nixy/configuration.nix

@@ -13,35 +13,31 @@
   system.stateVersion = "23.05";
   system.autoUpgrade.enable = false;
 
-  sops = {
+  sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
-    age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
+  sops.secrets."peerix/private" = {
-    secrets = {
-      "peerix/private" = {
     sopsFile = ./secrets/peerix.yaml;
     mode = "0400";
     owner = config.users.users.nobody.name;
     group = config.users.users.nobody.group;
   };
 
-      "wg_privkey" = {
+  sops.secrets."wg_privkey" = {
     sopsFile = ./secrets/wg_privkey.yaml;
   };
 
-      "wg_preshared/nixy" = {
+  sops.secrets."wg_preshared/nixy" = {
     sopsFile = ../common/secrets/wg_preshared.yaml;
   };
 
-      "borgbase_enc_key" = {
+  sops.secrets."borgbase_enc_key" = {
     sopsFile = ./secrets/borgbase_enc_key.yaml;
     owner = config.users.users.akill.name;
   };
 
-      "borgbase_ssh_key" = {
+  sops.secrets."borgbase_ssh_key" = {
     sopsFile = ./secrets/borgbase_ssh_key.yaml;
     owner = config.users.users.akill.name;
   };
-    };
-  };
 
   nix = {
     optimise.automatic = true;
@@ -72,7 +68,7 @@
       memtest86.enable = true;
     };
     readOnlyNixStore = true;
-    supportedFilesystems = ["btrfs"];
+    supportedFilesystems = ["btrfs" "nfs"];
     tmp.useTmpfs = true;
   };
 
@@ -208,6 +204,7 @@
     ntp.enable = true;
     openssh.enable = true;
     printing.enable = true;
+    rpcbind.enable = true;
 
     pipewire = {
       enable = true;
@@ -416,7 +413,7 @@
       enable = true;
       driSupport = true;
       driSupport32Bit = true;
-      extraPackages = [];
+      extraPackages = with pkgs; [];
     };
     rtl-sdr.enable = true;
   };