toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Complete Merge of all Hosts

Browse source 
WIP but should should be mostly working
This commit is contained in:
Chris Toph 2024-09-22 01:07:26 -04:00
parent 24d157223d
commit ee1ed4739e
49 changed files with 805 additions and 150 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
nixos/modules/acme/cloudflare.ini.example → common/acme/cloudflare.ini.example
View file

18
common/acme/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
{
# letsencrypt
security.acme = {
acceptTerms = true;
defaults = {
email = "chris@toph.cc";
dnsProvider = "cloudflare";
environmentFile = ./cloudflare.ini;
};
certs = {
"ryot.foo" = {
extraDomainNames = ["*.ryot.foo"];
};
};
};
}

21
common/lxc/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ modulesPath, ... }:
{
imports = [
# Include the default lxc/lxd configuration.
"${modulesPath}/virtualisation/lxc-container.nix"
];
# Treats the system as a container.
boot.isContainer = true;
# Set your system kind (needed for flakes)
nixpkgs.hostPlatform = "x86_64-linux";
# Supress systemd units that don't work because of LXC.
# https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
}

0
nixos/modules/ssh/default.nix → common/ssh/default.nix
View file

37
flake.nix
View file

@ -15,14 +15,47 @@
lib = nixpkgs.lib; lib = nixpkgs.lib;
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
overlays = [ (import ./nixos/overlays) ]; # overlays = [ (import ./nixos/overlays) ];
}; };
in { in {
nixosConfigurations = { nixosConfigurations = {
caenus = lib.nixosSystem {
inherit system;
modules = [
./nix
./host/caenus
];
};
cloud = lib.nixosSystem { cloud = lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
./nixos ./nix
./host/cloud
];
};
dockge = lib.nixosSystem {
inherit system;
modules = [
./nix
./host/dockge
];
};
nix = lib.nixosSystem {
inherit system;
modules = [
./nix
./host/nix
];
};
proxy = lib.nixosSystem {
inherit system;
modules = [
./nix
./host/proxy
]; ];
}; };
}; };

0
home-manager/default.nix → home/default.nix
View file

0
home-manager/modules/fastfetch/default.nix → home/modules/fastfetch/default.nix
View file

BIN
home/modules/fastfetch/host/caenus/oracle.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 8.9 KiB

12
home/modules/fastfetch/host/caenus/oracle.txt Normal file
View file

@ -0,0 +1,12 @@
[?25l ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 
▌▄▄ ▄▄▌
▌▌ ▌▌
▌▌ ▌▌
▌▄▄ ▄▄▌
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 
[?25h

0
home-manager/modules/fastfetch/cloud.png → home/modules/fastfetch/host/cloud/cloud.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 18 KiB

0
home-manager/modules/fastfetch/cloud.txt → home/modules/fastfetch/host/cloud/cloud.txt
View file

84
home/modules/fastfetch/host/nix/default.nix Normal file
View file

@ -0,0 +1,84 @@
{
programs.fastfetch = {
enable = true;
settings = {
logo = {
# Created with Chafa
# chafa -s 26x13 -w 9 --symbols stipple+vhalf --view-size 26x13 nixos.png > nixos.txt
source = builtins.readFile ./nixos.txt;
type = "data";
position = "left";
padding = {
top = 0;
};
};
display = {
separator = " ";
};
modules = [
{
key = "";
type = "custom";
}
{
key = " {#31} user {#keys}";
type = "title";
format = "{user-name}";
}
{
key = " {#32}󰇅 host {#keys}";
type = "title";
format = "{host-name}";
}
{
key = " {#33}󰅐 uptime {#keys}";
type = "uptime";
}
{
key = " {#34}{icon} distro {#keys}";
type = "os";
}
{
key = " {#36}󰇄 desktop {#keys}";
type = "de";
}
{
key = " {#32} shell {#keys}";
type = "shell";
}
{
key = " {#33}󰍛 cpu {#keys}";
type = "cpu";
showPeCoreCount = true;
}
{
key = " {#34}󰉉 disk {#keys}";
type = "disk";
folders = "/";
}
{
key = " {#35} memory {#keys}";
type = "memory";
}
{
key = " {#36}󰩟 network {#keys}";
type = "localip";
format = "{ipv4} ({ifname})";
}
{
key = "";
type = "custom";
}
{
key = " {#39} colors {#keys}";
type = "colors";
symbol = "circle";
}
{
key = "";
type = "custom";
}
];
};
};
}

BIN
home/modules/fastfetch/host/nix/nixos.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 31 KiB

