2024-07-13 03:13:00 -05:00
|
|
|
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
|
|
|
# and may be overwritten by future invocations. Please make changes
|
|
|
|
|
# to /etc/nixos/configuration.nix instead.
|
2024-07-14 06:02:32 -05:00
|
|
|
|
{ config, lib, modulesPath, inputs, ... }:
|
2024-07-26 15:23:35 -05:00
|
|
|
|
let
|
2024-07-13 08:57:32 -05:00
|
|
|
|
sanoidConfig = import ./config/sanoid.nix { };
|
|
|
|
|
in
|
2024-07-13 03:13:00 -05:00
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[
|
|
|
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
2024-07-14 06:02:32 -05:00
|
|
|
|
inputs.disko.nixosModules.disko
|
2024-07-14 06:10:45 -05:00
|
|
|
|
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
|
2024-07-13 03:13:00 -05:00
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
boot = {
|
2024-07-13 05:04:49 -05:00
|
|
|
|
initrd = {
|
|
|
|
|
availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
|
|
|
|
|
kernelModules = [ "nfs" ];
|
|
|
|
|
supportedFilesystems = [ "nfs" ];
|
|
|
|
|
};
|
|
|
|
|
|
2024-07-13 03:13:00 -05:00
|
|
|
|
kernelModules = [ "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
|
|
|
|
|
extraModulePackages = [ ];
|
2024-07-13 05:04:49 -05:00
|
|
|
|
kernelParams = [ "iommu=pt" "intel_iommu=on" "zfs.zfs_arc_max=107374182400" ]; # 100GB
|
2024-07-13 03:13:00 -05:00
|
|
|
|
};
|
2024-07-13 05:04:49 -05:00
|
|
|
|
|
2024-07-14 07:36:54 -05:00
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
2024-07-22 06:58:38 -05:00
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/W445gX2IINRbE6crIMwgN6Ks8LTzAXR86pS9xp335 root@Sting"
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
2024-07-14 07:36:54 -05:00
|
|
|
|
];
|
|
|
|
|
|
2024-07-13 03:13:00 -05:00
|
|
|
|
# Network settings
|
|
|
|
|
networking = {
|
2024-07-13 05:04:49 -05:00
|
|
|
|
hostName = "gandalf";
|
2024-07-13 03:13:00 -05:00
|
|
|
|
hostId = "e2fc95cd";
|
|
|
|
|
useDHCP = false; # needed for bridge
|
|
|
|
|
networkmanager.enable = true;
|
|
|
|
|
# TODO: Add ports specifically.
|
2024-07-26 21:56:54 -05:00
|
|
|
|
firewall.enable = false;
|
2024-07-13 03:13:00 -05:00
|
|
|
|
interfaces = {
|
|
|
|
|
"enp130s0f0".useDHCP = true;
|
|
|
|
|
"enp130s0f1".useDHCP = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# For VMs
|
|
|
|
|
bridges = {
|
|
|
|
|
"br0" = {
|
|
|
|
|
interfaces = [ "enp130s0f1" ];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
swapDevices = [ ];
|
|
|
|
|
|
|
|
|
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
|
|
|
|
2024-07-13 08:57:32 -05:00
|
|
|
|
sops = {
|
|
|
|
|
secrets = {
|
|
|
|
|
"lego/dnsimple/token" = {
|
|
|
|
|
mode = "0444";
|
|
|
|
|
sopsFile = ./secrets.sops.yaml;
|
|
|
|
|
};
|
2024-07-26 23:01:01 -05:00
|
|
|
|
"borg/repository/passphrase" = {
|
2024-07-26 21:52:12 -05:00
|
|
|
|
sopsFile = ./secrets.sops.yaml;
|
|
|
|
|
};
|
2024-07-13 08:57:32 -05:00
|
|
|
|
};
|
|
|
|
|
};
|
2024-07-26 15:23:35 -05:00
|
|
|
|
|
2024-08-07 07:21:58 -05:00
|
|
|
|
# no de
|
|
|
|
|
services = {
|
|
|
|
|
xserver = {
|
|
|
|
|
enable = false;
|
|
|
|
|
displayManager.gdm.enable = false;
|
|
|
|
|
desktopManager.gnome.enable = false;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-07-13 03:13:00 -05:00
|
|
|
|
# System settings and services.
|
|
|
|
|
mySystem = {
|
|
|
|
|
purpose = "Production";
|
2024-07-13 05:04:49 -05:00
|
|
|
|
system = {
|
|
|
|
|
motd.networkInterfaces = [ "enp130s0f0" "enp130s0f1" ];
|
|
|
|
|
# ZFS
|
|
|
|
|
zfs.enable = true;
|
|
|
|
|
zfs.mountPoolsAtBoot = [ "eru" ];
|
|
|
|
|
# NFS
|
|
|
|
|
nfs.enable = true;
|
|
|
|
|
# Samba
|
2024-07-30 18:47:59 -05:00
|
|
|
|
samba = {
|
|
|
|
|
enable = true;
|
|
|
|
|
shares = import ./config/samba-shares.nix { };
|
|
|
|
|
extraConfig = import ./config/samba-config.nix { };
|
|
|
|
|
};
|
|
|
|
|
resticBackup = {
|
|
|
|
|
local.enable = false;
|
|
|
|
|
remote.enable = false;
|
|
|
|
|
local.noWarning = true;
|
|
|
|
|
remote.noWarning = true;
|
|
|
|
|
};
|
2024-07-26 23:56:41 -05:00
|
|
|
|
# Borg
|
2024-07-26 23:51:45 -05:00
|
|
|
|
borgbackup = {
|
|
|
|
|
enable = true;
|
2024-07-26 23:56:41 -05:00
|
|
|
|
paths = [ "/eru/containers/volumes/unifi/" ];
|
2024-07-26 23:51:45 -05:00
|
|
|
|
exclude = [ ];
|
|
|
|
|
repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
|
|
|
|
|
repoKeyPath = config.sops.secrets."borg/repository/passphrase".path;
|
|
|
|
|
};
|
2024-07-26 22:25:10 -05:00
|
|
|
|
};
|
|
|
|
|
services = {
|
|
|
|
|
podman.enable = true;
|
|
|
|
|
libvirt-qemu.enable = true;
|
2024-07-13 08:57:32 -05:00
|
|
|
|
|
2024-07-26 22:25:10 -05:00
|
|
|
|
# Sanoid
|
|
|
|
|
sanoid = {
|
|
|
|
|
enable = true;
|
|
|
|
|
inherit (sanoidConfig.outputs) templates datasets;
|
|
|
|
|
};
|
2024-07-26 15:23:35 -05:00
|
|
|
|
|
2024-07-26 22:25:10 -05:00
|
|
|
|
# Unifi & Lego-Auto
|
|
|
|
|
unifi.enable = true;
|
|
|
|
|
lego-auto = {
|
|
|
|
|
enable = true;
|
|
|
|
|
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
|
|
|
|
|
domains = "gandalf.jahanson.tech";
|
|
|
|
|
email = "joe@veri.dev";
|
|
|
|
|
provider = "dnsimple";
|
2024-07-13 08:57:32 -05:00
|
|
|
|
};
|
|
|
|
|
};
|
2024-07-26 22:25:10 -05:00
|
|
|
|
};
|
|
|
|
|
}
|