diff --git a/Legion.nix b/Legion.nix new file mode 100644 index 00000000..06424538 --- /dev/null +++ b/Legion.nix @@ -0,0 +1,28 @@ +{pkgs, ...}: { + imports = [ + ./home + ./common.nix + ./locales/en_GB.nix + ./services/Legion.nix + ]; + + networking = { + hostName = "Legion"; # Define your hostname. + nameservers = ["9.9.9.9"]; + firewall = {enable = true;}; + }; + + users.users.xenia = { + isNormalUser = true; + description = "Evie Litherland-Smith"; + extraGroups = ["networkmanager" "wheel"]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = import ./auth/authorized_keys.nix; + }; + home-manager.users.xenia = import ./home/Legion/xenia.nix; + + system.autoUpgrade = { + enable = true; + allowReboot = false; + }; +} diff --git a/services/Legion.nix b/services/Legion.nix new file mode 100644 index 00000000..80c440aa --- /dev/null +++ b/services/Legion.nix @@ -0,0 +1,15 @@ +{...}: { + imports = [ + ./adguardhome + ./gitea + ./nextcloud + ./openvpn/Legion.nix + ./sshd + ./syncthing/Legion.nix + ./terraria/windy_limbo_of_melancholy.nix + ./traefik/adguardhome.nix + ./traefik/gitea.nix + ./traefik/nextcloud.nix + ./traefik/qbittorrent.nix + ]; +} diff --git a/services/openvpn/Legion.nix b/services/openvpn/Legion.nix new file mode 100644 index 00000000..eff984b6 --- /dev/null +++ b/services/openvpn/Legion.nix @@ -0,0 +1,71 @@ +{...}: let + # generate via openvpn --genkey --secret openvpn-laptop.key + client-key = "/root/openvpn.key"; + domain = "vpn.xenia.me.uk"; + vpn-dev = "tun0"; + port = 1194; +in { + networking = { + nat = { + enable = true; + externalInterface = "enp42s0"; + internalInterfaces = [vpn-dev]; + }; + firewall = { + trustedInterfaces = [vpn-dev]; + allowedUDPPorts = [port]; + }; + }; + + services.openvpn = { + restartAfterSleep = true; + servers.xenia.config = '' + dev ${vpn-dev} + proto udp + ifconfig 10.8.0.1 10.8.0.2 + secret ${client-key} + port ${toString port} + + cipher AES-256-CBC + auth-nocache + + comp-lzo + keepalive 10 60 + ping-timer-rem + persist-tun + persist-key + ''; + }; + + environment.etc."openvpn/client.ovpn" = { + text = '' + dev tun + remote "${domain}" + ifconfig 10.8.0.2 10.8.0.1 + port ${toString port} + redirect-gateway def1 + + cipher AES-256-CBC + auth-nocache + + comp-lzo + keepalive 10 60 + resolv-retry infinite + nobind + persist-key + persist-tun + secret [inline] + + ''; + mode = "600"; + }; + system.activationScripts.openvpn-addkey = '' + f="/etc/openvpn/client.ovpn" + if ! grep -q '' $f; then + echo "appending secret key" + echo "" >> $f + cat ${client-key} >> $f + echo "" >> $f + fi + ''; +} diff --git a/services/syncthing/Legion.nix b/services/syncthing/Legion.nix new file mode 100644 index 00000000..8e1619e9 --- /dev/null +++ b/services/syncthing/Legion.nix @@ -0,0 +1,60 @@ +{...}: { + imports = [./default.nix ./devices]; + services.syncthing = { + user = "xenia"; + group = "users"; + dataDir = "/var/lib/syncthing"; + folders = { + "Archive" = { + path = "/var/lib/syncthing/archive"; + devices = ["ion" "monarch" "northstar"]; + enable = true; + }; + "Books" = { + path = "/var/lib/syncthing/books"; + devices = ["monarch" "northstar" "remarkable"]; + enable = true; + }; + "Camera" = { + path = "/var/lib/syncthing/camera"; + devices = ["ion"]; + enable = true; + }; + "Comics" = { + path = "/home/xenia/Documents/Comics"; + devices = ["ion" "monarch" "northstar"]; + enable = true; + }; + "Documents" = { + path = "/var/lib/syncthing/documents"; + devices = ["monarch" "northstar"]; + enable = true; + }; + "Exports" = { + path = "/var/lib/syncthing/exports"; + devices = ["monarch"]; + enable = true; + }; + "Movies" = { + path = "/var/lib/syncthing/movies"; + devices = ["ion" "monarch" "northstar"]; + enable = true; + }; + "Notes" = { + path = "/home/xenia/notes"; + devices = ["ion" "monarch" "northstar" "H0615"]; + enable = true; + }; + "Pictures" = { + path = "/var/lib/syncthing/pictures"; + devices = ["ion" "monarch" "northstar"]; + enable = true; + }; + "Xochitl" = { + path = "/var/lib/syncthing/xochitl"; + devices = ["remarkable"]; + enable = true; + }; + }; + }; +}