hosts/sini/configuration.nix (view raw)
1{ config, pkgs, lib, ... }:
2
3{
4 imports =
5 [
6 ./hardware-configuration.nix
7 ];
8
9 boot.loader.systemd-boot.enable = true;
10 boot.loader.efi.canTouchEfiVariables = true;
11
12 boot.initrd.luks.devices."luks-0ae4be28-55a1-4a0c-8518-c6d53540cb26".device = "/dev/disk/by-uuid/0ae4be28-55a1-4a0c-8518-c6d53540cb26";
13 networking.hostName = "sini"; # Define your hostname.
14
15 boot.kernelParams = [ "ip=dhcp" ];
16 boot.initrd = let interface = "wlp3s0"; in
17 {
18 availableKernelModules = [ "ccm" "ctr" "iwlmvm" "iwlwifi" ];
19
20 systemd = {
21 enable = true;
22
23 packages = [ pkgs.wpa_supplicant ];
24 initrdBin = [ pkgs.wpa_supplicant ];
25 targets.initrd.wants = [ "wpa_supplicant@${interface}.service" ];
26
27 # prevent WPA supplicant from requiring `sysinit.target`.
28 services."wpa_supplicant@".unitConfig.DefaultDependencies = false;
29
30 users.root.shell = "/bin/systemd-tty-ask-password-agent";
31
32 network = {
33 enable = true;
34 ssh = {
35 enable = true;
36 port = 22;
37 authorizedKeys = [ "ssh-rsa AAAAyourpublic-key-here..." ];
38 hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
39 };
40 networks = {
41 matchConfig.Name = interface;
42 networkConfig.DHCP = "yes";
43 };
44 };
45 };
46 };
47
48 networking.networkmanager.enable = true;
49
50 time.timeZone = "Europe/Helsinki";
51
52 i18n.defaultLocale = "en_US.UTF-8";
53
54 i18n.extraLocaleSettings = {
55 LC_ADDRESS = "en_US.UTF-8";
56 LC_IDENTIFICATION = "en_US.UTF-8";
57 LC_MEASUREMENT = "en_US.UTF-8";
58 LC_MONETARY = "en_US.UTF-8";
59 LC_NAME = "en_US.UTF-8";
60 LC_NUMERIC = "en_US.UTF-8";
61 LC_PAPER = "en_US.UTF-8";
62 LC_TELEPHONE = "en_US.UTF-8";
63 LC_TIME = "en_US.UTF-8";
64 };
65
66 sound.enable = true;
67 hardware.pulseaudio.enable = true;
68 hardware.opengl = {
69 enable = true;
70 extraPackages = with pkgs; [
71 intel-media-driver
72 vaapiIntel
73 vaapiVdpau
74 libvdpau-va-gl
75 intel-compute-runtime
76 ];
77 };
78
79 security = {
80 doas.enable = true;
81 sudo.enable = true;
82 doas.extraConfig = ''
83 permit nopass :wheel
84 '';
85 doas.extraRules = [{
86 users = [ "icy" ];
87 }];
88 };
89
90 users.users.icy = {
91 isNormalUser = true;
92 description = "icy";
93 extraGroups = [ "networkmanager" "wheel" "docker" ];
94 packages = with pkgs; [ ];
95 };
96
97 users.users.git = {
98 isNormalUser = true;
99 description = "git";
100 extraGroups = [ "networkmanager" "wheel" ];
101 packages = with pkgs; [ ];
102 };
103
104
105 nixpkgs.config.allowUnfree = true;
106 environment.systemPackages = with pkgs; [
107 vim
108 wget
109 git
110 ];
111
112 services = {
113 openssh.enable = true;
114 tailscale.enable = true;
115 # nix-snapshotter.enable = true;
116 };
117
118 services.pixelfed = {
119 enable = true;
120 domain = "ani.place";
121 secretFile = "/home/icy/svc/pixelfed/.env";
122 nginx.listen = [
123 {
124 addr = "0.0.0.0";
125 port = 3535;
126 }
127 ];
128 };
129
130 # building only
131 virtualisation.docker.enable = true;
132
133 services.k3s = {
134 enable = true;
135 extraFlags = "--disable=traefik --disable=servicelb --disable=metrics-server --bind-address=100.85.88.64 --node-ip=100.85.88.64 --node-external-ip=100.85.88.64";
136 };
137
138 services.dockerRegistry = {
139 enable = true;
140 listenAddress = "0.0.0.0";
141 port = 5000;
142 enableGarbageCollect = true;
143 };
144
145 nix.settings.experimental-features = [ "nix-command" "flakes" ];
146 system.stateVersion = "24.05";
147}
148