prep main darwin config

flake.lock

@@ -43,6 +43,43 @@
         "type": "github"
       }
     },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1747046372,
+        "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "inputs": {
         "systems": "systems_2"
@@ -84,6 +121,37 @@
         "type": "github"
       }
     },
+    "git-hooks-nix": {
+      "inputs": {
+        "flake-compat": [
+          "nix"
+        ],
+        "gitignore": [
+          "nix"
+        ],
+        "nixpkgs": [
+          "nix",
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": [
+          "nix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1734279981,
+        "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "git-hooks.nix",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -91,11 +159,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747875884,
+        "lastModified": 1748227609,
-        "narHash": "sha256-tdVx4kghhdy62LKuTnwE2RytOe8o88tah/yhpyuL0D4=",
+        "narHash": "sha256-SaSdslyo6UGDpPUlmrPA4dWOEuxCy2ihRN9K6BnqYsA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "f9186c64fcc6ee5f0114547acf9e814c806a640b",
+        "rev": "d23d20f55d49d8818ac1f1b2783671e8a6725022",
         "type": "github"
       },
       "original": {
@@ -104,6 +172,28 @@
         "type": "github"
       }
     },
+    "nix": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "flake-parts": "flake-parts",
+        "git-hooks-nix": "git-hooks-nix",
+        "nixpkgs": "nixpkgs",
+        "nixpkgs-23-11": "nixpkgs-23-11",
+        "nixpkgs-regression": "nixpkgs-regression"
+      },
+      "locked": {
+        "lastModified": 1748188105,
+        "narHash": "sha256-skPu7lTZrTr6gShsN47IGPUX4+Y0CbI2gl8tG3Dh7hM=",
+        "owner": "NixOS",
+        "repo": "nix",
+        "rev": "543cee1c9272238f9402e5643402b99f952415c3",
+        "type": "github"
+      },
+      "original": {
+        "id": "nix",
+        "type": "indirect"
+      }
+    },
     "nix-darwin": {
       "inputs": {
         "nixpkgs": [
@@ -111,11 +201,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747820204,
+        "lastModified": 1748149228,
-        "narHash": "sha256-oY/mH8K1LOd+YbO58sw9ORtOdTxy3rR9lvTzOJKVUtA=",
+        "narHash": "sha256-mmonYFesFo42UUS49Hd0bcbVJRWX/aHBCDYUkkvylf4=",
         "owner": "nix-darwin",
         "repo": "nix-darwin",
-        "rev": "e2676937faf868111dcea6a4a9cf4b6549907c9d",
+        "rev": "a9939228f661df370c4094fe85f683e45d761dbe",
         "type": "github"
       },
       "original": {
@@ -127,11 +217,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1747744144,
+        "lastModified": 1747179050,
-        "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
+        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
+        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
         "type": "github"
       },
       "original": {
@@ -141,6 +231,38 @@
         "type": "github"
       }
     },
+    "nixpkgs-23-11": {
+      "locked": {
+        "lastModified": 1717159533,
+        "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
+        "type": "github"
+      }
+    },
+    "nixpkgs-regression": {
+      "locked": {
+        "lastModified": 1643052045,
+        "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+        "type": "github"
+      }
+    },
     "nixpkgs-stable": {
       "locked": {
         "lastModified": 1741992157,
@@ -173,13 +295,30 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1747744144,
+        "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
         "ghostty": "ghostty",
         "home-manager": "home-manager",
+        "nix": "nix",
         "nix-darwin": "nix-darwin",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
       }
     },
     "systems": {

flake.nix

@@ -1,4 +1,4 @@
-{
+  {
   description = "thegeneralist's config flake";
 
   inputs = {
@@ -20,14 +20,22 @@
     ghostty = {
       url = "github:ghostty-org/ghostty";
     };
+    # wrapper-manager = {
+    #   url = "github:viperML/wrapper-manager";
+    #   inputs.nixpkgs.follows = "nixpkgs";
+    # };
+    #nix.url = "github:DeterminateSystems/nix-src";
   };
 
