hosts/sini/configuration.nix (view raw)
1{ config, pkgs, lib, ... }:
2
3{
4 imports =
5 [
6 ./hardware-configuration.nix
7 ];
8
9 boot.loader.systemd-boot.enable = true;
10 boot.loader.efi.canTouchEfiVariables = true;
11
12 networking.hostName = "sini"; # Define your hostname.
13
14 boot.kernelParams = [ "ip=dhcp" ];
15 boot.initrd = let interface = "wlp3s0"; in
16 {
17 luks.devices."luks-0ae4be28-55a1-4a0c-8518-c6d53540cb26".device = "/dev/disk/by-uuid/0ae4be28-55a1-4a0c-8518-c6d53540cb26";
18 availableKernelModules = [ "ccm" "ctr" "iwlmvm" "iwlwifi" ];
19
20 systemd = {
21 enable = true;
22
23 packages = [ pkgs.wpa_supplicant ];
24 initrdBin = [ pkgs.wpa_supplicant ];
25 targets.initrd.wants = [ "wpa_supplicant@${interface}.service" ];
26
27 # prevent WPA supplicant from requiring `sysinit.target`.
28 services."wpa_supplicant@".unitConfig.DefaultDependencies = false;
29
30 users.root.shell = "/bin/systemd-tty-ask-password-agent";
31 network = {
32 enable = true;
33 networks."wifi" = {
34 enable = true;
35 DHCP = "yes";
36 name = interface;
37 };
38 };
39
40 };
41
42 network = {
43 enable = true;
44 ssh = {
45 enable = true;
46 port = 22;
47 authorizedKeys = [ "ssh-rsa AAAAyourpublic-key-here..." ];
48 hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
49 };
50 };
51 };
52
53 networking.networkmanager.enable = true;
54
55 time.timeZone = "Europe/Helsinki";
56
57 i18n.defaultLocale = "en_US.UTF-8";
58
59 i18n.extraLocaleSettings = {
60 LC_ADDRESS = "en_US.UTF-8";
61 LC_IDENTIFICATION = "en_US.UTF-8";
62 LC_MEASUREMENT = "en_US.UTF-8";
63 LC_MONETARY = "en_US.UTF-8";
64 LC_NAME = "en_US.UTF-8";
65 LC_NUMERIC = "en_US.UTF-8";
66 LC_PAPER = "en_US.UTF-8";
67 LC_TELEPHONE = "en_US.UTF-8";
68 LC_TIME = "en_US.UTF-8";
69 };
70
71 sound.enable = true;
72 hardware.pulseaudio.enable = true;
73 hardware.opengl = {
74 enable = true;
75 extraPackages = with pkgs; [
76 intel-media-driver
77 vaapiIntel
78 vaapiVdpau
79 libvdpau-va-gl
80 intel-compute-runtime
81 ];
82 };
83
84 security = {
85 doas.enable = true;
86 sudo.enable = true;
87 doas.extraConfig = ''
88 permit nopass :wheel
89 '';
90 doas.extraRules = [{
91 users = [ "icy" ];
92 }];
93 };
94
95 users.users.icy = {
96 isNormalUser = true;
97 description = "icy";
98 extraGroups = [ "networkmanager" "wheel" "docker" ];
99 packages = with pkgs; [ ];
100 };
101
102 users.users.git = {
103 isNormalUser = true;
104 description = "git";
105 extraGroups = [ "networkmanager" "wheel" ];
106 homeMode = "755";
107 packages = with pkgs; [ ];
108 };
109
110
111 nixpkgs.config.allowUnfree = true;
112 environment.systemPackages = with pkgs; [
113 vim
114 wget
115 git
116 ];
117
118 services = {
119 openssh.enable = true;
120 tailscale.enable = true;
121 # nix-snapshotter.enable = true;
122 };
123
124 services.pixelfed = {
125 enable = true;
126 domain = "ani.place";
127 secretFile = "/home/icy/svc/pixelfed/.env";
128 nginx.listen = [
129 {
130 addr = "0.0.0.0";
131 port = 3535;
132 }
133 ];
134 };
135
136 # building only
137 virtualisation.docker.enable = true;
138
139 services.k3s = {
140 enable = true;
141 extraFlags = "--disable=traefik --disable=servicelb --disable=metrics-server --bind-address=100.85.88.64 --node-ip=100.85.88.64 --node-external-ip=100.85.88.64";
142 };
143
144 services.dockerRegistry = {
145 enable = true;
146 listenAddress = "0.0.0.0";
147 port = 5000;
148 enableGarbageCollect = true;
149 };
150
151 nix.settings.experimental-features = [ "nix-command" "flakes" ];
152 system.stateVersion = "24.05";
153}
154