unexplrd/nixos-blueprint
2
2
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

eldrid

Browse Source 
Signed-off-by: unexplrd <unexplrd@linerds.us>
This commit is contained in:
unexplrd
2025-03-26 00:10:37 +02:00
parent 9286d95f0a
commit d9df333e58
6 changed files with 122 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
hosts/eldrid/configuration.nix
View File

@ -1,8 +1,8 @@
# device-specific setup
{
pkgs,
inputs,
config,
inputs,
...
}: {
imports = with inputs; [
@ -10,28 +10,30 @@
lix.nixosModules.default
self.nixosModules.desktop
self.nixosModules.system
./hardware-conf.nix
./hardware.nix
./programs.nix
./stylix.nix
./users.nix
./sops.nix
];
desktop = {
hyprland.enable = true;
# cosmic.enable = true;
niri.enable = true;
};
nix = {
settings.experimental-features = ["nix-command" "flakes"];
channel.enable = false;
daemonCPUSchedPolicy = "idle";
settings = {
experimental-features = ["nix-command" "flakes"];
builders-use-substitutes = true;
};
distributedBuilds = true;
settings.builders-use-substitutes = true;
buildMachines = [
{
hostName = "dunamis";
sshUser = "remotebuild";
sshUser = "nix-ssh";
system = "x86_64-linux";
sshKey = config.sops.secrets."ssh-private-eldrid-rmbuild".path;
sshKey = config.sops.secrets."ssh-eldrid-user".path;
supportedFeatures = ["nixos-test" "big-parallel" "kvm" "benchmark"];
publicHostKey = builtins.readFile "${inputs.mysecrets}/ssh/ssh_host_ed25519_dunamis.base64";
}
@ -46,10 +48,8 @@
networking = {
networkmanager.enable = true;
hostName = "eldrid";
# required for syncthing
firewall = {
allowedTCPPorts = [22000];
allowedUDPPorts = [21027 22000];
hosts = {
"192.168.1.42" = ["dunamis"];
};
};
@ -75,6 +75,15 @@
flatpak.enable = true;
fstrim.enable = true;
openssh.enable = true;
syncthing.openDefaultPorts = true;
dnscrypt-proxy2 = {
enable = true;
settings = {
require_dnssec = true;
server_names = ["mullvad-doh"];
bootstrap_resolvers = ["9.9.9.11:53" "9.9.9.9:53"];
};
};
};
services.scx = {
enable = true;