all repos — dotfiles @ ae310e4781a30287d3e01a0a1431ffd9d1eb38a3

my *nix dotfiles

hosts/iso/configuration.nix (view raw)

  1{ config, pkgs, lib, ... }:
  2
  3{
  4  imports =
  5    [
  6      ./hardware-configuration.nix
  7      ../ssh.nix
  8    ];
  9
 10  boot.loader.systemd-boot.enable = true;
 11  boot.loader.efi.canTouchEfiVariables = true;
 12  systemd.network.wait-online.enable = false;
 13
 14  networking.hostName = "iso";
 15  networking.networkmanager.enable = true;
 16
 17  time.timeZone = "Europe/Helsinki";
 18
 19  i18n.defaultLocale = "en_US.UTF-8";
 20
 21  i18n.extraLocaleSettings = {
 22    LC_ADDRESS = "en_US.UTF-8";
 23    LC_IDENTIFICATION = "en_US.UTF-8";
 24    LC_MEASUREMENT = "en_US.UTF-8";
 25    LC_MONETARY = "en_US.UTF-8";
 26    LC_NAME = "en_US.UTF-8";
 27    LC_NUMERIC = "en_US.UTF-8";
 28    LC_PAPER = "en_US.UTF-8";
 29    LC_TELEPHONE = "en_US.UTF-8";
 30    LC_TIME = "en_US.UTF-8";
 31  };
 32
 33  sound.enable = true;
 34  hardware.pulseaudio.enable = true;
 35  hardware.opengl = {
 36    enable = true;
 37    extraPackages = with pkgs; [
 38      intel-media-driver
 39      vaapiIntel
 40      vaapiVdpau
 41      libvdpau-va-gl
 42      intel-compute-runtime
 43    ];
 44  };
 45
 46  security = {
 47    doas.enable = true;
 48    sudo.enable = true;
 49    doas.extraConfig = ''
 50      permit nopass :wheel
 51    '';
 52    doas.extraRules = [{
 53      users = [ "icy" ];
 54    }];
 55  };
 56
 57  users.users.icy = {
 58    isNormalUser = true;
 59    description = "icy";
 60    extraGroups = [ "networkmanager" "wheel" "docker" ];
 61    packages = with pkgs; [ ];
 62  };
 63
 64  users.users.git = {
 65    isNormalUser = true;
 66    description = "git";
 67    extraGroups = [ "networkmanager" "wheel" ];
 68    homeMode = "755";
 69    packages = with pkgs; [ ];
 70  };
 71
 72
 73  nixpkgs.config.allowUnfree = true;
 74  environment.systemPackages = with pkgs; [
 75    vim
 76    wget
 77    git
 78    nfs-utils
 79  ];
 80
 81  services = {
 82    openssh.enable = true;
 83    tailscale.enable = true;
 84    # nix-snapshotter.enable = true;
 85  };
 86
 87  services.k3s = let address = "100.109.134.88"; in {
 88    enable = true;
 89    role = "agent";
 90    extraFlags = "--node-ip=${address} --node-external-ip=${address} --flannel-iface=tailscale0";
 91    serverAddr = "https://sini:6443";
 92    tokenFile = "/var/lib/rancher/k3s/token";
 93  };
 94
 95  services.openiscsi = {
 96    enable = true;
 97    name = config.networking.hostName;
 98  };
 99
100  environment.etc = {
101    "rancher/k3s/registries.yaml" = {
102      text = ''
103        mirrors:
104          sini:5000:
105            endpoint:
106              - "http://sini:5000"
107      '';
108    };
109  };
110
111  systemd.tmpfiles.rules = [
112    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
113  ];
114
115  nix.settings.experimental-features = [ "nix-command" "flakes" ];
116  system.stateVersion = "24.05";
117}
118