all repos — dotfiles @ dafb1a3666a5a8ddc0032f1124ad3d205c097fe4

my *nix dotfiles

hosts/sini/configuration.nix (view raw)

  1{ config, pkgs, lib, ... }:
  2
  3{
  4  imports =
  5    [
  6      ./hardware-configuration.nix
  7      ../ssh.nix
  8    ];
  9
 10  boot.loader.systemd-boot.enable = true;
 11  boot.loader.efi.canTouchEfiVariables = true;
 12  systemd.network.wait-online.enable = false;
 13
 14  networking.hostName = "sini"; # Define your hostname.
 15
 16  networking.networkmanager.enable = true;
 17
 18  time.timeZone = "Europe/Helsinki";
 19
 20  i18n.defaultLocale = "en_US.UTF-8";
 21
 22  i18n.extraLocaleSettings = {
 23    LC_ADDRESS = "en_US.UTF-8";
 24    LC_IDENTIFICATION = "en_US.UTF-8";
 25    LC_MEASUREMENT = "en_US.UTF-8";
 26    LC_MONETARY = "en_US.UTF-8";
 27    LC_NAME = "en_US.UTF-8";
 28    LC_NUMERIC = "en_US.UTF-8";
 29    LC_PAPER = "en_US.UTF-8";
 30    LC_TELEPHONE = "en_US.UTF-8";
 31    LC_TIME = "en_US.UTF-8";
 32  };
 33
 34  sound.enable = true;
 35  hardware.pulseaudio.enable = true;
 36  hardware.opengl = {
 37    enable = true;
 38    extraPackages = with pkgs; [
 39      intel-media-driver
 40      vaapiIntel
 41      vaapiVdpau
 42      libvdpau-va-gl
 43      intel-compute-runtime
 44    ];
 45  };
 46
 47  security = {
 48    doas.enable = true;
 49    sudo.enable = true;
 50    doas.extraConfig = ''
 51      permit nopass :wheel
 52    '';
 53    doas.extraRules = [{
 54      users = [ "icy" ];
 55    }];
 56  };
 57
 58  users.users.icy = {
 59    isNormalUser = true;
 60    description = "icy";
 61    extraGroups = [ "networkmanager" "wheel" "docker" ];
 62    packages = with pkgs; [ ];
 63  };
 64
 65  users.users.git = {
 66    isNormalUser = true;
 67    description = "git";
 68    extraGroups = [ "networkmanager" "wheel" ];
 69    homeMode = "755";
 70    packages = with pkgs; [ ];
 71  };
 72
 73
 74  nixpkgs.config.allowUnfree = true;
 75  environment.systemPackages = with pkgs; [
 76    vim
 77    wget
 78    git
 79    nfs-utils
 80  ];
 81
 82  services = {
 83    openssh.enable = true;
 84    tailscale.enable = true;
 85    # nix-snapshotter.enable = true;
 86  };
 87
 88  services.pixelfed = {
 89    enable = true;
 90    domain = "ani.place";
 91    secretFile = "/home/icy/svc/pixelfed/.env";
 92    nginx.listen = [
 93      {
 94        addr = "0.0.0.0";
 95        port = 3535;
 96      }
 97    ];
 98  };
 99
100  # building only
101  virtualisation.docker.enable = true;
102
103  services.k3s = let address = "100.122.122.12"; in {
104    enable = true;
105    extraFlags = "--disable=traefik --disable=servicelb --disable=metrics-server --bind-address=${address} --node-ip=${address} --node-external-ip=${address} --flannel-external-ip=true --flannel-iface=tailscale0";
106  };
107
108  environment.etc = {
109    "rancher/k3s/registries.yaml" = {
110      text = ''
111        mirrors:
112          sini:5000:
113            endpoint:
114              - "http://sini:5000"
115      '';
116    };
117  };
118
119  services.openiscsi = {
120    enable = true;
121    name = config.networking.hostName;
122  };
123
124  systemd.tmpfiles.rules = [
125    "L+ /usr/local/bin - - - - /run/current-system/sw/bin/"
126  ];
127
128  services.dockerRegistry = {
129    enable = true;
130    listenAddress = "0.0.0.0";
131    port = 5000;
132    enableGarbageCollect = true;
133  };
134
135  nix.settings.experimental-features = [ "nix-command" "flakes" ];
136  system.stateVersion = "24.05";
137}
138