Avery/NixOS
Avery/NixOS
1
0
Fork 0
Code Activity

Update greatyamada config

Browse source
This commit is contained in:
Avery 2025-06-21 15:42:06 +02:00
parent 5c4921895e
commit 97bf3bb177
Signed by: Avery
GPG key ID: B684FD451B692E04
22 changed files with 556 additions and 212 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common/nixos.nix
View file

@ -40,7 +40,13 @@
}; };
}; };
services.openssh.enable = true; services.openssh = {
enable = true;
settings = {
X11Forwarding = false;
PermitRootLogin = "no";
};
};
sops = { sops = {
secrets.avery_password = { secrets.avery_password = {

18
common/zsh.nix
View file

@ -1,8 +1,14 @@
{ config, ... }: { { config, lib, ... }: {
programs = { programs = {
zsh = { zsh = {
enable = true; enable = true;
initExtra = '' initContent = lib.mkBefore ''
setopt AUTO_PUSHD
setopt SHARE_HISTORY
setopt MENUCOMPLETE
autoload -U history-search-end
zle -N history-beginning-search-backward-end history-search-end
zle -N history-beginning-search-forward-end history-search-end
bindkey "^[OA" history-beginning-search-backward-end bindkey "^[OA" history-beginning-search-backward-end
bindkey "^[OB" history-beginning-search-forward-end bindkey "^[OB" history-beginning-search-forward-end
bindkey "^r" history-incremental-search-backward bindkey "^r" history-incremental-search-backward
@ -20,14 +26,6 @@
fastfetch fastfetch
''; '';
initExtraFirst = ''
setopt AUTO_PUSHD
setopt SHARE_HISTORY
setopt MENUCOMPLETE
autoload -U history-search-end
zle -N history-beginning-search-backward-end history-search-end
zle -N history-beginning-search-forward-end history-search-end
'';
history.path = "${config.xdg.dataHome}/zhistory"; history.path = "${config.xdg.dataHome}/zhistory";
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
}; };

