diff --git a/hosts/igor/default.nix b/hosts/igor/default.nix index 826ed59..0517cbf 100644 --- a/hosts/igor/default.nix +++ b/hosts/igor/default.nix @@ -1,7 +1,6 @@ { inputs, pkgs, - config, ... }: @@ -10,7 +9,6 @@ inputs.disko.nixosModules.disko ./hardware-configuration.nix ./disko-config.nix - ./syncthing.nix ../../modules/security.nix ../../modules/nix-config.nix ../../modules/timezone.nix @@ -26,32 +24,33 @@ config.boot.loader.grub.efiInstallAsRemovable = true; #config.boot.loader.efi.efiSysMountPoint = "/boot/efi"; # Define on which hard drive you want to install Grub. - config.boot.loader.grub.device = "/dev/disk/by-id/ata-HGST_HTS725050A7E630_TF655AY92SM3XL"; # or "nodev" for efi only + config.boot.loader.grub.device = "/dev/sdb"; # or "nodev" for efi only config.security.sudo.wheelNeedsPassword = false; config.networking = { hostName = "igor"; domain = "failco.de"; - - wireless = { - enable = true; - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; - secretsFile = "/etc/wireless.conf"; - networks = { - Prapsschnalinen.pskRaw = "ext:home"; - }; + wireless.enable = false; + useDHCP = false; + enableIPv6 = false; + networkmanager.enable = true; + interfaces.enp0s25 = { + ipv4.addresses = [ + { + address = "192.168.178.2"; + prefixLength = 24; + } + ]; }; - - useDHCP = true; - enableIPv6 = true; - networkmanager.enable = false; + defaultGateway = "192.168.178.1"; + nameservers = [ + "192.168.178.1" + "1.1.1.1" + "8.8.8.8" + ]; firewall.enable = true; - firewall.allowedTCPPorts = [ - config.services.mysql.settings.mysqld.port - ]; }; config.security.sudo = { @@ -100,6 +99,14 @@ config.services.mysql = { enable = true; package = pkgs.mariadb; + ensureUsers = [ + { + name = "mediathekview"; + ensurePermissions = { + "mediathekview.*" = "ALL PERMISSIONS"; + }; + } + ]; }; config.programs.firefox.enable = true; @@ -111,7 +118,6 @@ isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. shell = pkgs.zsh; - packages = [ pkgs.devenv ]; }; config.environment.systemPackages = with pkgs; [ @@ -120,15 +126,8 @@ waybar hyprpaper wofi - tmux - lftp ]; - config.programs.direnv = { - enable = true; - silent = true; - }; - config.programs.hyprland = { enable = true; withUWSM = true; diff --git a/hosts/igor/hardware-configuration.nix b/hosts/igor/hardware-configuration.nix index 9e0001b..57ea11e 100644 --- a/hosts/igor/hardware-configuration.nix +++ b/hosts/igor/hardware-configuration.nix @@ -26,35 +26,35 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; -# fileSystems."/" = -# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; -# fsType = "btrfs"; -# options = [ "subvol=rootfs" ]; -# }; -# -# fileSystems."/.swapvol" = -# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; -# fsType = "btrfs"; -# options = [ "subvol=swap" ]; -# }; -# -# fileSystems."/boot" = -# { device = "/dev/disk/by-uuid/2EDA-47FD"; -# fsType = "vfat"; -# options = [ "fmask=0022" "dmask=0022" ]; -# }; -# -# fileSystems."/home" = -# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; -# fsType = "btrfs"; -# options = [ "subvol=home" ]; -# }; -# -# fileSystems."/nix" = -# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; -# fsType = "btrfs"; -# options = [ "subvol=nix" ]; -# }; + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; + # fsType = "btrfs"; + # options = [ "subvol=rootfs" ]; + # }; + + # fileSystems."/.swapvol" = + # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; + # fsType = "btrfs"; + # options = [ "subvol=swap" ]; + # }; + + # fileSystems."/boot" = + # { device = "/dev/disk/by-uuid/2EDA-47FD"; + # fsType = "vfat"; + # options = [ "fmask=0022" "dmask=0022" ]; + # }; + + # fileSystems."/home" = + # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; + # fsType = "btrfs"; + # options = [ "subvol=home" ]; + # }; + + # fileSystems."/nix" = + # { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c"; + # fsType = "btrfs"; + # options = [ "subvol=nix" ]; + # }; swapDevices = [ ]; diff --git a/hosts/igor/syncthing.nix b/hosts/igor/syncthing.nix deleted file mode 100644 index 9656614..0000000 --- a/hosts/igor/syncthing.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, ... }: -{ - config.services.syncthing = { - enable = true; - - user = "vsftpd"; - group = "vsftpd"; - - dataDir = "/var/lib/vsftpd"; - - settings.devices = { - thrall = { - id = "P52YQU2-7LCEOVV-DSGTAZG-AJ2DSJD-JPHSUJE-HC2KAGO-YR4SXQD-V6OQ7QF"; - addresses = [ "tcp://195.90.211.228:22000" ]; - }; - }; - - settings.folders = { - paperless = { - path = "${config.services.vsftpd.localRoot}/scan"; - devices = [ "thrall" ]; - versioning = { - type = "trashcan"; - params.cleanoutDays = "90"; - }; - }; - }; - }; -} diff --git a/modules/vsftpd/default.nix b/modules/vsftpd/default.nix index 02c1065..0d82f67 100644 --- a/modules/vsftpd/default.nix +++ b/modules/vsftpd/default.nix @@ -5,12 +5,13 @@ localUsers = true; writeEnable = true; chrootlocalUser = true; - userDbPath = "/etc/vsftpd/users"; - enableVirtualUsers = true; - virtualUseLocalPrivs = true; - localRoot = "/var/lib/vsftpd/data"; - extraConfig = "local_umask=002"; + allowWriteableChroot = true; + userlist = [ "scan" ]; }; - config.networking.firewall.allowedTCPPorts = [ 20 21 ]; + config.users.users.scan = { + isNormalUser = true; + }; + + config.networking.firewall.allowedTCPPorts = [ 21 ]; }