13
home/modules/fastfetch/host/nix/nixos.txt Normal file
View file

@ -0,0 +1,13 @@
[?25l ▄▄▄ ▄▄▄ ▄▄▄ 
▄▄▄▄ ▄▄▄▄▄▄▄ 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄▄ 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ ▄░▄ 
▄▄▄▄▄ ▄▄▄▄▄▄ 
▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄░
▄▄▄▄▄▄ ▄▄▄ 
░▄▄ ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ 
▄ ▄▄▄▄▄▄▄▄▄░░▄▄▄▄ 
▄▄▄▄▄▄▄ ▄░▄ 
▄▄▄ ▄▄▄▄ ▄▄▄ 
[?25h

0
home-manager/modules/fish/default.nix → home/modules/fish/default.nix
View file

0
home-manager/modules/fish/init.fish → home/modules/fish/init.fish
View file

60
host/caenus/default.nix Normal file
View file

@ -0,0 +1,60 @@
{ modulesPath, config, pkgs, ... }:
let
hostname = "caenus";
in {
## MODULES & IMPORTS ##
imports =
[
# FRP
./modules/frp
# Nginx
./modules/nginx
# Include the results of the hardware scan.
./hardware.nix
];
## BOOTLOADER ##
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
## NETWORKING ##
networking = {
firewall = {
allowedTCPPorts = [ 22 80 443 4040 ];
allowedUDPPorts = [ 25565 4040 ];
};
dhcpcd.enable = false;
hostName = hostname;
networkmanager.enable = true;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."50-enp0s6" = {
matchConfig.Name = "enp0s6";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
};
## PACKAGES ##
environment.systemPackages = with pkgs; [
git
micro
openssh
ranger
sshfs
wget
];
}

42
host/caenus/hardware.nix Normal file
View file

@ -0,0 +1,42 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/467be3e2-75cb-439f-8255-e1ed3a00c2d8";
fsType = "ext4";
};
fileSystems."/storage" =
{ device = "/dev/disk/by-uuid/a3666a64-591c-45ab-8393-3dd1a0a51d79";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/E12E-D69C";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

13
host/caenus/modules/frp/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
services.frp = {
enable = true;
role = "server";
settings = {
bindPort = 4040;
auth = {
method = "token";
token = builtins.readFile ./frp.token;
};
};
};
}

1
host/caenus/modules/frp/frp.token Normal file
View file

@ -0,0 +1 @@
$2b$05$3hq3mA559Yxy679kKbzou..ao9d7annFWAo4MRo0tO04bYJsteWTu

1
host/caenus/modules/frp/frp.token.example Normal file
View file

@ -0,0 +1 @@
<SHA token>

36
host/caenus/modules/nginx/default.nix Normal file
View file

@ -0,0 +1,36 @@
{
users.users.nginx.extraGroups = [ "acme" ];
# Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"ryot.foo" = {
http2 = true;
forceSSL = true;
useACMEHost = "ryot.foo";
locations."/".proxyPass = "http://0.0.0.0:8080";
};
"*.ryot.foo" = {
http2 = true;
forceSSL = true;
useACMEHost = "ryot.foo";
locations."/" = {
proxyPass = "http://0.0.0.0:8080";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
proxy_pass_header Authorization;
'';
};
};
};
};
}

71
host/cloud/default.nix Normal file
View file

@ -0,0 +1,71 @@
{ modulesPath, config, pkgs, ... }:
let
hostname = "cloud";
in {
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/acme
../../common/lxc
../../common/ssh
# Import hardware configuration.
./hardware.nix
# Local Modules
# cron
./modules/cron
# Logrotate
./modules/logrotate
# Nextcloud
./modules/nextcloud
# Nginx
./modules/nginx
# Snapraid-runner
./modules/snapraid
];
## NETWORKING ##
networking = {
firewall = {
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ ];
};
dhcpcd.enable = false;
hostName = hostname;
networkmanager.enable = true;
useDHCP = false;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."50-eth0" = {
matchConfig.Name = "eth0";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
};
## PACKAGES ##
nixpkgs.overlays = [ (import ./overlays) ];
environment.systemPackages = with pkgs; [
git
mergerfs
micro
openssh
ranger
sshfs
snapraid
snapraid-runner
wget
];
}

7
nixos/hardware-configuration.nix → host/cloud/hardware.nix
View file

@ -1,7 +1,5 @@
{ {
# Treats the system as a container. # for sshfs
boot.isContainer = true;
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
fileSystems = { fileSystems = {
@ -17,7 +15,4 @@
options = ["bind" "nofail"]; options = ["bind" "nofail"];
}; };
}; };
# Set your system kind (needed for flakes)
nixpkgs.hostPlatform = "x86_64-linux";
} }

0
nixos/modules/cron/default.nix → host/cloud/modules/cron/default.nix
View file

0
nixos/modules/logrotate/default.nix → host/cloud/modules/logrotate/default.nix
View file

