# # Specific system configuration settings for desktop # # flake.nix # ├─ ./hosts # │ └─ ./laptop # │ ├─ default.nix * # │ └─ hardware-configuration.nix # └─ ./modules # ├─ ./desktop # │ └─ ./hyprland # │ └─ hyprland.nix # ├─ ./modules # │ └─ ./programs # │ └─ waybar.nix # └─ ./hardware # └─ default.nix # { config, pkgs, user, agenix, impermanence, ... }: { imports = # For now, if applying to other system, swap files [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options (import ../../modules/services/server); # Server Services boot = { # Boot options kernelPackages = pkgs.linuxPackages_latest; loader = { # EFI Boot grub = { enable = true; device = "/dev/sda"; }; timeout = 1; # Grub auto select time }; }; environment = { etc = { "fail2ban/filter.d/open-webui.conf" = { source = ../../modules/services/server/fail2ban/filter/open-webui.conf; mode = "0444"; }; "fail2ban/filter.d/gitea.conf" = { source = ../../modules/services/server/fail2ban/filter/gitea.conf; mode = "0444"; }; "fail2ban/filter.d/nextcloud.conf" = { source = ../../modules/services/server/fail2ban/filter/nextcloud.conf; mode = "0444"; }; }; }; programs = { # No xbacklight, this is the alterantive zsh.enable = true; ssh.startAgent = false; gnupg.agent = { enable = true; enableSSHSupport = true; pinentryPackage = pkgs.pinentry-curses; }; }; services = { #auto-cpufreq.enable = true; qemuGuest.enable = true; #avahi = { # Needed to find wireless printer # enable = true; # nssmdns = true; # publish = { # Needed for detecting the scanner # enable = true; # addresses = true; # userServices = true; # }; #}; fail2ban = { enable = true; maxretry = 5; jails.DEFAULT.settings = { findtime = "15m"; }; jails = { open-webui = '' enabled = true filter = open-webui backend = systemd action = iptables-allports ''; gitea = '' enabled = true filter = gitea backend = systemd action = iptables-allports ''; nextcloud = '' backend = auto enabled = true filter = nextcloud logpath = /var/lib/nextcloud/data/nextcloud.log action = iptables-allports ''; }; }; }; }