mirror of
https://github.com/Ascyii/nixos.git
synced 2026-01-01 06:44:26 -05:00
192 lines
4.3 KiB
Nix
192 lines
4.3 KiB
Nix
# Configuratoin for my thinkpad t470s
|
|
{ pkgs, config, inputs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
# Import neccessities
|
|
./hardware-configuration.nix
|
|
|
|
# Import own modules
|
|
../../users.nix
|
|
# ../../modules/workstation.nix
|
|
../../modules/tweaks.nix
|
|
../../modules/laptop.nix
|
|
../../common.nix
|
|
|
|
inputs.sops-nix.nixosModules.sops
|
|
];
|
|
|
|
sops = {
|
|
defaultSopsFile = ../../../secrets.yaml;
|
|
defaultSopsFormat = "yaml";
|
|
# hard code the username here
|
|
age.keyFile = "/home/jonas/.config/sops/age/keys.txt";
|
|
templates = {
|
|
"davtemp" = {
|
|
owner = "root";
|
|
content = ''${config.sops.placeholder.davurl} ${config.sops.placeholder.jondav} ${config.sops.placeholder.jondavpass}'';
|
|
mode = "0600";
|
|
path = "/etc/davfs2/secrets";
|
|
};
|
|
};
|
|
secrets = {
|
|
davurl = {
|
|
owner = "jonas";
|
|
};
|
|
jondav = {
|
|
owner = "jonas";
|
|
};
|
|
jondavpass = {
|
|
owner = "jonas";
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
# Opening ssh and the web
|
|
80
|
|
443
|
|
|
|
# Dev ports
|
|
8888
|
|
2345
|
|
8080
|
|
];
|
|
programs.gnupg.agent = {
|
|
enable = true;
|
|
pinentryPackage = with pkgs; pinentry-all;
|
|
enableSSHSupport = true;
|
|
};
|
|
|
|
# Scanning over the network support
|
|
hardware.sane.enable = true;
|
|
hardware.sane.extraBackends = [ pkgs.sane-airscan ];
|
|
hardware.sane.disabledDefaultBackends = [ "escl" ];
|
|
services.udev.packages = [ pkgs.sane-airscan ];
|
|
services.avahi.enable = true;
|
|
services.avahi.nssmdns = true;
|
|
|
|
services.davfs2.enable = true;
|
|
|
|
# ensure the mountpoint directory exists
|
|
systemd.tmpfiles.rules = [
|
|
"d /mnt/webdav 0755 jonas users -"
|
|
#"d /var/cache/davfs2/sync.hahn1.one+mnt-webdav+jonas 0700 jonas users -"
|
|
];
|
|
|
|
# Just works
|
|
systemd.mounts = [
|
|
{
|
|
description = "Webdav mount point";
|
|
#after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
|
|
what = "https://sync.hahn1.one";
|
|
where = "/mnt/webdav";
|
|
type = "davfs";
|
|
options = "uid=1000,gid=1000,file_mode=0664,dir_mode=2775,_netdev";
|
|
mountConfig.TimeoutSec = "15s";
|
|
#wantedBy = [ "multi-user.target" ];
|
|
}
|
|
];
|
|
# systemd.automounts = [
|
|
# {
|
|
# where = "/mnt/webdav";
|
|
# wantedBy = [ "multi-user.target" ];
|
|
# automountConfig = {
|
|
# TimeoutIdleSec = "20m";
|
|
# };
|
|
# }
|
|
# ];
|
|
|
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
services = {
|
|
syncthing = {
|
|
enable = true;
|
|
user = "jonas";
|
|
# Have to set the bandwidth for the syncing manually for laptops
|
|
#guiAddress = "0.0.0.0:8384";
|
|
dataDir = "/home/jonas/synced";
|
|
configDir = "/home/jonas/.config/syncthing";
|
|
overrideDevices = true; # overrides any devices added or deleted through the WebUI
|
|
overrideFolders = false; # overrides any folders added or deleted through the WebUI
|
|
settings = {
|
|
devices = {
|
|
"stranox" = { id = "KTFN5YR-NU2Y6EV-WU6D635-H2AUZTJ-KL6UIVE-L7N2EU5-GPY34N7-ZQ36MAI"; };
|
|
};
|
|
folders = {
|
|
# This is the mail folder to keep synced accross everything
|
|
# Auto opt in for the sync folder that is on the server
|
|
# Further down the line you can split your sync setup into multiple folders
|
|
## "synced" = {
|
|
# path = "/home/jonas/syncedokay";
|
|
# devices = [ "stranox" ];
|
|
# ignorePerms = true;
|
|
# #fsWatcherDelayS="10";
|
|
|
|
# # Try to save battery with this
|
|
# # Remember to also look at options that are not in the
|
|
# # nixos options search
|
|
# fsWatcherEnabled = true;
|
|
# #disableFsync = true;
|
|
# pullerPauseS = 600;
|
|
# rescanIntervalS = 1200;
|
|
# versioning = {
|
|
# type = "staggered";
|
|
# };
|
|
#};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
###### TEMP AREA
|
|
|
|
# security.krb5 = {
|
|
# enable = true;
|
|
# settings = {
|
|
# libdefaults = {
|
|
# default_realm = "UNI-GOETTINGEN.DE"; # Replace with actual realm
|
|
# };
|
|
# };
|
|
# };
|
|
|
|
# Thinkpad specific fingerprint reader does not work yet
|
|
# For further information see: https://gitlab.freedesktop.org/3v1n0/libfprint-tod-vfs0090
|
|
#services.fprintd = {
|
|
# enable = true;
|
|
# tod = {
|
|
# enable = true;
|
|
# driver = pkgs.libfprint-2-tod1-vfs0090;
|
|
# };
|
|
#};
|
|
|
|
#####
|
|
|
|
networking.hostName = "thinix";
|
|
batMode = "double";
|
|
|
|
networking = {
|
|
networkmanager = {
|
|
wifi.powersave = true;
|
|
};
|
|
};
|
|
services.dnsmasq.enable = true;
|
|
|
|
# Setting up swap in case of emergency
|
|
swapDevices = [
|
|
{
|
|
device = "/swapfile";
|
|
size = 4096; # size in MB (4096 MB = 4 GB)
|
|
}
|
|
];
|
|
|
|
|
|
# this does not work with flakes
|
|
#system.copySystemConfiguration = true;
|
|
system.stateVersion = "24.11";
|
|
}
|