blob: ede4ffbce19f4d86f83ca1774f653cbac60ba8a2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
{ config, pkgs, inputs, ... }:
{
imports = [ ./hardware-configuration/work.nix ];
environment.systemPackages = with pkgs; [
slack
git-review
hexchat
obsidian
apacheHttpd
moonlight-qt
brightnessctl
hugo
];
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "work"; # Define your hostname.
networking.networkmanager.enable = true;
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "nl_NL.UTF-8";
LC_IDENTIFICATION = "nl_NL.UTF-8";
LC_MEASUREMENT = "nl_NL.UTF-8";
LC_MONETARY = "nl_NL.UTF-8";
LC_NAME = "nl_NL.UTF-8";
LC_NUMERIC = "nl_NL.UTF-8";
LC_PAPER = "nl_NL.UTF-8";
LC_TELEPHONE = "nl_NL.UTF-8";
LC_TIME = "nl_NL.UTF-8";
};
programs = {
update-systemd-resolved.servers.ghostnet.includeAutomatically = true;
};
services = {
openssh.enable = true;
openvpn.servers = {
ghostnet = {
config = ''
client
remote 185.57.9.6 1194
cert ${config.age.secrets.ghostnet-cert.path}
key ${config.age.secrets.ghostnet-key.path}
ca ${config.age.secrets.ghostnet-ca.path}
auth-user-pass ${config.age.secrets.ghostnet-auth-user-pass.path}
reneg-sec 0
cipher AES-256-CBC
comp-lzo adaptive
dev tun
proto udp
remote-cert-tls server
tls-auth ${config.age.secrets.ghostnet-tls-auth.path} 1
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nm-openvpn
group nm-openvpn
'';
updateResolvConf = false;
};
systems = {
config = ''
client
remote 'vpn-v2.one.com'
cert '${config.age.secrets.systems-cert.path}'
key '${config.age.secrets.systems-key.path}'
ca '${config.age.secrets.systems-ca.path}'
cipher AES-128-CBC
comp-lzo adaptive
dev tun
proto udp
port 1200
remote-cert-tls server
tls-auth '${config.age.secrets.systems-tls-auth.path}' 1
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nm-openvpn
group nm-openvpn
'';
updateResolvConf = false;
};
};
xserver.xkb = {
layout = "us";
variant = "";
};
};
users.users.jras = {
isNormalUser = true;
description = "Jasper Ras";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [ git helix ];
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.jras = import ../home-manager/entrypoints/work.nix;
extraSpecialArgs = { inherit inputs; monitor-names = ["eDP-1" "HDMI-A-1"]; };
};
system.stateVersion = "24.05"; # Do NOT change before reading configuration.nix
}
|