163
flake.lock generated
View file

@ -34,11 +34,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742012573, "lastModified": 1749968237,
"narHash": "sha256-/M7hD64NRtg+QIIhMhe5v+u8fkW8zNkBoobCdYO9cWo=", "narHash": "sha256-K72058wQbyefCV/jx8UskyBh4r7mOMARatXfzZPcoyQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "autofirma-nix", "repo": "autofirma-nix",
"rev": "99559fb377b1139cdf1317ce80ecbb27edb5da4e", "rev": "76d28ab9d5ff3a1dfad58c0168fe823523913802",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -82,15 +82,12 @@
} }
}, },
"crane": { "crane": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": { "locked": {
"lastModified": 1717535930, "lastModified": 1731098351,
"narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "55e7754ec31dac78980c8be45f8a28e80e370946", "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -118,11 +115,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1747046372,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -139,11 +136,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741352980, "lastModified": 1749398372,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -160,11 +157,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717285511, "lastModified": 1730504689,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -181,11 +178,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738453229, "lastModified": 1749398372,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -212,24 +209,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -257,11 +236,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1741955947, "lastModified": 1749779443,
"narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "narHash": "sha256-r6YTIMprNCYcJcA4oZ0x1wPaHPPHUxb8CnyEeMkhGks=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "rev": "18f3a0d21c3739a242aafa17c04c5238bbab5a41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -277,11 +256,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741955947, "lastModified": 1750107071,
"narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "narHash": "sha256-yfuHCO4m+gu3OBNGnP0/TL5W8nLXrC/EV1fs/+YcoL8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "rev": "0edffd088e42fdc48598b37d88eb5345e2ca3937",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -304,16 +283,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729958008, "lastModified": 1748294338,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=", "narHash": "sha256-FVO01jdmUNArzBS7NmaktLdGA5qA3lUMJ4B7a05Iynw=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "ixx", "repo": "ixx",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb", "rev": "cc5f390f7caf265461d4aab37e98d2292ebbdb85",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NuschtOS", "owner": "NuschtOS",
"ref": "v0.0.6", "ref": "v0.0.8",
"repo": "ixx", "repo": "ixx",
"type": "github" "type": "github"
} }
@ -397,11 +376,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1741624954, "lastModified": 1745514172,
"narHash": "sha256-VjLS010BEfwuK343Dst08NnQNS8SRtVCDkz1zTsHuvI=", "narHash": "sha256-FV8uIBumYYmqOMEa6WR3lFxs0ocANT7bbawEDg+vWjo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-unit", "repo": "nix-unit",
"rev": "e9d81f6cffe67681e7c04a967d29f18c2c540af5", "rev": "be0d299e89a31e246c5472bf0e1005d4cc1e9e55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -418,11 +397,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741870048, "lastModified": 1749574455,
"narHash": "sha256-odXRdNZGdXg1LmwlAeWL85kgy/FVHsgKlDwrvbR2BsU=", "narHash": "sha256-fm2/8KPOYvvIAnNVtjDlTt/My00lIbZQ+LMrfQIWVzs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "5d76001e33ee19644a598ad80e7318ab0957b122", "rev": "917af390377c573932d84b5e31dd9f2c1b5c0f09",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -434,11 +413,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1741513245, "lastModified": 1749285348,
"narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=", "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1", "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -450,43 +429,27 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1710695816, "lastModified": 1730741070,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3", "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1743076231, "lastModified": 1749794982,
"narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=", "narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6c5963357f3c1c840201eda129a99d455074db04",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1743095683,
"narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6", "rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -502,14 +465,15 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nuschtosSearch": "nuschtosSearch" "nuschtosSearch": "nuschtosSearch",
"systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1741709061, "lastModified": 1750105753,
"narHash": "sha256-G1YTksB0CnVhpU1gEmvO3ugPS5CAmUpm5UtTIUIPnEI=", "narHash": "sha256-reWddMyGkxjackE4VSZ2NjOQlAdfiofhCEWFHapblNI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "3a3abf11700f76738d8ad9d15054ceaf182d2974", "rev": "ab0a3682cc40da89029dcb3f467b46ae3b8c0fd1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -520,7 +484,7 @@
}, },
"nuschtosSearch": { "nuschtosSearch": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"ixx": "ixx", "ixx": "ixx",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
@ -528,11 +492,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738508923, "lastModified": 1749730855,
"narHash": "sha256-4DaDrQDAIxlWhTjH6h/+xfG05jt3qDZrZE/7zDLQaS4=", "narHash": "sha256-L3x2nSlFkXkM6tQPLJP3oCBMIsRifhIDPMQQdHO5xWo=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "search", "repo": "search",
"rev": "86e2038290859006e05ca7201425ea5b5de4aecb", "rev": "8dfe5879dd009ff4742b668d9c699bc4b9761742",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -555,11 +519,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1717664902, "lastModified": 1731363552,
"narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -575,25 +539,24 @@
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixos-wsl": "nixos-wsl", "nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"nixvim": "nixvim", "nixvim": "nixvim",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1717813066, "lastModified": 1731897198,
"narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -609,11 +572,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741861888, "lastModified": 1749592509,
"narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=", "narHash": "sha256-VunQzfZFA+Y6x3wYi2UE4DEQ8qKoAZZCnZPUlSoqC+A=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f", "rev": "50754dfaa0e24e313c626900d44ef431f3210138",
"type": "github" "type": "github"
}, },
"original": { "original": {

15
flake.nix
View file

@ -78,6 +78,21 @@
./hosts/greatyamada/nixos ./hosts/greatyamada/nixos
./hosts/greatyamada/services ./hosts/greatyamada/services
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager
{
home-manager = {
backupFileExtension = "bak";
useUserPackages = true;
users.avery = {
imports = [
inputs.nixvim.homeManagerModules.nixvim
./common/home.nix
./common/zsh.nix
./hosts/totsugeki/home-manager/development/nixvim
];
};
};
}
]; ];
}; };
# WSL development system # WSL development system

