60 lines
2.0 KiB
Nix
60 lines
2.0 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
{
|
|
imports = [
|
|
./fs.nix
|
|
];
|
|
|
|
sane.services.trust-dns.asSystemResolver = false; # TEMPORARY: TODO: re-enable trust-dns
|
|
# sane.programs.devPkgs.enableFor.user.colin = true;
|
|
# sane.guest.enable = true;
|
|
|
|
# don't enable wifi by default: it messes with connectivity.
|
|
# systemd.services.iwd.enable = false;
|
|
# systemd.services.wpa_supplicant.enable = false;
|
|
sane.programs.wpa_supplicant.enableFor.user.colin = lib.mkForce false;
|
|
sane.programs.wpa_supplicant.enableFor.system = lib.mkForce false;
|
|
|
|
sops.secrets.colin-passwd.neededForUsers = true;
|
|
|
|
sane.roles.build-machine.enable = true;
|
|
sane.roles.client = true;
|
|
sane.roles.dev-machine = true;
|
|
sane.roles.pc = true;
|
|
sane.services.wg-home.enable = true;
|
|
sane.services.wg-home.ip = config.sane.hosts.by-name."desko".wg-home.ip;
|
|
sane.ovpn.addrV4 = "172.26.55.21";
|
|
# sane.ovpn.addrV6 = "fd00:0000:1337:cafe:1111:1111:20c1:a73c";
|
|
sane.services.duplicity.enable = true;
|
|
|
|
sane.nixcache.remote-builders.desko = false;
|
|
|
|
sane.programs.sway.enableFor.user.colin = true;
|
|
sane.programs.iphoneUtils.enableFor.user.colin = true;
|
|
sane.programs.steam.enableFor.user.colin = true;
|
|
|
|
sane.programs."gnome.geary".config.autostart = true;
|
|
sane.programs.signal-desktop.config.autostart = true;
|
|
|
|
sane.programs.nwg-panel.config = {
|
|
battery = false;
|
|
brightness = false;
|
|
};
|
|
|
|
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
|
|
|
|
# needed to use libimobiledevice/ifuse, for iphone sync
|
|
services.usbmuxd.enable = true;
|
|
|
|
# default config: https://man.archlinux.org/man/snapper-configs.5
|
|
# defaults to something like:
|
|
# - hourly snapshots
|
|
# - auto cleanup; keep the last 10 hourlies, last 10 daylies, last 10 monthlys.
|
|
services.snapper.configs.nix = {
|
|
# TODO: for the impermanent setup, we'd prefer to just do /nix/persist,
|
|
# but that also requires setting up the persist dir as a subvol
|
|
SUBVOLUME = "/nix";
|
|
# TODO: ALLOW_USERS doesn't seem to work. still need `sudo snapper -c nix list`
|
|
ALLOW_USERS = [ "colin" ];
|
|
};
|
|
}
|