30% more stuff
This commit is contained in:
parent
35941a67c9
commit
b3a154cecf
SSH key fingerprint:
SHA256:KiRjUay5C9i6objsEOIycygBHn54pDBB3Lj7fyJ0Elw
26
README.md
26
README.md
|
|
@ -12,20 +12,38 @@ this is outdated
|
||||||
- `base.nix`: The minimum configuration that a machine needs
|
- `base.nix`: The minimum configuration that a machine needs
|
||||||
- `full-install.nix`: if this machine has a DE or is going to be used by a human
|
- `full-install.nix`: if this machine has a DE or is going to be used by a human
|
||||||
- `tasia-packages.nix`: Collection of additional packages
|
- `tasia-packages.nix`: Collection of additional packages
|
||||||
|
- `common`: SSH keys, secrets, ...
|
||||||
|
- `dotfiles`: all my dotfiles
|
||||||
|
- `home`: user-specific settings.
|
||||||
- `hosts`: Machine-specific configurations
|
- `hosts`: Machine-specific configurations
|
||||||
- `modules/nixos`: Custom NixOS modules
|
- `modules/nixos`: Custom NixOS modules
|
||||||
- `overlays`: Custom NixOS overlays
|
- `overlays`: Custom NixOS overlays
|
||||||
- `pkgs`: Custom NixOS packages
|
- `pkgs`: Custom NixOS packages
|
||||||
|
- `stuff`: Random stuff that doesn't belong anywhere else
|
||||||
|
|
||||||
## Memo
|
## Memo
|
||||||
|
|
||||||
Update channels: `nix flake update`
|
Update channels: `nix flake update`
|
||||||
|
|
||||||
Build a configuration: `# nixos-rebuild switch --flake .#phoenix`
|
Build a configuration: `sudo ixos-rebuild switch --flake .#$(cat /etc/hostname)`
|
||||||
|
|
||||||
Build enry and upload a generation: TODO
|
Build enry and upload a generation: TODO
|
||||||
|
|
||||||
### git
|
### To do on a new machine
|
||||||
|
|
||||||
|
- Install NixOS
|
||||||
|
|
||||||
|
- Clone this repo `git clone https://gitea.com/tasiaiso/nixos-config.git && cd nixos-onfig`
|
||||||
|
|
||||||
|
- `export HOSTNAME=<your-hostname> && mkdir hosts/$HOSTNAME && cd hosts/$HOSTNAME && touch configuration.nix`
|
||||||
|
|
||||||
|
- Fill out `configuration.nix`
|
||||||
|
|
||||||
|
- `sudo nixos-generate-config --show-hardware-config > hosts/$HOSTNAME/hardare-configuration.nix`
|
||||||
|
|
||||||
|
- `sudo nixos-rebuild switch --flake .#$HOSTNAME`
|
||||||
|
|
||||||
|
#### git
|
||||||
|
|
||||||
generate an ssh key: `ssh-keygen -t ed25519`
|
generate an ssh key: `ssh-keygen -t ed25519`
|
||||||
|
|
||||||
|
|
@ -33,6 +51,10 @@ add to ssh-agent: `ssh-add .ssh/id_ed25519`
|
||||||
|
|
||||||
add to git: `git config --global user.signingkey ~/.ssh/id_ed25519`
|
add to git: `git config --global user.signingkey ~/.ssh/id_ed25519`
|
||||||
|
|
||||||
|
#### google-authenticator
|
||||||
|
|
||||||
|
- `google-authenticator -td -r 5 -R 60 -w 2`
|
||||||
|
|
||||||
# Hosts
|
# Hosts
|
||||||
|
|
||||||
## theseus
|
## theseus
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
# security.auditd.enable = true;
|
security.auditd.enable = true;
|
||||||
# security.audit.enable = true;
|
security.audit.enable = true;
|
||||||
# security.audit.rules = [
|
# security.audit.rules = [
|
||||||
# "-a exit,always -F arch=b64 -S execve"
|
# "-a exit,always -F arch=b64 -S execve"
|
||||||
# ];
|
# ];
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,7 @@
|
||||||
# Peripherals
|
# Peripherals
|
||||||
allow id 046d:c08b serial "178D316C3832" name "G502 HERO Gaming Mouse"
|
allow id 046d:c08b serial "178D316C3832" name "G502 HERO Gaming Mouse"
|
||||||
allow id 18d1:4ee1 serial "28051FDH200ATC" name "Pixel 7"
|
allow id 18d1:4ee1 serial "28051FDH200ATC" name "Pixel 7"
|
||||||
|
allow id 2717:ff40 serial "52bb384f0512" name "Redmi 10 2022"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,5 +6,5 @@ if [[ -n $SSH_CONNECTION ]] ; then
|
||||||
-H "Priority: urgent" \
|
-H "Priority: urgent" \
|
||||||
-H "Tags: urgent" \
|
-H "Tags: urgent" \
|
||||||
-d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \
|
