hosts/sini/configuration.nix (view raw)
1{ config, pkgs, lib, ... }:
2
3{
4 imports =
5 [
6 ./hardware-configuration.nix
7 ];
8
9 boot.loader.systemd-boot.enable = true;
10 boot.loader.efi.canTouchEfiVariables = true;
11
12 networking.hostName = "sini"; # Define your hostname.
13
14 boot.kernelParams = [ "ip=dhcp" ];
15 boot.initrd = let interface = "wlp3s0"; in
16 {
17 luks.devices."luks-0ae4be28-55a1-4a0c-8518-c6d53540cb26".device = "/dev/disk/by-uuid/0ae4be28-55a1-4a0c-8518-c6d53540cb26";
18 availableKernelModules = [ "ccm" "ctr" "iwlmvm" "iwlwifi" ];
19
20 systemd = {
21 enable = true;
22
23 packages = [ pkgs.wpa_supplicant ];
24 initrdBin = [ pkgs.wpa_supplicant ];
25 targets.initrd.wants = [ "wpa_supplicant@${interface}.service" ];
26
27 # prevent WPA supplicant from requiring `sysinit.target`.
28 services."wpa_supplicant@".unitConfig.DefaultDependencies = false;
29
30 users.root.shell = "/bin/systemd-tty-ask-password-agent";
31 };
32 network = {
33 enable = true;
34 ssh = {
35 enable = true;
36 port = 22;
37 authorizedKeys = [ "ssh-rsa AAAAyourpublic-key-here..." ];
38 hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
39 };
40 networks = {
41 matchConfig.Name = interface;
42 networkConfig.DHCP = "yes";
43 };
44 };
45 };
46
47 networking.networkmanager.enable = true;
48
49 time.timeZone = "Europe/Helsinki";
50
51 i18n.defaultLocale = "en_US.UTF-8";
52
53 i18n.extraLocaleSettings = {
54 LC_ADDRESS = "en_US.UTF-8";
55 LC_IDENTIFICATION = "en_US.UTF-8";
56 LC_MEASUREMENT = "en_US.UTF-8";
57 LC_MONETARY = "en_US.UTF-8";
58 LC_NAME = "en_US.UTF-8";
59 LC_NUMERIC = "en_US.UTF-8";
60 LC_PAPER = "en_US.UTF-8";
61 LC_TELEPHONE = "en_US.UTF-8";
62 LC_TIME = "en_US.UTF-8";
63 };
64
65 sound.enable = true;
66 hardware.pulseaudio.enable = true;
67 hardware.opengl = {
68 enable = true;
69 extraPackages = with pkgs; [
70 intel-media-driver
71 vaapiIntel
72 vaapiVdpau
73 libvdpau-va-gl
74 intel-compute-runtime
75 ];
76 };
77
78 security = {
79 doas.enable = true;
80 sudo.enable = true;
81 doas.extraConfig = ''
82 permit nopass :wheel
83 '';
84 doas.extraRules = [{
85 users = [ "icy" ];
86 }];
87 };
88
89 users.users.icy = {
90 isNormalUser = true;
91 description = "icy";
92 extraGroups = [ "networkmanager" "wheel" "docker" ];
93 packages = with pkgs; [ ];
94 };
95
96 users.users.git = {
97 isNormalUser = true;
98 description = "git";
99 extraGroups = [ "networkmanager" "wheel" ];
100 homeMode = "755";
101 packages = with pkgs; [ ];
102 };
103
104
105 nixpkgs.config.allowUnfree = true;
106 environment.systemPackages = with pkgs; [
107 vim
108 wget
109 git
110 ];
111
112 services = {
113 openssh.enable = true;
114 tailscale.enable = true;
115 # nix-snapshotter.enable = true;
116 };
117
118 services.pixelfed = {
119 enable = true;
120 domain = "ani.place";
121 secretFile = "/home/icy/svc/pixelfed/.env";
122 nginx.listen = [
123 {
124 addr = "0.0.0.0";
125 port = 3535;
126 }
127 ];
128 };
129
130 # building only
131 virtualisation.docker.enable = true;
132
133 services.k3s = {
134 enable = true;
135 extraFlags = "--disable=traefik --disable=servicelb --disable=metrics-server --bind-address=100.85.88.64 --node-ip=100.85.88.64 --node-external-ip=100.85.88.64";
136 };
137
138 services.dockerRegistry = {
139 enable = true;
140 listenAddress = "0.0.0.0";
141 port = 5000;
142 enableGarbageCollect = true;
143 };
144
145 nix.settings.experimental-features = [ "nix-command" "flakes" ];
146 system.stateVersion = "24.05";
147}
148