{
"nodes": {
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748294338,
"narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.8",
"repo": "ixx",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1749024892,
"narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_2"
},
"locked": {
"lastModified": 1749028068,
"narHash": "sha256-ebxyRA7rK6Jb3eXvz+0QcyKLHzUnUQWRFDbKleLdLZ8=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "1d8724144cef98dad6638e0b6333cc84d0b2f5c3",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748298102,
"narHash": "sha256-PP11GVwUt7F4ZZi5A5+99isuq39C59CKc5u5yVisU/U=",
"owner": "NuschtOS",
"repo": "search",
"rev": "f8a1c221afb8b4c642ed11ac5ee6746b0fe1d32f",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs",
"nixvim": "nixvim"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

40
flake.nix Normal file
View file

@ -0,0 +1,40 @@
{
description = "All system configurations for Vili Sinervä";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{ nixpkgs, nixvim, ... }:
{
nixosConfigurations = (
let
hosts = builtins.attrNames (builtins.readDir ./hosts);
in
builtins.listToAttrs (
map (
host:
nixpkgs.lib.nameValuePair host (
nixpkgs.lib.nixosSystem {
specialArgs = {
nixpkgs-flake = nixpkgs;
inherit nixvim;
};
system = "x86_64-linux";
modules = [
{ networking.hostName = host; }
./hosts/${host}/configuration.nix
./hosts/${host}/state.nix
];
}
)
) hosts
)
);
};
}

8
hosts/cert-store/configuration.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
../../shared/base.nix
../../shared/hardware/vm.nix
../../servers/acme-cert-store.nix
];
}

39
hosts/cert-store/state.nix Normal file
View file

@ -0,0 +1,39 @@
{ lib, modulesPath, ... }:
{
system.stateVersion = "24.11";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/301cf8bf-93f0-4ba6-b14f-b7be94b075a0";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/9E16-9A5D";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

19
machine-confs/exoplasim.nix → hosts/exoplasim/configuration.nix
View file

@ -1,11 +1,17 @@
{ config, pkgs, ... }:
{ {
imports = [ ../base.nix ]; config,
pkgs,
lib,
...
}:
{
imports = [
../../shared/base.nix
../../shared/hardware/vm.nix
];
# Networking conf including WireGuard # Networking conf including WireGuard
networking = { networking = {
hostName = "exoplasim";
firewall.allowedUDPPorts = [ 51821 ]; firewall.allowedUDPPorts = [ 51821 ];
wg-quick.interfaces = { wg-quick.interfaces = {
@ -42,7 +48,7 @@
}; };
users.groups.worker.gid = 1001; users.groups.worker.gid = 1001;
system.autoUpgrade.allowReboot = pkgs.lib.mkForce false; system.autoUpgrade.allowReboot = lib.mkForce false;
programs.rust-motd = { programs.rust-motd = {
enable = true; enable = true;
@ -63,7 +69,4 @@
memory.swap_pos = "beside"; memory.swap_pos = "beside";
}; };
}; };
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
} }

39
hosts/exoplasim/state.nix Normal file
View file

@ -0,0 +1,39 @@
{ lib, modulesPath, ... }:
{
system.stateVersion = "24.05";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/17b26343-39c9-4598-97c0-b43aab7ed3a0";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/9F45-5FDF";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

8
hosts/forgejo/configuration.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
../../shared/base.nix
../../shared/hardware/vm.nix
../../servers/forgejo.nix
];
}

39
hosts/forgejo/state.nix Normal file
View file

@ -0,0 +1,39 @@
{ lib, modulesPath, ... }:
{
system.stateVersion = "24.11";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/6de79a95-d101-4734-8482-1e0869498ce8";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/78B9-CA51";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

15
hosts/gaming/configuration.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib, ... }:
{
imports = [
../../shared/base.nix
../../shared/hardware/nvidia.nix
../../shared/hardware/vm.nix
../../personal/desktop.nix
../../personal/programs/i3.nix
../../servers/gaming-server.nix
];
users.users.vili.hashedPasswordFile = lib.mkForce null;
}

45
hosts/gaming/state.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib, modulesPath, ... }:
{
system.stateVersion = "24.11";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/22c7a7ae-cedc-43db-b4f1-d591466d8f60";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1C79-66D7";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
fileSystems."/mnt/data" = {
device = "/dev/disk/by-uuid/dec871b2-5727-486c-978a-8bb2279bd2b8";
fsType = "ext4";
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

59
hosts/helium/configuration.nix Normal file
View file

@ -0,0 +1,59 @@
{ pkgs, lib, ... }:
{
custom.home_wg_suffix = "2";
system.autoUpgrade.allowReboot = lib.mkForce false;
networking = {
wg-quick.interfaces = {
wg1 = {
autostart = false;
address = [ "10.100.0.7/24" ];
dns = [ "1.1.1.1" ];
privateKeyFile = "/root/wireguard-keys/privatekey-netflix";
listenPort = 51820;
peers = [
{
publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE=";
allowedIPs = [
"0.0.0.0/0"
"192.168.0.0/24"
];
endpoint = "netflix.vsinerva.fi:51821";
}
];
};
};
};
services.xserver.displayManager.setupCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
'';
imports = [
../../shared/base.nix
../../personal/desktop.nix
../../personal/development.nix
../../personal/hardware/amd-laptop.nix
../../personal/hardware/hibernate.nix
../../personal/hardware/keychron-q11.nix
../../personal/hardware/onlykey.nix
../../personal/hardware/trackball.nix
../../personal/networking/home-wg.nix
../../personal/networking/printing.nix
../../personal/programs/bitwarden.nix
../../personal/programs/communication.nix
../../personal/programs/firefox.nix
../../personal/programs/i3.nix
../../personal/programs/moonlight.nix
../../personal/programs/redshift.nix
../../personal/programs/study.nix
../../personal/programs/usb-automount.nix
../../servers/syncthing.nix
];
}