36
hosts/greatyamada/nixos/default.nix
View file

@ -1,15 +1,34 @@
{ lib, pkgs, ... }: { { lib, pkgs, ... }: {
imports = [ ./filesystems.nix ]; imports = [ ./filesystems.nix ];
boot.loader.systemd-boot.enable = true; boot = {
loader.systemd-boot.enable = true;
kernelPackages = pkgs.linuxKernel.packages.linux_zen;
initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
environment.systemPackages = with pkgs; [ iptables ]; environment.systemPackages = with pkgs; [ arion docker-client ];
networking = { networking = {
firewall.enable = true; firewall.enable = true;
hostName = "greatyamada"; hostName = "greatyamada";
networkmanager.enable = true; networkmanager.enable = true;
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
interfaces.enp5s0 = {
ipv4.addresses = [{
address = "10.0.0.1";
prefixLength = 24;
}];
};
defaultGateway = {
address = "10.0.0.254";
interface = "enp5s0";
};
nameservers = [ "9.9.9.9" ];
}; };
sops = { sops = {
@ -17,7 +36,18 @@
age.keyFile = "/etc/nixos/keys.txt"; age.keyFile = "/etc/nixos/keys.txt";
}; };
system.stateVersion = "25.05"; system.stateVersion = "24.05";
users = {
groups.media = { };
users.avery.extraGroups = [ "media" ];
};
virtualisation.podman = {
enable = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
time.timeZone = "UTC"; time.timeZone = "UTC";
} }

28
hosts/greatyamada/nixos/filesystems.nix
View file

@ -2,27 +2,27 @@
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "ext4";
options = [ "compress=zstd:15" ];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-label/NIXBOOT"; device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat"; fsType = "vfat";
}; };
"/mnt/Datos" = { "/mnt/ssd-01" = {
device = "/dev/disk/by-label/Datos"; device = "/dev/disk/by-label/ssd-01";
fsType = "btrfs"; fsType = "ext4";
options = [ "compress=zstd:15" ];
}; };
"/mnt/Datos/minecraft" = { "/mnt/hdd-01" = {
device = "/dev/disk/by-label/Datos"; device = "/dev/disk/by-label/hdd-01";
fsType = "btrfs"; fsType = "ext4";
options = [ "compress=zstd:4" "subvol=/minecraft" ];
}; };
"/mnt/Datos/music" = { "/mnt/hdd-02" = {
device = "/dev/disk/by-label/Datos"; device = "/dev/disk/by-label/hdd-02";
fsType = "btrfs"; fsType = "ext4";
options = [ "subvol=/music" ];
}; };
}; };
swapDevices = [{
device = "/.swapfile";
size = 4 * 1024;
}];
} }

13
hosts/greatyamada/services/_port-definitions.nix
View file

@ -1,20 +1,17 @@
{ {
adguardhome-dns = 53; adguardhome-dns = 53;
adguardhome-http = 3001; adguardhome-http = 3001;
coturn-turn = 3478; adguardhome-dhcp-udp = 67;
coturn-turn-alt = 3479;
coturn-minimum = 49192;
coturn-maximum = 49200;
forgejo-http = 3000; forgejo-http = 3000;
jellyfin-http = 8096; jellyfin-http = 8096;
matrix-http = 8008;
matrix-https = 8448;
matrix-bridges-http = 8088;
mautrix-whatsapp = 29318;
minecraft = 13914; minecraft = 13914;
navidrome-https = 4533;
nginx-https = 443; nginx-https = 443;
ntfy-http = 2586; ntfy-http = 2586;
pgadmin = 5050;
postgresql = 5432; postgresql = 5432;
radicale-http = 5232; radicale-http = 5232;
searxng = 8888;
wireguard = 51820; wireguard = 51820;
vaultwarden = 8222;
} }

11
hosts/greatyamada/services/acme.nix
View file

@ -2,18 +2,13 @@
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "aveeryy@protonmail.com"; defaults.email = "aveeryy@protonmail.com";
# Temporarily use staging server for testing
defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
certs."rcia.dev" = { certs."rcia.dev" = {
credentialFiles.CLOUDFLARE_DNS_API_TOKEN_FILE = credentialFiles.CLOUDFLARE_DNS_API_TOKEN_FILE = "/run/secrets/acme_token";
"/run/secrets/cloudflare_api_token"; extraDomainNames = [ "*.rcia.dev" ];
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
group = "nginx"; group = "nginx";
webroot = null; webroot = null;
}; };
}; };
sops.secrets."cloudflare/api_token" = { sops.secrets."acme_token".group = "acme";
path = "/run/secrets/cloudflare_api_token";
group = "acme";
};
} }

