hosts/iso/configuration.nix (view raw)
1{ config, pkgs, lib, ... }:
2
3{
4 imports =
5 [
6 ./hardware-configuration.nix
7 ../ssh.nix
8 ];
9
10 boot.loader.systemd-boot.enable = true;
11 boot.loader.efi.canTouchEfiVariables = true;
12
13 networking.hostName = "iso";
14 networking.networkmanager.enable = true;
15
16 time.timeZone = "Europe/Helsinki";
17
18 i18n.defaultLocale = "en_US.UTF-8";
19
20 i18n.extraLocaleSettings = {
21 LC_ADDRESS = "en_US.UTF-8";
22 LC_IDENTIFICATION = "en_US.UTF-8";
23 LC_MEASUREMENT = "en_US.UTF-8";
24 LC_MONETARY = "en_US.UTF-8";
25 LC_NAME = "en_US.UTF-8";
26 LC_NUMERIC = "en_US.UTF-8";
27 LC_PAPER = "en_US.UTF-8";
28 LC_TELEPHONE = "en_US.UTF-8";
29 LC_TIME = "en_US.UTF-8";
30 };
31
32 sound.enable = true;
33 hardware.pulseaudio.enable = true;
34 hardware.opengl = {
35 enable = true;
36 extraPackages = with pkgs; [
37 intel-media-driver
38 vaapiIntel
39 vaapiVdpau
40 libvdpau-va-gl
41 intel-compute-runtime
42 ];
43 };
44
45 security = {
46 doas.enable = true;
47 sudo.enable = true;
48 doas.extraConfig = ''
49 permit nopass :wheel
50 '';
51 doas.extraRules = [{
52 users = [ "icy" ];
53 }];
54 };
55
56 users.users.icy = {
57 isNormalUser = true;
58 description = "icy";
59 extraGroups = [ "networkmanager" "wheel" "docker" ];
60 packages = with pkgs; [ ];
61 };
62
63 users.users.git = {
64 isNormalUser = true;
65 description = "git";
66 extraGroups = [ "networkmanager" "wheel" ];
67 homeMode = "755";
68 packages = with pkgs; [ ];
69 };
70
71
72 nixpkgs.config.allowUnfree = true;
73 environment.systemPackages = with pkgs; [
74 vim
75 wget
76 git
77 nfs-utils
78 ];
79
80 services = {
81 openssh.enable = true;
82 tailscale.enable = true;
83 # nix-snapshotter.enable = true;
84 };
85
86 services.k3s = let address = "100.109.134.88"; in {
87 enable = true;
88 role = "agent";
89 extraFlags = "--node-ip=${address} --node-external-ip=${address} --flannel-iface=tailscale0";
90 serverAddr = "https://sini:6443";
91 tokenFile = "/var/lib/rancher/k3s/token";
92 };
93
94 services.openiscsi = {
95 enable = true;
96 name = config.networking.hostName;
97 };
98
99 environment.etc = {
100 "rancher/k3s/registries.yaml" = {
101 text = ''
102 mirrors:
103 sini:5000:
104 endpoint:
105 - "http://sini:5000"
106 '';
107 };
108 };
109
110 systemd.tmpfiles.rules = [
111 "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
112 ];
113
114 nix.settings.experimental-features = [ "nix-command" "flakes" ];
115 system.stateVersion = "24.05";
116}
117