mirror of
https://github.com/thegeneralist01/config.git
synced 2026-03-07 10:59:55 +01:00
TheGeneralist
572647d7c4
- `internal.thegeneralist01.com` and `archive.thegeneralist01.com` are not public. I have Split DNS enabled on them (in Tailscale), with the IP of the DNS server set to a private Tailscale IP of my home server; - CoreDNS (also on my home server) is used to resolve the two private domains' IPs to the home server itself; - nginx only listens to its machine's (home server's) Tailscale IP; - Therefore, all of it is hermetic!
70 lines
1.9 KiB
Nix
70 lines
1.9 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
{ config, pkgs, inputs, ... }:
|
|
|
|
{
|
|
imports = [ ./hardware-configuration.nix ./site.nix ./cache ./garage.nix ./archive ];
|
|
|
|
age.secrets.password.file = ./password.age;
|
|
users.users = {
|
|
thegeneralist = {
|
|
isNormalUser = true;
|
|
description = "thegeneralist";
|
|
extraGroups = [ "wheel" "audio" "video" "input" "scanner" "docker" ];
|
|
shell = pkgs.zsh;
|
|
home = "/home/thegeneralist";
|
|
hashedPasswordFile = config.age.secrets.password.path;
|
|
openssh.authorizedKeys.keys = let
|
|
inherit (import ../../keys.nix) thegeneralist;
|
|
in [ thegeneralist ];
|
|
};
|
|
|
|
build = {
|
|
isNormalUser = true;
|
|
description = "for distributed builds";
|
|
extraGroups = [ "build" ];
|
|
shell = pkgs.zsh;
|
|
hashedPasswordFile = config.age.secrets.password.path;
|
|
openssh.authorizedKeys.keys = let
|
|
inherit (import ../../keys.nix) thegeneralist;
|
|
in [ thegeneralist ];
|
|
};
|
|
};
|
|
|
|
home-manager = {
|
|
backupFileExtension = "home.bak";
|
|
extraSpecialArgs = { inherit inputs; };
|
|
users.thegeneralist.home = {
|
|
username = "thegeneralist";
|
|
homeDirectory = "/home/thegeneralist";
|
|
stateVersion = "25.11";
|
|
};
|
|
};
|
|
|
|
age.secrets.hostkey.file = ./hostkey.age;
|
|
services.openssh.hostKeys = [{
|
|
type = "ed25519";
|
|
path = config.age.secrets.hostkey.path;
|
|
}];
|
|
|
|
# Some programs
|
|
services.libinput.enable = true;
|
|
programs.firefox.enable = true;
|
|
programs.zsh.enable = true;
|
|
|
|
# Set your time zone.
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
# Select internationalisation properties.
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
# console = {
|
|
# font = "Lat2-Terminus16";
|
|
# keyMap = "us";
|
|
# useXkbConfig = true; # use xkb.options in tty.
|
|
# };
|
|
|
|
system.stateVersion = "24.11";
|
|
}
|
|
|