233
hosts/greatyamada/services/adguardhome.nix
View file

@ -3,18 +3,21 @@ let
portDefinitions = import ./_port-definitions.nix; portDefinitions = import ./_port-definitions.nix;
nginxLocalServiceConfig = import ./nginx-local-config.nix; nginxLocalServiceConfig = import ./nginx-local-config.nix;
in { in {
networking.firewall.allowedTCPPorts = [ portDefinitions.adguardhome-dns ]; networking.firewall = {
networking.firewall.allowedUDPPorts = [ portDefinitions.adguardhome-dns ]; allowedTCPPorts = [ portDefinitions.adguardhome-dns ];
allowedUDPPorts =
[ portDefinitions.adguardhome-dns portDefinitions.adguardhome-dhcp-udp ];
};
services = { services = {
adguardhome = { adguardhome = {
enable = true; enable = true;
allowDHCP = true; allowDHCP = true;
port = portDefinitions.adguardhome-http;
mutableSettings = true; mutableSettings = true;
port = portDefinitions.adguardhome-http;
settings = { settings = {
http = { http = {
address = "127.0.0.1:${toString portDefinitions.adguardhome-http}"; address = "127.0.0.1:${toString portDefinitions.adguardhome-http}";
session_ttl = "1440h"; session_ttl = "720h";
}; };
dns = { dns = {
bind_hosts = [ "0.0.0.0" ]; bind_hosts = [ "0.0.0.0" ];
@ -38,9 +41,231 @@ in {
icmp_timeout_msec = 1000; icmp_timeout_msec = 1000;
}; };
}; };
filtering = {
safe_search.enabled = false;
filtering_enabled = true;
parental_enabled = false;
safebrowsing_enabled = false;
protection_enabled = true;
cache_time = 30;
filters_update_interval = 24;
rewrites = [
{
domain = "rcia.dev";
answer = "10.0.0.1";
}
{
domain = "*.rcia.dev";
answer = "10.0.0.1";
}
];
};
clients = {
runtime_sources = {
whois = true;
arp = true;
rdns = true;
dhcp = true;
hosts = true;
};
persistent = [
{
name = "Decodificador";
ids = [ "10.0.0.200" ];
tags = [ "device_tv" ];
upstreams = [ "172.26.23.3" ];
use_global_settings = true;
}
{
name = "Poco X3";
ids = [ "10.0.0.202" ];
tags = [ "device_phone" ];
use_global_settings = false;
filtering_enabled = false;
}
{
name = "Tablet Samsung";
ids = [ "10.0.0.201" ];
tags = [ "device_tablet" ];
use_global_settings = false;
filtering_enabled = false;
}
];
};
filters = [
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
name = "AdGuard DNS filter";
id = 1;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
name = "AdAway Default Blocklist";
id = 2;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt";
name = "WindowsSpyBlocker - Hosts spy rules";
id = 1687062393;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt";
name = "Dandelion Sprout's Game Console Adblock List";
id = 1687062394;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt";
name = "Phishing URL Blocklist (PhishTank and OpenPhish)";
id = 1687062395;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt";
name = "Perflyst and Dandelion Sprout's Smart-TV Blocklist";
id = 1687062396;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt";
name = "Dandelion Sprout's Anti-Malware List";
id = 1687062397;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt";
name = "Scam Blocklist by DurableNapkin";
id = 1687062398;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt";
name = "The Big List of Hacked Malware Web Sites";
id = 1687062399;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt";
name = "Steven Black's List";
id = 1687062400;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt";
name = "Dan Pollock's List";
id = 1687062401;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt";
name = "Malicious URL Blocklist (URLHaus)";
id = 1687062402;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt";
name = "Peter Lowe's Blocklist";
id = 1687062403;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt";
name = "The NoTracking blocklist";
id = 1687062404;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt";
name = "Stalkerware Indicators List";
id = 1694924469;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_44.txt";
name = "HaGeZi's Threat Intelligence Feeds";
id = 1694924470;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt";
name = "NoCoin Filter List";
id = 1694924471;
}
];
user_rules = [
"||www.googleadservices.com^$important"
"||rdvs.alljoyn.org^$important"
"||safebrowsing.google.com^$client='10.0.0.28'"
"||fm.nvc.heil.nuancemobility.net^$client='10.0.0.230'"
"@@||npdl.cdn.nintendowifi.net^$important"
"||tse3.mm.bing.net^$important"
"@@||repo.webosbrew.org^$important"
"||es.lgeapi.com^$important"
"||discovery.meethue.com^$important"
"||eic.lgtviot.com^$important"
"||qs2-nevoai-iothub-02-prod.azure-devices.net^$important"
"||snu.lge.com^$important"
"||su.lge.com^$important"
"||su-ssl.lge.com^$important"
"||snu-dev.lge.com^$important"
"||su-dev.lge.com^$important"
"||nsu.lge.com^$important"
"||eic.commonpush.lgtviot.com^$important"
"||eic.sports.lgtviot.com^$important"
"||es.lgtvsdp.com^$important"
"||prod-ripcut-delivery.disney-plus.net^$client='TV'"
"||ngfts.lge.com^$important"
"||lgtvonline.lge.com^$important"
"||www.ueiwsp.com^$important"
"||temu.com^$important"
"||www.temu.com^$important"
"@@||unity3d.com^$client='10.0.0.7'"
"@@||config.ads.vungle.com^$client='10.0.0.7'"
"@@||rayjump.com^$client='10.0.0.7'"
"@@||vungle.com^$client='10.0.0.7'"
"@@||mtgglobals.com^$client='10.0.0.7'"
"@@||fundingchoicesmessages.google.com^$client='10.0.0.7'"
"@@||applovin.com^$client='10.0.0.7'"
"@@||rovio.com^$client='10.0.0.7'"
"@@||gov.aniview.com^$client='10.0.0.7'"
"@@||unity3d.com^$client='10.10.0.3'"
"@@||config.ads.vungle.com^$client='10.10.0.3'"
"@@||rayjump.com^$client='10.10.0.3'"
"@@||vungle.com^$client='10.10.0.3'"
"@@||mtgglobals.com^$client='10.10.0.3'"
"@@||fundingchoicesmessages.google.com^$client='10.10.0.3'"
"@@||googleads.g.doubleclick.net^$client='10.10.0.3'"
"@@||applovin.com^$client='10.10.0.3'"
"@@||rovio.com^$client='10.10.0.3'"
"@@||gov.aniview.com^$client='10.10.0.3'"
"@@||cdn.liftoff-creatives.io^$client='10.0.0.7'"
"||googleads.g.doubleclick.net^$client='Tablet'"
];
}; };
}; };
nginx.virtualHosts."dns.rcia.dev" = { nginx.virtualHosts."dns.rcia.dev" = {
forceSSL = true;
locations."/".proxyPass = locations."/".proxyPass =
"http://127.0.0.1:${toString portDefinitions.adguardhome-http}"; "http://127.0.0.1:${toString portDefinitions.adguardhome-http}";
extraConfig = nginxLocalServiceConfig; extraConfig = nginxLocalServiceConfig;

6
hosts/greatyamada/services/default.nix
View file

@ -1,13 +1,17 @@
{ ... }: { { ... }: {
imports = [ imports = [
./acme.nix ./acme.nix
./adguardhome.nix
./forgejo.nix ./forgejo.nix
./inadyn.nix ./inadyn.nix
./jellyfin.nix ./jellyfin.nix
./minecraft # ./minecraft
./nginx.nix ./nginx.nix
./pgadmin.nix
./postgresql.nix ./postgresql.nix
./radicale.nix ./radicale.nix
./searxng.nix
./vaultwarden.nix
./wireguard.nix ./wireguard.nix
]; ];
# paperlessngx # paperlessngx

27
hosts/greatyamada/services/forgejo.nix
View file

@ -1,14 +1,10 @@
{ pkgs, ... }: { pkgs, lib, ... }:
let let
forgejoSecretsPath = "/run/secrets/forgejo_";
portDefinitions = import ./_port-definitions.nix; portDefinitions = import ./_port-definitions.nix;
arrayToSecrets = elements: arrayToSecrets = elements:
builtins.listToAttrs (map (key: { builtins.listToAttrs (map (key: {
name = "forgejo/${key}"; name = "forgejo/${key}";
value = { value.owner = "forgejo";
path = "${forgejoSecretsPath}${key}";
owner = "forgejo";
};
}) elements); }) elements);
in { in {
services = { services = {
@ -18,15 +14,17 @@ in {
database = { database = {
type = "postgres"; type = "postgres";
port = portDefinitions.postgresql; port = portDefinitions.postgresql;
passwordFile = "${forgejoSecretsPath}database_password"; passwordFile = "/run/secrets/forgejo/database_password";
}; };
secrets = { secrets = {
server.LFS_JWT_SECRET = "${forgejoSecretsPath}lfs_jwt_secret"; server.LFS_JWT_SECRET =
lib.mkForce "/run/secrets/forgejo/lfs_jwt_secret";
security = { security = {
INTERNAL_TOKEN = "${forgejoSecretsPath}internal_token"; INTERNAL_TOKEN = lib.mkForce "/run/secrets/forgejo/internal_token";
SECRET_KEY = "${forgejoSecretsPath}secret_key"; SECRET_KEY = lib.mkForce "/run/secrets/forgejo/secret_key";
}; };
oauth2.JWT_SECRET = "${forgejoSecretsPath}oauth2_jwt_secret"; oauth2.JWT_SECRET =
lib.mkForce "/run/secrets/forgejo/oauth2_jwt_secret";
}; };
settings = { settings = {
server = { server = {
@ -43,12 +41,13 @@ in {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString portDefinitions.forgejo-http}"; proxyPass = "http://127.0.0.1:${toString portDefinitions.forgejo-http}";
}; };
forceSSL = true;
useACMEHost = "rcia.dev"; useACMEHost = "rcia.dev";
}; };
}; };
systemd.services.forgejo.preStart = '' # systemd.services.forgejo.preStart = ''
${pkgs.forgejo}/bin/gitea migrate # ${pkgs.forgejo}/bin/gitea migrate
''; # '';
sops.secrets = arrayToSecrets [ sops.secrets = arrayToSecrets [
"database_password" "database_password"
"internal_token" "internal_token"

