all repos — dotfiles @ 90e97419fc0c57e0d5ca9363167389af3f4116cd

my *nix dotfiles

hosts/denna/configuration.nix (view raw)

 1{ config, pkgs, lib, ... }:
 2
 3{
 4  imports =
 5    [
 6      ./hardware-configuration.nix
 7    ];
 8
 9  boot.loader.systemd-boot.enable = true;
10  boot.loader.efi.canTouchEfiVariables = true;
11
12  networking.hostName = "denna";
13  networking.networkmanager.enable = true;
14
15  time.timeZone = "Europe/Helsinki";
16
17  i18n.defaultLocale = "en_US.UTF-8";
18
19  i18n.extraLocaleSettings = {
20    LC_ADDRESS = "en_US.UTF-8";
21    LC_IDENTIFICATION = "en_US.UTF-8";
22    LC_MEASUREMENT = "en_US.UTF-8";
23    LC_MONETARY = "en_US.UTF-8";
24    LC_NAME = "en_US.UTF-8";
25    LC_NUMERIC = "en_US.UTF-8";
26    LC_PAPER = "en_US.UTF-8";
27    LC_TELEPHONE = "en_US.UTF-8";
28    LC_TIME = "en_US.UTF-8";
29  };
30
31  sound.enable = true;
32  hardware.pulseaudio.enable = true;
33  hardware.opengl = {
34    enable = true;
35    extraPackages = with pkgs; [
36      intel-media-driver
37      vaapiIntel
38      vaapiVdpau
39      libvdpau-va-gl
40      intel-compute-runtime
41    ];
42  };
43
44  security = {
45    doas.enable = true;
46    sudo.enable = true;
47    doas.extraConfig = ''
48      permit nopass :wheel
49    '';
50    doas.extraRules = [{
51      users = [ "icy" ];
52    }];
53  };
54
55  users.users.icy = {
56    isNormalUser = true;
57    description = "icy";
58    extraGroups = [ "networkmanager" "wheel" "docker" ];
59    packages = with pkgs; [ ];
60  };
61
62  users.users.git = {
63    isNormalUser = true;
64    description = "git";
65    extraGroups = [ "networkmanager" "wheel" ];
66    homeMode = "755";
67    packages = with pkgs; [ ];
68  };
69
70
71  nixpkgs.config.allowUnfree = true;
72  environment.systemPackages = with pkgs; [
73    vim
74    wget
75    git
76  ];
77
78  services = {
79    openssh.enable = true;
80    tailscale.enable = true;
81    # nix-snapshotter.enable = true;
82  };
83
84  services.k3s = {
85    enable = true;
86    extraFlags = "--disable=traefik --disable=servicelb --disable=metrics-server --bind-address=100.85.88.64 --node-ip=100.85.88.64 --node-external-ip=100.85.88.64";
87    role = "agent";
88    serverAddr = "https://sini:6443";
89    tokenFile = "/var/lib/rancher/k3s/agent/token";
90  };
91
92  nix.settings.experimental-features = [ "nix-command" "flakes" ];
93  system.stateVersion = "24.05";
94}
95