dotfiles/hosts/default.nix


{ config, lib, pkgs, ... }:

let
  # This is a placeholder
in
{
  options = {};
  imports = [ ../packages/default.nix ../users/default.nix ./config/stm32 ];

  config = {
    hardware = {
      bluetooth.enable = lib.mkDefault false;
      steam-hardware.enable = lib.mkDefault false;
    };

    boot = {
      kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
      loader = {
        efi.canTouchEfiVariables = lib.mkDefault true;
        systemd-boot.enable = lib.mkDefault true;
      };
    };

    programs = {
      appimage.binfmt = true;
      direnv = {
        enable = true;
        nix-direnv.enable = true;
      };
    };
    security.sudo.wheelNeedsPassword = false;
    security.rtkit.enable = true;
    services = {
      fstrim.enable = true;
      resolved = {
        enable = true;
        dnsovertls = "opportunistic";
        fallbackDns = [
          "2620:fe::10#dns10.quad9.net"
          "2620:fe::fe:10#dns10.quad9.net"
          "9.9.9.10#dns10.quad9.net"
          "149.112.112.10#dns10.quad9.net"
        ];
        extraConfig = ''
          DNS=2620:fe::10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net 9.9.9.10#dns10.quad9.net 149.112.112.10#dns10.quad9.net
        '';
      };
      xserver.displayManager.lightdm.enable = false;
    };

    # Wireguard stuff, to-do make better
    networking.firewall = {
      enable = true;
      # if packets are still dropped, they will show up in dmesg
      logReversePathDrops = true;
      # wireguard trips rpfilter up
      extraCommands = ''
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN
        ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN
      '';
      extraStopCommands = ''
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN || true
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN || true
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN || true
        ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
      '';
      # Open ports in the firewall.
      allowedTCPPorts = [ 22000 ];
      allowedUDPPorts = [ 22000 ];
    };

    services.udev.packages = [
      (pkgs.writeTextFile {

        name = "alterra-udev";
        destination = "/etc/udev/rules.d/92-alterra.rules";
        text = ''
        # USB-Blaster
        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6001", MODE="0666"
        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6002", MODE="0666"

        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6003", MODE="0666"

        # USB-Blaster II
        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6010", MODE="0666"
        SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6810", MODE="0666"
        '';
    })];

    services.openssh = lib.mkIf (config.stitchyconf.form == "server"){
      enable = true;
      settings.PasswordAuthentication = false;
      settings.KbdInteractiveAuthentication = false;
    };

    environment.etc.hosts.mode = "0644";
    nix.settings.experimental-features = [ "nix-command" "flakes" ];
  };
}
more sanely split things 2023-08-06 04:03:24 +00:00
complete refactor of packages and options 2024-03-27 03:47:54 +00:00			`{ config, lib, pkgs, ... }:`
more sanely split things 2023-08-06 04:03:24 +00:00
complete refactor of packages and options 2024-03-27 03:47:54 +00:00			`let`
			`# This is a placeholder`
			`in`
more sanely split things 2023-08-06 04:03:24 +00:00			`{`
complete refactor of packages and options 2024-03-27 03:47:54 +00:00			`options = {};`
feat(nix): stm32 device rules 2025-02-28 10:21:24 +00:00			`imports = [ ../packages/default.nix ../users/default.nix ./config/stm32 ];`
more sanely split things 2023-08-06 04:03:24 +00:00
complete refactor of packages and options 2024-03-27 03:47:54 +00:00			`config = {`
			`hardware = {`
			`bluetooth.enable = lib.mkDefault false;`
			`steam-hardware.enable = lib.mkDefault false;`
			`};`
more sanely split things 2023-08-06 04:03:24 +00:00
complete refactor of packages and options 2024-03-27 03:47:54 +00:00			`boot = {`
			`kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;`
			`loader = {`
			`efi.canTouchEfiVariables = lib.mkDefault true;`
			`systemd-boot.enable = lib.mkDefault true;`
			`};`
			`};`
more sanely split things 2023-08-06 04:03:24 +00:00
feat(nix): add direnv support 2025-02-27 02:28:02 +00:00			`programs = {`
			`appimage.binfmt = true;`
			`direnv = {`
			`enable = true;`
			`nix-direnv.enable = true;`
			`};`
			`};`
complete refactor of packages and options 2024-03-27 03:47:54 +00:00			`security.sudo.wheelNeedsPassword = false;`
			`security.rtkit.enable = true;`
Update framework config 2024-03-31 10:10:47 +00:00			`services = {`
flake update and fstrim 2024-04-20 09:07:01 +00:00			`fstrim.enable = true;`
Update framework config 2024-03-31 10:10:47 +00:00			`resolved = {`
			`enable = true;`
			`dnsovertls = "opportunistic";`
			`fallbackDns = [`
			`"2620:fe::10#dns10.quad9.net"`
			`"2620:fe::fe:10#dns10.quad9.net"`
			`"9.9.9.10#dns10.quad9.net"`
			`"149.112.112.10#dns10.quad9.net"`
			`];`
			`extraConfig = ''`
			`DNS=2620:fe::10#dns10.quad9.net 2620:fe::fe:10#dns10.quad9.net 9.9.9.10#dns10.quad9.net 149.112.112.10#dns10.quad9.net`
			`'';`
			`};`
			`xserver.displayManager.lightdm.enable = false;`
			`};`
more sanely split things 2023-08-06 04:03:24 +00:00
complete refactor of packages and options 2024-03-27 03:47:54 +00:00			`# Wireguard stuff, to-do make better`
			`networking.firewall = {`
			`enable = true;`
			`# if packets are still dropped, they will show up in dmesg`
			`logReversePathDrops = true;`
			`# wireguard trips rpfilter up`
			`extraCommands = ''`
			`ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN`
			`ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN`
			`ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN`
			`ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN`
			`'';`
			`extraStopCommands = ''`
			`ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 47111 -j RETURN \|\| true`
			`ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 47111 -j RETURN \|\| true`
			`ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport 51820 -j RETURN \|\| true`
			`ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN \|\| true`
			`'';`
			`# Open ports in the firewall.`
			`allowedTCPPorts = [ 22000 ];`
			`allowedUDPPorts = [ 22000 ];`
			`};`

I really should commit more 2024-11-01 18:47:35 +00:00			`services.udev.packages = [`
			`(pkgs.writeTextFile {`

			`name = "alterra-udev";`
			`destination = "/etc/udev/rules.d/92-alterra.rules";`
			`text = ''`
			`# USB-Blaster`
			`SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6001", MODE="0666"`
			`SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6002", MODE="0666"`

			`SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6003", MODE="0666"`

			`# USB-Blaster II`
			`SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6010", MODE="0666"`
			`SUBSYSTEM=="usb", ATTRS{idVendor}=="09fb", ATTRS{idProduct}=="6810", MODE="0666"`
			`'';`
			`})];`

refactor: move openssh config to a mkif 2024-12-21 18:54:43 -08:00			`services.openssh = lib.mkIf (config.stitchyconf.form == "server"){`
			`enable = true;`
			`settings.PasswordAuthentication = false;`
			`settings.KbdInteractiveAuthentication = false;`
			`};`

complete refactor of packages and options 2024-03-27 03:47:54 +00:00			`environment.etc.hosts.mode = "0644";`
			`nix.settings.experimental-features = [ "nix-command" "flakes" ];`
			`};`
more sanely split things 2023-08-06 04:03:24 +00:00			`}`