13
hosts/greatyamada/services/inadyn.nix
View file

@ -1,10 +1,19 @@
{ config, ... }: { { config, ... }: {
services.inadyn = { services.inadyn = {
enable = true; enable = true;
provider."cloudflare.com" = { settings.provider."cloudflare.com" = {
hostname = [ "rcia.dev" "*.rcia.dev" ]; hostname = [ "rcia.dev" "*.rcia.dev" ];
username = "rcia.dev"; username = "rcia.dev";
password = "${config.sops.placeholder.cloudflare.api_key}"; include = config.sops.templates."inadyn-password.conf".path;
};
};
sops = {
secrets."cloudflare/api_token" = { };
templates."inadyn-password.conf" = {
content = ''
password = ${config.sops.placeholder."cloudflare/api_token"}
'';
owner = "inadyn";
}; };
}; };
} }

17
hosts/greatyamada/services/jellyfin.nix
View file

@ -1,21 +1,14 @@
{ ... }: { ... }:
let let portDefinitions = import ./_port-definitions.nix;
jellyfinPath = "/mnt/Datos/jellyfin";
nginxLocalServiceConfig = import ./nginx-local-config.nix;
portDefinitions = import ./_port-definitions.nix;
in { in {
services = { services = {
jellyfin = { jellyfin.enable = true;
enable = true;
dataDir = "${jellyfinPath}/data/";
};
nginx.virtualHosts."jellyfin.rcia.dev" = { nginx.virtualHosts."jellyfin.rcia.dev" = {
locations."/" = { locations."/".proxyPass =
proxyPass =
"http://127.0.0.1:${toString portDefinitions.jellyfin-http}"; "http://127.0.0.1:${toString portDefinitions.jellyfin-http}";
}; forceSSL = true;
extraConfig = nginxLocalServiceConfig;
useACMEHost = "rcia.dev"; useACMEHost = "rcia.dev";
}; };
}; };
users.users.jellyfin.extraGroups = [ "media" ];
} }

8
hosts/greatyamada/services/nginx.nix
View file

@ -1,10 +1,16 @@
{ ... }: { { ... }: {
networking.firewall.allowedTCPPorts = [ 443 ];
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"rcia.dev" = { "rcia.dev" = {
forceSSL = true; forceSSL = true;
enableACME = true; # enableACME = true;
useACMEHost = "rcia.dev";
serverAliases = [ "*.rcia.dev" ]; serverAliases = [ "*.rcia.dev" ];
# locations."/" = { root = /var/www/public; }; # locations."/" = { root = /var/www/public; };
}; };

21
hosts/greatyamada/services/pgadmin.nix Normal file
View file

@ -0,0 +1,21 @@
{ ... }:
let
_portDefinitions = import ./_port-definitions.nix;
nginxLocalConfig = import ./nginx-local-config.nix;
in {
services = {
pgadmin = {
enable = true;
initialEmail = "avery@rcia.dev";
initialPasswordFile = "/etc/nixos/a.txt";
port = _portDefinitions.pgadmin;
};
nginx.virtualHosts."pgadmin.rcia.dev" = {
locations."/".proxyPass =
"http://localhost:${toString _portDefinitions.pgadmin}";
forceSSL = true;
useACMEHost = "rcia.dev";
extraConfig = nginxLocalConfig;
};
};
}

