all repos — flake @ ecd5bff6468991f322764979e0c552c84b102fce

got my cool flake

hosts/ivy/default.nix (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 
{ inputs, pkgs, ... }:
{
  imports = [
    ../common/default.nix
    ./hardware.nix
    ./ports.nix

    ./caddy
    ./services

    inputs.tranquil.nixosModules.tranquil-pds
    inputs.home-manager.nixosModules.home-manager
  ];

  age.secrets.ivy-vaultwarden.file = ../../secrets/ivy/vaultwarden.age;
  age.secrets.ivy-immich.file = ../../secrets/ivy/immich.age;
  age.secrets.ivy-tranquil.file = ../../secrets/ivy/tranquil.age;

  nix.settings.trusted-users = [
    "root"
    "@wheel"
    "apr"
  ];

  boot = {
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    kernelPackages = pkgs.linuxPackages_latest;
  };

  networking = {
    hostName = "ivy";
    networkmanager.enable = true;

    firewall = {
      allowedTCPPorts = [
        22
        80
        443
        11434
        5555
      ];
      allowedUDPPorts = [ ];
      enable = true;
    };
  };
  security.sudo.wheelNeedsPassword = false;

  home-manager = {
    extraSpecialArgs = { inherit inputs; };
    users = {
      apr = import ../../home/apr-ivy.nix;
    };
    useGlobalPkgs = true;
    useUserPackages = true;
  };

  users.users.apr.uid = 1000;
  system.stateVersion = "25.11";
}