xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move some stuff into hosts/hostname/profiles

Browse source
This commit is contained in:
xunuwu 2025-06-06 11:28:00 +02:00
parent 9c9a3d543c
commit e2946e4a1f
Signed by: xun
SSH key fingerprint: SHA256:Uot/1WoAjWAeqLOHA5vYy4phhVydsH7jCPmBjaPZfgI
33 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/nixdesk/profiles/autologin.nix Normal file
View file

@ -0,0 +1,6 @@
{
services.getty = {
autologinUser = "xun";
autologinOnce = true;
};
}

28
hosts/nixdesk/profiles/hibernate-boot.nix Normal file
View file

@ -0,0 +1,28 @@
{pkgs, ...}: {
# hibernate and reboot to firmware
# this allows me to save linux state and boot into another os (such as windows)
# make sure not to mount any filesystems from the other os or you risk losing data
environment.systemPackages = [
(pkgs.writeShellScriptBin "hib-boot" ''
set -e
if [ ! -v 1 ]; then
echo "no argument provided"
echo "please provide the id for the os you want to boot"
echo "these are the valid id's:"
echo ""
${pkgs.efibootmgr}/bin/efibootmgr
exit
fi
if [ ! -w /sys/power/disk -o ! -w /sys/power/state ]; then
echo "you lack permission to write to /sys/power/{disk,state}, are you not running this script as root?"
exit
fi
${pkgs.efibootmgr}/bin/efibootmgr -n "$1" >/dev/null
echo reboot >/sys/power/disk
echo disk >/sys/power/state
'')
];
}

7
hosts/nixdesk/profiles/restic-server.nix Normal file
View file

@ -0,0 +1,7 @@
{
services.restic.server = {
enable = true;
dataDir = "/srv/backup";
extraFlags = ["--no-auth"];
};
}

72
hosts/nixdesk/profiles/samba-mount.nix Normal file
View file

@ -0,0 +1,72 @@
{
config,
pkgs,
...
}: {
environment.systemPackages = [pkgs.cifs-utils];
systemd.mounts = [
{
description = "smb hopper transmission download directory";
what = "//192.168.50.97/transmission"; # hopper local ip
where = "/server/transmission";
type = "cifs";
options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path}";
}
{
description = "smb hopper vault";
what = "//192.168.50.97/vault"; # hopper local ip
where = "/server/vault";
type = "cifs";
options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path}";
}
{
description = "smb hopper library";
what = "//192.168.50.97/library"; # hopper local ip
where = "/server/library";
type = "cifs";
options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path},vers=3.0";
}
{
description = "smb hopper slskd files";
what = "//192.168.50.97/slskd"; # hopper local ip
where = "/server/slskd";
type = "cifs";
options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path}";
}
];
systemd.automounts = [
{
requires = ["network-online.target"];
where = "/server/transmission";
wantedBy = ["multi-user.target"];
automountConfig = {
TimeoutIdleSec = "10min";
};
}
{
requires = ["network-online.target"];
where = "/server/vault";
wantedBy = ["multi-user.target"];
automountConfig = {
TimeoutIdleSec = "10min";
};
}
{
requires = ["network-online.target"];
where = "/server/library";
wantedBy = ["multi-user.target"];
automountConfig = {
TimeoutIdleSec = "10min";
};
}
{
requires = ["network-online.target"];
where = "/server/slskd";
wantedBy = ["multi-user.target"];
automountConfig = {
TimeoutIdleSec = "10min";
};
}
];
}

29
hosts/nixdesk/profiles/wireguard.nix Normal file
View file

@ -0,0 +1,29 @@
{
config,
inputs,
lib,
...
}: {
imports = [inputs.vpn-confinement.nixosModules.default];
# networking.wg-quick.interfaces."wireguard".configFile = config.sops.secrets.wireguard.path;
vpnNamespaces."wg" = {
enable = true;
wireguardConfigFile = config.sops.secrets.wireguard.path;
accessibleFrom = ["192.168.0.0/24"];
# Forwarded to my vpn, for making things accessible from outside
openVPNPorts =
lib.range 23000 23010
|> map (num: {
port = num;
protocol = "both";
});
# From inside of the vpn namespace to outside of it, for making things inside accessible to LAN
portMappings = [];
};
systemd.services.wg.wantedBy = lib.mkForce [];
}