networking, users etc

2023-10-30 21:46:44 +00:00 · 2023-10-30 21:46:44 +00:00 · 6063234389
parent e42ce4e91b
commit 6063234389
1 changed files with 41 additions and 4 deletions
--- a/nixos/viridian/configuration.nix
+++ b/nixos/viridian/configuration.nix
@ -20,6 +20,12 @@
    # You can also split up your configuration and import pieces of it here:
    # ./users.nix

+    # Import common configurations
+    ../common/system-tools.nix
+
+    # Import our docker containers
+    ./containers
+
    # Import your generated (nixos-generate-config) hardware configuration
    ./hardware-configuration.nix
  ];
@ -50,6 +56,13 @@
  };

  nix = {
+    gc = {
+      # Automatically run the garbage collector an a specified time.
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 30d";
+    };
+
    # This will add each flake input as a registry
    # To make nix3 commands consistent with your flake
    registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
@ -66,7 +79,28 @@
    };
  };

-  networking.hostName = "viridian";
+  networking = {
+    hostName = "viridian";
+    domain = "kanto.dev";
+    networkmanager.enable = true;
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [
+        53    # pihole-FTL  (DNS)
+        80    # traefik     (HTTP)
+        443   # traefik     (HTTPS)
+        8096  # jellyfin
+        32372 # qbittorrent
+      ];
+      allowedUDPPorts = [
+        53    # pihole-FTL  (DNS)
+        80    # traefik     (HTTP)
+        443   # traefik     (HTTPS)
+        8096  # jellyfin
+        32372 # qbittorrent
+      ];
+    };
+  };

  boot.loader = {
    systemd-boot.enable = true;
@ -76,10 +110,13 @@
    };
  };

+  programs.zsh.enable = true;
+
  users.users = {
    admin = {
      isNormalUser = true;
-      extraGroups = [ "wheel" "docker" ];
+      extraGroups = [ "networkmanager" "wheel" "docker" ];
+      shell = pkgs.zsh;
      openssh.authorizedKeys.keyFiles = [ ../fuchsia/id_ed25519_sk.pub ];
    };
  };
@ -89,9 +126,9 @@
  services.openssh = {
    enable = true;
    # Forbid root login through SSH.
-    permitRootLogin = "no";
+    settings.PermitRootLogin = "no";
    # Use keys only. Remove if you want to SSH using password (not recommended)
-    passwordAuthentication = false;
+    settings.PasswordAuthentication = false;
  };

  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion