cschmatzler/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

up

Browse Source 
Signed-off-by: Christoph Schmatzler <christoph@schmatzler.com>
This commit is contained in:
Christoph Schmatzler
2025-10-25 15:12:17 +00:00
parent 682c06115f
commit b460a0a534
10 changed files with 49 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.nix
View File

@@ -34,8 +34,8 @@
let let
constants = import ./lib/constants.nix; constants = import ./lib/constants.nix;
user = constants.user; user = constants.user;
darwinHosts = builtins.attrNames (builtins.readDir ./hosts/darwin); darwinHosts = ["chidi" "jason"];
nixosHosts = builtins.attrNames (builtins.readDir ./hosts/nixos); nixosHosts = ["tahani"];
overlays = import ./overlays {inherit inputs;}; overlays = import ./overlays {inherit inputs;};
in { in {
systems = [ systems = [
@@ -68,7 +68,7 @@
mutableTaps = true; mutableTaps = true;
}; };
} }
./hosts/darwin/${hostname} ./hosts/${hostname}
]; ];
} }
); );
@@ -87,7 +87,7 @@
{ {
nixpkgs.overlays = overlays; nixpkgs.overlays = overlays;
} }
./hosts/nixos/${hostname} ./hosts/${hostname}
]; ];
} }
); );

2
hosts/darwin/chidi/default.nix → hosts/chidi/default.nix
View File

@@ -4,7 +4,7 @@
... ...
}: { }: {
imports = [ imports = [
../shared.nix ../../modules/darwin
]; ];
networking.hostName = "chidi"; networking.hostName = "chidi";

5
hosts/darwin/shared.nix
View File

@@ -1,5 +0,0 @@
{
imports = [
../../modules/darwin
];
}

2
hosts/darwin/jason/default.nix → hosts/jason/default.nix
View File

@@ -1,6 +1,6 @@
{user, ...}: { {user, ...}: {
imports = [ imports = [
../shared.nix ../../modules/darwin
]; ];
networking.hostName = "jason"; networking.hostName = "jason";

46
hosts/nixos/tahani/default.nix → hosts/tahani/default.nix
View File

@@ -1,12 +1,45 @@
{ {
config,
hostname, hostname,
user, user,
... ...
}: { }: {
imports = [ imports = [
../../../modules/nixos ../../modules/nixos
]; ];
services.adguardhome = {
enable = true;
port = 10000;
settings = {
dns = {
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
safe_search = {
enabled = false;
};
};
};
};
virtualisation.docker = {
enable = true;
};
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4"; fsType = "ext4";
@@ -28,17 +61,24 @@
]; ];
defaultGateway = "192.168.1.1"; defaultGateway = "192.168.1.1";
nameservers = ["1.1.1.1"]; nameservers = ["1.1.1.1"];
firewall = {
enable = true;
trustedInterfaces = ["eno1" "tailscale0"];
allowedUDPPorts = [config.services.tailscale.port];
allowedTCPPorts = [22];
checkReversePath = "loose";
};
}; };
sops.secrets = { sops.secrets = {
tahani-syncthing-cert = { tahani-syncthing-cert = {
sopsFile = ../../../secrets/tahani-syncthing-cert; sopsFile = ../../secrets/tahani-syncthing-cert;
format = "binary"; format = "binary";
owner = user; owner = user;
path = "/home/${user}/.config/syncthing/cert.pem"; path = "/home/${user}/.config/syncthing/cert.pem";
}; };
tahani-syncthing-key = { tahani-syncthing-key = {
sopsFile = ../../../secrets/tahani-syncthing-key; sopsFile = ../../secrets/tahani-syncthing-key;
format = "binary"; format = "binary";
owner = user; owner = user;
path = "/home/${user}/.config/syncthing/key.pem"; path = "/home/${user}/.config/syncthing/key.pem";

21
modules/nixos/adguard.nix
View File

@@ -1,21 +0,0 @@
{
services.adguardhome = {
enable = true;
port = 10000;
settings = {
dns = {
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
safe_search = {
enabled = false;
};
};
};
};
}

4
modules/nixos/default.nix
View File

@@ -10,10 +10,6 @@
../core.nix ../core.nix
../syncthing.nix ../syncthing.nix
../tailscale.nix ../tailscale.nix
./adguard.nix
./docker.nix
./firewall.nix
./ssh.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
]; ];

5
modules/nixos/docker.nix
View File

@@ -1,5 +0,0 @@
{
virtualisation.docker = {
enable = true;
};
}

9
modules/nixos/firewall.nix
View File

@@ -1,9 +0,0 @@
{config, ...}: {
networking.firewall = {
enable = true;
trustedInterfaces = ["eno1" "tailscale0"];
allowedUDPPorts = [config.services.tailscale.port];
allowedTCPPorts = [22];
checkReversePath = "loose";
};
}

9
modules/nixos/ssh.nix
View File

@@ -1,9 +0,0 @@
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
}