90 lines
2.2 KiB
Nix
90 lines
2.2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
inputs,
|
|
...
|
|
}:
|
|
let
|
|
derekUid = config.users.users.bearded_dragonn.uid;
|
|
openWebuiPort = config.services.open-webui.port;
|
|
sillytavernPort = config.services.sillytavern.port;
|
|
enableForDerek = {
|
|
enable = true;
|
|
users = "bearded_dragonn";
|
|
};
|
|
in
|
|
{
|
|
my = {
|
|
stylix = enableForDerek;
|
|
emacs = enableForDerek;
|
|
apps = {
|
|
art = enableForDerek;
|
|
gaming = enableForDerek;
|
|
multimedia.videoEditing = enableForDerek;
|
|
};
|
|
dev = {
|
|
nix = enableForDerek;
|
|
python = enableForDerek;
|
|
sh = enableForDerek;
|
|
};
|
|
shell = {
|
|
exercism = enableForDerek;
|
|
tools = enableForDerek;
|
|
multimedia = enableForDerek;
|
|
};
|
|
};
|
|
sops.secrets = lib.mkIf config.my.secureHost {
|
|
derek-password.neededForUsers = true;
|
|
};
|
|
services = {
|
|
tailscale.enable = true;
|
|
sunshine = {
|
|
enable = true;
|
|
autoStart = false;
|
|
capSysAdmin = true;
|
|
openFirewall = true;
|
|
};
|
|
};
|
|
networking.nftables = {
|
|
enable = true;
|
|
tables = {
|
|
local-uid-block = {
|
|
family = "inet";
|
|
content = ''
|
|
chain output {
|
|
type filter hook output priority 0; policy accept;
|
|
meta skuid ${toString derekUid} ip daddr 127.0.0.1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
|
|
meta skuid ${toString derekUid} ip6 daddr ::1 tcp dport { ${toString openWebuiPort}, ${toString sillytavernPort} } drop
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
users.users.bearded_dragonn = {
|
|
uid = 1002;
|
|
isNormalUser = true;
|
|
createHome = true;
|
|
hashedPasswordFile = lib.mkIf config.my.secureHost config.sops.secrets.derek-password.path;
|
|
hashedPassword =
|
|
lib.mkIf (!config.my.secureHost)
|
|
"$6$s4kbia4u7xVwCmyo$LCN7.Ki2n3xQOqPKnTwa5idwOWYeMNTieQYbLkiiKcMFkFmK76BjtNofJk3U7yRmLGnW3oFT433.nTRq1aoN.1";
|
|
packages = builtins.attrValues {
|
|
inherit (pkgs)
|
|
bottles
|
|
vscode
|
|
nextcloud-client
|
|
warp
|
|
handbrake
|
|
;
|
|
inherit (inputs.prem2resolve.packages.x86_64-linux) prem2resolve;
|
|
};
|
|
extraGroups = [
|
|
"audio"
|
|
"video"
|
|
"input"
|
|
"games"
|
|
];
|
|
};
|
|
}
|