0
nixos/modules/logrotate/logrotate.conf → host/cloud/modules/logrotate/logrotate.conf
View file

0
nixos/modules/nextcloud/default.nix → host/cloud/modules/nextcloud/default.nix
View file

1
host/cloud/modules/nextcloud/nextcloud-admin-pass Normal file
View file

@ -0,0 +1 @@
snYBkSxkFZ6a7Y

0
nixos/modules/nginx/default.nix → host/cloud/modules/nginx/default.nix
View file

0
nixos/modules/snapraid/default.nix → host/cloud/modules/snapraid/default.nix
View file

0
nixos/modules/snapraid/snapraid.conf → host/cloud/modules/snapraid/snapraid.conf
View file

55
host/dockge/default.nix Normal file
View file

@ -0,0 +1,55 @@
{ modulesPath, config, pkgs, ... }:
let
hostname = "cloud";
in {
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/lxc
../../common/ssh
# Import hardware configuration.
./hardware.nix
# Local Modules
];
## NETWORKING ##
networking = {
firewall = {
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ ];
};
dhcpcd.enable = false;
hostName = hostname;
networkmanager.enable = true;
useDHCP = false;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."50-eth0" = {
matchConfig.Name = "eth0";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
};
## PACKAGES ##
environment.systemPackages = with pkgs; [
git
micro
openssh
ranger
sshfs
wget
];
}

13
host/dockge/hardware.nix Normal file
View file

@ -0,0 +1,13 @@
{
# Treats the system as a container.
boot.isContainer = true;
# TODO: SSHFS
# fileSystems."/" = {
# device = "/dev/sda1";
# fsType = "ext4";
# };
# Set your system kind (needed for flakes)
nixpkgs.hostPlatform = "x86_64-linux";
}

56
host/nix/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ modulesPath, config, pkgs, ... }:
let
admin = "toph";
password = "[REDACTED]";
timeZone = "America/New_York";
defaultLocale = "en_US.UTF-8";
in {
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/lxc
../../common/ssh
# Import hardware configuration.
./hardware.nix
];
## NETWORKING ##
networking = {
firewall = {
allowedTCPPorts = [ 80 443 ];
};
dhcpcd.enable = false;
hostName = hostname;
networkmanager.enable = true;
useDHCP = false;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."50-eth0" = {
matchConfig.Name = "eth0";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
};
## PACKAGES ##
environment.systemPackages = with pkgs; [
git
micro
openbox
openssh
ranger
sshfs
wget
x2goserver
];
}

7
host/nix/hardware.nix Normal file
View file

@ -0,0 +1,7 @@
{
# TODO: SSHFS
# fileSystems."/" = {
# device = "/dev/sda1";
# fsType = "ext4";
# };
}

61
host/proxy/default.nix Normal file
View file

@ -0,0 +1,61 @@
{ modulesPath, config, pkgs, ... }:
let
hostname = "proxy";
admin = "toph";
password = "[REDACTED]";
timeZone = "America/New_York";
defaultLocale = "en_US.UTF-8";
in {
## MODULES & IMPORTS ##
imports = [
# Common Modules
../../common/acme
../../common/lxc
../../common/ssh
# Import hardware configuration.
./hardware.nix
# Local Modules
# caddy
./modules/caddy
];
## NETWORKING ##
networking = {
firewall = {
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ ];
};
dhcpcd.enable = false;
hostName = hostname;
networkmanager.enable = true;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."50-net0" = {
matchConfig.Name = "net0";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
};
## PACKAGES ##
environment.systemPackages = with pkgs; [
git
micro
openssh
ranger
sshfs
];
}

6
host/proxy/hardware.nix Normal file
View file

@ -0,0 +1,6 @@
{
# fileSystems."/" = {
# device = "/dev/sda1";
# fsType = "ext4";
# };
}

1
host/proxy/modules/acme/cloudflare.ini.example Normal file
View file

@ -0,0 +1 @@
CF_DNS_API_TOKEN=

0
nixos/modules/acme/default.nix → host/proxy/modules/acme/default.nix
View file

107
host/proxy/modules/caddy/default.nix Normal file
View file

@ -0,0 +1,107 @@
{
services.caddy = {
enable = true;
virtualHosts = {
"ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 104.40.4.44:80
'';
};
"adguard.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy opnsense:81
'';
};
"cloud.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy https://104.40.4.24:443 {
transport http {
tls_insecure_skip_verify
}
}
'';
};
"cloudflared.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:14333
'';
};
"dash.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:3001
'';
};
"dazzle.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:8070
'';
};
"dockge.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:5001
'';
};
"drive.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:8080
'';
};
"frp.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:4041
'';
};
"home.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:7575
'';
};
"nginx.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:81
'';
};
"pve.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy 10.163.22.82:8006 {
transport http {
tls_insecure_skip_verify
}
}
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.4.44:8090
'';
};
};
};
}

18
host/proxy/modules/nginx/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
# INFO: migth need at some point so keeping it here
# Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Add a virtual host
virtualHosts."ryot.com" = {};
};
}

18
host/proxy/modules/ssh/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
programs.ssh.startAgent = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
];
services.openssh = {
enable = true;
settings = {
AllowUsers = null; # everyone
GatewayPorts = "yes"; # allow remote port forwarding with AutoSSH
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
}

49
nix/default.nix Normal file
View file

@ -0,0 +1,49 @@
{ modulesPath, config, pkgs, ... }:
let
admin = "toph";
password = "[REDACTED]";
timeZone = "America/New_York";
defaultLocale = "en_US.UTF-8";
in {
## TIMEZONE & LOCALE ##
time.timeZone = timeZone;
i18n.defaultLocale = defaultLocale;
## USERS ##
users.mutableUsers = false;
users.users."${admin}" = {
isNormalUser = true;
createHome = true;
homeMode = "750";
home = "/home/${admin}";
password = password;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
];
};
# INFO: Enable passwordless sudo.
security.sudo.extraRules = [{
users = [ admin ];
commands = [{
command = "ALL" ;
options = [ "NOPASSWD" ];
}];
}];
## PROGRAMS & SERVICES ##
# Shells
environment.shells = with pkgs; [ bash fish ];
programs.fish.enable = true;
## NIXOS ##
# This value determines the NixOS release with which your system is to be
system.stateVersion = "24.11";
# Enable Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
}

0
nixos/overlays/default.nix → nix/overlays/default.nix
View file

0
nixos/pkgs/snapraid-runner/default.nix → nix/pkgs/snapraid-runner/default.nix
View file

0
nixos/pkgs/snapraid-runner/snapraid-runner.conf → nix/pkgs/snapraid-runner/snapraid-runner.conf
View file

0
nixos/pkgs/snapraid-runner/snapraid-runner.py → nix/pkgs/snapraid-runner/snapraid-runner.py
View file

137
nixos/default.nix
View file

@ -1,137 +0,0 @@
{ modulesPath, config, pkgs, ... }:
let
hostname = "cloud";
admin = "toph";
password = "[REDACTED]";
timeZone = "America/New_York";
defaultLocale = "en_US.UTF-8";
in {
## MODULES & IMPORTS ##
imports =
[
# Include the default lxc/lxd configuration.
"${modulesPath}/virtualisation/lxc-container.nix"
# Import hardware configuration.
./hardware-configuration.nix
# Module imports
# ACME
./modules/acme
# cron
./modules/cron
# Logrotate
./modules/logrotate
# Nextcloud
./modules/nextcloud
# Nginx
./modules/nginx
# Snapraid-runner
./modules/snapraid
# SSH
./modules/ssh
];
## NETWORKING ##
networking = {
firewall = {
allowedTCPPorts = [ 80 443 ];
};
dhcpcd.enable = false;
hostName = hostname;
networkmanager.enable = true;
useDHCP = false;
useHostResolvConf = false;
};
systemd.network = {
enable = true;
networks."50-eth0" = {
matchConfig.Name = "eth0";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = true;
};
linkConfig.RequiredForOnline = "routable";
};
};
## TIMEZONE & LOCALE ##
time.timeZone = timeZone;
i18n.defaultLocale = defaultLocale;
## USERS ##
users = {
mutableUsers = false;
users = {
"${admin}" = {
isNormalUser = true;
createHome = true;
homeMode = "750";
home = "/home/${admin}";
password = password;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
];
};
nextcloud.extraGroups = [ "users" "root" "wheel" ];
nextcloud.homeMode = "750";
};
};
# INFO: Enable passwordless sudo.
security.sudo.extraRules= [
{ users = [ admin ];
commands = [
{ command = "ALL" ;
options= [ "NOPASSWD" ];
}
];
}
];
## PACKAGES ##
nixpkgs.overlays = [ (import ./overlays) ];
environment.systemPackages = with pkgs; [
git
mergerfs
micro
openssh
ranger
sshfs
snapraid
snapraid-runner
wget
];
## PROGRAMS & SERVICES ##
# Shells
environment.shells = with pkgs; [ bash fish ];
programs.fish.enable = true;
## NIXOS ##
# LXC specific configuration
# Supress systemd units that don't work because of LXC.
# https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
# This value determines the NixOS release with which your system is to be
system.stateVersion = "24.11";
# Enable Flakes
nix.settings.experimental-features = [ "nix-command" "flakes" ];
}