nix-infra/hosts/dinictis/default.nix

{ pkgs, ... }: {
  imports = [
    ../../profiles/desktop
    ./hardware-configuration.nix
  ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.wireless.iwd.enable = true;

  # Enable CUPS to print documents.
  services.printing.enable = true;

  users.users.sammy.packages = with pkgs; [
    picard
  ];

  home-manager.users.sammy.programs.ssh.includes = [
    "./famedly-config"
  ];
  home-manager.users.sammy.programs.git.includes = [
    {
      path = "~/famedly/.gitconfig";
      condition = "gitdir:~/famedly/";
    }
  ];

  fileSystems."/mnt/Media" = {
    device = "192.168.0.3:/mnt/user/Media";
    fsType = "nfs";
    options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" "noatime" ]; # disconnects after 10 minutes (i.e. 600 seconds)
  };

  system.stateVersion = "23.11"; # Did you read the comment?

  # Famedly compliance foo - stolen from evelyn :3

  systemd.user.services.usbguard-notifier.enable = true;

  services.clamav = {
    daemon = {
      enable = true;
    };
    updater = {
      enable = true;
      frequency = 24;
      interval = "hourly";
    };
  };

  deployment.keys."osquery-secret.txt" = {
    keyCommand = [ "pass" "work/osquery-secret" ];

    destDir = "/etc/osquery/";
    uploadAt = "pre-activation";
  };

  services.osquery = {
    enable = true;
    flags = {
      tls_hostname = "fleet.famedly.de";
      host_identifier = "instance";
      enroll_secret_path = "/etc/osquery/osquery-secret.txt";
      enroll_tls_endpoint = "/api/osquery/enroll";
      config_plugin = "tls";
      config_tls_endpoint = "/api/v1/osquery/config";
      config_refresh = "10";
      disable_distributed = "false";
      distributed_plugin = "tls";
      distributed_interval = "10";
      distributed_tls_max_attempts = "3";
      distributed_tls_read_endpoint = "/api/v1/osquery/distributed/read";
      distributed_tls_write_endpoint = "/api/v1/osquery/distributed/write";
      logger_plugin = "tls";
      logger_tls_endpoint = "/api/v1/osquery/log";
      logger_tls_period = "10";
      disable_carver = "false";
      carver_start_endpoint = "/api/v1/osquery/carve/begin";
      carver_continue_endpoint = "/api/v1/osquery/carve/block";
      carver_block_size = "2000000";
      tls_server_certs = "/etc/ssl/certs/ca-certificates.crt";
    };
  };
}
sway and new host dinicitis work laptop foo 2024-05-04 16:37:52 +00:00			`{ pkgs, ... }: {`
add new host 2024-05-04 11:01:27 +00:00			`imports = [`
			`../../profiles/desktop`
dinictis 2024-05-04 13:03:05 +00:00			`./hardware-configuration.nix`
add new host 2024-05-04 11:01:27 +00:00			`];`

dinictis 2024-05-04 13:03:05 +00:00			`boot.loader.systemd-boot.enable = true;`
			`boot.loader.efi.canTouchEfiVariables = true;`

sway and new host dinicitis work laptop foo 2024-05-04 16:37:52 +00:00			`networking.wireless.iwd.enable = true;`
dinictis 2024-05-04 13:03:05 +00:00
			`# Enable CUPS to print documents.`
			`services.printing.enable = true;`

add some pakiges 2024-05-22 11:02:07 +00:00			`users.users.sammy.packages = with pkgs; [`
			`picard`
			`];`
dinictis 2024-05-04 13:03:05 +00:00
sway and new host dinicitis work laptop foo 2024-05-04 16:37:52 +00:00			`home-manager.users.sammy.programs.ssh.includes = [`
			`"./famedly-config"`
			`];`
			`home-manager.users.sammy.programs.git.includes = [`
			`{`
			`path = "~/famedly/.gitconfig";`
			`condition = "gitdir:~/famedly/";`
			`}`
			`];`

mount homeserver share on laptop 2024-05-15 11:22:58 +00:00			`fileSystems."/mnt/Media" = {`
			`device = "192.168.0.3:/mnt/user/Media";`
			`fsType = "nfs";`
			`options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" "noatime" ]; # disconnects after 10 minutes (i.e. 600 seconds)`
			`};`

add new host 2024-05-04 11:01:27 +00:00			`system.stateVersion = "23.11"; # Did you read the comment?`
dinictis 2024-05-04 13:03:05 +00:00
sway and new host dinicitis work laptop foo 2024-05-04 16:37:52 +00:00			`# Famedly compliance foo - stolen from evelyn :3`

			`systemd.user.services.usbguard-notifier.enable = true;`

			`services.clamav = {`
			`daemon = {`
			`enable = true;`
			`};`
			`updater = {`
			`enable = true;`
			`frequency = 24;`
			`interval = "hourly";`
			`};`
			`};`

			`deployment.keys."osquery-secret.txt" = {`
			`keyCommand = [ "pass" "work/osquery-secret" ];`

			`destDir = "/etc/osquery/";`
			`uploadAt = "pre-activation";`
			`};`

			`services.osquery = {`
			`enable = true;`
			`flags = {`
			`tls_hostname = "fleet.famedly.de";`
			`host_identifier = "instance";`
			`enroll_secret_path = "/etc/osquery/osquery-secret.txt";`
			`enroll_tls_endpoint = "/api/osquery/enroll";`
			`config_plugin = "tls";`
			`config_tls_endpoint = "/api/v1/osquery/config";`
			`config_refresh = "10";`
			`disable_distributed = "false";`
			`distributed_plugin = "tls";`
			`distributed_interval = "10";`
			`distributed_tls_max_attempts = "3";`
			`distributed_tls_read_endpoint = "/api/v1/osquery/distributed/read";`
			`distributed_tls_write_endpoint = "/api/v1/osquery/distributed/write";`
			`logger_plugin = "tls";`
			`logger_tls_endpoint = "/api/v1/osquery/log";`
			`logger_tls_period = "10";`
			`disable_carver = "false";`
			`carver_start_endpoint = "/api/v1/osquery/carve/begin";`
			`carver_continue_endpoint = "/api/v1/osquery/carve/block";`
			`carver_block_size = "2000000";`
			`tls_server_certs = "/etc/ssl/certs/ca-certificates.crt";`
			`};`
			`};`
add new host 2024-05-04 11:01:27 +00:00			`}`