166 lines
3.5 KiB
Nix
166 lines
3.5 KiB
Nix
{
|
|
self,
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
inputs,
|
|
machine,
|
|
...
|
|
}: {
|
|
imports =
|
|
[
|
|
./storage.nix
|
|
./backups.nix
|
|
./networking
|
|
./data-sharing.nix
|
|
./monitoring
|
|
./k3s
|
|
./tailscale.nix
|
|
machine.nixosModule
|
|
inputs.disko.nixosModules.disko
|
|
inputs.sops-nix.nixosModules.sops
|
|
inputs.nix-snapshotter.nixosModules.nix-snapshotter
|
|
]
|
|
++ lib.lists.optional (machine.isRaspberryPi) inputs.nixos-hardware.nixosModules.raspberry-pi-4;
|
|
|
|
config = {
|
|
time.timeZone = "Europe/Amsterdam";
|
|
hardware.cpu.intel.updateMicrocode = lib.mkIf (! machine.isRaspberryPi) config.hardware.enableRedistributableFirmware;
|
|
|
|
nixpkgs = {
|
|
config.allowUnfree = true;
|
|
overlays = [
|
|
(final: _prev: {
|
|
unstable = import inputs.nixpkgs-unstable {
|
|
system = machine.arch;
|
|
};
|
|
})
|
|
];
|
|
};
|
|
|
|
i18n = {
|
|
defaultLocale = "en_US.UTF-8";
|
|
|
|
extraLocaleSettings = let
|
|
extraLocale = "nl_NL.UTF-8";
|
|
in {
|
|
LC_ADDRESS = extraLocale;
|
|
LC_IDENTIFICATION = extraLocale;
|
|
LC_MEASUREMENT = extraLocale;
|
|
LC_MONETARY = extraLocale;
|
|
LC_NAME = extraLocale;
|
|
LC_NUMERIC = extraLocale;
|
|
LC_PAPER = extraLocale;
|
|
LC_TELEPHONE = extraLocale;
|
|
LC_TIME = extraLocale;
|
|
};
|
|
};
|
|
|
|
services = {
|
|
openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
GSSAPIAuthentication = false;
|
|
UseDns = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
|
|
];
|
|
|
|
programs.neovim = {
|
|
enable = true;
|
|
vimAlias = true;
|
|
viAlias = true;
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
wget
|
|
git
|
|
btop
|
|
htop
|
|
ripgrep
|
|
dig
|
|
tree
|
|
file
|
|
tcpdump
|
|
lsof
|
|
parted
|
|
radvd
|
|
minicom
|
|
socat
|
|
pciutils
|
|
dmidecode
|
|
openssl
|
|
nfs-utils
|
|
rsync
|
|
fio
|
|
libva-utils
|
|
jq
|
|
tmux
|
|
fastfetch
|
|
];
|
|
|
|
boot = lib.mkIf (! machine.isRaspberryPi) {
|
|
kernelModules = ["kvm-intel"];
|
|
extraModulePackages = [];
|
|
kernel.sysctl."fs.inotify.max_user_instances" = 256;
|
|
|
|
initrd = {
|
|
kernelModules = [];
|
|
|
|
availableKernelModules = [
|
|
"ahci"
|
|
"xhci_pci"
|
|
"nvme"
|
|
"usbhid"
|
|
"usb_storage"
|
|
"sd_mod"
|
|
"sdhci_pci"
|
|
];
|
|
};
|
|
|
|
loader = {
|
|
systemd-boot.enable = lib.mkDefault true;
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
};
|
|
|
|
nix = {
|
|
package = pkgs.nixFlakes;
|
|
|
|
extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'';
|
|
|
|
gc = {
|
|
automatic = true;
|
|
persistent = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
};
|
|
|
|
system = {
|
|
stateVersion = "23.05";
|
|
|
|
activationScripts.diff = ''
|
|
if [[ -e /run/current-system ]]; then
|
|
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
|
|
fi
|
|
'';
|
|
};
|
|
|
|
sops = {
|
|
age.keyFile = "/root/.config/sops/age/keys.txt";
|
|
defaultSopsFile = "${self}/secrets/nixos.yaml";
|
|
};
|
|
};
|
|
}
|