hosts/sini/configuration.nix (view raw)
1{ config, pkgs, lib, ... }:
2
3{
4 imports =
5 [
6 ./hardware-configuration.nix
7 ../ssh.nix
8 ];
9
10 boot.loader.systemd-boot.enable = true;
11 boot.loader.efi.canTouchEfiVariables = true;
12 systemd.network.wait-online.enable = false;
13
14 networking.hostName = "sini"; # Define your hostname.
15
16 networking.networkmanager.enable = true;
17
18 time.timeZone = "Europe/Helsinki";
19
20 i18n.defaultLocale = "en_US.UTF-8";
21
22 i18n.extraLocaleSettings = {
23 LC_ADDRESS = "en_US.UTF-8";
24 LC_IDENTIFICATION = "en_US.UTF-8";
25 LC_MEASUREMENT = "en_US.UTF-8";
26 LC_MONETARY = "en_US.UTF-8";
27 LC_NAME = "en_US.UTF-8";
28 LC_NUMERIC = "en_US.UTF-8";
29 LC_PAPER = "en_US.UTF-8";
30 LC_TELEPHONE = "en_US.UTF-8";
31 LC_TIME = "en_US.UTF-8";
32 };
33
34 sound.enable = true;
35 hardware.pulseaudio.enable = true;
36 hardware.opengl = {
37 enable = true;
38 extraPackages = with pkgs; [
39 intel-media-driver
40 vaapiIntel
41 vaapiVdpau
42 libvdpau-va-gl
43 intel-compute-runtime
44 ];
45 };
46
47 security = {
48 doas.enable = true;
49 sudo.enable = true;
50 doas.extraConfig = ''
51 permit nopass :wheel
52 '';
53 doas.extraRules = [{
54 users = [ "icy" ];
55 }];
56 };
57
58 users.users.icy = {
59 isNormalUser = true;
60 description = "icy";
61 extraGroups = [ "networkmanager" "wheel" "docker" ];
62 packages = with pkgs; [ ];
63 };
64
65 users.users.git = {
66 isNormalUser = true;
67 description = "git";
68 extraGroups = [ "networkmanager" "wheel" ];
69 homeMode = "755";
70 packages = with pkgs; [ ];
71 };
72
73
74 nixpkgs.config.allowUnfree = true;
75 environment.systemPackages = with pkgs; [
76 vim
77 wget
78 git
79 nfs-utils
80 ];
81
82 services = {
83 openssh.enable = true;
84 tailscale.enable = true;
85 # nix-snapshotter.enable = true;
86 };
87
88 services.pixelfed = {
89 enable = true;
90 domain = "ani.place";
91 secretFile = "/home/icy/svc/pixelfed/.env";
92 nginx.listen = [
93 {
94 addr = "0.0.0.0";
95 port = 3535;
96 }
97 ];
98 };
99
100 # building only
101 virtualisation.docker.enable = true;
102
103 services.k3s = let address = "100.122.122.12"; in {
104 enable = true;
105 extraFlags = "--disable=traefik --disable=servicelb --disable=metrics-server --bind-address=${address} --node-ip=${address} --node-external-ip=${address} --flannel-external-ip=true --flannel-iface=tailscale0";
106 };
107
108 environment.etc = {
109 "rancher/k3s/registries.yaml" = {
110 text = ''
111 mirrors:
112 sini:5000:
113 endpoint:
114 - "http://sini:5000"
115 '';
116 };
117 };
118
119 services.openiscsi = {
120 enable = true;
121 name = config.networking.hostName;
122 };
123
124 systemd.tmpfiles.rules = [
125 "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
126 ];
127
128 services.dockerRegistry = {
129 enable = true;
130 listenAddress = "0.0.0.0";
131 port = 5000;
132 enableGarbageCollect = true;
133 };
134
135 nix.settings.experimental-features = [ "nix-command" "flakes" ];
136 system.stateVersion = "24.05";
137}
138