jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NixOS/config/jawz.nix

154 lines
4.6 KiB
Nix
Raw Blame History

{ config, lib, ... }:
let
inherit (config.networking) hostName;
in
{
sops.secrets =
let
baseDir = ".ssh/ed25519";
keyConfig = file: {
sopsFile = ../secrets/keys.yaml;
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/${file}";
};
in
{
jawz-password.neededForUsers = true;
"private_keys/age" = keyConfig "${baseDir}_age";
"public_keys/age" = keyConfig "${baseDir}_age.pub";
"private_keys/${hostName}" = keyConfig "${baseDir}_${hostName}";
"git_private_keys/${hostName}" = keyConfig "${baseDir}_git";
"syncthing_keys/${hostName}" = keyConfig ".config/syncthing/key.pem";
"syncthing_certs/${hostName}" = keyConfig ".config/syncthing/cert.pem";
"syncthing_password".sopsFile = ../secrets/keys.yaml;
};
home-manager.users.jawz.home.file.".librewolf/.stignore".source = ../dotfiles/stignore;
services.syncthing = {
enable = true;
user = "jawz";
group = "users";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
key = config.sops.secrets."syncthing_keys/${hostName}".path;
cert = config.sops.secrets."syncthing_certs/${hostName}".path;
guiAddress = "${config.my.ips."${hostName}"}:8384";
settings = {
options = {
globalAnnounceEnabled = false;
relaysEnabled = false;
};
gui = {
user = "jawz";
password = config.sops.secrets.syncthing_password.path;
};
devices = {
server.id = "BG6PF7S-KATABWO-7WAZFMX-6YO7IS3-WQTMR3M-VSOSV7V-HFFMNNH-BFX2EQ4";
miniserver.id = "HDYEGIR-GFU7ONK-MOOJUFH-N3L3XHX-SXWN3FI-O23K6LD-BJENQK5-VIPV2AT";
workstation.id = "4E4KJ6M-MSTNBVF-D7CNHDW-DUTB3VR-SXKZ4NH-ZKAOMF5-V24JECJ-4STSZAA";
galaxy.id = "UAZ5YDV-YUFBXOY-QMS6S6R-WPIIKZI-4OPPW5L-G4OVUPO-YW5KFYY-YASRAAV";
phone.id = "OSOX2VZ-AO2SA3C-BFB6NKF-K6CR6WX-64TDBKW-RRKEKJ4-FKZE5CV-J2RGJAJ";
wg-friend1 = {
id = "XBIYCD4-EFKS5SK-WFF73CU-P37GXVH-OMWEIA4-6KC5F3L-U5UQWSF-SYNNRQF";
addresses = [ "tcp://${config.my.ips.wg-friend1}:22000" ];
introducer = false;
autoAcceptFolders = false;
paused = false;
};
};
folders =
let
isMainHost = hostName == "workstation";
mkMobile =
path:
lib.mkIf isMainHost {
inherit path;
ignorePerms = false;
devices = [
"galaxy"
"phone"
];
};
in
{
cache = mkMobile "~/Downloads/cache/";
friends = mkMobile "~/Pictures/artist/friends/";
forme = mkMobile "~/Pictures/art for me/";
comfy = mkMobile "~/Development/AI/ComfyUI/output/";
gdl = {
path = "~/.config/jawz/";
ignorePerms = false;
devices = [
"server"
"miniserver"
"workstation"
];
};
librewolf = {
path = "~/.librewolf/";
ignorePerms = false;
copyOwnershipFromParent = true;
type = if isMainHost then "sendonly" else "receiveonly";
devices = [
"server"
"miniserver"
"workstation"
];
};
notes = {
path = "~/Documents/Notes";
ignorePerms = false;
devices = [
"galaxy"
"phone"
"server"
"miniserver"
"workstation"
];
};
friend_share = {
path = "~/Pictures/encrypted/friends";
ignorePerms = false;
type = "sendreceive";
devices = [
"server"
"workstation"
"wg-friend1"
];
};
};
};
};
users.users.jawz = {
uid = 1000;
linger = true;
isNormalUser = true;
hashedPasswordFile = config.sops.secrets.jawz-password.path;
extraGroups = [
"wheel"
"networkmanager"
"scanner"
"lp"
"piracy"
"kavita"
"video"
"docker"
"libvirt"
"rslsync"
"plugdev"
"bluetooth"
];
openssh.authorizedKeys.keyFiles = [
../secrets/ssh/ed25519_deacero.pub
../secrets/ssh/ed25519_workstation.pub
../secrets/ssh/ed25519_server.pub
../secrets/ssh/ed25519_miniserver.pub
../secrets/ssh/ed25519_galaxy.pub
../secrets/ssh/ed25519_phone.pub
../secrets/ssh/ed25519_vps.pub
];
};
}
Reference in New Issue View Git Blame Copy Permalink