nixos-config/hosts/kabtop/default.nix

112 lines
3.2 KiB
Nix
Raw Normal View History

2024-04-01 15:45:28 +02:00
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
2024-05-19 17:57:35 +02:00
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/services/server); # Server Services
2024-04-01 15:45:28 +02:00
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
grub = {
enable = true;
device = "/dev/sda";
};
timeout = 1; # Grub auto select time
};
};
environment = {
etc = {
2024-04-14 21:04:25 +02:00
"fail2ban/filter.d/open-webui.conf" = {
source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
mode = "0444";
};
2024-04-01 15:45:28 +02:00
"fail2ban/filter.d/gitea.conf" = {
source = ../../modules/services/server/fail2ban/filter/gitea.conf;
mode = "0444";
};
"fail2ban/filter.d/nextcloud.conf" = {
source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
mode = "0444";
};
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
2024-06-03 20:24:22 +02:00
pinentryPackage = pkgs.pinentry-curses;
2024-04-01 15:45:28 +02:00
};
};
services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
2024-06-04 21:11:04 +02:00
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
2024-04-01 15:45:28 +02:00
fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings = {
findtime = "15m";
};
jails = {
2024-04-14 21:04:25 +02:00
open-webui = ''
enabled = true
filter = open-webui
backend = systemd
action = iptables-allports
'';
2024-04-01 15:45:28 +02:00
gitea = ''
enabled = true
filter = gitea
backend = systemd
action = iptables-allports
'';
nextcloud = ''
backend = auto
enabled = true
filter = nextcloud
logpath = /var/lib/nextcloud/data/nextcloud.log
action = iptables-allports
'';
};
};
};
}