reorg

2025-08-14 12:33:13 +00:00
parent a397f5f13b
commit 13313035d5
47 changed files with 48 additions and 50 deletions
--- a/modules/nixos/adguard.nix
+++ b/modules/nixos/adguard.nix
@@ -0,0 +1,21 @@
+{
+  services.adguardhome = {
+    enable = true;
+    port = 10000;
+    settings = {
+      dns = {
+        upstream_dns = [
+          "1.1.1.1"
+          "1.0.0.1"
+        ];
+      };
+      filtering = {
+        protection_enabled = true;
+        filtering_enabled = true;
+        safe_search = {
+          enabled = false;
+        };
+      };
+    };
+  };
+}
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -0,0 +1,71 @@
+{
+  pkgs,
+  nixvim,
+  user,
+  constants,
+  sops-nix,
+  ...
+}: {
+  imports = [
+    ../core.nix
+    ./firewall.nix
+    ./ssh.nix
+    ./adguard.nix
+    ../tailscale.nix
+    ../syncthing.nix
+    sops-nix.nixosModules.sops
+  ];
+
+  security.sudo.enable = true;
+
+  system.stateVersion = constants.stateVersions.nixos;
+  time.timeZone = "UTC";
+
+  nix = {
+    settings.trusted-users = ["${user}"];
+    gc.dates = "weekly";
+    nixPath = ["nixos-config=/home/${user}/.local/share/src/nixos-config:/etc/nixos"];
+  };
+
+  users.users = {
+    ${user} = {
+      isNormalUser = true;
+      home = "/home/${user}";
+      extraGroups = [
+        "wheel"
+        "sudo"
+        "network"
+        "systemd-journal"
+        "docker"
+      ];
+      shell = pkgs.fish;
+      openssh.authorizedKeys.keys = constants.sshKeys;
+    };
+
+    root = {
+      openssh.authorizedKeys.keys = constants.sshKeys;
+    };
+  };
+
+  home-manager = {
+    users.${user} = {
+      pkgs,
+      config,
+      lib,
+      ...
+    }: {
+      _module.args = {inherit user;};
+      imports = [
+        nixvim.homeModules.nixvim
+        ../home-manager
+        ../home-manager/nixos
+      ];
+      home = {
+        packages =
+          pkgs.callPackage ../packages.nix {}
+          ++ pkgs.callPackage ./packages.nix {};
+        stateVersion = constants.stateVersions.homeManager;
+      };
+    };
+  };
+}
--- a/modules/nixos/firewall.nix
+++ b/modules/nixos/firewall.nix
@@ -0,0 +1,9 @@
+{config, ...}: {
+  networking.firewall = {
+    enable = true;
+    trustedInterfaces = ["eno1" "tailscale0"];
+    allowedUDPPorts = [config.services.tailscale.port];
+    allowedTCPPorts = [22];
+    checkReversePath = "loose";
+  };
+}
--- a/modules/nixos/packages.nix
+++ b/modules/nixos/packages.nix
@@ -0,0 +1,4 @@
+{pkgs}:
+with pkgs; [
+  gcc15
+]
--- a/modules/nixos/ssh.nix
+++ b/modules/nixos/ssh.nix
@@ -0,0 +1,9 @@
+{
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+      PasswordAuthentication = false;
+    };
+  };
+}