-  outputs = inputs@{ self, nixpkgs, ... }: let
+  outputs = inputs@{ self, nixpkgs, nix-darwin, nix, ... }: let
     inherit (builtins) readDir;
-    inherit (nixpkgs.lib) attrsToList const groupBy listToAttrs mapAttrs;
+    inherit (nixpkgs.lib) attrsToList const groupBy listToAttrs mapAttrs last mkOption splitString;
+    #nix.enable = false;
+
+    lib = nixpkgs.lib // nix-darwin.lib;
 
     targetHost = readDir ./hosts
-      |> mapAttrs (name: const <| import ./hosts/${name} nixpkgs.lib inputs self)
+      |> mapAttrs (name: const <| import ./hosts/${name} lib inputs self)
       |> attrsToList
       |> groupBy (host:
         if host.name == "thegeneralist" then

hosts/thegeneralist-mbp/configuration.nix

@@ -5,28 +5,24 @@
 { self, config, pkgs, lib, inputs, ... }:
 
 {
-  imports =
+  imports = [ ./hardware-configuration.nix ];
-    [
-      ./hardware-configuration.nix
-      inputs.agenix.darwinModules.default
-      # inputs.home-manager.darwinModules.default
-    ];
-
-  # age.secrets.hostkey.file = ./hostkey.age;
-  # services.openssh.hostKeys = [{
-  #   type = "ed25519";
-  #   path = config.age.secrets.hostkey.path;
-  # }];
 
   users.users.thegeneralist = {
     name = "thegeneralist";
     home = "/Users/thegeneralist";
-    shell = pkgs.nushell;
+    shell = pkgs.zsh;
     # openssh.authorizedKeys.keys = let
     #   inherit (import ../../keys.nix) thegeneralist;
     # in [ thegeneralist ];
   };
 
+  # home-manager = {
+  #   extraSpecialArgs = { inherit inputs; };
+  #   users = {
+  #     thegeneralist = import (self + /modules/home);
+  #   };
+  # };
+
   # home-manager.users.thegeneralist.home = {
   #   stateVersion = "24.11";
   #   homeDirectory = "/Users/thegeneralist";

hosts/thegeneralist-mbp/default.nix

@@ -1,6 +1,22 @@
-lib: inputs: self: lib.nixosSystem {
+lib: inputs: self: lib.darwinSystem {
   specialArgs = inputs // { inherit inputs; inherit self; };
   modules = [
+    # Extensions: nixosModules, darwinModules, overlays
+    ({ pkgs, lib, inputs, ... }: let
+      inherit (lib) attrValues hasAttrByPath getAttrFromPath filter;
+
+      collect = packagePath: (attrValues inputs)
+        |> filter (hasAttrByPath packagePath)
+        |> map (getAttrFromPath packagePath);
+
+      modules = collect [ "darwinModules" "default" ];
+      # todo
+      extensions = {
+        nixpkgs.overlays = collect [ "overlays" "default" ];
+        imports = modules;
+      };
+    in extensions)
+
     ./configuration.nix
 
     # Modules
@@ -11,16 +27,5 @@ lib: inputs: self: lib.nixosSystem {
     in {
       imports = commonModules ++ darwinModules;
     })
-
-    # Overlays
-    ({ pkgs, lib, ... }: let
-      inherit (lib) attrValues hasAttrByPath getAttrFromPath filter;
-      packagePath = [ "overlays" "default" ];
-      overlays = (attrValues inputs)
-        |> filter (hasAttrByPath packagePath)
-        |> map (getAttrFromPath packagePath);
-    in {
-      nixpkgs.overlays = overlays;
-    })
   ];
 }

hosts/thegeneralist/configuration.nix

@@ -5,18 +5,7 @@
 { self, config, pkgs, lib, inputs, ... }:
 
 {
-  imports =
+  imports = [ ./hardware-configuration.nix ];
-    [
-      ./hardware-configuration.nix
-      inputs.agenix.nixosModules.default
-      inputs.home-manager.nixosModules.default
-    ];
-
-  age.secrets.hostkey.file = ./hostkey.age;
-  services.openssh.hostKeys = [{
-    type = "ed25519";
-    path = config.age.secrets.hostkey.path;
-  }];
 
   users.users.thegeneralist = {
     isNormalUser = true;
@@ -36,6 +25,12 @@
     };
   };
 
