nix-dotfiles/systems/configuration.nix

{
  lib,
  pkgs,
  config,
  ...
}:
{
  security.auditd.enable = true;

  boot = {
    default = true;
    kernel.sysctl = {
      "net.ipv6.conf.ens3.accept_ra" = 1;
    };
  };

  networking = {
    firewall = {
      enable = lib.mkDefault true;
      allowedTCPPorts = [ ];
    };
  };

  services = {

    autopull = {
      enable = true;
      ssh-key = "/root/.ssh/id_ed25519_ghdeploy";
      path = /root/dotfiles;
    };
  };

  programs = {
    git = {
      enable = true;
      lfs.enable = lib.mkDefault true;
      config = {
        interactive.singlekey = true;
        pull.rebase = true;
        rebase.autoStash = true;
        safe.directory = "/etc/nixos";
      };
    };

    zsh = {
      enable = true;
      syntaxHighlighting.enable = true;
      zsh-autoenv.enable = true;
      enableCompletion = true;
      enableBashCompletion = true;
      ohMyZsh.enable = true;
      autosuggestions = {
        enable = true;
        strategy = [ "completion" ];
        async = true;
      };
    };

    nix-ld = {
      enable = true;
      libraries = with pkgs; [
        acl
        attr
        bzip2
        curl
        glib
        libglvnd
        libmysqlclient
        libsodium
        libssh
        libxml2
        openssl
        stdenv.cc.cc
        systemd
        util-linux
        xz
        zlib
        zstd
      ];
    };
  };

  system = {
    autoUpgrade = {
      enable = true;
      flags = [ "--accept-flake-config" ];
      randomizedDelaySec = "1h";
      persistent = true;
      flake = "github:RAD-Development/nix-dotfiles";
    };
  };
}
Feature/rfc 0166 fmt (#113) * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add rfc-style fmt'ing Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-03-03 18:06:28 -05:00			`{`
			`lib,`
			`pkgs,`
			`config,`
			`...`
			`}:`
ran nix fmt 2024-04-10 18:23:40 -04:00			`{`
dennis the formatter (#75) * dennis the formatter * changed comment * fixup 2024-02-05 22:45:43 +01:00			`security.auditd.enable = true;`
base configuration 2023-12-23 06:49:01 +01:00
first usable configuration 2023-12-24 20:09:35 +01:00			`boot = {`
			`default = true;`
Feature/rfc 0166 fmt (#113) * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add rfc-style fmt'ing Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-03-03 18:06:28 -05:00			`kernel.sysctl = {`
			`"net.ipv6.conf.ens3.accept_ra" = 1;`
			`};`
first usable configuration 2023-12-24 20:09:35 +01:00			`};`

