up

Signed-off-by: Christoph Schmatzler <christoph@schmatzler.com>
2025-10-25 15:12:17 +00:00
parent 682c06115f
commit b460a0a534
10 changed files with 49 additions and 62 deletions
--- a/hosts/darwin/chidi/default.nix
+++ b/hosts/darwin/chidi/default.nix
@@ -4,7 +4,7 @@
  ...
 }: {
  imports = [
-    ../shared.nix
+    ../../modules/darwin
  ];

  networking.hostName = "chidi";
--- a/hosts/darwin/shared.nix
+++ b/hosts/darwin/shared.nix
@@ -1,5 +0,0 @@
-{
-  imports = [
-    ../../modules/darwin
-  ];
-}
--- a/hosts/darwin/jason/default.nix
+++ b/hosts/darwin/jason/default.nix
@@ -1,6 +1,6 @@
 {user, ...}: {
  imports = [
-    ../shared.nix
+    ../../modules/darwin
  ];

  networking.hostName = "jason";
--- a/hosts/nixos/tahani/default.nix
+++ b/hosts/nixos/tahani/default.nix
@@ -1,12 +1,45 @@
 {
+  config,
  hostname,
  user,
  ...
 }: {
  imports = [
-    ../../../modules/nixos
+    ../../modules/nixos
  ];

+  services.adguardhome = {
+    enable = true;
+    port = 10000;
+    settings = {
+      dns = {
+        upstream_dns = [
+          "1.1.1.1"
+          "1.0.0.1"
+        ];
+      };
+      filtering = {
+        protection_enabled = true;
+        filtering_enabled = true;
+        safe_search = {
+          enabled = false;
+        };
+      };
+    };
+  };
+
+  virtualisation.docker = {
+    enable = true;
+  };
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "yes";
+      PasswordAuthentication = false;
+    };
+  };
+
  fileSystems."/" = {
    device = "/dev/disk/by-label/NIXROOT";
    fsType = "ext4";
@@ -28,17 +61,24 @@
    ];
    defaultGateway = "192.168.1.1";
    nameservers = ["1.1.1.1"];
+    firewall = {
+      enable = true;
+      trustedInterfaces = ["eno1" "tailscale0"];
+      allowedUDPPorts = [config.services.tailscale.port];
+      allowedTCPPorts = [22];
+      checkReversePath = "loose";
+    };
  };

  sops.secrets = {
    tahani-syncthing-cert = {
-      sopsFile = ../../../secrets/tahani-syncthing-cert;
+      sopsFile = ../../secrets/tahani-syncthing-cert;
      format = "binary";
      owner = user;
      path = "/home/${user}/.config/syncthing/cert.pem";
    };
    tahani-syncthing-key = {
-      sopsFile = ../../../secrets/tahani-syncthing-key;
+      sopsFile = ../../secrets/tahani-syncthing-key;
      format = "binary";
      owner = user;
      path = "/home/${user}/.config/syncthing/key.pem";