50
hosts/helium/state.nix Normal file
View file

@ -0,0 +1,50 @@
{
config,
lib,
modulesPath,
...
}:
{
system.stateVersion = "23.11";
boot = {
resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
kernelParams = [ "resume_offset=44537856" ];
};
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/25115cdc-3b55-4dbf-a414-98a1a3c44f52";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-f6e1979b-0dee-4ee9-8170-10490019854b".device =
"/dev/disk/by-uuid/f6e1979b-0dee-4ee9-8170-10490019854b";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6E23-00AF";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

10
machine-confs/idacloud.nix → hosts/idacloud/configuration.nix
View file

@ -5,14 +5,13 @@
custom.collabora_domain = "idacollab.sinerva.eu"; custom.collabora_domain = "idacollab.sinerva.eu";
imports = [ imports = [
../base.nix ../../shared/base.nix
../services/nextcloud.nix ../../shared/hardware/vm.nix
../../servers/nextcloud.nix
]; ];
# Networking conf including WireGuard # Networking conf including WireGuard
networking = { networking = {
hostName = "idacloud";
firewall.allowedUDPPorts = [ 51822 ]; firewall.allowedUDPPorts = [ 51822 ];
wg-quick.interfaces = { wg-quick.interfaces = {
@ -38,7 +37,4 @@
}; };
}; };
}; };
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
} }

44
hosts/idacloud/state.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, modulesPath, ... }:
{
system.stateVersion = "24.11";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/aaebdb14-a988-4cf8-bb33-f22419d55fbe";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E1C0-7A9E";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
fileSystems."/var/lib/nextcloud" = {
device = "/dev/disk/by-uuid/634b600c-8d3e-4021-906a-f00b7750e61e";
fsType = "ext4";
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

30
hosts/lithium/configuration.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, ... }:
{
custom.home_wg_suffix = "3";
system.autoUpgrade.allowReboot = lib.mkForce false;
imports = [
../../shared/base.nix
../../personal/desktop.nix
../../personal/development.nix
../../personal/hardware/hibernate.nix
../../personal/hardware/intel-laptop.nix
../../personal/hardware/onlykey.nix
../../personal/networking/home-wg.nix
../../personal/networking/printing.nix
../../personal/programs/bitwarden.nix
../../personal/programs/communication.nix
../../personal/programs/firefox.nix
../../personal/programs/i3.nix
../../personal/programs/moonlight.nix
../../personal/programs/redshift.nix
../../personal/programs/study.nix
../../personal/programs/usb-automount.nix
../../servers/syncthing.nix
];
}

45
hosts/lithium/state.nix Normal file
View file

@ -0,0 +1,45 @@
{
config,
lib,
modulesPath,
...
}:
{
system.stateVersion = "24.05";
boot.kernelParams = [ "resume_offset=39292928" ];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b43fe465-80e9-48d4-a4be-1113c917330e";
fsType = "ext4";
};
boot.initrd.luks.devices."nixos".device = "/dev/disk/by-uuid/4dc2fd8c-71da-4b95-91d5-7a118387172b";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D8BB-B91A";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

10
hosts/nextcloud/configuration.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
custom.nextcloud_domain = "nextcloud.vsinerva.fi";
imports = [
../../shared/base.nix
../../shared/hardware/vm.nix
../../servers/nextcloud.nix
];
}

39
hosts/nextcloud/state.nix Normal file
View file

@ -0,0 +1,39 @@
{ lib, modulesPath, ... }:
{
system.stateVersion = "23.05";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/428cdba7-04a8-4e69-992a-96aa197cd6c7";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/08B5-BFD8";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

6
machine-confs/generic.nix → hosts/nixos/configuration.nix
View file

@ -1,12 +1,12 @@
{ pkgs, ... }: { lib, ... }:
{ {
networking.hostName = "nixos"; networking.hostName = "nixos";
imports = [ ../base.nix ]; imports = [ ../../shared/base.nix ];
#Many installs will need this, and it won't hurt either way #Many installs will need this, and it won't hurt either way
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
#Prevent user from being locked out of the system before switching to proper config #Prevent user from being locked out of the system before switching to proper config
users.mutableUsers = pkgs.lib.mkForce true; users.mutableUsers = lib.mkForce true;
} }

8
hosts/siit-dc/configuration.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
../../shared/base.nix
../../shared/hardware/vm.nix
../../servers/siit-dc.nix
];
}

39
hosts/siit-dc/state.nix Normal file
View file

@ -0,0 +1,39 @@
{ lib, modulesPath, ... }:
{
system.stateVersion = "24.05";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/81dc35b1-5a34-4924-b864-b53e5ca9df24";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D171-033F";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

12
hosts/syncthing/configuration.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, ... }:
{
imports = [
../../shared/base.nix
../../shared/hardware/vm.nix
../../shared/users/vili.nix
../../servers/syncthing.nix
];
users.users.vili.hashedPasswordFile = lib.mkForce null;
}

44
hosts/syncthing/state.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, modulesPath, ... }:
{
system.stateVersion = "22.11";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/895d2004-3bd2-4bc5-bb46-62f94a0a68e3";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/38AD-EFDC";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/home/vili" = {
device = "/dev/disk/by-uuid/d08136ed-7950-412c-bcf6-7c6e9f015e47";
fsType = "ext4";
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

