motiejus
/
config
1
Fork 0
Code Packages Releases Activity

minor config changes; making more consistent with desktop format

This commit is contained in:
Motiejus Jakštys 2023-03-29 15:25:49 +03:00
parent 926fe7473e
commit d4fddf58e6
1 changed files with 91 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

165
configuration.nix
View File

@ -66,7 +66,6 @@ in {
/etc/nixos/hardware-configuration.nix /etc/nixos/zfs.nix /etc/nixos/hardware-configuration.nix /etc/nixos/zfs.nix
]; ];
#nixpkgs.overlays = [ (self: super: {} ) ];
nixpkgs.overlays = [ (self: super: { nixpkgs.overlays = [ (self: super: {
systemd = super.systemd.overrideAttrs (old: { systemd = super.systemd.overrideAttrs (old: {
@ -89,9 +88,11 @@ in {
}; };
}; };
security.sudo = { security = {
wheelNeedsPassword = false; sudo = {
execWheelOnly = true; wheelNeedsPassword = false;
execWheelOnly = true;
};
}; };
time.timeZone = "UTC"; time.timeZone = "UTC";
@ -99,8 +100,6 @@ in {
users = { users = {
mutableUsers = false; mutableUsers = false;
groups.gitea.gid = gitea_uidgid;
users = { users = {
git = { git = {
description = "Gitea Service"; description = "Gitea Service";
@ -118,68 +117,101 @@ in {
openssh.authorizedKeys.keys = [ ssh_pubkeys.motiejus ]; openssh.authorizedKeys.keys = [ ssh_pubkeys.motiejus ];
}; };
}; };
groups.gitea.gid = gitea_uidgid;
}; };
environment.systemPackages = with pkgs; [ environment = {
jq systemPackages = with pkgs; [
vim jq
git git
dig dig
tmux wget
tree tree
wget lsof
lsof file
file tmux
htop htop
ipset #ncdu
#ncdu nmap
sqlite ipset
parted p7zip
vimv-rs pwgen
ripgrep parted
binutils sqlite
pciutils direnv
headscale vimv-rs
mailutils openssl
nixos-option ripgrep
]; bsdgames
binutils
moreutils
headscale
mailutils
nixos-option
graphicsmagick
];
variables = {
EDITOR = "nvim";
};
};
programs.mtr.enable = true; programs = {
programs.mosh.enable = true; mtr.enable = true;
programs.ssh.knownHosts = { mosh.enable = true;
"vno1-oh2.servers.jakst" = { neovim = {
extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"]; enable = true;
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY"; defaultEditor = true;
}; };
"hel1-a.servers.jakst" = {
extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt"]; ssh.knownHosts = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu"; "vno1-oh2.servers.jakst" = {
}; extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"];
"hel1-b.servers.jakst" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY";
extraHostNames = ["hel1-b.jakstys.lt" "jakstys.lt"]; };
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCJxdEkgQ3U0XxqDibk0g3iV+FG423Yk8hj6VAIOpT5"; "hel1-a.servers.jakst" = {
}; extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt" ];
"mtwork.motiejus.jakst" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvNuABV5KXmh6rmS+R50XeJ9/V+Sgpuc1DrlYXW2bQb"; };
}; "mtwork.motiejus.jakst" = {
"zh2769.rsync.net" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvNuABV5KXmh6rmS+R50XeJ9/V+Sgpuc1DrlYXW2bQb";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd"; };
}; "zh2769.rsync.net" = {
"github.com" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl"; };
}; "github.com" = {
"git.sr.ht" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60"; };
"git.sr.ht" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
};
}; };
}; };
services = { services = {
tailscale.enable = true;
zfs = { zfs = {
autoScrub.enable = true; autoScrub.enable = true;
trim.enable = true; trim.enable = true;
expandOnBoot = "all"; expandOnBoot = "all";
}; };
openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
};
locate = {
enable = true;
locate = pkgs.plocate;
localuser = null;
};
sanoid = { sanoid = {
enable = true; enable = true;
templates.prod = { templates.prod = {
@ -226,20 +258,6 @@ in {
}; };
}) backup_paths; }) backup_paths;
openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
};
locate = {
enable = true;
locate = pkgs.plocate;
localuser = null;
};
headscale = { headscale = {
enable = true; enable = true;
@ -262,8 +280,6 @@ in {
}; };
}; };
tailscale.enable = true;
gitea = { gitea = {
enable = true; enable = true;
user = "git"; user = "git";
@ -379,7 +395,7 @@ in {
''; '';
}; };
# app_service_config_files # TODO: app_service_config_files
matrix-synapse = { matrix-synapse = {
enable = true; enable = true;
settings = { settings = {
@ -540,8 +556,6 @@ in {
}; };
# TODO: compress static stuff
#${pkgs.findutils}/bin/find ${pkgs.gitea.data} -name '*.css' -exec ${pkgs.brotli}/bin/brotli {} \+
networking = { networking = {
hostName = "hel1-a"; hostName = "hel1-a";
@ -577,10 +591,13 @@ in {
}; };
}; };
nix.gc = { nix = {
gc = {
automatic = true; automatic = true;
dates = "daily"; dates = "daily";
options = "--delete-older-than 14d"; options = "--delete-older-than 14d";
};
extraOptions = "experimental-features = nix-command flakes";
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [