mochi/nixos/hosts/varda/default.nix

105 lines
2.2 KiB
Nix
Raw Normal View History

2024-12-27 21:30:25 -06:00
{
2025-02-23 20:25:19 -06:00
pkgs,
config,
...
}: {
imports = [./resources/prune-backup.nix];
2024-06-20 08:59:56 -05:00
networking.hostId = "cdab8473";
networking.hostName = "varda"; # Define your hostname.
2025-01-03 17:31:42 -06:00
# Add required CIFS support
environment.systemPackages = with pkgs; [
cifs-utils
2025-03-09 00:17:28 -06:00
minio-client
2025-01-03 17:31:42 -06:00
];
2024-07-30 18:47:59 -05:00
fileSystems = {
"/" = {
device = "rpool/root";
fsType = "zfs";
};
2024-06-20 08:59:56 -05:00
2024-07-30 18:47:59 -05:00
"/home" = {
device = "rpool/home";
fsType = "zfs";
};
2024-06-20 08:59:56 -05:00
2024-07-30 18:47:59 -05:00
"/boot" = {
device = "/dev/disk/by-uuid/8091-E7F2";
fsType = "vfat";
};
2025-01-03 17:31:42 -06:00
"/mnt/storagebox" = {
device = "//u370253-sub2.your-storagebox.de/u370253-sub2";
fsType = "cifs";
2025-02-23 20:25:19 -06:00
options = let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s,user,vers=3";
in [
"${automount_opts},credentials=${config.sops.secrets.sambaCredentials.path},uid=994,gid=993" # evaluated and deployed from another machine
];
2025-01-03 17:31:42 -06:00
};
2024-06-22 08:49:32 -05:00
};
2024-06-20 08:59:56 -05:00
2025-02-23 20:25:19 -06:00
swapDevices = [];
2024-06-20 08:59:56 -05:00
2025-01-03 17:31:42 -06:00
# sops
sops = {
secrets = {
"sambaCredentials" = {
sopsFile = ./secrets.sops.yaml;
};
2025-03-09 12:53:38 -05:00
"security/acme/env" = {
sopsFile = ./secrets.sops.yaml;
};
2025-01-03 17:31:42 -06:00
};
};
2025-03-09 00:17:28 -06:00
programs = {
# Mosh
mosh = {
enable = true;
openFirewall = true;
};
};
2025-02-23 20:25:19 -06:00
services = {
zfs = {
2025-03-09 00:17:28 -06:00
# This helps a lot when upgrading
2025-02-23 20:25:19 -06:00
expandOnBoot = "all";
autoScrub.enable = true;
trim.enable = true;
};
};
2025-03-09 12:53:38 -05:00
# ACME (Let's Encrypt) Configuration
security.acme = {
acceptTerms = true;
defaults.email = "admin@${config.networking.domain}";
certs.${config.networking.domain} = {
extraDomainNames = [
"${config.networking.domain}"
"*.${config.networking.domain}"
];
dnsProvider = "dnsimple";
dnsResolver = "1.1.1.1:53";
credentialsFile = config.sops.secrets."security/acme/env".path;
};
};
2024-06-20 08:59:56 -05:00
# System settings and services.
mySystem = {
2024-06-22 10:08:29 -05:00
purpose = "Production";
2025-02-23 20:25:19 -06:00
system.motd.networkInterfaces = ["enp1s0"];
2024-06-20 08:59:56 -05:00
services = {
2024-09-15 10:49:44 -05:00
forgejo = {
enable = true;
package = pkgs.unstable.forgejo;
};
2024-06-20 08:59:56 -05:00
nginx.enable = true;
};
};
}