summaryrefslogtreecommitdiff
path: root/hosts/work.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/work.nix')
-rw-r--r--hosts/work.nix152
1 files changed, 0 insertions, 152 deletions
diff --git a/hosts/work.nix b/hosts/work.nix
deleted file mode 100644
index 9256d09..0000000
--- a/hosts/work.nix
+++ /dev/null
@@ -1,152 +0,0 @@
-{ config, pkgs, inputs, ... }:
-{
- imports = [ ./hardware-configuration/work.nix ];
-
- age.secrets.ghostnet-cert.file = ../secrets/ghostnet-cert.age;
- age.secrets.ghostnet-key.file = ../secrets/ghostnet-key.age;
- age.secrets.ghostnet-ca.file = ../secrets/ghostnet-ca.age;
- age.secrets.ghostnet-tls-auth.file = ../secrets/ghostnet-tls-auth.age;
- age.secrets.ghostnet-auth-user-pass.file = ../secrets/ghostnet-auth-user-pass.age;
-
- age.secrets.systems-cert.file = ../secrets/systems-cert.age;
- age.secrets.systems-key.file = ../secrets/systems-key.age;
- age.secrets.systems-ca.file = ../secrets/systems-ca.age;
- age.secrets.systems-tls-auth.file = ../secrets/systems-tls-auth.age;
-
- environment.systemPackages = with pkgs; [
- slack
- git-review
- hexchat
- apacheHttpd
- moonlight-qt
- brightnessctl
- hugo
- google-chrome
- ];
-
- hardware.bluetooth.enable = true;
- hardware.bluetooth.powerOnBoot = true;
-
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- networking.hostName = "work";
- networking.networkmanager.enable = true;
- networking.networkmanager.dns = "systemd-resolved";
- networking.nameservers = [ "1.1.1.1" ];
- networking.firewall.allowedTCPPorts = [];
-
- time.timeZone = "Europe/Amsterdam";
-
- i18n.defaultLocale = "en_US.UTF-8";
- i18n.extraLocaleSettings = {
- LC_ADDRESS = "nl_NL.UTF-8";
- LC_IDENTIFICATION = "nl_NL.UTF-8";
- LC_MEASUREMENT = "nl_NL.UTF-8";
- LC_MONETARY = "nl_NL.UTF-8";
- LC_NAME = "nl_NL.UTF-8";
- LC_NUMERIC = "nl_NL.UTF-8";
- LC_PAPER = "nl_NL.UTF-8";
- LC_TELEPHONE = "nl_NL.UTF-8";
- LC_TIME = "nl_NL.UTF-8";
- };
-
- services.libinput.mouse.accelProfile = "flat";
- services.libinput.mouse.accelSpeed = "-5";
- services.upower.enable = true;
- services.openssh.enable = true;
- services.openvpn.servers = {
- ghostnet = {
- config = ''
- client
- remote 185.57.9.6 1194
- cert ${config.age.secrets.ghostnet-cert.path}
- key ${config.age.secrets.ghostnet-key.path}
- ca ${config.age.secrets.ghostnet-ca.path}
- auth-user-pass ${config.age.secrets.ghostnet-auth-user-pass.path}
- reneg-sec 0
- cipher AES-256-CBC
- comp-lzo adaptive
- dev tun
- proto udp
- remote-cert-tls server
- tls-auth ${config.age.secrets.ghostnet-tls-auth.path} 1
- nobind
- auth-nocache
- script-security 2
- persist-key
- persist-tun
- user nm-openvpn
- group nm-openvpn
- '';
- updateResolvConf = false;
- autoStart = false;
- };
- systems = {
- config = ''
- client
- remote 'vpn-v2.one.com'
- cert '${config.age.secrets.systems-cert.path}'
- key '${config.age.secrets.systems-key.path}'
- ca '${config.age.secrets.systems-ca.path}'
- cipher AES-128-CBC
- comp-lzo adaptive
- dev tun
- proto udp
- port 1200
- remote-cert-tls server
- tls-auth '${config.age.secrets.systems-tls-auth.path}' 1
- nobind
- auth-nocache
- script-security 2
- persist-key
- persist-tun
- user nm-openvpn
- group nm-openvpn
- '';
- updateResolvConf = false;
- autoStart = false;
- };
- };
-
- programs.update-systemd-resolved.servers = {
- ghostnet = {
- includeAutomatically = true;
- settings = {
- routeOnlyDomains = [ "hostnetbv.nl." ];
- defaultRoute = false;
- multicastDNS = "no";
- dnsOverTLS = "opportunistic";
- dnssec = "no";
- };
- };
- };
-
- services.resolved = {
- enable = true;
- dnssec = "true";
- domains = [ "~." ];
- fallbackDns = [ "1.1.1.1" ];
- dnsovertls = "opportunistic";
- llmnr = "true";
- };
-
- services.xserver.xkb = {
- layout = "us";
- variant = "";
- };
-
- users.users.jras = {
- isNormalUser = true;
- description = "Jasper Ras";
- extraGroups = [ "networkmanager" "wheel" "docker" ];
- packages = with pkgs; [ git ];
- };
-
- home-manager.useGlobalPkgs = true;
- home-manager.useUserPackages = true;
- home-manager.users.jras = import ../home-manager/entrypoints/work.nix;
- home-manager.extraSpecialArgs = { inherit inputs; monitor-names = ["eDP-1" "HDMI-A-1" "DP-10"]; };
-
- system.stateVersion = "24.05"; # Do NOT change before reading configuration.nix
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-16 12:05:47 +0000