many changes and more modularizing

2024-12-12 22:30:24 +01:00
parent df50e70f3e
commit c96c24f864
109 changed files with 20900 additions and 278 deletions
--- a/hosts/nb/configuration.nix
+++ b/hosts/nb/configuration.nix
@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).

-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 let
  unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) {
    config = { allowUnfree = true; };
@@ -12,6 +12,8 @@ let
 in {
  nixpkgs.config.allowUnfree = true;

+  security.pki.certificates = [ "/home/dominik/.local/share/mkcert/rootCA.pem" ];
+
  imports =
    [ # Include the results of the hardware scan.
      "${impermanence}/nixos.nix"
@@ -151,7 +153,6 @@ in {
  };

  networking.hostName = "nb-01"; # Define your hostname.
-  networking.resolvconf.enable = true;
  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  networking.extraHosts = ''
    77.119.230.30 vpn.cloonar.com
@@ -229,6 +230,7 @@ in {
            "10.42.96.0/20"
            # wohnservice-wien
            "10.254.240.0/24"
+            "10.254.235.0/24"
            # epicenter.works
            "10.14.0.0/16"
            "10.25.0.0/16" ];
@@ -242,6 +244,45 @@ in {
    };
  };

+  # networking.networkmanager.insertNameservers = [ "9.9.9.9" "149.112.112.11" "2620:fe::fe" "2620:fe::9" ];
+  # services.avahi.enable = false;
+  # networking.resolvconf.enable = lib.mkForce false;
+  # services.resolved = {
+  #   enable = true;
+  #   dnssec = "true";
+  #   domains = [ "~." ];
+  #   fallbackDns = [ "9.9.9.9" "149.112.112.11" "2620:fe::fe" "2620:fe::9" ];
+  #   dnsovertls = "true";
+  # };
+  # networking.wg-quick.interfaces = {
+  #   wg0 = {
+  #     address = [ "10.42.98.201/32" ];
+  #     privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
+  #
+  #     postUp = ''
+  #       ${pkgs.systemd}/bin/resolvectl dns wg0 10.42.97.1
+  #       ${pkgs.systemd}/bin/resolvectl domain wg0 cloonar.com
+  #       ${pkgs.systemd}/bin/resolvectl dnsovertls wg0 true
+  #     '';
+  #
+  #     peers = [
+  #       {
+  #         publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
+  #       allowedIPs = [
+  #         "10.42.96.0/20"
+  #         # wohnservice-wien
+  #         "10.254.240.0/24"
+  #         # epicenter.works
+  #         "10.14.0.0/16"
+  #         "10.25.0.0/16"
+  #       ];
+  #         endpoint = "vpn.cloonar.com:51822";
+  #         persistentKeepalive = 25;
+  #       }
+  #     ];
+  #   };
+  # };
+

  nix = {
    settings.auto-optimise-store = true;
@@ -259,6 +300,11 @@ in {
    '';
  };

+  services.xserver.desktopManager.gnome.extraGSettingsOverrides = ''
+    [org.gnome.desktop.interface]
+    cursor-size=24
+  '';
+

 }