reconfigure photon 2023-12-27 10:03:13 +01:00			`networking = {`
			`firewall = {`
			`enable = lib.mkDefault true;`
Feature email server (#14) * formatting * update * add mailserver * flake update 2024-01-02 16:30:08 +01:00			`allowedTCPPorts = [ ];`
reconfigure photon 2023-12-27 10:03:13 +01:00			`};`
			`};`
base configuration 2023-12-23 06:49:01 +01:00
			`services = {`
add fail2ban 2023-12-29 20:54:12 +01:00
Add autopull service for testing & pre-commit-hooks (#4) * configure programs for photon * sops fix * Add flake-update-service for testing Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add sops config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add photon password * Fix user password Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * actually fix user config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * change password for user dennis * removed user password * fixed yaml secrets * yaml is silly, fix my yamls pls Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * quickfix * Enforce systemdboot on palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * reconfigure photon * Fix ZFS config on palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix systemd-boot on palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * sops update-keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix botched merge Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add custom ssh command Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix option name, add package dependency Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix option name, add dependency Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * ssh-key path to str Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix git command Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Set up nixpkgs.fmt Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Allow autopull to trigger a rebuild Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Revert triggerRebuild on palatine-hill, add clarifying comment Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Attempt pre-commit hooks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Increase pull frequency Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix duplicate flake-utils url Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add fmt hook Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add nix-flake-check hook Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Remove unnecessary flake-utils import by name Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Trying to setup inputs for nix-pre-commit Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> * Fixing input with flake inputs Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * make autopull service default and fix flake check hook Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Remove pre-commit-config.yml from gitignore that decision seems to be something from one of my previous attempts at this. Given that the config is needed for this to work it only makes sense to have it. /.pre-commit-config.yaml /.pre-commit-config.yaml Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Rollback previous commit. yml file is a softlink Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-01-01 12:41:32 -05:00			`autopull = {`
			`enable = true;`
			`ssh-key = "/root/.ssh/id_ed25519_ghdeploy";`
fix autopull (#79) * fix autopull * add deadnix * fix git 2024-02-06 23:58:33 +01:00			`path = /root/dotfiles;`
Add autopull service for testing & pre-commit-hooks (#4) * configure programs for photon * sops fix * Add flake-update-service for testing Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add sops config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add photon password * Fix user password Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * actually fix user config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * change password for user dennis * removed user password * fixed yaml secrets * yaml is silly, fix my yamls pls Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * quickfix * Enforce systemdboot on palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * reconfigure photon * Fix ZFS config on palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix systemd-boot on palatine-hill Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * sops update-keys Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix botched merge Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add custom ssh command Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix option name, add package dependency Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix option name, add dependency Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * ssh-key path to str Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix git command Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Set up nixpkgs.fmt Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Allow autopull to trigger a rebuild Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Revert triggerRebuild on palatine-hill, add clarifying comment Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Attempt pre-commit hooks Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Increase pull frequency Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Fix duplicate flake-utils url Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add fmt hook Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add nix-flake-check hook Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Remove unnecessary flake-utils import by name Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Trying to setup inputs for nix-pre-commit Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> * Fixing input with flake inputs Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * make autopull service default and fix flake check hook Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Remove pre-commit-config.yml from gitignore that decision seems to be something from one of my previous attempts at this. Given that the config is needed for this to work it only makes sense to have it. /.pre-commit-config.yaml /.pre-commit-config.yaml Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Rollback previous commit. yml file is a softlink Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis Wuitz <dennish@wuitz.de> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> 2024-01-01 12:41:32 -05:00			`};`
base configuration 2023-12-23 06:49:01 +01:00			`};`

			`programs = {`
			`git = {`
			`enable = true;`
dennis the formatter (#75) * dennis the formatter * changed comment * fixup 2024-02-05 22:45:43 +01:00			`lfs.enable = lib.mkDefault true;`
base configuration 2023-12-23 06:49:01 +01:00			`config = {`
			`interactive.singlekey = true;`
			`pull.rebase = true;`
			`rebase.autoStash = true;`
			`safe.directory = "/etc/nixos";`
			`};`
			`};`

			`zsh = {`
			`enable = true;`
dennis the formatter (#75) * dennis the formatter * changed comment * fixup 2024-02-05 22:45:43 +01:00			`syntaxHighlighting.enable = true;`
			`zsh-autoenv.enable = true;`
			`enableCompletion = true;`
			`enableBashCompletion = true;`
			`ohMyZsh.enable = true;`
base configuration 2023-12-23 06:49:01 +01:00			`autosuggestions = {`
			`enable = true;`
			`strategy = [ "completion" ];`
			`async = true;`
			`};`
			`};`

			`nix-ld = {`
			`enable = true;`
Feature/rfc 0166 fmt (#113) * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * Add rfc-style fmt'ing Signed-off-by: ahuston-0 <aliceghuston@gmail.com> --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-03-03 18:06:28 -05:00			`libraries = with pkgs; [`
			`acl`
			`attr`
			`bzip2`
			`curl`
			`glib`
			`libglvnd`
			`libmysqlclient`
			`libsodium`
			`libssh`
			`libxml2`
			`openssl`
			`stdenv.cc.cc`
			`systemd`
			`util-linux`
			`xz`
			`zlib`
			`zstd`
			`];`
base configuration 2023-12-23 06:49:01 +01:00			`};`
			`};`

			`system = {`
			`autoUpgrade = {`
			`enable = true;`
add accept-flake-config for all servers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2024-04-13 13:11:23 -04:00			`flags = [ "--accept-flake-config" ];`
base configuration 2023-12-23 06:49:01 +01:00			`randomizedDelaySec = "1h";`
			`persistent = true;`
fix autopull (#79) * fix autopull * add deadnix * fix git 2024-02-06 23:58:33 +01:00			`flake = "github:RAD-Development/nix-dotfiles";`
base configuration 2023-12-23 06:49:01 +01:00			`};`
			`};`
Fix gc options Signed-off-by: ahuston-0 <aliceghuston@gmail.com> 2023-12-25 13:29:02 -05:00			`}`