-d "$(cat /etc/hostname ): ssh session ($SSH_CONNECTION)" \
|
||||||
ntfy.sh/tasiaiso_alerts &> /dev/null
|
ntfy.sh/tasiaiso_alerts &> /dev/null # Please don't make me learn how to manage secrets
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
|
|
@ -23,42 +23,46 @@
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
bitwarden
|
bitwarden
|
||||||
# android-tools
|
|
||||||
gocryptfs
|
gocryptfs
|
||||||
#endless-sky
|
|
||||||
#gnucash
|
|
||||||
# obs-studio
|
|
||||||
# kdenlive
|
|
||||||
rustc
|
rustc
|
||||||
cargo
|
cargo
|
||||||
nodejs
|
nodejs
|
||||||
rpi-imager
|
rpi-imager
|
||||||
# wireshark
|
|
||||||
# appimage-run
|
|
||||||
#ssb-patchwork
|
|
||||||
simplex-chat-desktop
|
simplex-chat-desktop
|
||||||
#android-studio
|
|
||||||
#swig
|
|
||||||
picard
|
picard
|
||||||
kleopatra
|
kleopatra
|
||||||
qbittorrent
|
qbittorrent
|
||||||
tor-browser
|
tor-browser
|
||||||
protonvpn-gui
|
protonvpn-gui
|
||||||
# radicle-cli
|
protonvpn-cli
|
||||||
# opensnitch-ui
|
|
||||||
yarn
|
yarn
|
||||||
nodePackages.node-gyp
|
nodePackages.node-gyp
|
||||||
nodePackages.node-pre-gyp
|
nodePackages.node-pre-gyp
|
||||||
# superTuxKart
|
|
||||||
openssl
|
openssl
|
||||||
home-manager
|
home-manager
|
||||||
|
|
||||||
# qgis
|
|
||||||
|
|
||||||
atool
|
atool
|
||||||
httpie
|
httpie
|
||||||
cowsay
|
cowsay
|
||||||
stress
|
stress
|
||||||
|
lazygit
|
||||||
|
|
||||||
|
wireguard-tools
|
||||||
|
|
||||||
|
# android-tools
|
||||||
|
#endless-sky
|
||||||
|
#gnucash
|
||||||
|
# obs-studio
|
||||||
|
# kdenlive
|
||||||
|
# wireshark
|
||||||
|
# appimage-run
|
||||||
|
#ssb-patchwork
|
||||||
|
#android-studio
|
||||||
|
#swig
|
||||||
|
# radicle-cli
|
||||||
|
# opensnitch-ui
|
||||||
|
# superTuxKart
|
||||||
|
# qgis
|
||||||
];
|
];
|
||||||
|
|
||||||
# The state version is required and should stay at the version you
|
# The state version is required and should stay at the version you
|
||||||
|
|
|
||||||
|
|
@ -45,9 +45,11 @@ in {
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "new-new-phoenix";
|
hostName = "new-new-phoenix";
|
||||||
|
|
||||||
|
# firewall.enable = lib.mkForce false;
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
8080 # ?
|
8080 # ?
|
||||||
|
8008 # ssb
|
||||||
12345 # tildefriends
|
12345 # tildefriends
|
||||||
13378 # audiobookshelf
|
13378 # audiobookshelf
|
||||||
];
|
];
|
||||||
|
|
@ -91,6 +93,12 @@ in {
|
||||||
# inputs.nixos-conf-editor.packages.${system}.nixos-conf-editor
|
# inputs.nixos-conf-editor.packages.${system}.nixos-conf-editor
|
||||||
# inputs.nix-software-center.packages.${system}.nix-software-center
|
# inputs.nix-software-center.packages.${system}.nix-software-center
|
||||||
];
|
];
|
||||||
|
virtualisation.virtualbox.host.enable = true;
|
||||||
|
users.extraGroups.vboxusers.members = ["tasia"];
|
||||||
|
|
||||||
|
services.openvpn.servers = {
|
||||||
|
ch = {config = ''config /home/tasia/Downloads/ch.protonvpn.udp.ovpn '';};
|
||||||
|
};
|
||||||
|
|
||||||
services.blueman.enable = true;
|
services.blueman.enable = true;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,14 +8,15 @@
|
||||||
}:
|
}:
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
pname = "tildefriends";
|
pname = "tildefriends";
|
||||||
version = "0.0.17";
|
version = "0.0.18";
|
||||||
|
|
||||||
src = fetchFromGitea {
|
src = fetchFromGitea {
|
||||||
domain = "dev.tildefriends.net";
|
domain = "dev.tildefriends.net";
|
||||||
owner = "cory";
|
owner = "cory";
|
||||||
repo = "tildefriends";
|
repo = "tildefriends";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
hash = "sha256-Wc9MvafA2rPmjnRvmMB3qmRyDQNhF688weKItHw3E8I=";
|
hash = "sha256-+uthA1w8CmZfW+WOK9wYGl2fUl/k10ufOc8W+Pwa9iQ=";
|
||||||
|
fetchSubmodules = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [
|
nativeBuildInputs = [
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue