initial leptin config

2024-07-03 12:58:48 -04:00 · 2024-07-03 12:58:48 -04:00 · 70b453279b
commit 70b453279b
parent b4a8708538
3 changed files with 75 additions and 0 deletions
--- a/auxin/configuration.nix
+++ b/auxin/configuration.nix
@ -248,6 +248,7 @@
      ];
      bantime-increment.enable = true;
    };
+    # TODO: check security settings
    samba = {
      enable = true;
      shares = {
--- a/flake.nix
+++ b/flake.nix
@ -20,5 +20,13 @@
        ];
      };
    };
+    darwinConfigurations = {
+      leptin = nixpkgs.lib.darwinSystem {
+        system = "aarch64-darwin";
+        modules = [
+          ./leptin/configuration.nix
+        ];
+      };
+    };
  };
 }
--- a/leptin/configuration.nix
+++ b/leptin/configuration.nix
@ -0,0 +1,66 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [];
+
+  nix = {
+    package = pkgs.nixFlakes;
+    optimise.automatic = true;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+  networking = {
+    hostName = "leptin";
+  };
+  time.timeZone = "America/New_York";
+  environment.systemPackages = with pkgs; [
+    caddy
+    cargo
+    bat
+    chezmoi
+    delta
+    git
+    difftastic
+    btop
+    alejandra
+    neovim
+    hyperfine
+    lazygit
+    docker
+    lsd
+    zsh
+    sheldon
+    starship
+    tealdeer
+    statix
+    tmux
+    viddy
+    yazi
+    zoxide
+    fzf
+    mcfly
+    wget
+  ];
+  programs = {
+    nh = {
+      enable = true;
+      clean.enable = true;
+      clean.extraArgs = "--keep-since 4d --keep 3";
+      flake = "/Users/mira/nix-config";
+    };
+  };
+  fail2ban = {
+    enable = true;
+    ignoreIP = ["10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16"];
+  };
+  virtualisation.docker = {
+    enableOnBoot = true;
+    enable = true;
+    autoPrune.enable = true;
+    extraOptions = "--userns-remap=default";
+  };
+}