nixos-servers/modules/default.nix
2024-10-28 14:12:06 +01:00

166 lines
3.5 KiB
Nix

{
self,
pkgs,
config,
lib,
inputs,
machine,
...
}: {
imports =
[
./storage.nix
./backups.nix
./networking
./data-sharing.nix
./monitoring
./k3s
./tailscale.nix
machine.nixosModule
inputs.disko.nixosModules.disko
inputs.sops-nix.nixosModules.sops
inputs.nix-snapshotter.nixosModules.nix-snapshotter
]
++ lib.lists.optional (machine.isRaspberryPi) inputs.nixos-hardware.nixosModules.raspberry-pi-4;
config = {
time.timeZone = "Europe/Amsterdam";
hardware.cpu.intel.updateMicrocode = lib.mkIf (! machine.isRaspberryPi) config.hardware.enableRedistributableFirmware;
nixpkgs = {
config.allowUnfree = true;
overlays = [
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = machine.arch;
};
})
];
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = let
extraLocale = "nl_NL.UTF-8";
in {
LC_ADDRESS = extraLocale;
LC_IDENTIFICATION = extraLocale;
LC_MEASUREMENT = extraLocale;
LC_MONETARY = extraLocale;
LC_NAME = extraLocale;
LC_NUMERIC = extraLocale;
LC_PAPER = extraLocale;
LC_TELEPHONE = extraLocale;
LC_TIME = extraLocale;
};
};
services = {
openssh = {
enable = true;
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
GSSAPIAuthentication = false;
UseDns = false;
};
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"
];
programs.neovim = {
enable = true;
vimAlias = true;
viAlias = true;
};
environment.systemPackages = with pkgs; [
wget
git
btop
htop
ripgrep
dig
tree
file
tcpdump
lsof
parted
radvd
minicom
socat
pciutils
dmidecode
openssl
nfs-utils
rsync
fio
libva-utils
jq
tmux
fastfetch
];
boot = lib.mkIf (! machine.isRaspberryPi) {
kernelModules = ["kvm-intel"];
extraModulePackages = [];
kernel.sysctl."fs.inotify.max_user_instances" = 256;
initrd = {
kernelModules = [];
availableKernelModules = [
"ahci"
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
};
loader = {
systemd-boot.enable = lib.mkDefault true;
efi.canTouchEfiVariables = true;
};
};
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
system = {
stateVersion = "23.05";
activationScripts.diff = ''
if [[ -e /run/current-system ]]; then
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
fi
'';
};
sops = {
age.keyFile = "/root/.config/sops/age/keys.txt";
defaultSopsFile = "${self}/secrets/nixos.yaml";
};
};
}