diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix index 38f383f..9957ec3 100644 --- a/hosts/desktop/default.nix +++ b/hosts/desktop/default.nix @@ -1,4 +1,4 @@ -{ inputs, globals, ... }: +{ inputs, globals, overlays, ... }: with inputs; @@ -16,7 +16,7 @@ nixpkgs.lib.nixosSystem { { physical = true; networking.hostName = "desktop"; - nixpkgs.overlays = [ nur.overlay ]; + nixpkgs.overlays = [ nur.overlay ] ++ overlays; # Set registry to flake packages, used for nix X commands nix.registry.nixpkgs.flake = nixpkgs; identityFile = "/home/${globals.user}/.ssh/id_ed25519"; @@ -29,7 +29,9 @@ nixpkgs.lib.nixosSystem { gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark"; passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512; wsl.enable = false; + publicKey = null; + neovim.enable = true; media.enable = true; firefox.enable = true; kitty.enable = true; diff --git a/nixos/graphical/picom.nix b/nixos/graphical/picom.nix index 819c8f3..102d4d5 100644 --- a/nixos/graphical/picom.nix +++ b/nixos/graphical/picom.nix @@ -24,7 +24,6 @@ # ''; }; fade = false; - experimentalBackends = true; inactiveOpacity = 1.0; menuOpacity = 1.0; opacityRules = [ diff --git a/nixos/hardware/wifi.nix b/nixos/hardware/wifi.nix index 10fd4f9..b6c5daa 100644 --- a/nixos/hardware/wifi.nix +++ b/nixos/hardware/wifi.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: { - config = lib.mkIf (config.physical && config.isLinux) { + config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) { # Enables wireless support via wpa_supplicant. networking.wireless.enable = true; diff --git a/nixos/services/backups.nix b/nixos/services/backups.nix index 5c25048..c1e143b 100644 --- a/nixos/services/backups.nix +++ b/nixos/services/backups.nix @@ -4,17 +4,17 @@ backup.s3 = { endpoint = lib.mkOption { - type = lib.types.str; + type = lib.types.nullOr lib.types.str; description = "S3 endpoint for backups"; default = null; }; bucket = lib.mkOption { - type = lib.types.str; + type = lib.types.nullOr lib.types.str; description = "S3 bucket for backups"; default = null; }; accessKeyId = lib.mkOption { - type = lib.types.str; + type = lib.types.nullOr lib.types.str; description = "S3 access key ID for backups"; default = null; }; @@ -22,7 +22,7 @@ }; - config = { + config = lib.mkIf (config.backup.s3.endpoint != null) { users.groups.backup = { }; diff --git a/nixos/services/calibre.nix b/nixos/services/calibre.nix index f12ec20..1637244 100644 --- a/nixos/services/calibre.nix +++ b/nixos/services/calibre.nix @@ -2,7 +2,7 @@ options = { bookServer = lib.mkOption { - type = lib.types.str; + type = lib.types.nullOr lib.types.str; description = "Hostname for Calibre library"; default = null; }; diff --git a/nixos/services/gitea.nix b/nixos/services/gitea.nix index e28429d..8c5281f 100644 --- a/nixos/services/gitea.nix +++ b/nixos/services/gitea.nix @@ -8,7 +8,7 @@ in { giteaServer = lib.mkOption { description = "Hostname for Gitea."; - type = lib.types.str; + type = lib.types.nullOr lib.types.str; default = null; }; diff --git a/nixos/services/jellyfin.nix b/nixos/services/jellyfin.nix index 4b8bb21..a870cdc 100644 --- a/nixos/services/jellyfin.nix +++ b/nixos/services/jellyfin.nix @@ -2,7 +2,7 @@ options = { streamServer = lib.mkOption { - type = lib.types.str; + type = lib.types.nullOr lib.types.str; description = "Hostname for Jellyfin library"; default = null; }; diff --git a/nixos/services/nextcloud.nix b/nixos/services/nextcloud.nix index 30093d5..3e997c0 100644 --- a/nixos/services/nextcloud.nix +++ b/nixos/services/nextcloud.nix @@ -3,7 +3,7 @@ options = { nextcloudServer = lib.mkOption { - type = lib.types.str; + type = lib.types.nullOr lib.types.str; description = "Hostname for Nextcloud"; default = null; }; diff --git a/nixos/services/prometheus.nix b/nixos/services/prometheus.nix index d8adb2f..b372cca 100644 --- a/nixos/services/prometheus.nix +++ b/nixos/services/prometheus.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { options.metricsServer = lib.mkOption { - type = lib.types.str; + type = lib.types.nullOr lib.types.str; description = "Hostname of the Grafana server."; default = null; }; diff --git a/nixos/services/sshd.nix b/nixos/services/sshd.nix index 9eb4265..229a21c 100644 --- a/nixos/services/sshd.nix +++ b/nixos/services/sshd.nix @@ -2,7 +2,7 @@ options = { publicKey = lib.mkOption { - type = lib.types.str; + type = lib.types.nullOr lib.types.str; description = "Public SSH key authorized for this system."; }; permitRootLogin = lib.mkOption { @@ -12,25 +12,26 @@ }; }; - config = lib.mkIf (pkgs.stdenv.isLinux && !config.wsl.enable) { - services.openssh = { - enable = true; - ports = [ 22 ]; - passwordAuthentication = false; - gatewayPorts = "no"; - forwardX11 = false; - allowSFTP = true; - permitRootLogin = config.permitRootLogin; + config = lib.mkIf + (pkgs.stdenv.isLinux && !config.wsl.enable && config.publicKey != null) { + services.openssh = { + enable = true; + ports = [ 22 ]; + passwordAuthentication = false; + gatewayPorts = "no"; + forwardX11 = false; + allowSFTP = true; + permitRootLogin = config.permitRootLogin; + }; + + users.users.${config.user}.openssh.authorizedKeys.keys = + [ config.publicKey ]; + + # Implement a simple fail2ban service for sshd + services.sshguard.enable = true; + + # Add terminfo for SSH from popular terminal emulators + environment.enableAllTerminfo = true; }; - users.users.${config.user}.openssh.authorizedKeys.keys = - [ config.publicKey ]; - - # Implement a simple fail2ban service for sshd - services.sshguard.enable = true; - - # Add terminfo for SSH from popular terminal emulators - environment.enableAllTerminfo = true; - }; - } diff --git a/nixos/services/vaultwarden.nix b/nixos/services/vaultwarden.nix index c02fa78..c4cbf89 100644 --- a/nixos/services/vaultwarden.nix +++ b/nixos/services/vaultwarden.nix @@ -8,7 +8,7 @@ in { vaultwardenServer = lib.mkOption { description = "Hostname for Vaultwarden."; - type = lib.types.str; + type = lib.types.nullOr lib.types.str; default = null; };