hosts/iso/configuration.nix (view raw)
1{ config, pkgs, lib, ... }:
2
3{
4 imports =
5 [
6 ./hardware-configuration.nix
7 ../ssh.nix
8 ];
9
10 boot.loader.systemd-boot.enable = true;
11 boot.loader.efi.canTouchEfiVariables = true;
12 systemd.network.wait-online.enable = false;
13
14 networking.hostName = "iso";
15 networking.networkmanager.enable = true;
16
17 time.timeZone = "Europe/Helsinki";
18
19 i18n.defaultLocale = "en_US.UTF-8";
20
21 i18n.extraLocaleSettings = {
22 LC_ADDRESS = "en_US.UTF-8";
23 LC_IDENTIFICATION = "en_US.UTF-8";
24 LC_MEASUREMENT = "en_US.UTF-8";
25 LC_MONETARY = "en_US.UTF-8";
26 LC_NAME = "en_US.UTF-8";
27 LC_NUMERIC = "en_US.UTF-8";
28 LC_PAPER = "en_US.UTF-8";
29 LC_TELEPHONE = "en_US.UTF-8";
30 LC_TIME = "en_US.UTF-8";
31 };
32
33 sound.enable = true;
34 hardware.pulseaudio.enable = true;
35 hardware.opengl = {
36 enable = true;
37 extraPackages = with pkgs; [
38 intel-media-driver
39 vaapiIntel
40 vaapiVdpau
41 libvdpau-va-gl
42 intel-compute-runtime
43 ];
44 };
45
46 security = {
47 doas.enable = true;
48 sudo.enable = true;
49 doas.extraConfig = ''
50 permit nopass :wheel
51 '';
52 doas.extraRules = [{
53 users = [ "icy" ];
54 }];
55 };
56
57 users.users.icy = {
58 isNormalUser = true;
59 description = "icy";
60 extraGroups = [ "networkmanager" "wheel" "docker" ];
61 packages = with pkgs; [ ];
62 };
63
64 users.users.git = {
65 isNormalUser = true;
66 description = "git";
67 extraGroups = [ "networkmanager" "wheel" ];
68 homeMode = "755";
69 packages = with pkgs; [ ];
70 };
71
72
73 nixpkgs.config.allowUnfree = true;
74 environment.systemPackages = with pkgs; [
75 vim
76 wget
77 git
78 nfs-utils
79 ];
80
81 services = {
82 openssh.enable = true;
83 tailscale.enable = true;
84 # nix-snapshotter.enable = true;
85 };
86
87 services.k3s = let address = "100.109.134.88"; in {
88 enable = true;
89 role = "agent";
90 extraFlags = "--node-ip=${address} --node-external-ip=${address} --flannel-iface=tailscale0";
91 serverAddr = "https://sini:6443";
92 tokenFile = "/var/lib/rancher/k3s/token";
93 };
94
95 services.openiscsi = {
96 enable = true;
97 name = config.networking.hostName;
98 };
99
100 environment.etc = {
101 "rancher/k3s/registries.yaml" = {
102 text = ''
103 mirrors:
104 sini:5000:
105 endpoint:
106 - "http://sini:5000"
107 '';
108 };
109 };
110
111 systemd.tmpfiles.rules = [
112 "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
113 ];
114
115 nix.settings.experimental-features = [ "nix-command" "flakes" ];
116 system.stateVersion = "24.05";
117}
118