5
hosts/greatyamada/services/postgresql.nix
View file

@ -1,8 +1,11 @@
{ ... }: { config, pkgs, ... }:
let portDefinitions = import ./_port-definitions.nix; let portDefinitions = import ./_port-definitions.nix;
in { in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_16;
dataDir =
"/mnt/ssd-01/postgresql/${config.services.postgresql.package.psqlSchema}";
settings.port = portDefinitions.postgresql; settings.port = portDefinitions.postgresql;
}; };
} }

9
hosts/greatyamada/services/radicale.nix
View file

@ -2,7 +2,6 @@
let let
nginxLocalServiceConfig = import ./nginx-local-config.nix; nginxLocalServiceConfig = import ./nginx-local-config.nix;
portDefinitions = import ./_port-definitions.nix; portDefinitions = import ./_port-definitions.nix;
radicalePath = "/mnt/Datos/radicale";
in { in {
services = { services = {
radicale = { radicale = {
@ -12,10 +11,9 @@ in {
[ "127.0.0.1:${toString portDefinitions.radicale-http}" ]; [ "127.0.0.1:${toString portDefinitions.radicale-http}" ];
auth = { auth = {
type = "htpasswd"; type = "htpasswd";
htpasswd_filename = "/etc/radicale/users"; htpasswd_filename = "/var/lib/radicale/users";
htpasswd_encryption = "bcrypt"; htpasswd_encryption = "bcrypt";
}; };
storage.filesystem_folder = radicalePath;
}; };
}; };
nginx.virtualHosts."radicale.rcia.dev" = { nginx.virtualHosts."radicale.rcia.dev" = {
@ -23,12 +21,13 @@ in {
proxyPass = proxyPass =
"http://127.0.0.1:${toString portDefinitions.radicale-http}"; "http://127.0.0.1:${toString portDefinitions.radicale-http}";
}; };
extraConfig = nginxLocalServiceConfig; forceSSL = true;
useACMEHost = "rcia.dev"; useACMEHost = "rcia.dev";
extraConfig = nginxLocalServiceConfig;
}; };
}; };
sops.secrets."radicale/users" = { sops.secrets."radicale/users" = {
path = "/etc/radicale/users"; path = "/var/lib/radicale/users";
owner = "radicale"; owner = "radicale";
}; };
} }

46
hosts/greatyamada/services/searxng.nix Normal file
View file

@ -0,0 +1,46 @@
{ config, pkgs, ... }:
let
portDefinitions = import ./_port-definitions.nix;
nginxLocalServiceConfig = import ./nginx-local-config.nix;
in {
services = {
searx = {
enable = true;
package = pkgs.searxng;
environmentFile = config.sops.templates."searxng_secret_key.env".path;
redisCreateLocally = true;
# runInUwsgi = true;
# uwsgiConfig = {
# socket = "/run/searx/searxng.sock";
# http = ":${toString portDefinitions.searxng}";
# chmod-socket = "660";
# };
settings = {
base_url = "https://searxng.rcia.dev";
bind_address = "127.0.0.1";
port = portDefinitions.searxng;
public_instance = false;
limiter = false;
};
};
nginx.virtualHosts."searxng.rcia.dev" = {
locations."/".proxyPass =
"http://127.0.0.1:${toString portDefinitions.searxng}";
extraConfig = nginxLocalServiceConfig;
forceSSL = true;
useACMEHost = "rcia.dev";
};
};
sops = {
secrets."searxng_secret_key".owner = "searx";
templates."searxng_secret_key.env" = {
content = ''
SEARXNG_SECRET=${config.sops.placeholder."searxng_secret_key"}
'';
owner = "searx";
};
};
systemd.services.nginx.serviceConfig.ProtectHome = false;
users.groups.searx.members = [ "nginx" ];
}