8
hosts/vaultwarden/configuration.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
imports = [
../../shared/base.nix
../../shared/hardware/vm.nix
../../servers/vaultwarden.nix
];
}

35
hosts/vaultwarden/state.nix Normal file
View file

@ -0,0 +1,35 @@
{ lib, modulesPath, ... }:
{
system.stateVersion = "23.11";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/22f0fb39-e264-450d-b575-9dedd2a02361";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/A604-6A7B";
fsType = "vfat";
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

2
machine-confs/wg-rpi.nix → hosts/wg-rpi/configuration.nix
View file

@ -8,7 +8,7 @@ let
ddPassFile = "/root/wg-conf/ddPassFile"; ddPassFile = "/root/wg-conf/ddPassFile";
in in
{ {
imports = [ ../base.nix ]; imports = [ ../../shared/base.nix ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wireguard-tools wireguard-tools

20
misc/custom-iso-base.nix → installer/base.nix
View file

@ -46,7 +46,7 @@ let
nixos-generate-config --root /mnt nixos-generate-config --root /mnt
mv /mnt/etc/nixos/configuration.nix configuration.nix.old mv /mnt/etc/nixos/configuration.nix configuration.nix.old
curl https://forgejo.sinerva.eu/VSinerva/nixos-conf/raw/branch/main/misc/template-configuration.nix -o /mnt/etc/nixos/configuration.nix curl https://forgejo.sinerva.eu/VSinerva/nixos-conf/raw/branch/main/installer/template-configuration.nix -o /mnt/etc/nixos/configuration.nix
''; '';
in in
{ {
@ -57,18 +57,7 @@ in
environment.systemPackages = environment.systemPackages =
(with pkgs; [ (with pkgs; [
(onlykey.override (prev: {
node_webkit = prev.node_webkit.overrideAttrs {
src = fetchurl {
url = "https://dl.nwjs.io/v0.71.1/nwjs-v0.71.1-linux-x64.tar.gz";
hash = "sha256-bnObpwfJ6SNJdOvzWTnh515JMcadH1+fxx5W9e4gl/4=";
};
};
}))
cryptsetup cryptsetup
onlykey-cli
onlykey-agent
]) ])
++ [ ++ [
create-partitions create-partitions
@ -76,13 +65,6 @@ in
prep-install prep-install
]; ];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses;
};
hardware.onlykey.enable = true;
isoImage.squashfsCompression = "gzip -Xcompression-level 1"; isoImage.squashfsCompression = "gzip -Xcompression-level 1";
#Many installs will need this, and it won't hurt either way #Many installs will need this, and it won't hurt either way

4
misc/custom-gnome-iso.nix → installer/graphical.nix
View file

@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-gnome.nix> <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-combined.nix>
./custom-iso-base.nix ./base.nix
]; ];
} }

9
installer/minimal.nix Normal file
View file

@ -0,0 +1,9 @@
{ lib, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
./base.nix
];
networking.networkmanager.enable = lib.mkForce false;
}

15
machine-confs/cert-store.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
networking.hostName = "cert-store";
imports = [
../base.nix
../services/acme-cert-store.nix
];
#Many installs will need this, and it won't hurt either way
services.qemuGuest.enable = true;
#Prevent user from being locked out of the system before switching to proper config
users.mutableUsers = pkgs.lib.mkForce true;
}

12
machine-confs/forgejo.nix
View file

@ -1,12 +0,0 @@
{ ... }:
{
networking.hostName = "forgejo";
imports = [
../base.nix
../services/forgejo.nix
];
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
}

15
machine-confs/gaming.nix
View file

@ -1,15 +0,0 @@
{ lib, ... }:
{
networking.hostName = "gaming";
imports = [
../base.nix
../desktop.nix
../users/vili.nix
../services/gaming-server.nix
../hardware-specific/nvidia.nix
];
users.users.vili.hashedPasswordFile = lib.mkForce null;
services.qemuGuest.enable = true;
}

100
machine-confs/helium.nix
View file

@ -1,100 +0,0 @@
{ pkgs, config, ... }:
{
networking = {
hostName = "helium";
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = [ "${config.custom.gua_pref}ff::2/64" ];
dns = [
"${config.custom.gua_pref}ff::1"
"vsinerva.fi"
];
privateKeyFile = "/root/wireguard-keys/privatekey-home";
listenPort = 51820;
peers = [
{
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
presharedKeyFile = "/root/wireguard-keys/psk-home";
allowedIPs = [ "::/0" ];
endpoint = "wg.vsinerva.fi:51820";
}
];
};
wg1 = {
autostart = false;
address = [ "10.100.0.7/24" ];
dns = [ "1.1.1.1" ];
privateKeyFile = "/root/wireguard-keys/privatekey-netflix";
listenPort = 51820;
peers = [
{
publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE=";
allowedIPs = [
"0.0.0.0/0"
"192.168.0.0/24"
];
endpoint = "netflix.vsinerva.fi:51821";
}
];
};
};
};
# Dirty hack to fix autostart failing due to DNS lookups
systemd.services."wg-quick-wg0".serviceConfig = {
Restart = "on-failure";
RestartSec = "1s";
};
services.clatd = {
enable = true;
settings.clat-v6-addr = "${config.custom.gua_pref}ff::c2";
};
systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];
services.openssh.openFirewall = false;
services.fail2ban.enable = pkgs.lib.mkForce false;
imports = [
../base.nix
../users/vili.nix
../desktop.nix
../development.nix
../services/syncthing.nix
../services/redshift.nix
../services/moonlight.nix
../hardware-specific/onlykey.nix
../hardware-specific/keychron-q11.nix
../hardware-specific/trackball.nix
../hardware-specific/amd-laptop.nix
../hardware-specific/usb-automount.nix
];
services.xserver.displayManager.setupCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
'';
system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
swapDevices = pkgs.lib.mkForce [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
boot = {
loader.timeout = 3;
initrd.luks = {
fido2Support = true;
devices."luks-f6e1979b-0dee-4ee9-8170-10490019854b".fido2 = {
passwordLess = true;
credential = "df9233221fa09173fea61d8b8516d184f8ede475024a88201b34d838ecf306ee070052dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec014d86afa01";
};
};
resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
kernelParams = [ "resume_offset=44537856" ];
};
}

