all repos — dotfiles @ 9cea53dd4a34114c3ebe2f404ff5b5238978fb4d

my *nix dotfiles

hosts/sini/configuration.nix (view raw)

  1{ config, pkgs, lib, ... }:
  2
  3{
  4  imports =
  5    [
  6      ./hardware-configuration.nix
  7    ];
  8
  9  boot.loader.systemd-boot.enable = true;
 10  boot.loader.efi.canTouchEfiVariables = true;
 11
 12  boot.initrd.luks.devices."luks-0ae4be28-55a1-4a0c-8518-c6d53540cb26".device = "/dev/disk/by-uuid/0ae4be28-55a1-4a0c-8518-c6d53540cb26";
 13  networking.hostName = "sini"; # Define your hostname.
 14
 15  networking.networkmanager.enable = true;
 16
 17  time.timeZone = "Europe/Helsinki";
 18
 19  i18n.defaultLocale = "en_US.UTF-8";
 20
 21  i18n.extraLocaleSettings = {
 22    LC_ADDRESS = "en_US.UTF-8";
 23    LC_IDENTIFICATION = "en_US.UTF-8";
 24    LC_MEASUREMENT = "en_US.UTF-8";
 25    LC_MONETARY = "en_US.UTF-8";
 26    LC_NAME = "en_US.UTF-8";
 27    LC_NUMERIC = "en_US.UTF-8";
 28    LC_PAPER = "en_US.UTF-8";
 29    LC_TELEPHONE = "en_US.UTF-8";
 30    LC_TIME = "en_US.UTF-8";
 31  };
 32
 33  sound.enable = true;
 34  hardware.pulseaudio.enable = true;
 35  hardware.opengl = {
 36    enable = true;
 37    extraPackages = with pkgs; [
 38      intel-media-driver
 39      vaapiIntel
 40      vaapiVdpau
 41      libvdpau-va-gl
 42      intel-compute-runtime
 43    ];
 44  };
 45
 46  security = {
 47    doas.enable = true;
 48    sudo.enable = true;
 49    doas.extraConfig = ''
 50      permit nopass :wheel
 51    '';
 52    doas.extraRules = [{
 53      users = [ "icy" ];
 54    }];
 55  };
 56
 57  users.users.icy = {
 58    isNormalUser = true;
 59    description = "icy";
 60    extraGroups = [ "networkmanager" "wheel" "docker" ];
 61    packages = with pkgs; [ ];
 62  };
 63
 64  nixpkgs.config.allowUnfree = true;
 65  environment.systemPackages = with pkgs; [
 66    vim
 67    wget
 68    git
 69  ];
 70
 71  services = {
 72    openssh.enable = true;
 73    tailscale.enable = true;
 74    # nix-snapshotter.enable = true;
 75  };
 76
 77  services.radicale = {
 78    enable = true;
 79    settings = {
 80      server = {
 81        hosts = [ "0.0.0.0:5232" ];
 82      };
 83      auth = {
 84        type = "htpasswd";
 85        htpasswd_filename = "/var/lib/radicale/users";
 86        htpasswd_encryption = "bcrypt";
 87      };
 88      storage = {
 89        filesystem_folder = "/var/lib/radicale/collections";
 90      };
 91    };
 92  };
 93
 94  # building only
 95  virtualisation.docker.enable = true;
 96
 97  services.k3s = {
 98    enable = true;
 99    extraFlags = "--disable=traefik --disable=servicelb --disable=metrics-server --bind-address=100.85.88.64";
100  };
101
102  services.dockerRegistry = {
103    enable = true;
104    listenAddress = "0.0.0.0";
105    port = 5000;
106  };
107
108  nix.settings.experimental-features = [ "nix-command" "flakes" ];
109  system.stateVersion = "24.05";
110}
111