diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index 0517cbf..826ed59 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -1,6 +1,7 @@ { inputs, pkgs, + config, ... }: @@ -9,6 +10,7 @@ inputs.disko.nixosModules.disko ./hardware-configuration.nix ./disko-config.nix + ./syncthing.nix ../../modules/security.nix ../../modules/nix-config.nix ../../modules/timezone.nix @@ -24,33 +26,32 @@ config.boot.loader.grub.efiInstallAsRemovable = true; #config.boot.loader.efi.efiSysMountPoint = "/boot/efi"; # Define on which hard drive you want to install Grub. - config.boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only + config.boot.loader.grub.device = "/dev/disk/by-id/ata-HGST_HTS725050A7E630_TF655AY92SM3XL"; # or "nodev" for efi only config.security.sudo.wheelNeedsPassword = false; config.networking = { hostName = "igor"; domain = "failco.de"; - wireless.enable = false; - useDHCP = false; - enableIPv6 = false; - networkmanager.enable = true; - interfaces.enp0s25 = { - ipv4.addresses = [ - { - address = "192.168.178.2"; - prefixLength = 24; - } - ]; + + wireless = { + enable = true; + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; + secretsFile = "/etc/wireless.conf"; + networks = { + Prapsschnalinen.pskRaw = "ext:home"; + }; }; - defaultGateway = "192.168.178.1"; - nameservers = [ - "192.168.178.1" - "1.1.1.1" - "8.8.8.8" - ]; + + useDHCP = true; + enableIPv6 = true; + networkmanager.enable = false; firewall.enable = true; + firewall.allowedTCPPorts = [ + config.services.mysql.settings.mysqld.port + ]; }; config.security.sudo = { @@ -99,14 +100,6 @@ config.services.mysql = { enable = true; package = pkgs.mariadb; - ensureUsers = [ - { - name = "mediathekview"; - ensurePermissions = { - "mediathekview.*" = "ALL PERMISSIONS"; - }; - } - ]; }; config.programs.firefox.enable = true; @@ -118,6 +111,7 @@ isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. shell = pkgs.zsh; + packages = [ pkgs.devenv ]; }; config.environment.systemPackages = with pkgs; [ @@ -126,8 +120,15 @@ waybar hyprpaper wofi + tmux + lftp ]; + config.programs.direnv = { + enable = true; + silent = true; + }; + config.programs.hyprland = { enable = true; withUWSM = true; diff --git a/hosts/igor/hardware-configuration.nix b/hosts/igor/hardware-configuration.nix index 57ea11e..9e0001b 100644 --- a/hosts/igor/hardware-configuration.nix +++ b/hosts/igor/hardware-configuration.nix @@ -26,35 +26,35 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - # fileSystems."/" = - # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; - # fsType = "btrfs"; - # options = [ "subvol=rootfs" ]; - # }; - - # fileSystems."/.swapvol" = - # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; - # fsType = "btrfs"; - # options = [ "subvol=swap" ]; - # }; - - # fileSystems."/boot" = - # { device = "/dev/disk/by-uuid/2EDA-47FD"; - # fsType = "vfat"; - # options = [ "fmask=0022" "dmask=0022" ]; - # }; - - # fileSystems."/home" = - # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; - # fsType = "btrfs"; - # options = [ "subvol=home" ]; - # }; - - # fileSystems."/nix" = - # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; - # fsType = "btrfs"; - # options = [ "subvol=nix" ]; - # }; +# fileSystems."/" = +# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; +# fsType = "btrfs"; +# options = [ "subvol=rootfs" ]; +# }; +# +# fileSystems."/.swapvol" = +# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; +# fsType = "btrfs"; +# options = [ "subvol=swap" ]; +# }; +# +# fileSystems."/boot" = +# { device = "/dev/disk/by-uuid/2EDA-47FD"; +# fsType = "vfat"; +# options = [ "fmask=0022" "dmask=0022" ]; +# }; +# +# fileSystems."/home" = +# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; +# fsType = "btrfs"; +# options = [ "subvol=home" ]; +# }; +# +# fileSystems."/nix" = +# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; +# fsType = "btrfs"; +# options = [ "subvol=nix" ]; +# }; swapDevices = [ ]; diff --git a/hosts/igor/syncthing.nix b/hosts/igor/syncthing.nix new file mode 100644 index 0000000..9656614 --- /dev/null +++ b/hosts/igor/syncthing.nix @@ -0,0 +1,29 @@ +{ config, lib, ... }: +{ + config.services.syncthing = { + enable = true; + + user = "vsftpd"; + group = "vsftpd"; + + dataDir = "/var/lib/vsftpd"; + + settings.devices = { + thrall = { + id = "P52YQU2-7LCEOVV-DSGTAZG-AJ2DSJD-JPHSUJE-HC2KAGO-YR4SXQD-V6OQ7QF"; + addresses = [ "tcp://195.90.211.228:22000" ]; + }; + }; + + settings.folders = { + paperless = { + path = "${config.services.vsftpd.localRoot}/scan"; + devices = [ "thrall" ]; + versioning = { + type = "trashcan"; + params.cleanoutDays = "90"; + }; + }; + }; + }; +} diff --git a/modules/vsftpd/default.nix b/modules/vsftpd/default.nix index 0d82f67..02c1065 100644 --- a/modules/vsftpd/default.nix +++ b/modules/vsftpd/default.nix @@ -5,13 +5,12 @@ localUsers = true; writeEnable = true; chrootlocalUser = true; - allowWriteableChroot = true; - userlist = [ "scan" ]; + userDbPath = "/etc/vsftpd/users"; + enableVirtualUsers = true; + virtualUseLocalPrivs = true; + localRoot = "/var/lib/vsftpd/data"; + extraConfig = "local_umask=002"; }; - config.users.users.scan = { - isNormalUser = true; - }; - - config.networking.firewall.allowedTCPPorts = [ 21 ]; + config.networking.firewall.allowedTCPPorts = [ 20 21 ]; }