78
machine-confs/lithium.nix
View file

@ -1,78 +0,0 @@
{ pkgs, config, ... }:
{
networking = {
hostName = "lithium";
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = [ "${config.custom.gua_pref}ff::3/64" ];
dns = [
"${config.custom.gua_pref}ff::1"
"vsinerva.fi"
];
privateKeyFile = "/root/wireguard-keys/privatekey-home";
listenPort = 51820;
peers = [
{
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
presharedKeyFile = "/root/wireguard-keys/psk-home";
allowedIPs = [ "::/0" ];
endpoint = "wg.vsinerva.fi:51820";
}
];
};
};
};
# Dirty hack to fix autostart failing due to DNS lookups
systemd.services."wg-quick-wg0".serviceConfig = {
Restart = "on-failure";
RestartSec = "1s";
};
services.clatd = {
enable = true;
settings.clat-v6-addr = "${config.custom.gua_pref}ff::c3";
};
systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];
services.openssh.openFirewall = false;
services.fail2ban.enable = pkgs.lib.mkForce false;
imports = [
../base.nix
../users/vili.nix
../desktop.nix
../development.nix
../services/syncthing.nix
../services/redshift.nix
../services/moonlight.nix
../hardware-specific/onlykey.nix
../hardware-specific/keychron-q11.nix
../hardware-specific/trackball.nix
../hardware-specific/usb-automount.nix
../hardware-specific/intel-laptop.nix
];
system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
swapDevices = pkgs.lib.mkForce [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
boot = {
loader.timeout = 10;
initrd.luks = {
fido2Support = true;
devices."nixos".fido2 = {
passwordLess = true;
credential = "f29b0760a6ec3b18b0a9958d77d8be8b15ff4fd90d42c3ceaeeb5d24a19c8f81315f52dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec014225afa01";
};
};
resumeDevice = "/dev/mapper/nixos";
kernelParams = [ "resume_offset=39292928" ];
};
}

13
machine-confs/nextcloud.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
networking.hostName = "nextcloud";
custom.nextcloud_domain = "nextcloud.vsinerva.fi";
imports = [
../base.nix
../services/nextcloud.nix
];
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
}

12
machine-confs/siit-dc.nix
View file

@ -1,12 +0,0 @@
{ ... }:
{
networking.hostName = "siit-dc";
imports = [
../base.nix
../services/siit-dc.nix
];
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
}

15
machine-confs/syncthing.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
networking.hostName = "syncthing";
imports = [
../base.nix
../users/vili.nix
../services/syncthing.nix
];
users.users.vili.hashedPasswordFile = pkgs.lib.mkForce null;
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
}

12
machine-confs/vaultwarden.nix
View file

@ -1,12 +0,0 @@
{ ... }:
{
networking.hostName = "vaultwarden";
imports = [
../base.nix
../services/vaultwarden.nix
];
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
}

9
misc/custom-minimal-iso.nix
View file

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
./custom-iso-base.nix
];
networking.networkmanager.enable = pkgs.lib.mkForce false;
}

25
misc/template-configuration.nix
View file

@ -1,25 +0,0 @@
{ ... }:
let
host = "generic";
stateVersion = "24.11";
repo = builtins.fetchGit {
url = "https://forgejo.sinerva.eu/VSinerva/nixos-conf.git";
name = "nixos-conf-forgejo";
ref = "main";
};
in
{
imports = [
./hardware-configuration.nix
"${repo}/machine-confs/${host}.nix"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = stateVersion; # Did you read the comment?
}

49
personal/desktop.nix Normal file
View file

@ -0,0 +1,49 @@
{ pkgs, ... }:
{
imports = [
./programs/symlinked/symlinks.nix
../shared/users/vili.nix
];
environment.systemPackages = with pkgs; [
alacritty
vlc
flameshot
speedcrunch
];
services = {
displayManager = {
autoLogin.enable = true;
autoLogin.user = "vili";
};
xserver = {
enable = true;
displayManager = {
lightdm.enable = true;
sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${
(import ./programs/embedded/xresources.nix { inherit pkgs; })
}'';
};
};
pipewire.enable = false;
pulseaudio.enable = true;
};
nixpkgs.config.pulseaudio = true;
security.polkit.enable = true;
xdg.mime.defaultApplications = {
"application/pdf" = "org.gnome.Evince.desktop";
"text/plain" = "org.xfce.mousepad.desktop";
"text/x-tex" = "org.kde.kile.desktop";
"inode/directory" = "pcmanfm.description";
};
qt = {
enable = true;
style = "adwaita-dark";
platformTheme = "gnome";
};
}

