hosts/work.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115

{ config, pkgs, inputs, ... }:
{
  imports = [ ./hardware-configuration/work.nix ];

  environment.systemPackages = with pkgs; [
    slack
    git-review
    hexchat
    obsidian
    apacheHttpd
    moonlight-qt
    brightnessctl
    hugo
  ];

  hardware.bluetooth.enable = true;
  hardware.bluetooth.powerOnBoot = true;

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "work"; # Define your hostname.
  networking.networkmanager.enable = true;

  time.timeZone = "Europe/Amsterdam";

  i18n.defaultLocale = "en_US.UTF-8";
  i18n.extraLocaleSettings = {
    LC_ADDRESS = "nl_NL.UTF-8";
    LC_IDENTIFICATION = "nl_NL.UTF-8";
    LC_MEASUREMENT = "nl_NL.UTF-8";
    LC_MONETARY = "nl_NL.UTF-8";
    LC_NAME = "nl_NL.UTF-8";
    LC_NUMERIC = "nl_NL.UTF-8";
    LC_PAPER = "nl_NL.UTF-8";
    LC_TELEPHONE = "nl_NL.UTF-8";
    LC_TIME = "nl_NL.UTF-8";
  };

  services = {
    openssh.enable = true;
    openvpn.servers = {
      ghostnet = {
        config = ''
          client
          remote 185.57.9.6 1194
          cert ${config.age.secrets.ghostnet-cert.path}
          key ${config.age.secrets.ghostnet-key.path}
          ca ${config.age.secrets.ghostnet-ca.path}
          auth-user-pass ${config.age.secrets.ghostnet-auth-user-pass.path}
          reneg-sec 0
          cipher AES-256-CBC
          comp-lzo adaptive
          dev tun
          proto udp
          remote-cert-tls server
          tls-auth ${config.age.secrets.ghostnet-tls-auth.path} 1
          nobind
          auth-nocache
          script-security 2
          persist-key
          persist-tun
          user nm-openvpn
          group nm-openvpn
        '';
        updateResolvConf = false;
      };
      systems = {
        config = ''
          client
          remote 'vpn-v2.one.com'
          cert '${config.age.secrets.systems-cert.path}'
          key '${config.age.secrets.systems-key.path}'
          ca '${config.age.secrets.systems-ca.path}'
          cipher AES-128-CBC
          comp-lzo adaptive
          dev tun
          proto udp
          port 1200
          remote-cert-tls server
          tls-auth '${config.age.secrets.systems-tls-auth.path}' 1
          nobind
          auth-nocache
          script-security 2
          persist-key
          persist-tun
          user nm-openvpn
          group nm-openvpn
        '';
        updateResolvConf = false;
      };
    };

    xserver.xkb = {
      layout = "us";
      variant = "";
    };
  };

  users.users.jras = {
    isNormalUser = true;
    description = "Jasper Ras";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [ git helix ];
  };

  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
    users.jras = import ../home-manager/entrypoints/work.nix;
    extraSpecialArgs = { inherit inputs; primary-monitor = "eDP-1"; };
  };

  system.stateVersion = "24.05"; # Do NOT change before reading configuration.nix
}