zaphyra.nix - nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
87 
88 
89 
90 
91 
92 
93 
94 
95 
96 
97 
98 
99 
100 
101 
102 
103 
{
  npins,
  pkgs,
  lib,
  config,
  machineConfig,
  ...
}:

let
  cfg = config.zpha.profiles.zaphyra;

in
{

  options.zpha.profiles.zaphyra.enable = lib.mkEnableOption "zaphyra's defaults";

  imports =
    (lib.mkIf cfg.enable [
      "${npins.nixMaid}/src/nixos"
    ]).content;

  config = lib.mkIf cfg.enable {
    dns.zones."fc9f.de".subdomains."${config.networking.hostName}" =
      lib.mkIf (machineConfig ? networking)
        (
          let
            networkCfg = machineConfig.networking;
          in
          {
            AAAA = lib.mkIf ((networkCfg ? ip6Address) && !networkCfg.ip6IsPrivate) [
              networkCfg.ip6Address
            ];
            A = lib.mkIf ((networkCfg ? ip4Address) && !networkCfg.ip4IsPrivate) [
              networkCfg.ip4Address
            ];
          }
        );

    maid.sharedModules = [
      ../../../maidModules/environment.nix
      ../../../maidModules/xdg.nix
      ../../../maidModules/dbus.nix
      ../../../maidModules/programs/fish.nix
      ../../../maidModules/programs/starship.nix
      ../../../maidModules/programs/git.nix
      ../../../maidModules/programs/lazygit.nix
    ];

    users.users = {
      root = {
        extraGroups = [ "ssh" ];
        openssh.authorizedKeys.keys = [
          (builtins.readFile "${pkgs.zpha.website}/ssh_pubkey.asc")
        ];
      };
      zaphyra.maid = {
        programs = {
          starship.enable = true;
        };
      };
    };

    zpha = {
      profiles.nginx.enable = true;
      programs = {
        fish.enable = true;
        htop.enable = true;
        ssh.enable = true;
      };
    };

    common = {
      configure = {
        rootDisk.enable = lib.mkDefault true;
        persist.system.enable = lib.mkDefault true;
        persist.home.enable = lib.mkDefault true;
      };

      profiles = {
        base.enable = true;
        minimal.enable = lib.mkDefault true;
      };

      services.vnstat.enable = true;

      users.zaphyra.enable = true;
    };

    services = {
      timesyncd.enable = lib.mkDefault true;
      fstrim.enable = lib.mkDefault true;

      speechd.enable = false;

      journald.extraConfig = "SystemMaxUse=2.5G";

      # logind.settings.Login.KillUserProcesses = lib.mkDefault true;
      nginx.appendHttpConfig = ''add_header X-Clacks-Overhead "GNU memdmp" always;'';
    };
  };

}