46 lines
1,005 B
Nix
46 lines
1,005 B
Nix
|
{
|
||
|
|
lib,
|
||
|
|
config,
|
||
|
|
inputs,
|
||
|
|
...
|
||
|
|
}: {
|
||
|
|
imports = [inputs.nixos-hardware.nixosModules.raspberry-pi-4];
|
||
|
|
|
||
|
|
config = {
|
||
|
|
pim = {
|
||
|
|
tailscale.advertiseExitNode = true;
|
||
|
|
sopsKeys.root = ./nixos.sops.yaml;
|
||
|
|
prometheus.enable = true;
|
||
|
|
};
|
||
|
|
|
||
|
|
facter.reportPath = ./facter.json;
|
||
|
|
networking.hostName = "warwick";
|
||
|
|
system.stateVersion = "23.05";
|
||
|
|
|
||
|
|
systemd.network.networks."30-main-nic" = {
|
||
|
|
matchConfig.Name = lib.mkForce "end*";
|
||
|
|
networkConfig.IPv6AcceptRA = true;
|
||
|
|
};
|
||
|
|
|
||
|
|
deployment = {
|
||
|
|
targetHost = "warwick";
|
||
|
|
targetUser = "root";
|
||
|
|
tags = ["server"];
|
||
|
|
buildOnTarget = true;
|
||
|
|
};
|
||
|
|
|
||
|
|
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
|
||
|
|
|
||
|
|
sops = {
|
||
|
|
age.keyFile = "/root/.config/sops/age/keys.txt";
|
||
|
|
defaultSopsFile = ./nixos.sops.yaml;
|
||
|
|
};
|
||
|
|
|
||
|
|
fileSystems."/" = {
|
||
|
|
device = "/dev/disk/by-label/NIXOS_SD";
|
||
|
|
fsType = "ext4";
|
||
|
|
options = ["noatime"];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|