This commit is contained in:
Danilo Reyes
@@ -25,13 +25,17 @@ in
|
||||
../../environments/gnome.nix
|
||||
];
|
||||
my = import ./toggles.nix { inherit inputs; } // {
|
||||
nix.cores = 8;
|
||||
nix.maxJobs = 8;
|
||||
users.nixremote.enable = true;
|
||||
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
|
||||
"nixserver"
|
||||
"nixminiserver"
|
||||
];
|
||||
nix = {
|
||||
cores = 8;
|
||||
maxJobs = 8;
|
||||
};
|
||||
users.nixremote = {
|
||||
enable = true;
|
||||
authorizedKeys = inputs.self.lib.getSshKeys [
|
||||
"nixserver"
|
||||
"nixminiserver"
|
||||
];
|
||||
};
|
||||
};
|
||||
sops.secrets."workstation/private" = lib.mkIf config.my.secureHost {
|
||||
sopsFile = ../../secrets/wireguard.yaml;
|
||||
@@ -53,6 +57,21 @@ in
|
||||
};
|
||||
networking = {
|
||||
hostName = "workstation";
|
||||
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
|
||||
ips = [ "${config.my.ips.wg-workstation}/32" ];
|
||||
privateKeyFile = config.sops.secrets."workstation/private".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
|
||||
endpoint = "${config.my.ips.vps}:51820";
|
||||
persistentKeepalive = 25;
|
||||
allowedIPs = [
|
||||
"${config.my.ips.wg-vps}/32"
|
||||
config.my.subnets.wg-homelab
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
firewall = {
|
||||
allowedTCPPorts = [
|
||||
config.my.ports.nsUsbloader
|
||||
@@ -80,21 +99,6 @@ in
|
||||
}
|
||||
'';
|
||||
};
|
||||
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
|
||||
ips = [ "${config.my.ips.wg-workstation}/32" ];
|
||||
privateKeyFile = config.sops.secrets."workstation/private".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
|
||||
endpoint = "${config.my.ips.vps}:51820";
|
||||
persistentKeepalive = 25;
|
||||
allowedIPs = [
|
||||
"${config.my.ips.wg-vps}/32"
|
||||
config.my.subnets.wg-homelab
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
users = {
|
||||
groups.ai = { };
|
||||
|
||||
@@ -87,17 +87,16 @@ in
|
||||
fileSystems =
|
||||
let
|
||||
nfsMount = server: nfsDisk: {
|
||||
device = "${server}:/${nfsDisk}";
|
||||
fsType = "nfs";
|
||||
options = [
|
||||
"x-systemd.automount"
|
||||
"noauto"
|
||||
"x-systemd.idle-timeout=600"
|
||||
];
|
||||
device = "${server}:/${nfsDisk}";
|
||||
fsType = "nfs";
|
||||
};
|
||||
btrfsMount = device: subvol: extraOpts: {
|
||||
inherit device;
|
||||
fsType = "btrfs";
|
||||
options = extraOpts ++ [
|
||||
"subvol=${subvol}"
|
||||
"ssd"
|
||||
@@ -107,6 +106,7 @@ in
|
||||
"commit=120"
|
||||
"datacow"
|
||||
];
|
||||
fsType = "btrfs";
|
||||
};
|
||||
trashOptions = [
|
||||
"x-gvfs-trash"
|
||||
|
||||
@@ -3,14 +3,6 @@ let
|
||||
inherit (inputs.self.lib) mkEnabled mkEnabledWithUsers enableList;
|
||||
in
|
||||
{
|
||||
stylix = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
emacs = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
enableContainers = true;
|
||||
servers.drpp.enable = true;
|
||||
apps =
|
||||
@@ -52,4 +44,12 @@ in
|
||||
"ffmpeg4discord"
|
||||
"update-org-agenda-cache"
|
||||
];
|
||||
stylix = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
emacs = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user