44
personal/development.nix Normal file
View file

@ -0,0 +1,44 @@
{ pkgs, lib, ... }:
{
imports = [ ./programs/embedded/nvim.nix ];
#################### Git configuration ####################
programs.git = {
enable = true;
lfs.enable = true;
config = {
user = {
email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä";
signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
};
merge = {
ff = "true";
};
pull = {
ff = "only";
};
commit = {
verbose = "true";
};
gpg.format = "ssh";
commit.gpgsign = "true";
};
};
#################### Packages ####################
environment.systemPackages = with pkgs; [
nixfmt-rfc-style
nixd
vagrant
nmap
metasploit
armitage
];
virtualisation.virtualbox.host.enable = true;
virtualisation.virtualbox.host.addNetworkInterface = false;
users.extraGroups.vboxusers.members = [ "vili" ];
fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
}

9
hardware-specific/amd-laptop.nix → personal/hardware/amd-laptop.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, ... }: {
config,
pkgs,
lib,
...
}:
{ {
environment.systemPackages = with pkgs; [ zenmonitor ]; environment.systemPackages = with pkgs; [ zenmonitor ];
@ -7,7 +12,7 @@
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
services = { services = {
xserver = pkgs.lib.mkIf config.services.xserver.enable { xserver = lib.mkIf config.services.xserver.enable {
videoDrivers = [ videoDrivers = [
"amdgpu" "amdgpu"
"modesetting" "modesetting"

13
personal/hardware/hibernate.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, ... }:
{
swapDevices = [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
boot = {
resumeDevice = lib.mkDefault "/dev/mapper/nixos";
};
}

0
hardware-specific/intel-laptop.nix → personal/hardware/intel-laptop.nix
View file

0
hardware-specific/keychron-q11.nix → personal/hardware/keychron-q11.nix
View file

0
misc/mouse-accel.patch → personal/hardware/moonlight-trackball-accel.patch
View file

11
hardware-specific/onlykey.nix → personal/hardware/onlykey.nix
View file

@ -1,12 +1,5 @@
{ config, pkgs, ... }: { pkgs, ... }:
{ {
assertions = [
{
assertion = config.users.users ? "vili";
message = "User 'vili' needed for onlykey!";
}
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(onlykey.override (prev: { (onlykey.override (prev: {
node_webkit = prev.node_webkit.overrideAttrs { node_webkit = prev.node_webkit.overrideAttrs {
@ -21,7 +14,5 @@
onlykey-cli onlykey-cli
]; ];
security.pam.u2f.enable = true;
hardware.onlykey.enable = true; hardware.onlykey.enable = true;
programs.i3lock.u2fSupport = true;
} }

2
hardware-specific/trackball.nix → personal/hardware/trackball.nix
View file

@ -3,7 +3,7 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
moonlight-qt = prev.moonlight-qt.overrideAttrs (old: { moonlight-qt = prev.moonlight-qt.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [ ../misc/mouse-accel.patch ]; patches = (old.patches or [ ]) ++ [ ./moonlight-trackball-accel.patch ];
}); });
}) })
]; ];

50
personal/networking/home-wg.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, lib, ... }:
{
options.custom.home_wg_suffix = lib.mkOption {
type = with lib.types; nullOr (strMatching "^[0-9a-zA-Z:]+$");
default = null;
description = "IPv6 GUA Suffix for Home WireGuard config";
};
config = {
networking = {
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = [ "${config.custom.gua_pref}ff::${config.custom.home_wg_suffix}/64" ];
dns = [
"${config.custom.gua_pref}ff::1"
"vsinerva.fi"
];
privateKeyFile = "/persist/secrets/wireguard/priv-home";
listenPort = 51820;
peers = [
{
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
presharedKeyFile = "/persist/secrets/wireguard/psk-home";
allowedIPs = [ "::/0" ];
endpoint = "wg.vsinerva.fi:51820";
}
];
};
};
};
services.clatd = {
enable = true;
settings.clat-v6-addr = "${config.custom.gua_pref}ff::c${config.custom.home_wg_suffix}";
};
systemd.services = {
"wg-quick-wg0" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
};
clatd = {
wants = [ "wg-quick-wg0.service" ];
after = [ "wg-quick-wg0.service" ];
};
};
};
}

12
personal/networking/printing.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
programs.i3lock.enable = true;
services = {
printing.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
}

21
personal/programs/bitwarden.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bitwarden
bitwarden-cli
];
programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
security = {
pam = {
rssh.enable = true;
services = {
sudo.rssh = true;
};
};
sudo.execWheelOnly = true;
};
# We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client
services.openssh.openFirewall = false;
}

8
personal/programs/communication.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
telegram-desktop
signal-desktop
discord
];
}

0
program-config-files/alacritty.nix → personal/programs/embedded/alacritty.nix
View file

3
program-config-files/i3.nix → personal/programs/embedded/i3-conf.nix
View file

@ -1,8 +1,7 @@
{ config, pkgs, ... }: { pkgs, ... }:
let let
alacritty-conf = "${ alacritty-conf = "${
(import ./alacritty.nix { (import ./alacritty.nix {
inherit config;
inherit pkgs; inherit pkgs;
}) })
}"; }";

51
development.nix → personal/programs/embedded/nvim.nix
View file

@ -1,54 +1,5 @@
{ pkgs, lib, ... }: { nixvim, ... }:
let
nixvim = import (
builtins.fetchGit {
url = "https://github.com/nix-community/nixvim";
ref = "nixos-25.05";
}
);
in
{ {
#################### Git configuration ####################
programs.git = {
enable = true;
lfs.enable = true;
config = {
user = {
email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä";
signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
};
merge = {
ff = "true";
};
pull = {
ff = "only";
};
commit = {
verbose = "true";
};
gpg.format = "ssh";
commit.gpgsign = "true";
};
};
#################### Packages ####################
environment.systemPackages = with pkgs; [
nixfmt-rfc-style
nixd
vagrant
nmap
metasploit
armitage
];
virtualisation.virtualbox.host.enable = true;
virtualisation.virtualbox.host.addNetworkInterface = false;
users.extraGroups.vboxusers.members = [ "vili" ];
fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
#################### Neovim configuration ####################
imports = [ nixvim.nixosModules.nixvim ]; imports = [ nixvim.nixosModules.nixvim ];
programs.nixvim = { programs.nixvim = {