36
hosts/greatyamada/services/vaultwarden.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, ... }:
let
portDefinitions = import ./_port-definitions.nix;
nginxLocalServiceConfig = import ./nginx-local-config.nix;
in {
services = {
vaultwarden = {
enable = true;
dbBackend = "postgresql";
config = {
domain = "https://vaultwarden.rcia.dev";
rocketAddress = "127.0.0.1";
rocketPort = portDefinitions.vaultwarden;
showPasswordHint = false;
signupsAllowed = false;
};
environmentFile = config.sops.templates."vaultwarden.env".path;
};
nginx.virtualHosts."vaultwarden.rcia.dev" = {
locations."/".proxyPass =
"http://localhost:${toString portDefinitions.vaultwarden}";
forceSSL = true;
useACMEHost = "rcia.dev";
extraConfig = nginxLocalServiceConfig;
};
};
sops = {
secrets."vaultwarden_database_url" = { };
templates."vaultwarden.env" = {
content = ''
DATABASE_URL=${config.sops.placeholder."vaultwarden_database_url"}
'';
owner = "vaultwarden";
};
};
}

34
hosts/greatyamada/services/wireguard.nix
View file

@ -1,34 +1,36 @@
{ ... }: { pkgs, ... }:
let portDefinitions = import ./_port-definitions.nix; let portDefinitions = import ./_port-definitions.nix;
in { in {
networking = { networking = {
nat = {
enable = true;
externalInterface = "enp5s0";
internalInterfaces = [ "wg0" ];
};
firewall.allowedUDPPorts = [ portDefinitions.wireguard ]; firewall.allowedUDPPorts = [ portDefinitions.wireguard ];
wireguard = { wireguard = {
enable = true; enable = true;
interfaces.wg0 = { interfaces.wg0 = {
ips = [ "10.10.0.1/24" ]; ips = [ "10.10.0.1/24" ];
listenPort = portDefinitions.wireguard;
peers = [{ peers = [{
allowedIPs = [ "10.10.0.2/32" ]; allowedIPs = [ "10.10.0.2/32" ];
name = "Note9"; name = "Pixel9a";
publicKey = "Y5A5iv0ukg1TQMcIdtXd+bmDxtrqHCuoEhYRmBqwkFY="; publicKey = "Y5A5iv0ukg1TQMcIdtXd+bmDxtrqHCuoEhYRmBqwkFY=";
presharedKeyFile = "/run/secrets/preshared_keys_note9"; presharedKeyFile = "/run/secrets/wireguard/preshared_keys/note9";
}]; }];
postSetup = postSetup = ''
"iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp5s0 -j MASQUERADE"; ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o enp5s0 -j MASQUERADE
postShutdown = '';
"iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp5s0 -j MASQUERADE"; postShutdown = ''
privateKeyFile = "/run/secrets/wg_private_key"; ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.10.0.0/24 -o enp5s0 -j MASQUERADE
'';
privateKeyFile = "/run/secrets/wireguard/private_key";
}; };
}; };
}; };
sops.secrets = { sops.secrets = {
"wireguard/private_key" = { "wireguard/private_key" = { owner = "root"; };
path = "/run/secrets/wg_private_key"; "wireguard/preshared_keys/note9" = { owner = "root"; };
owner = "root";
};
"wireguard/preshared_keys/note9" = {
path = "/run/secrets/preshared_keys_note9";
owner = "root";
};
}; };
} }

9
hosts/mizuki/development.nix
View file

@ -1,12 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }: {
home.packages = with pkgs; [ home.packages = with pkgs; [ xh gnupg git-credential-manager pass wslu ];
xh
gnupg
git-credential-manager
pass
wslu
python3
];
programs = { programs = {
git = { git = {
enable = true; enable = true;

10
hosts/mizuki/nixos.nix
View file

@ -1,7 +1,7 @@
{ lib, pkgs, ... }: { { lib, pkgs, ... }: {
environment.shells = with pkgs; [ zsh ]; environment.shells = with pkgs; [ zsh ];
environment.systemPackages = with pkgs; [ xorg.setxkbmap android-tools ]; environment.systemPackages = with pkgs; [ xorg.setxkbmap ];
fonts = { fonts = {
packages = with pkgs; [ inter notonoto ]; packages = with pkgs; [ inter notonoto ];
@ -26,15 +26,19 @@
wheelNeedsPassword = true; wheelNeedsPassword = true;
}; };
services.mysql = {
enable = true;
package = pkgs.mysql84;
};
users = { users = {
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users.avery.extraGroups = [ "wheel" "adbusers" ]; users.avery.extraGroups = [ "wheel" ];
}; };
wsl = { wsl = {
enable = true; enable = true;
defaultUser = "avery"; defaultUser = "avery";
usbip.enable = true;
}; };
virtualisation.docker.enable = true; virtualisation.docker.enable = true;