hosts/sini/configuration.nix (view raw)
1{ config, pkgs, lib, ... }:
2
3{
4 imports =
5 [
6 ./hardware-configuration.nix
7 ];
8
9 boot.loader.systemd-boot.enable = true;
10 boot.loader.efi.canTouchEfiVariables = true;
11
12 networking.hostName = "sini"; # Define your hostname.
13
14 boot.kernelParams = [ "ip=dhcp" ];
15 boot.initrd = let interface = "wlp3s0"; in
16 {
17 luks.devices."luks-0ae4be28-55a1-4a0c-8518-c6d53540cb26".device = "/dev/disk/by-uuid/0ae4be28-55a1-4a0c-8518-c6d53540cb26";
18 availableKernelModules = [ "ccm" "ctr" "iwlmvm" "iwlwifi" ];
19
20 systemd = {
21 enable = true;
22
23 packages = [ pkgs.wpa_supplicant ];
24 initrdBin = [ pkgs.wpa_supplicant ];
25 targets.initrd.wants = [ "wpa_supplicant@${interface}.service" ];
26
27 # prevent WPA supplicant from requiring `sysinit.target`.
28 services."wpa_supplicant@".unitConfig.DefaultDependencies = false;
29
30 users.root.shell = "/bin/systemd-tty-ask-password-agent";
31 network = {
32 enable = true;
33 networks."wifi" = {
34 enable = true;
35 DHCP = "yes";
36 name = interface;
37 };
38 };
39
40 };
41
42 network = {
43 enable = true;
44 ssh = {
45 enable = true;
46 port = 22;
47 authorizedKeys = [
48 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJPYX06+qKr9IHWfkgCtHbExoBOOwS/+iAWbog9bAdk icy@wyndle"
49 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIlcByNC93n6dH41uxdLvbtf8XfKF0hoN35548PRga3M icy@kvothe"
50 ];
51 hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
52 };
53 };
54 };
55
56 networking.networkmanager.enable = true;
57
58 time.timeZone = "Europe/Helsinki";
59
60 i18n.defaultLocale = "en_US.UTF-8";
61
62 i18n.extraLocaleSettings = {
63 LC_ADDRESS = "en_US.UTF-8";
64 LC_IDENTIFICATION = "en_US.UTF-8";
65 LC_MEASUREMENT = "en_US.UTF-8";
66 LC_MONETARY = "en_US.UTF-8";
67 LC_NAME = "en_US.UTF-8";
68 LC_NUMERIC = "en_US.UTF-8";
69 LC_PAPER = "en_US.UTF-8";
70 LC_TELEPHONE = "en_US.UTF-8";
71 LC_TIME = "en_US.UTF-8";
72 };
73
74 sound.enable = true;
75 hardware.pulseaudio.enable = true;
76 hardware.opengl = {
77 enable = true;
78 extraPackages = with pkgs; [
79 intel-media-driver
80 vaapiIntel
81 vaapiVdpau
82 libvdpau-va-gl
83 intel-compute-runtime
84 ];
85 };
86
87 security = {
88 doas.enable = true;
89 sudo.enable = true;
90 doas.extraConfig = ''
91 permit nopass :wheel
92 '';
93 doas.extraRules = [{
94 users = [ "icy" ];
95 }];
96 };
97
98 users.users.icy = {
99 isNormalUser = true;
100 description = "icy";
101 extraGroups = [ "networkmanager" "wheel" "docker" ];
102 packages = with pkgs; [ ];
103 };
104
105 users.users.git = {
106 isNormalUser = true;
107 description = "git";
108 extraGroups = [ "networkmanager" "wheel" ];
109 homeMode = "755";
110 packages = with pkgs; [ ];
111 };
112
113
114 nixpkgs.config.allowUnfree = true;
115 environment.systemPackages = with pkgs; [
116 vim
117 wget
118 git
119 ];
120
121 services = {
122 openssh.enable = true;
123 tailscale.enable = true;
124 # nix-snapshotter.enable = true;
125 };
126
127 services.pixelfed = {
128 enable = true;
129 domain = "ani.place";
130 secretFile = "/home/icy/svc/pixelfed/.env";
131 nginx.listen = [
132 {
133 addr = "0.0.0.0";
134 port = 3535;
135 }
136 ];
137 };
138
139 # building only
140 virtualisation.docker.enable = true;
141
142 services.k3s = {
143 enable = true;
144 extraFlags = "--disable=traefik --disable=servicelb --disable=metrics-server --bind-address=100.85.88.64 --node-ip=100.85.88.64 --node-external-ip=100.85.88.64";
145 };
146
147 services.dockerRegistry = {
148 enable = true;
149 listenAddress = "0.0.0.0";
150 port = 5000;
151 enableGarbageCollect = true;
152 };
153
154 nix.settings.experimental-features = [ "nix-command" "flakes" ];
155 system.stateVersion = "24.05";
156}
157