{ config, lib, pkgs, ... }: let extIface = "ens3"; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; nix.package = pkgs.nixUnstable; nix.extraOptions = '' experimental-features = nix-command flakes ca-derivations ''; #nix.registry.nixpkgs.flake = nixpkgs; # Binary Cache for Haskell.nix nix.settings.trusted-public-keys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ]; #nix.binaryCaches = [ "https://hydra.iohk.io" ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.version = 2; # boot.loader.grub.efiSupport = true; # boot.loader.grub.efiInstallAsRemovable = true; # boot.loader.efi.efiSysMountPoint = "/boot/efi"; # Define on which hard drive you want to install Grub. boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only # boot.loader.systemd-boot.enable = true; # Set your time zone. time.timeZone = "Europe/Berlin"; age.secrets = { # mailPass.file = ../../secrets/mailPass.age; # wireguard-thrall.file = ../../secrets/wireguard-thrall.age; }; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking = { hostName = "dregil"; domain = "failco.de"; wireless.enable = true; useDHCP = true; enableIPv6 = true; firewall = { allowedTCPPorts = [ 22 ]; allowedUDPPorts = [ 42666 ]; }; # wireguard.interfaces = { # wg0 = { # ips = [ "10.0.0.1/24" ]; # listenPort = 42666; # # privateKeyFile = config.age.secrets.wireguard-thrall.path; # peers = [ # { # # my phone # publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; # allowedIPs = [ "10.0.0.2/32" ]; # } # { # # my tablet # publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; # allowedIPs = [ "10.0.0.3/32" ]; # } # ]; # }; # }; }; security.acme = { acceptTerms = true; defaults.email = "alex@jakalx.net"; }; security.sudo = { enable = true; execWheelOnly = true; extraRules = [{ groups = [ "wheel" ]; commands = [{ command = "/run/current-system/sw/bin/nixos-rebuild"; options = [ "NOPASSWD" ]; }]; }]; }; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "dvorak"; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.alex = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. shell = pkgs.zsh; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ wget rsync htop tmux git #agenix.defaultPackage.x86_64-linux restic # fast and secure backup rclone ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; programs.neovim = { enable = true; defaultEditor = true; viAlias = true; vimAlias = true; }; # enable zsh globally in order to get home.sessionPath to propagate :() programs.zsh.enable = true; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; services.lorri.enable = true; # configure backup via restic to gdrive services.restic.backups = { }; services.keybase = { enable = true; }; services.syncthing = { enable = true; user = "alex"; dataDir = "/home/alex/sync"; overrideDevices = true; # overrides any devices added or deleted through the WebUI overrideFolders = true; # overrides any folders added or deleted through the WebUI folders = { "org" = { path = "/home/alex/org"; devices = [ "thrall" "redmi" ]; }; "scan" = { path = "/home/alex/media/scan"; devices = [ "thrall" "redmi" ]; }; }; devices = { "redmi" = { id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW"; }; }; }; system.stateVersion = "20.09"; # Did you read the comment? }