cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source 
Signed-off-by: Christoph Schmatzler <christoph@schmatzler.com>
This commit is contained in:
Christoph Schmatzler
2025-10-25 15:12:17 +00:00
parent 682c06115f
commit b460a0a534
10 changed files with 49 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.nix
View File

@@ -34,8 +34,8 @@
let
constants = import ./lib/constants.nix;
user = constants.user;
darwinHosts = builtins.attrNames (builtins.readDir ./hosts/darwin);
nixosHosts = builtins.attrNames (builtins.readDir ./hosts/nixos);
darwinHosts = ["chidi" "jason"];
nixosHosts = ["tahani"];
overlays = import ./overlays {inherit inputs;};
in {
systems = [
@@ -68,7 +68,7 @@
mutableTaps = true;
};
}
./hosts/darwin/${hostname}
./hosts/${hostname}
];
}
);
@@ -87,7 +87,7 @@
{
nixpkgs.overlays = overlays;
}
./hosts/nixos/${hostname}
./hosts/${hostname}
];
}
);

2
hosts/darwin/chidi/default.nix → hosts/chidi/default.nix
View File

@@ -4,7 +4,7 @@
...
}: {
imports = [
../shared.nix
../../modules/darwin
];
networking.hostName = "chidi";

5
hosts/darwin/shared.nix
View File

@@ -1,5 +0,0 @@
{
imports = [
../../modules/darwin
];
}

2
hosts/darwin/jason/default.nix → hosts/jason/default.nix
View File

@@ -1,6 +1,6 @@
{user, ...}: {
imports = [
../shared.nix
../../modules/darwin
];
networking.hostName = "jason";

46
hosts/nixos/tahani/default.nix → hosts/tahani/default.nix
View File

@@ -1,12 +1,45 @@
{
config,
hostname,
user,
...
}: {
imports = [
../../../modules/nixos
../../modules/nixos
];
services.adguardhome = {
enable = true;
port = 10000;
settings = {
dns = {
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
safe_search = {
enabled = false;
};
};
};
};
virtualisation.docker = {
enable = true;
};
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
@@ -28,17 +61,24 @@
];
defaultGateway = "192.168.1.1";
nameservers = ["1.1.1.1"];
firewall = {
enable = true;
trustedInterfaces = ["eno1" "tailscale0"];
allowedUDPPorts = [config.services.tailscale.port];
allowedTCPPorts = [22];
checkReversePath = "loose";
};
};
sops.secrets = {
tahani-syncthing-cert = {
sopsFile = ../../../secrets/tahani-syncthing-cert;
sopsFile = ../../secrets/tahani-syncthing-cert;
format = "binary";
owner = user;
path = "/home/${user}/.config/syncthing/cert.pem";
};
tahani-syncthing-key = {
sopsFile = ../../../secrets/tahani-syncthing-key;
sopsFile = ../../secrets/tahani-syncthing-key;
format = "binary";
owner = user;
path = "/home/${user}/.config/syncthing/key.pem";

21
modules/nixos/adguard.nix
View File

@@ -1,21 +0,0 @@
{
services.adguardhome = {
enable = true;
port = 10000;
settings = {
dns = {
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
safe_search = {
enabled = false;
};
};
};
};
}

4
modules/nixos/default.nix
View File

@@ -10,10 +10,6 @@
../core.nix
../syncthing.nix
../tailscale.nix
./adguard.nix
./docker.nix
./firewall.nix
./ssh.nix
sops-nix.nixosModules.sops
];

5
modules/nixos/docker.nix
View File

@@ -1,5 +0,0 @@
{
virtualisation.docker = {
enable = true;
};
}

9
modules/nixos/firewall.nix
View File

@@ -1,9 +0,0 @@
{config, ...}: {
networking.firewall = {
enable = true;
trustedInterfaces = ["eno1" "tailscale0"];
allowedUDPPorts = [config.services.tailscale.port];
allowedTCPPorts = [22];
checkReversePath = "loose";
};
}

9
modules/nixos/ssh.nix
View File

@@ -1,9 +0,0 @@
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
}