13
personal/programs/embedded/xresources.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
pkgs.writeText "Xresources" ''
Xft.dpi: 96
Xft.antialias: true
Xft.hinting: true
Xft.rgba: rgb
Xft.autohint: false
Xft.hintstyle: hintslight
Xft.lcdfilter: lcddefault
Xcursor.theme: xcursor-breeze
Xcursor.size: 0
''

0
program-config-files/firefox.nix → personal/programs/firefox.nix
View file

28
personal/programs/i3.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
i3status
rofi
arandr
pavucontrol
viewnior
xfce.mousepad
pcmanfm
evince
brightnessctl
networkmanagerapplet
];
programs.i3lock.enable = true;
services = {
displayManager = {
defaultSession = "none+i3";
};
xserver.windowManager.i3 = {
enable = true;
extraPackages = [ ];
configFile = "${(import ./embedded/i3-conf.nix { inherit pkgs; })}";
};
};
}

0
services/moonlight.nix → personal/programs/moonlight.nix
View file

8
services/redshift.nix → personal/programs/redshift.nix
View file

@ -1,11 +1,5 @@
{ config, ... }: { ... }:
{ {
assertions = [
{
assertion = config.services.xserver.enable;
message = "Redshift does not work without a desktop!";
}
];
services.redshift = { services.redshift = {
executable = "/bin/redshift-gtk"; executable = "/bin/redshift-gtk";
enable = true; enable = true;

12
personal/programs/study.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
libreoffice
zotero
kile
texliveFull
imagemagick
ghostscript
kdePackages.okular
];
}

0
program-config-files/gtk-3-4-settings.ini → personal/programs/symlinked/gtk-3-4-settings.ini
View file

0
program-config-files/gtk-bookmarks → personal/programs/symlinked/gtk-bookmarks
View file

0
program-config-files/gtkrc-2.0 → personal/programs/symlinked/gtkrc-2.0
View file

0
program-config-files/libfm.conf → personal/programs/symlinked/libfm.conf
View file

0
program-config-files/pcmanfm.conf → personal/programs/symlinked/pcmanfm.conf
View file

54
personal/programs/symlinked/symlinks.nix Normal file
View file

@ -0,0 +1,54 @@
{ ... }:
{
system.userActivationScripts.mkDesktopSettingsSymlinks.text =
let
home = "/home/vili/";
paths = [
rec {
dir = "${home}.config/pcmanfm/default/";
file = "pcmanfm.conf";
full = "${dir}${file}";
source = "${./pcmanfm.conf}";
}
rec {
dir = "${home}.config/libfm/";
file = "libfm.conf";
full = "${dir}${file}";
source = "${./libfm.conf}";
}
rec {
dir = "${home}.config/gtk-3.0/";
file = "bookmarks";
full = "${dir}${file}";
source = "${./gtk-bookmarks}";
}
rec {
dir = "${home}";
file = ".gtkrc-2.0";
full = "${dir}${file}";
source = "${./gtkrc-2.0}";
}
rec {
dir = "${home}.config/gtk-3.0/";
file = "settings.ini";
full = "${dir}${file}";
source = "${./gtk-3-4-settings.ini}";
}
rec {
dir = "${home}.config/gtk-4.0/";
file = "settings.ini";
full = "${dir}${file}";
source = "${./gtk-3-4-settings.ini}";
}
];
in
toString (
map (path: ''
mkdir -p ${path.dir}
if test -e ${path.full} -a ! -L ${path.full}; then
mv -f ${path.full} ${path.full}.old
fi
ln -sf ${path.source} ${path.full}
'') paths
);
}

0
hardware-specific/usb-automount.nix → personal/programs/usb-automount.nix
View file

1
services/acme-cert-store.nix → servers/acme-cert-store.nix
View file

@ -13,5 +13,4 @@
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsctvJR4JOVoTAas0+lb8662EXFsQVNozTntnR7o5R1 opnsense" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsctvJR4JOVoTAas0+lb8662EXFsQVNozTntnR7o5R1 opnsense"
]; ];
} }

11
services/forgejo.nix → servers/forgejo.nix
View file

@ -1,15 +1,10 @@
{ config, ... }: { config, ... }:
{ {
networking.firewall.allowedTCPPorts = [ imports = [
80 ./utils/nginx-https-server.nix
443 ./utils/acme-http-client.nix
]; ];
security.acme = {
acceptTerms = true;
defaults.email = "vili.m.sinerva@gmail.com";
};
services = { services = {
forgejo = { forgejo = {
enable = true; enable = true;