+  age.secrets.hostkey.file = ./hostkey.age;
+  services.openssh.hostKeys = [{
+    type = "ed25519";
+    path = config.age.secrets.hostkey.path;
+  }];
+
   # Some programs
   services.libinput.enable = true;
   programs.firefox.enable = true;

hosts/thegeneralist/default.nix

@@ -1,21 +1,30 @@
 lib: inputs: self: lib.nixosSystem {
   specialArgs = inputs // { inherit inputs; inherit self; };
   modules = [
-    ./configuration.nix
+    # Extensions: nixosModules, darwinModules, overlays
-    ({ pkgs, ... }: let
-      inherit (lib) filter hasSuffix;
-      modules = lib.filesystem.listFilesRecursive ../../modules/linux |> filter (hasSuffix ".nix");
-    in {
-      imports = modules;
-    })
     ({ pkgs, lib, ... }: let
       inherit (lib) attrValues hasAttrByPath getAttrFromPath filter;
-      packagePath = [ "overlays" "default" ];
+
-      overlays = (attrValues inputs)
+      collect = packagePath: (attrValues inputs)
         |> filter (hasAttrByPath packagePath)
         |> map (getAttrFromPath packagePath);
+
+      modules = collect [ "nixosModules" "default" ];
+      extensions = modules // {
+        nixpkgs.overlays = collect [ "overlays" "default" ];
+        imports = modules;
+      };
+    in extensions)
+
+    ./configuration.nix
+
+    # Modules
+    ({ pkgs, ... }: let
+      inherit (lib) filter hasSuffix;
+      commonModules = lib.filesystem.listFilesRecursive ../../modules/common |> filter (hasSuffix ".nix");
+      linuxModules = lib.filesystem.listFilesRecursive ../../modules/linux |> filter (hasSuffix ".nix");
     in {
-      nixpkgs.overlays = overlays;
+      imports = commonModules ++ linuxModules;
     })
   ];
 }

modules/common/agenix.nix

@@ -4,6 +4,6 @@
   ];
 
   age.identityPaths = [
-    "/home/thegeneralist/.ssh/id_ed25519"
+    "~/.ssh/id_ed25519"
   ];
 }

modules/common/custom-options.nix

@@ -0,0 +1,11 @@
+{ lib, pkgs, ... }:
+
+{
+  options = {
+    onLinux = lib.mkOption {
+      type = lib.types.bool;
+      default = pkgs.stdenv.isLinux;
+      description = "Whether the system is running on Linux";
+    };
+  };
+}

modules/common/default.nix

@@ -1 +0,0 @@
-{}

modules/common/dns-options.nix

@@ -0,0 +1,13 @@
+{ lib, options, ... }: let
+  inherit (lib) mkOption;
+in {
+  options.dnsServers = mkOption {
+    default = [
+      "45.90.28.0#365fed.dns.nextdns.io"
+      "2a07:a8c0::#365fed.dns.nextdns.io"
+      "45.90.30.0#365fed.dns.nextdns.io"
+      "2a07:a8c1::#365fed.dns.nextdns.io"
+      "100.100.100.100#shorthair-wall.ts.net"
+    ];
+  };
+}

modules/common/ghostty.nix

@@ -0,0 +1,29 @@
+{ pkgs, ... }: {
+  # environment.variables = {
+  #   TERMINAL = "ghostty";
+  # };
+  #
+  # home-manager.sharedModules = [{
+  #   programs.ghostty = {
+  #     enable = true;
+  #     package = pkgs.ghostty;
+  #
+  #     clearDefaultKeybinds = false;
+  #     settings = {
+  #       theme = "tokyonight";
+  #       font-family = "JetBrainsMono NL NFM Medium";
+  #       font-size = 16;
+  #
+  #       shell-integration-features = "no-cursor";
+  #
+  #       cursor-style = "block";
+  #       background-opacity = 1;
+  #
+  #       background-blur-radius = 0;
+  #
+  #       gtk-titlebar = false;
+  #       mouse-hide-while-typing = true;
+  #     };
+  #   };
+  # }];
+}

modules/common/home-manager.nix

@@ -0,0 +1,6 @@
+{
+  home-manager = {
+    useGlobalPkgs   = true;
+    useUserPackages = true;
+  };
+}

modules/common/neovim.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }: {
+{ pkgs, options, lib, ... }: {
   environment.variables.EDITOR = "nvim";
 
   home-manager.sharedModules = [{
@@ -27,15 +27,18 @@
       #llvmPackages_20.clangWithLibcAndBasicRtAndLibcxx
     ];
 
-    home.file.".config/i3status" = {
+    home.file = lib.mkIf options.onLinux {
-      source = ../home/dotfiles/i3status;
+      ".config/i3status" = {
-      force = true;
+        source = ../home/dotfiles/i3status;
-      recursive = true;
+        force = true;
+        recursive = true;
+      };
     };
-  }];
 
-  programs.npm.npmrc = ''
+    # TODO: this
-    prefix=~/.npm-packages
+    # programs.npm.npmrc = ''
-    color=true
+    #   prefix=~/.npm-packages
-  '';
+    #   color=true
+    # '';
+  }];
 }

modules/common/nix.nix

@@ -0,0 +1,24 @@
+{ pkgs, lib, ...}: {
+  # todo: gc
+  # todo: cache
+  environment.systemPackages = with pkgs; [
+    nh
+  ];
+
+  lib.debug.traceVal = pkgs.nh;
+
+  nix.settings.experimental-features = [
+    "flakes"
+    "nix-command"
+    "pipe-operators"
+  ];
+
+  home-manager.sharedModules  = [{
+    programs.nh = {
+      enable = true;
+      clean.enable = true;
+      clean.extraArgs = "--keep-since 4d --keep 3";
+      flake = "~/config";
+    };
+  }];
+}

modules/common/nushell/config.nu

@@ -1,6 +1,18 @@
 $env.config.buffer_editor = "/home/thegeneralist/.nix-profile/bin/nvim"
 $env.config.show_banner = false
 
+$env.config = {
+  shell_integration: {
+    osc2:                   false
+    osc7:                   true
+    osc8:                   true
+    osc9_9:                 false
+    osc133:                 true
+    osc633:                 true
+    reset_application_mode: true
+  }
+}
+
 # Basic Aliases
 alias v = nvim .
 alias ff = fastfetch --load-config examples/10.jsonc

modules/common/nushell/default.nix

@@ -1,11 +1,32 @@
-{ config, pkgs, lib, ... }: let
+{ config, pkgs, lib, wrapper-manager, ... }: let
-  inherit (lib) readFile;
+  inherit (lib) readFile getExe mkIf optionalAttrs;
 in {
   # TODO: starship + change the zoxide src
   # TODO: Rust tooling
-  environment = {
+  home-manager.sharedModules = [
+    (homeArgs: {
+      xdg = {
+        enable = true;
+        configHome = "~/.config";
+      };
+      programs.nushell = {
+        enable = true;
+        package = pkgs.nushell;
+        configFile.text = readFile ./config.nu;
+        envFile.text = readFile ./env.nu;
+        environmentVariables = config.environment.variables // homeArgs.config.home.sessionVariables;
+      };
+    })
+  ];
+
+  environment =  optionalAttrs config.onLinux {
+    sessionVariables.SHELLS = getExe pkgs.nushell;
+  } // {
+    shells = mkIf (!config.onLinux) [ pkgs.nushell pkgs.zsh ];
+
     systemPackages = with pkgs; [
       nushell
+      fish
       zoxide
       ripgrep
       jq
@@ -37,13 +58,4 @@ in {
       rb = "nh os switch . -v -- --show-trace --verbose";
     };
   };
-
-  home-manager.sharedModules = [{
-    programs.nushell = {
-      enable = true;
-      configFile.text = readFile ./config.nu;
-      envFile.text = readFile ./env.nu;
-      environmentVariables = config.environment.variables;
-    };
-  }];
 }

modules/common/nushell/env.nu

@@ -1,6 +1,12 @@
-
+$env.ENV_CONVERSIONS.PATH = {
+  from_string: {|string|
+    $string | split row (char esep) | path expand --no-symlink
+  }
+  to_string: {|value|
+    $value | path expand --no-symlink | str join (char esep)
+  }
+}
 # NVM
-# TODO: this
 # source ("/Users/thegeneralist/.nvm/" | path join "nvm.sh")
 
