all repos — dotfiles @ cda385749580cb2f1154d20fd57aabd9b015603d

my *nix dotfiles

hosts/iso/configuration.nix (view raw)

  1{ config, pkgs, lib, ... }:
  2
  3{
  4  imports =
  5    [
  6      ./hardware-configuration.nix
  7      ../ssh.nix
  8    ];
  9
 10  boot.loader.systemd-boot.enable = true;
 11  boot.loader.efi.canTouchEfiVariables = true;
 12
 13  networking.hostName = "iso";
 14  networking.networkmanager.enable = true;
 15
 16  time.timeZone = "Europe/Helsinki";
 17
 18  i18n.defaultLocale = "en_US.UTF-8";
 19
 20  i18n.extraLocaleSettings = {
 21    LC_ADDRESS = "en_US.UTF-8";
 22    LC_IDENTIFICATION = "en_US.UTF-8";
 23    LC_MEASUREMENT = "en_US.UTF-8";
 24    LC_MONETARY = "en_US.UTF-8";
 25    LC_NAME = "en_US.UTF-8";
 26    LC_NUMERIC = "en_US.UTF-8";
 27    LC_PAPER = "en_US.UTF-8";
 28    LC_TELEPHONE = "en_US.UTF-8";
 29    LC_TIME = "en_US.UTF-8";
 30  };
 31
 32  sound.enable = true;
 33  hardware.pulseaudio.enable = true;
 34  hardware.opengl = {
 35    enable = true;
 36    extraPackages = with pkgs; [
 37      intel-media-driver
 38      vaapiIntel
 39      vaapiVdpau
 40      libvdpau-va-gl
 41      intel-compute-runtime
 42    ];
 43  };
 44
 45  security = {
 46    doas.enable = true;
 47    sudo.enable = true;
 48    doas.extraConfig = ''
 49      permit nopass :wheel
 50    '';
 51    doas.extraRules = [{
 52      users = [ "icy" ];
 53    }];
 54  };
 55
 56  users.users.icy = {
 57    isNormalUser = true;
 58    description = "icy";
 59    extraGroups = [ "networkmanager" "wheel" "docker" ];
 60    packages = with pkgs; [ ];
 61  };
 62
 63  users.users.git = {
 64    isNormalUser = true;
 65    description = "git";
 66    extraGroups = [ "networkmanager" "wheel" ];
 67    homeMode = "755";
 68    packages = with pkgs; [ ];
 69  };
 70
 71
 72  nixpkgs.config.allowUnfree = true;
 73  environment.systemPackages = with pkgs; [
 74    vim
 75    wget
 76    git
 77    nfs-utils
 78  ];
 79
 80  services = {
 81    openssh.enable = true;
 82    tailscale.enable = true;
 83    # nix-snapshotter.enable = true;
 84  };
 85
 86  services.k3s = let address = "100.109.134.88"; in {
 87    enable = true;
 88    role = "agent";
 89    extraFlags = "--node-ip=${address} --node-external-ip=${address} --flannel-iface=tailscale0";
 90    serverAddr = "https://sini:6443";
 91    tokenFile = "/var/lib/rancher/k3s/token";
 92  };
 93
 94  services.openiscsi = {
 95    enable = true;
 96    name = config.networking.hostName;
 97  };
 98
 99  environment.etc = {
100    "rancher/k3s/registries.yaml" = {
101      text = ''
102        mirrors:
103          sini:5000:
104            endpoint:
105              - "http://sini:5000"
106      '';
107    };
108  };
109
110  systemd.tmpfiles.rules = [
111    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
112  ];
113
114  nix.settings.experimental-features = [ "nix-command" "flakes" ];
115  system.stateVersion = "24.05";
116}
117