0
services/gaming-server.nix → servers/gaming-server.nix
View file

25
services/nextcloud.nix → servers/nextcloud.nix
View file

@ -5,7 +5,10 @@
... ...
}: }:
{ {
imports = [ ./cert-store-client.nix ]; imports = [
./utils/nginx-https-server.nix
./utils/cert-store-client.nix
];
options.custom = { options.custom = {
nextcloud_domain = lib.mkOption { nextcloud_domain = lib.mkOption {
@ -22,8 +25,6 @@
config = lib.mkMerge [ config = lib.mkMerge [
{ {
networking.firewall.allowedTCPPorts = [ 443 ];
services = { services = {
nextcloud = { nextcloud = {
package = pkgs.nextcloud31; package = pkgs.nextcloud31;
@ -46,19 +47,7 @@
}; };
}; };
nginx = { nginx.virtualHosts.${config.services.nextcloud.hostName} = { };
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
kTLS = true;
sslCertificate = "/mnt/acme/fullchain.pem";
sslCertificateKey = "/mnt/acme/key.pem";
};
};
}; };
} }
( (
@ -89,10 +78,6 @@
}; };
nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = { nginx.virtualHosts.${config.services.collabora-online.settings.server_name} = {
forceSSL = true;
kTLS = true;
sslCertificate = "/mnt/acme/fullchain.pem";
sslCertificateKey = "/mnt/acme/key.pem";
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:${toString config.services.collabora-online.port}"; proxyPass = "http://[::1]:${toString config.services.collabora-online.port}";
proxyWebsockets = true; # collabora uses websockets proxyWebsockets = true; # collabora uses websockets

0
services/siit-dc.nix → servers/siit-dc.nix
View file

17
services/syncthing.nix → servers/syncthing.nix
View file

@ -1,12 +1,5 @@
{ config, pkgs, ... }: { config, lib, ... }:
{ {
assertions = [
{
assertion = config.users.users ? "vili";
message = "User 'vili' needed for syncthing!";
}
];
boot.kernel.sysctl."fs.inotify.max_user_watches" = 204800; boot.kernel.sysctl."fs.inotify.max_user_watches" = 204800;
services.syncthing = { services.syncthing = {
@ -27,14 +20,14 @@
relaysEnabled = false; relaysEnabled = false;
}; };
devices = pkgs.lib.mkMerge [ devices = lib.mkMerge [
{ {
"syncthing" = { "syncthing" = {
id = "J6GNM4Z-2TWASPT-3P3EW4V-KZEQYFF-TXL22QX-4YTZ3WO-WLM7GQ7-NUP66A4"; id = "J6GNM4Z-2TWASPT-3P3EW4V-KZEQYFF-TXL22QX-4YTZ3WO-WLM7GQ7-NUP66A4";
addresses = [ "tcp://syncthing.vsinerva.fi:22000" ]; addresses = [ "tcp://syncthing.vsinerva.fi:22000" ];
}; };
} }
(pkgs.lib.mkIf (config.networking.hostName == "syncthing") { (lib.mkIf (config.networking.hostName == "syncthing") {
"helium" = { "helium" = {
id = "2MRUBSY-NHXYMAW-SY22RHP-CNNMHKR-DPDKMM4-2XV5F6M-6KSNLQI-DD4EOAM"; id = "2MRUBSY-NHXYMAW-SY22RHP-CNNMHKR-DPDKMM4-2XV5F6M-6KSNLQI-DD4EOAM";
addresses = [ "tcp://helium.vsinerva.fi:22000" ]; addresses = [ "tcp://helium.vsinerva.fi:22000" ];
@ -49,9 +42,9 @@
folders = folders =
let let
default = { default = {
devices = pkgs.lib.mkMerge [ devices = lib.mkMerge [
[ "syncthing" ] [ "syncthing" ]
(pkgs.lib.mkIf (config.networking.hostName == "syncthing") [ (lib.mkIf (config.networking.hostName == "syncthing") [
"helium" "helium"
"lithium" "lithium"
]) ])

21
servers/utils/acme-http-client.nix Normal file
View file

@ -0,0 +1,21 @@
{ lib, ... }:
{
options.services.nginx.virtualHosts = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
config = lib.mkDefault {
enableACME = true;
};
}
);
};
config = {
networking.firewall.allowedTCPPorts = [ 80 ];
security.acme = {
acceptTerms = true;
defaults.email = "vili.m.sinerva@gmail.com";
};
};
}

34
servers/utils/cert-store-client.nix Normal file
View file

@ -0,0 +1,34 @@
{ lib, ... }:
{
options.services.nginx.virtualHosts = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
config = lib.mkDefault {
sslCertificate = "/mnt/acme/fullchain.pem";
sslCertificateKey = "/mnt/acme/key.pem";
};
}
);
};
config = {
services.openssh.knownHosts."cert-store.vsinerva.fi".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4FaKqA2rQbxpdRBdGtb2lb5El/zbGnvmDfdYJdrxH7";
systemd.services.nginx = {
wants = [ "mnt-acme.mount" ];
after = [ "mnt-acme.mount" ];
};
fileSystems."/mnt/acme" = {
device = "cert-store@cert-store.vsinerva.fi:/home/cert-store/acme/-.vsinerva.fi";
fsType = "sshfs";
options = [
"nodev"
"noatime"
"allow_other"
"IdentityFile=/etc/ssh/ssh_host_ed25519_key"
];
};
};
}

25
servers/utils/nginx-https-server.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib, ... }:
{
options.services.nginx.virtualHosts = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
config = lib.mkDefault {
forceSSL = true;
kTLS = true;
};
}
);
};
config = {
networking.firewall.allowedTCPPorts = [ 443 ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
};
};
}

18
services/vaultwarden.nix → servers/vaultwarden.nix
View file

@ -1,9 +1,9 @@
{ ... }: { ... }:
{ {
imports = [ ./cert-store-client.nix ]; imports = [
./utils/nginx-https-server.nix
networking.firewall.allowedTCPPorts = [ 443 ]; ./utils/cert-store-client.nix
networking.firewall.allowedUDPPorts = [ 443 ]; ];
services = { services = {
vaultwarden = { vaultwarden = {
@ -31,17 +31,7 @@
}; };
nginx = { nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts."vaultwarden.vsinerva.fi" = { virtualHosts."vaultwarden.vsinerva.fi" = {
forceSSL = true;
kTLS = true;
sslCertificate = "/mnt/acme/fullchain.pem";
sslCertificateKey = "/mnt/acme/key.pem";
locations."/" = { locations."/" = {
proxyPass = "http://localhost:8000"; proxyPass = "http://localhost:8000";
}; };