 # GPG TTY

modules/common/packages.nix

@@ -0,0 +1,13 @@
+{ pkgs, lib, ...}: let
+  inherit (lib) attrValues;
+in {
+  environment.systemPackages = attrValues {
+    inherit (pkgs)
+      wget
+      zsh
+      neovim
+      vim
+      home-manager
+    ;
+  };
+}

modules/common/tailscale.nix

@@ -0,0 +1,7 @@
+{ config, ... }: {
+  services.tailscale = {
+    enable = true;
+  };
+
+  networking.search = [ "shorthair-wall.ts.net" ];
+}

modules/darwin/default.nix

@@ -1 +0,0 @@
-

modules/darwin/dns.nix

@@ -0,0 +1,11 @@
+{ config, lib, ... }: {
+  networking.knownNetworkServices = [
+    "Wi-Fi"
+    "Firewall"
+    "Thunderbolt Bridge"
+  ];
+
+  networking.dns = config.dnsServers
+    |> map (lib.splitString "#")
+    |> map lib.head;
+}

modules/darwin/ssh.nix

@@ -0,0 +1,14 @@
+# { lib, ... }: let
+#   sshOptions = {
+#     PermitRootLogin = "no";
+#     PasswordAuthentication = "no";
+#   };
+# in {
+#   services.openssh = {
+#     enable = true;
+#     extraConfig = sshOptions
+#       |> lib.mapAttrsToList (name: value: "${name} ${value}")
+#       |> lib.concatStringsSep "\n";
+#   };
+# }
+{}

modules/home/default.nix

@@ -1,10 +1,8 @@
-{ config, pkgs, inputs, lib, ... }: {
+{ config, options, pkgs, inputs, lib, ... }: {
   home.username = "thegeneralist";
-  home.homeDirectory = "/home/thegeneralist";
+  home.homeDirectory = if options.onLinux then "/home/thegeneralist" else "/Users/thegeneralist";
 
   home.packages = with pkgs; [
-    android-tools
-
     zip
     xz
     unzip

modules/linux/dns.nix

@@ -0,0 +1,15 @@
+{ config, lib, ... }: let
+  inherit (lib) concatStringsSep;
+in {
+  # TODO: add fallback & check other options
+  services.resolved = {
+    enable = true;
+
+    extraConfig = config.dnsServers
+      |> map (server: "DNS=${server}")
+      |> concatStringsSep "\n";
+
+    dnssec     = "true";
+    dnsovertls = "true";
+  };
+}

modules/linux/ghostty.nix

@@ -1,29 +0,0 @@
-{ pkgs, ... }: {
-  environment.variables = {
-    TERMINAL = "ghostty";
-  };
-
-  home-manager.sharedModules = [{
-    programs.ghostty = {
-      enable = true;
-      package = pkgs.ghostty;
-
-      clearDefaultKeybinds = false;
-      settings = {
-        theme = "tokyonight";
-        font-family = "JetBrainsMono NL NFM Medium";
-        font-size = 16;
-
-        shell-integration-features = "no-cursor";
-
-        cursor-style = "block";
-        background-opacity = 1;
-
-        background-blur-radius = 0;
-
-        gtk-titlebar = false;
-        mouse-hide-while-typing = true;
-      };
-    };
-  }];
-}

modules/linux/nix.nix

@@ -1,8 +0,0 @@
-{
-  # todo: gc
-  nix.settings.experimental-features = [
-    "flakes"
-    "nix-command"
-    "pipe-operators"
-  ];
-}

modules/linux/packages.nix

@@ -1,13 +1,8 @@
-{ pkgs, lib, agenix, ...}: let
+{ pkgs, lib, ...}: let
   inherit (lib) attrValues;
 in {
   environment.systemPackages = attrValues {
     inherit (pkgs)
-      wget
-      zsh
-      neovim
-      vim
-      home-manager
       protonup-qt
       pipewire
       pwvucontrol

modules/linux/ssh.nix

@@ -6,8 +6,4 @@
       PasswordAuthentication = false;
     };
   };
-
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 22 ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
 }

modules/linux/tailscale.nix

@@ -1,4 +1,4 @@
-{ config, ... }: {
+{ config, ...}: {
   age.secrets.tailscaleMarshall.file = ./tailscale-marshall.age;
   services.tailscale = {
     enable = true;
@@ -11,7 +11,10 @@
     authKeyFile = config.age.secrets.tailscaleMarshall.path;
   };
 
-  networking.nameservers = [ "100.100.100.100" "8.8.8.8" "1.1.1.1" ];
+  networking.firewall.enable = true;
-  networking.search = [ "shorthair-wall.ts.net" ];
   networking.firewall.trustedInterfaces = [ "tailscale0" ];
+
+  # for SSH
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  networking.nameservers = [ "100.100.100.100" "8.8.8.8" "1.1.1.1" ];
 }