30% more stuff
This commit is contained in:
parent
35941a67c9
commit
b3a154cecf
SSH key fingerprint:
SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
26
README.md
26
README.md
|
|
@ -12,20 +12,38 @@ this is outdated
|
|||
- `base.nix`: The minimum configuration that a machine needs
|
||||
- `full-install.nix`: if this machine has a DE or is going to be used by a human
|
||||
- `tasia-packages.nix`: Collection of additional packages
|
||||
- `common`: SSH keys, secrets, ...
|
||||
- `dotfiles`: all my dotfiles
|
||||
- `home`: user-specific settings.
|
||||
- `hosts`: Machine-specific configurations
|
||||
- `modules/nixos`: Custom NixOS modules
|
||||
- `overlays`: Custom NixOS overlays
|
||||
- `pkgs`: Custom NixOS packages
|
||||
- `stuff`: Random stuff that doesn't belong anywhere else
|
||||
|
||||
## Memo
|
||||
|
||||
Update channels: `nix flake update`
|
||||
|
||||
Build a configuration: `# nixos-rebuild switch --flake .#phoenix`
|
||||
Build a configuration: `sudo ixos-rebuild switch --flake .#$(cat /etc/hostname)`
|
||||
|
||||
Build enry and upload a generation: TODO
|
||||
|
||||
### git
|
||||
### To do on a new machine
|
||||
|
||||
- Install NixOS
|
||||
|
||||
- Clone this repo `git clone https://gitea.com/tasiaiso/nixos-config.git && cd nixos-onfig`
|
||||
|
||||
- `export HOSTNAME=<your-hostname> && mkdir hosts/$HOSTNAME && cd hosts/$HOSTNAME && touch configuration.nix`
|
||||
|
||||
- Fill out `configuration.nix`
|
||||
|
||||
- `sudo nixos-generate-config --show-hardware-config > hosts/$HOSTNAME/hardare-configuration.nix`
|
||||
|
||||
- `sudo nixos-rebuild switch --flake .#$HOSTNAME`
|
||||
|
||||
#### git
|
||||
|
||||
generate an ssh key: `ssh-keygen -t ed25519`
|
||||
|
||||
|
|
@ -33,6 +51,10 @@ add to ssh-agent: `ssh-add .ssh/id_ed25519`
|
|||
|
||||
add to git: `git config --global user.signingkey ~/.ssh/id_ed25519`
|
||||
|
||||
#### google-authenticator
|
||||
|
||||
- `google-authenticator -td -r 5 -R 60 -w 2`
|
||||
|
||||
# Hosts
|
||||
|
||||
## theseus
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
# security.auditd.enable = true;
|
||||
# security.audit.enable = true;
|
||||
security.auditd.enable = true;
|
||||
security.audit.enable = true;
|
||||
# security.audit.rules = [
|
||||
# "-a exit,always -F arch=b64 -S execve"
|
||||
# ];
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@
|
|||
# Peripherals
|
||||
allow id 046d:c08b serial "178D316C3832" name "G502 HERO Gaming Mouse"
|
||||
allow id 18d1:4ee1 serial "28051FDH200ATC" name "Pixel 7"
|
||||
allow id 2717:ff40 serial "52bb384f0512" name "Redmi 10 2022"
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,5 +6,5 @@ if [[ -n $SSH_CONNECTION ]] ; then
|
|||
-H "Priority: urgent" \
|
||||
-H "Tags: urgent" \
|
||||
-d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \
|
||||
ntfy.sh/tasiaiso_alerts &> /dev/null
|
||||
ntfy.sh/tasiaiso_alerts &> /dev/null # Please don't make me learn how to manage secrets
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -23,42 +23,46 @@
|
|||
|
||||
home.packages = with pkgs; [
|
||||
bitwarden
|
||||
# android-tools
|
||||
gocryptfs
|
||||
#endless-sky
|
||||
#gnucash
|
||||
# obs-studio
|
||||
# kdenlive
|
||||
rustc
|
||||
cargo
|
||||
nodejs
|
||||
rpi-imager
|
||||
# wireshark
|
||||
# appimage-run
|
||||
#ssb-patchwork
|
||||
simplex-chat-desktop
|
||||
#android-studio
|
||||
#swig
|
||||
picard
|
||||
kleopatra
|
||||
qbittorrent
|
||||
tor-browser
|
||||
protonvpn-gui
|
||||
# radicle-cli
|
||||
# opensnitch-ui
|
||||
protonvpn-cli
|
||||
yarn
|
||||
nodePackages.node-gyp
|
||||
nodePackages.node-pre-gyp
|
||||
# superTuxKart
|
||||
openssl
|
||||
home-manager
|
||||
|
||||
# qgis
|
||||
|
||||
atool
|
||||
httpie
|
||||
cowsay
|
||||
stress
|
||||
lazygit
|
||||
|
||||
wireguard-tools
|
||||
|
||||
# android-tools
|
||||
#endless-sky
|
||||
#gnucash
|
||||
# obs-studio
|
||||
# kdenlive
|
||||
# wireshark
|
||||
# appimage-run
|
||||
#ssb-patchwork
|
||||
#android-studio
|
||||
#swig
|
||||
# radicle-cli
|
||||
# opensnitch-ui
|
||||
# superTuxKart
|
||||
# qgis
|
||||
];
|
||||
|
||||
# The state version is required and should stay at the version you
|
||||
|
|
|
|||
|
|
@ -45,9 +45,11 @@ in {
|
|||
networking = {
|
||||
hostName = "new-new-phoenix";
|
||||
|
||||
# firewall.enable = lib.mkForce false;
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
8080 # ?
|
||||
8008 # ssb
|
||||
12345 # tildefriends
|
||||
13378 # audiobookshelf
|
||||
];
|
||||
|
|
@ -91,6 +93,12 @@ in {
|
|||
# inputs.nixos-conf-editor.packages.${system}.nixos-conf-editor
|
||||
# inputs.nix-software-center.packages.${system}.nix-software-center
|
||||
];
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
users.extraGroups.vboxusers.members = ["tasia"];
|
||||
|
||||
services.openvpn.servers = {
|
||||
ch = {config = ''config /home/tasia/Downloads/ch.protonvpn.udp.ovpn '';};
|
||||
};
|
||||
|
||||
services.blueman.enable = true;
|
||||
|
||||
|
|
|
|||
|
|
@ -8,14 +8,15 @@
|
|||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "tildefriends";
|
||||
version = "0.0.17";
|
||||
version = "0.0.18";
|
||||
|
||||
src = fetchFromGitea {
|
||||
domain = "dev.tildefriends.net";
|
||||
owner = "cory";
|
||||
repo = "tildefriends";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-Wc9MvafA2rPmjnRvmMB3qmRyDQNhF688weKItHw3E8I=";
|
||||
hash = "sha256-+uthA1w8CmZfW+WOK9wYGl2fUl/k10ufOc8W+Pwa9iQ=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
|||
Loading…
Reference in a new issue