nix-files/hosts/by-name/desko/default.nix

{ config, pkgs, ... }:
{
  imports = [
    ./fs.nix
  ];

  sane.roles.client = true;
  sane.services.wg-home.enable = true;
  sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
  sane.services.duplicity.enable = true;
  sane.services.nixserve.enable = true;
  sane.services.nixserve.sopsFile = ../../../secrets/desko.yaml;
  sane.persist.enable = true;

  sane.gui.sway.enable = true;

  sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];

  boot.loader.efi.canTouchEfiVariables = false;
  sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];

  # needed to use libimobiledevice/ifuse, for iphone sync
  services.usbmuxd.enable = true;

  sops.secrets.colin-passwd = {
    sopsFile = ../../../secrets/desko.yaml;
    neededForUsers = true;
  };

  # don't enable wifi by default: it messes with connectivity.
  systemd.services.iwd.enable = false;

  # default config: https://man.archlinux.org/man/snapper-configs.5
  # defaults to something like:
  #   - hourly snapshots
  #   - auto cleanup; keep the last 10 hourlies, last 10 daylies, last 10 monthlys.
  services.snapper.configs.nix = {
    # TODO: for the impermanent setup, we'd prefer to just do /nix/persist,
    # but that also requires setting up the persist dir as a subvol
    subvolume = "/nix";
    # TODO: ALLOW_USERS doesn't seem to work. still need `sudo snapper -c nix list`
    extraConfig = ''
      ALLOW_USERS = "colin";
    '';
  };

  sops.secrets.duplicity_passphrase = {
    sopsFile = ../../../secrets/desko.yaml;
  };

  programs.steam = {
    enable = true;
    # not sure if needed: stole this whole snippet from the wiki
    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
  };
  sane.user.persist.plaintext = [
    ".steam"
    ".local/share/Steam"
  ];

  # docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion
  system.stateVersion = "21.05";
}
introduce an 'allocations' systems for things like uids/gids 2022-07-15 06:58:27 +00:00			`{ config, pkgs, ... }:`
create a machine for my desktop it's a clone of lappy, except with different fs uuids. i'll work to fold some of these in a bit. 2022-05-22 08:27:02 +00:00			`{`
desko/lappy: factor out some easy commonalities i'm sure this will change as i mess with the rpi image 2022-05-22 08:59:04 +00:00			`imports = [`
desko/lappy: factor out common hardware 2022-05-22 09:03:25 +00:00			`./fs.nix`
desko/lappy: factor out some easy commonalities i'm sure this will change as i mess with the rpi image 2022-05-22 08:59:04 +00:00			`];`
machines: lappy/desko: port to use the new homes helper 2022-05-23 07:07:08 +00:00
desko: enable wg-home 2023-01-20 07:59:11 +00:00			`sane.roles.client = true;`
			`sane.services.wg-home.enable = true;`
			`sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;`
rename `config.{colinsane -> sane}` 2022-08-01 07:23:49 +00:00			`sane.services.duplicity.enable = true;`
desko: enable nix-serve 2022-09-14 21:45:07 +00:00			`sane.services.nixserve.enable = true;`
refactor hosts directory, and move ssh keys out of modules/data longer-term, i want hosts/by-name to define host-specific data that's accessible via the other hosts (things like pubkeys). also the secrets management needs some rethinking. there's really not much point in me specifiying where exactly a secret comes from at its use site. i should really be specifying secret store manifests; i.e. "servo.yaml contains secrets X Y and Z", and leaving the rest up to auto-computing. 2023-01-19 23:23:41 +00:00			`sane.services.nixserve.sopsFile = ../../../secrets/desko.yaml;`
rename impermanence -> persist 2023-01-06 10:04:51 +00:00			`sane.persist.enable = true;`
rebuild desko and flash it haven't booted into it yet (we'll see!) 2022-06-24 09:07:40 +00:00
desko: enable wg-home 2023-01-20 07:59:11 +00:00			`sane.gui.sway.enable = true;`