21
services/cert-store-client.nix
View file

@ -1,21 +0,0 @@
{ ... }:
{
services.openssh.knownHosts."cert-store.vsinerva.fi".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4FaKqA2rQbxpdRBdGtb2lb5El/zbGnvmDfdYJdrxH7";
systemd.services.nginx = {
wants = [ "mnt-acme.mount" ];
after = [ "mnt-acme.mount" ];
};
fileSystems."/mnt/acme" = {
device = "cert-store@cert-store.vsinerva.fi:/home/cert-store/acme/-.vsinerva.fi";
fsType = "sshfs";
options = [
"nodev"
"noatime"
"allow_other"
"IdentityFile=/etc/ssh/ssh_host_ed25519_key"
];
};
}

50
base.nix → shared/base.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, ... }: {
pkgs,
lib,
nixpkgs-flake,
...
}:
{ {
options.custom.gua_pref = lib.mkOption { options.custom.gua_pref = lib.mkOption {
type = with lib.types; nullOr (strMatching "^[0-9a-zA-Z:]+$"); type = with lib.types; nullOr (strMatching "^[0-9a-zA-Z:]+$");
@ -44,9 +49,9 @@
ZSH_TMUX_CONFIG=/etc/tmux.conf ZSH_TMUX_CONFIG=/etc/tmux.conf
''; '';
promptInit = '' promptInit = ''
if [ -n "$IN_NIX_SHELL" ]; then if [ "$SHLVL" != 1 ]; then
setopt PROMPT_SUBST setopt PROMPT_SUBST
RPROMPT+='[nix]' RPROMPT+='[depth-''${SHLVL}]'
fi fi
''; '';
}; };
@ -83,7 +88,7 @@
set -s escape-time 0 set -s escape-time 0
''; '';
######################################## SSH and fail2ban configuration ######################### ######################################## SSH configuration #########################
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
@ -92,21 +97,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV vili-bw-ssh-ed25519-main" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV vili-bw-ssh-ed25519-main"
]; ];
services.fail2ban = {
enable = true;
maxretry = 10;
bantime = "10m";
bantime-increment = {
enable = true;
maxtime = "1d";
};
jails = {
DEFAULT.settings = {
findtime = 3600;
};
};
};
######################################## Localization ########################################### ######################################## Localization ###########################################
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@ -126,7 +116,7 @@
layout = "us,"; layout = "us,";
variant = "de_se_fi,"; variant = "de_se_fi,";
}; };
console = pkgs.lib.mkForce { console = lib.mkForce {
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty. useXkbConfig = true; # use xkbOptions in tty.
}; };
@ -134,16 +124,11 @@
######################################## Memory management ###################################### ######################################## Memory management ######################################
zramSwap.enable = true; zramSwap.enable = true;
swapDevices = [
{
device = "/var/lib/swapfile";
size = 8 * 1024;
}
];
######################################## Housekeeping ########################################### ######################################## Housekeeping ###########################################
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;
flake = ''"git+https://forgejo.sinerva.eu/VSinerva/nixos-conf.git?ref=main&shallow=1"'';
dates = "04:00"; dates = "04:00";
randomizedDelaySec = "30min"; randomizedDelaySec = "30min";
allowReboot = true; allowReboot = true;
@ -153,14 +138,17 @@
}; };
}; };
nixpkgs.config.allowUnfree = true;
nix = { nix = {
registry = {
nixpkgs.flake = nixpkgs-flake;
};
settings = { settings = {
experimental-features = [ experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
]; ];
auto-optimise-store = true; auto-optimise-store = true;
tarball-ttl = 0;
}; };
gc = { gc = {
automatic = true; automatic = true;
@ -171,8 +159,6 @@
}; };
######################################## Misc. ################################################## ######################################## Misc. ##################################################
nixpkgs.config.allowUnfree = true;
networking = { networking = {
# Easiest to use and most distros use this by default. # Easiest to use and most distros use this by default.
networkmanager = { networkmanager = {
@ -187,9 +173,9 @@
users.mutableUsers = false; # Force all user management to happen throught nix-files users.mutableUsers = false; # Force all user management to happen throught nix-files
boot.loader = { boot.loader = {
systemd-boot.enable = pkgs.lib.mkDefault true; systemd-boot.enable = lib.mkDefault true;
efi.canTouchEfiVariables = pkgs.lib.mkDefault true; efi.canTouchEfiVariables = lib.mkDefault true;
timeout = pkgs.lib.mkDefault 0; timeout = lib.mkDefault 0;
}; };
}; };
} }

0
hardware-specific/nvidia.nix → shared/hardware/nvidia.nix
View file

11
shared/hardware/vm.nix Normal file
View file

@ -0,0 +1,11 @@
{ ... }:
{
swapDevices = [
{
device = "/var/lib/swapfile";
size = 2 * 1024;
}
];
services.qemuGuest.enable = true;
}

2
users/vili.nix → shared/users/vili.nix
View file

@ -11,7 +11,7 @@
"audio" "audio"
]; ];
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
hashedPasswordFile = "/root/hashed-passwords/vili"; hashedPasswordFile = "/persist/secrets/hashed-passwords/vili";
}; };
users.groups.vili.gid = 1000; users.groups.vili.gid = 1000;