motiejus
/
config
1
Fork 0
Code Packages Releases Activity

minor config changes; making more consistent with desktop format

This commit is contained in:
Motiejus Jakštys 2023-03-29 15:25:49 +03:00
parent 926fe7473e
commit d4fddf58e6
1 changed files with 91 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
configuration.nix
View File

@ -66,7 +66,6 @@ in {
/etc/nixos/hardware-configuration.nix /etc/nixos/zfs.nix /etc/nixos/hardware-configuration.nix /etc/nixos/zfs.nix
]; ];
#nixpkgs.overlays = [ (self: super: {} ) ];
nixpkgs.overlays = [ (self: super: { nixpkgs.overlays = [ (self: super: {
systemd = super.systemd.overrideAttrs (old: { systemd = super.systemd.overrideAttrs (old: {
@ -89,18 +88,18 @@ in {
}; };
}; };
security.sudo = { security = {
sudo = {
wheelNeedsPassword = false; wheelNeedsPassword = false;
execWheelOnly = true; execWheelOnly = true;
}; };
};
time.timeZone = "UTC"; time.timeZone = "UTC";
users = { users = {
mutableUsers = false; mutableUsers = false;
groups.gitea.gid = gitea_uidgid;
users = { users = {
git = { git = {
description = "Gitea Service"; description = "Gitea Service";
@ -118,47 +117,62 @@ in {
openssh.authorizedKeys.keys = [ ssh_pubkeys.motiejus ]; openssh.authorizedKeys.keys = [ ssh_pubkeys.motiejus ];
}; };
}; };
groups.gitea.gid = gitea_uidgid;
}; };
environment.systemPackages = with pkgs; [ environment = {
systemPackages = with pkgs; [
jq jq
vim
git git
dig dig
tmux
tree
wget wget
tree
lsof lsof
file file
tmux
htop htop
ipset
#ncdu #ncdu
sqlite nmap
ipset
p7zip
pwgen
parted parted
sqlite
direnv
vimv-rs vimv-rs
openssl
ripgrep ripgrep
bsdgames
binutils binutils
pciutils moreutils
headscale headscale
mailutils mailutils
nixos-option nixos-option
graphicsmagick
]; ];
variables = {
EDITOR = "nvim";
};
};
programs.mtr.enable = true; programs = {
programs.mosh.enable = true; mtr.enable = true;
programs.ssh.knownHosts = { mosh.enable = true;
neovim = {
enable = true;
defaultEditor = true;
};
ssh.knownHosts = {
"vno1-oh2.servers.jakst" = { "vno1-oh2.servers.jakst" = {
extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"]; extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY";
}; };
"hel1-a.servers.jakst" = { "hel1-a.servers.jakst" = {
extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt"]; extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu";
}; };
"hel1-b.servers.jakst" = {
extraHostNames = ["hel1-b.jakstys.lt" "jakstys.lt"];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCJxdEkgQ3U0XxqDibk0g3iV+FG423Yk8hj6VAIOpT5";
};
"mtwork.motiejus.jakst" = { "mtwork.motiejus.jakst" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvNuABV5KXmh6rmS+R50XeJ9/V+Sgpuc1DrlYXW2bQb"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvNuABV5KXmh6rmS+R50XeJ9/V+Sgpuc1DrlYXW2bQb";
}; };
@ -172,14 +186,32 @@ in {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
}; };
}; };
};
services = { services = {
tailscale.enable = true;
zfs = { zfs = {
autoScrub.enable = true; autoScrub.enable = true;
trim.enable = true; trim.enable = true;
expandOnBoot = "all"; expandOnBoot = "all";
}; };
openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
};
locate = {
enable = true;
locate = pkgs.plocate;
localuser = null;
};
sanoid = { sanoid = {
enable = true; enable = true;
templates.prod = { templates.prod = {
@ -226,20 +258,6 @@ in {
}; };
}) backup_paths; }) backup_paths;
openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
};
locate = {
enable = true;
locate = pkgs.plocate;
localuser = null;
};
headscale = { headscale = {
enable = true; enable = true;
@ -262,8 +280,6 @@ in {
}; };
}; };
tailscale.enable = true;
gitea = { gitea = {
enable = true; enable = true;
user = "git"; user = "git";
@ -379,7 +395,7 @@ in {
''; '';
}; };
# app_service_config_files # TODO: app_service_config_files
matrix-synapse = { matrix-synapse = {
enable = true; enable = true;
settings = { settings = {
@ -540,8 +556,6 @@ in {
}; };
# TODO: compress static stuff
#${pkgs.findutils}/bin/find ${pkgs.gitea.data} -name '*.css' -exec ${pkgs.brotli}/bin/brotli {} \+
networking = { networking = {
hostName = "hel1-a"; hostName = "hel1-a";
@ -577,11 +591,14 @@ in {
}; };
}; };
nix.gc = { nix = {
gc = {
automatic = true; automatic = true;
dates = "daily"; dates = "daily";
options = "--delete-older-than 14d"; options = "--delete-older-than 14d";
}; };
extraOptions = "experimental-features = nix-command flakes";
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -" "d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -"