From ad8d362fb72cb98896f580db8a7c69a3a741e2a5 Mon Sep 17 00:00:00 2001 From: Chris Dombroski Date: Sat, 27 Apr 2024 22:10:36 -0400 Subject: [PATCH] modular! --- .gitignore | 1 + modules/aarch64-emu.nix | 3 + modules/common/common.nix | 5 + modules/common/nix.nix | 19 +++ modules/common/sshd.nix | 6 + modules/networkd-base.nix | 8 ++ systems/orangepihole/configuration.nix | 23 +--- systems/smolboi/configuration.nix | 105 +-------------- systems/zeus/configuration.nix | 169 ++----------------------- 9 files changed, 57 insertions(+), 282 deletions(-) create mode 100644 modules/aarch64-emu.nix create mode 100644 modules/common/common.nix create mode 100644 modules/common/nix.nix create mode 100644 modules/common/sshd.nix create mode 100644 modules/networkd-base.nix diff --git a/.gitignore b/.gitignore index d53e06f..999abf3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .direnv/ result +*.swp diff --git a/modules/aarch64-emu.nix b/modules/aarch64-emu.nix new file mode 100644 index 0000000..4976c47 --- /dev/null +++ b/modules/aarch64-emu.nix @@ -0,0 +1,3 @@ +{...}: { + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; +} diff --git a/modules/common/common.nix b/modules/common/common.nix new file mode 100644 index 0000000..512d898 --- /dev/null +++ b/modules/common/common.nix @@ -0,0 +1,5 @@ +{...}: { + time.timeZone = "America/New_York"; + i18n.defaultLocale = "en_US.UTF-8"; + programs.vim.defaultEditor = true; +} diff --git a/modules/common/nix.nix b/modules/common/nix.nix new file mode 100644 index 0000000..3ef169e --- /dev/null +++ b/modules/common/nix.nix @@ -0,0 +1,19 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + git + nix-output-monitor + ]; + nix = { + settings.experimental-features = [ "nix-command" "flakes" ]; + gc = { + automatic = true; + options = "--delete-older-than 30d"; + dates = "weekly"; + }; + optimise.automatic = true; + }; + system.autoUpgrade = { + enable = true; + flake = "git+https://git.icanttype.org/cdombroski/nix-configs.git"; + }; +} diff --git a/modules/common/sshd.nix b/modules/common/sshd.nix new file mode 100644 index 0000000..9267ee7 --- /dev/null +++ b/modules/common/sshd.nix @@ -0,0 +1,6 @@ +{...}: { + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc=" + ]; +} diff --git a/modules/networkd-base.nix b/modules/networkd-base.nix new file mode 100644 index 0000000..101c065 --- /dev/null +++ b/modules/networkd-base.nix @@ -0,0 +1,8 @@ +{...}: { + systemd.network.enable = true; + networking.useNetworkd = true; + services.resolved = { + enable = true; + fallbackDns = [ "8.8.8.8" ]; + }; +} diff --git a/systems/orangepihole/configuration.nix b/systems/orangepihole/configuration.nix index cbab4e5..bff296d 100644 --- a/systems/orangepihole/configuration.nix +++ b/systems/orangepihole/configuration.nix @@ -5,6 +5,7 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix ../../modules/common.nix + ../../modules/networkd-base.nix ]; boot.loader.grub.enable = false; @@ -13,9 +14,7 @@ networking = { hostName = "orangepihole"; # Define your hostname. - useNetworkd = true; }; - systemd.network.enable = true; systemd.network.networks."40-end0" = { matchConfig.Name = "end0"; address = [ "10.42.69.2/24" "fd72:3dd5:21ae:3c97::2/64" ]; @@ -36,11 +35,9 @@ ipv6SendRAConfig.EmitDNS = false; ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ]; }; - time.timeZone = "America/New_York"; zramSwap.enable = true; swapDevices = [ {device="/swapfile"; size=1024;}]; - services.resolved.enable = true; services.unbound = { enable = true; settings = { @@ -68,24 +65,18 @@ ''; }; }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc=" - ]; environment.systemPackages = with pkgs; [ - git vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget ]; - services.openssh.enable = true; - - networking.firewall.enable = false; - system.autoUpgrade = { - enable = true; - flake = "git+https://git.icanttype.org/cdombroski/nix-configs.git"; + networking.firewall = { + allowedUDPPorts = [ 53 67 68 ]; + allowedTCPPorts = [ 53 ]; }; + system.stateVersion = "23.11"; # Did you read the comment? nix.buildMachines = [ { hostName = "zeus"; @@ -97,9 +88,5 @@ }]; nix.distributedBuilds = true; nix.extraOptions = "builders-use-substitutes = true"; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.gc.automatic = true; - nix.gc.options = "--delete-older-than 7d"; - nix.optimise.automatic = true; } diff --git a/systems/smolboi/configuration.nix b/systems/smolboi/configuration.nix index 2b32c10..edc06d3 100644 --- a/systems/smolboi/configuration.nix +++ b/systems/smolboi/configuration.nix @@ -1,7 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, pkgs, ... }: { @@ -9,21 +5,16 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix ../../modules/common.nix + ../../modules/aarch64-emu.nix ../../modules/smartd.nix ]; - # Use the systemd-boot EFI boot loader. boot = { blacklistedKernelModules = [ "k10temp" ]; extraModulePackages = with config.boot.kernelPackages; [ zenpower ]; kernelParams = [ "amd_pstate=passive" ]; loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; - plymouth = { - enable = false; - theme = "breeze"; - }; - binfmt.emulatedSystems = [ "aarch64-linux" ]; binfmt.registrations.appimage = { wrapInterpreterInShell = false; interpreter = "${pkgs.appimage-run}/bin/appimage-run"; @@ -38,23 +29,9 @@ networking = { hostName = "smolboi"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networkmanager.enable = true; # Easiest to use and most distros use this by default. firewall.allowedTCPPorts = [ 22000 ]; }; - nix = { - settings = { - experimental-features = [ "nix-command" "flakes" ]; - sandbox = true; - }; - gc = { - automatic = true; - options = "--delete-older-than 30d"; - dates = "weekly"; - }; - optimise.automatic = true; - }; nixpkgs.config = { allowUnfree = true; permittedInsecurePackages = [ @@ -80,27 +57,7 @@ }; }; - # Set your time zone. - time.timeZone = "America/New_York"; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - system.autoUpgrade = { - enable = true; - flake = "git+https://git.icanttype.org/cdombroski/nix-configs.git"; - }; - - # Enable the X11 windowing system. services = { xserver = { enable = true; @@ -111,11 +68,6 @@ desktopManager.plasma5.enable = true; }; - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. printing = { enable = true; drivers = [ pkgs.gutenprint ]; @@ -135,7 +87,6 @@ hardware.openrgb.enable = true; resolved.enable = true; btrfs.autoScrub.enable = true; - openssh.enable = true; }; hardware = { sane = { @@ -145,35 +96,15 @@ bluetooth.enable = true; }; - # Enable sound. security = { rtkit.enable = true; }; - # hardware.pulseaudio.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # firefox - # tree - # ]; - # }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc=" - ]; users.users.cdombroski = { isNormalUser = true; extraGroups = [ "wheel" ]; uid = 1000; }; - # List packages installed in system profile. To search, run: - # $ nix search wget environment = { systemPackages = with pkgs; [ vim-full # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. @@ -183,16 +114,12 @@ chromium skanlite htop - git kate cifs-utils ]; pathsToLink = [ "/share/bash-completion" ]; }; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; programs = { gnupg.agent = { enable = true; @@ -222,25 +149,11 @@ }; gamescope.enable = true; }; - # List services that you want to enable: zramSwap = { enable = true; writebackDevice = "/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d"; }; - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - fileSystems = { "/".options = [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; "/nix".options = [ "compress=lzo" "autodefrag" "discard=async" "noatime" "defaults" ]; @@ -248,22 +161,6 @@ "/home".options = [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; }; - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? } diff --git a/systems/zeus/configuration.nix b/systems/zeus/configuration.nix index 325b5ae..5259c90 100644 --- a/systems/zeus/configuration.nix +++ b/systems/zeus/configuration.nix @@ -1,7 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, pkgs, ... }: { @@ -9,52 +5,18 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix ../../modules/common.nix + ../../modules/aarch64-emu.nix + ../../modules/networkd-base.nix ../../modules/smartd.nix ]; - # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.zfsSupport = true; - boot.loader.grub.extraEntries = '' - menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-/dev/sda4_/dev/sdb4_/dev/sdc4_/dev/sdd4' { - load_video - insmod gzio - if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi - insmod part_gpt - insmod part_gpt - insmod part_gpt - insmod part_gpt - insmod zfs - set root='hd3,gpt3' - if [ x$feature_platform_search_hint = xy ]; then - search --no-floppy --fs-uuid --set=root --hint-bios=hd3,gpt3 --hint-efi=hd3,gpt3 --hint-baremetal=ahci3,gpt3 --hint-bios=hd1,gpt3 --hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3 --hint-bios=hd2,gpt3 --hint-efi=hd2,gpt3 --hint-baremetal=ahci2,gpt3 --hint-bios=hd0,gpt3 --hint-efi=hd0,gpt3 --hint-baremetal=ahci0,gpt3 f8ecb74936118c7a - else - search --no-floppy --fs-uuid --set=root f8ecb74936118c7a - fi - echo 'Loading Linux 6.1.0-20-amd64 ...' - linux /BOOT/debian@/vmlinuz-6.1.0-20-amd64 root=ZFS=/ROOT/debian ro root=ZFS=rpool/ROOT/debian quiet splash - echo 'Loading initial ramdisk ...' - initrd /BOOT/debian@/initrd.img-6.1.0-20-amd64 - } - ''; boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" "/dev/sdf" ]; networking.hostName = "zeus"; # Define your hostname. networking.hostId = "9e95b576"; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - networking.useNetworkd = true; - systemd.network.enable = true; - services.resolved.enable = true; - services.resolved.fallbackDns = [ "8.8.8.8" ]; systemd.network.netdevs = { bond0 = { netdevConfig = { @@ -117,50 +79,7 @@ }; }; - # Set your time zone. - time.timeZone = "America/New_York"; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - - - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # sound.enable = true; - # hardware.pulseaudio.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.alice = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # packages = with pkgs; [ - # firefox - # tree - # ]; - # }; virtualisation = { containers.enable = true; podman = { @@ -227,17 +146,6 @@ volumes = [ "postgres-15:/var/lib/postgresql/data" ]; extraOptions = [ "--pull=newer" "--network=www" ]; }; -# gogs = { -# image = "docker.io/gogs/gogs:latest"; -# volumes = [ "gogs-data:/data" ]; -# labels = { -# swag = "enable"; -# swag_url = "git.icanttype.org"; -# swag_port = "3000"; -# }; -# ports = [ "10022:22" ]; -# extraOptions = [ "--pull=newer" "--network=www" ]; -# }; calibre = { image = "lscr.io/linuxserver/calibre:latest"; volumes = [ "calibre-config:/config" "/video-data:/data" ]; @@ -332,56 +240,29 @@ }; }; }; - networking.firewall.interfaces."podman+" = { - allowedUDPPorts = [ 53 ]; - allowedTCPPorts = [ 53 ]; + networking.firewall = { + interfaces."podman+" = { + allowedUDPPorts = [ 53 ]; + allowedTCPPorts = [ 53 ]; + }; + allowedUDPPorts = [ 137 138 ]; + allowedTCPPorts = [ 139 445 ]; }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc=" - ]; - users.users.nixremote = { description = "User for remote builds"; isNormalUser = true; uid = 1100; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole" ]; }; - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. dive podman-tui docker-compose wireguard-tools - nix-output-monitor - git ]; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; -# programs.msmtp.enable = true; - programs.vim.defaultEditor = true; - nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; - settings.trusted-users = [ "nixremote" ]; - gc = { - automatic = true; - options = "--delete-older-than 30d"; - dates = "weekly"; - }; - optimise.automatic = true; - }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; services.samba.enable = true; services.samba.shares = { media = { @@ -403,39 +284,7 @@ }; services.zfs.zed.enableMail = false; - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - networking.firewall.allowPing = true; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? - system.autoUpgrade = { - enable = true; - flake = "git+https://git.icanttype.org/cdombroski/nix-configs.git"; - }; zramSwap.enable = true; }