programs: split the guiApps category into slightly smaller bits 2023-02-10 00:47:10 +00:00			`sane.programs.guiApps.suggestedPrograms = [ "desktopGuiApps" ];`

rebuild desko and flash it haven't booted into it yet (we'll see!) 2022-06-24 09:07:40 +00:00			`boot.loader.efi.canTouchEfiVariables = false;`
rename `config.{colinsane -> sane}` 2022-08-01 07:23:49 +00:00			`sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];`
desko: enable duplicity backups 2022-06-10 08:43:48 +00:00
enable stuff needed for ifuse/iphone photo syncing 2022-06-16 00:22:27 +00:00			`# needed to use libimobiledevice/ifuse, for iphone sync`
			`services.usbmuxd.enable = true;`

desko: set a password 2022-10-24 08:59:10 +00:00			`sops.secrets.colin-passwd = {`
refactor hosts directory, and move ssh keys out of modules/data longer-term, i want hosts/by-name to define host-specific data that's accessible via the other hosts (things like pubkeys). also the secrets management needs some rethinking. there's really not much point in me specifiying where exactly a secret comes from at its use site. i should really be specifying secret store manifests; i.e. "servo.yaml contains secrets X Y and Z", and leaving the rest up to auto-computing. 2023-01-19 23:23:41 +00:00			`sopsFile = ../../../secrets/desko.yaml;`
desko: set a password 2022-10-24 08:59:10 +00:00			`neededForUsers = true;`
			`};`

desko: disable wifi 2022-12-10 12:27:02 +00:00			`# don't enable wifi by default: it messes with connectivity.`
			`systemd.services.iwd.enable = false;`

desko: enable snapper for testing 2022-06-29 10:58:11 +00:00			`# default config: https://man.archlinux.org/man/snapper-configs.5`
			`# defaults to something like:`
			`# - hourly snapshots`
			`# - auto cleanup; keep the last 10 hourlies, last 10 daylies, last 10 monthlys.`
			`services.snapper.configs.nix = {`
			`# TODO: for the impermanent setup, we'd prefer to just do /nix/persist,`
			`# but that also requires setting up the persist dir as a subvol`
			`subvolume = "/nix";`
			# TODO: ALLOW_USERS doesn't seem to work. still need `sudo snapper -c nix list`
			`extraConfig = ''`
			`ALLOW_USERS = "colin";`
			`'';`
			`};`

desko: enable duplicity backups 2022-06-10 08:43:48 +00:00			`sops.secrets.duplicity_passphrase = {`
refactor hosts directory, and move ssh keys out of modules/data longer-term, i want hosts/by-name to define host-specific data that's accessible via the other hosts (things like pubkeys). also the secrets management needs some rethinking. there's really not much point in me specifiying where exactly a secret comes from at its use site. i should really be specifying secret store manifests; i.e. "servo.yaml contains secrets X Y and Z", and leaving the rest up to auto-computing. 2023-01-19 23:23:41 +00:00			`sopsFile = ../../../secrets/desko.yaml;`
desko: enable duplicity backups 2022-06-10 08:43:48 +00:00			`};`
gui/sway: port to module system 2022-06-07 00:35:28 +00:00
desko: add steam 2022-07-16 10:10:57 +00:00			`programs.steam = {`
			`enable = true;`
			`# not sure if needed: stole this whole snippet from the wiki`
			`remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play`
			`dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server`
			`};`
use sane.user.persist instead of sane.persist.home 2023-01-30 10:35:03 +00:00			`sane.user.persist.plaintext = [`
desko: add steam 2022-07-16 10:10:57 +00:00			`".steam"`
			`".local/share/Steam"`
			`];`

desko/lappy: explicitly set system.stateVersion 2022-05-28 20:14:48 +00:00			`# docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion`
			`system.stateVersion = "21.05";`
create a machine for my desktop it's a clone of lappy, except with different fs uuids. i'll work to fold some of these in a bit. 2022-05-22 08:27:02 +00:00			`}`