mochi/nixos/hosts/gandalf/default.nix

121 lines
3.4 KiB
Nix
Raw Normal View History

2024-07-13 03:13:00 -05:00
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
2024-07-14 06:02:32 -05:00
{ config, lib, modulesPath, inputs, ... }:
2024-07-26 15:23:35 -05:00
let
sanoidConfig = import ./config/sanoid.nix { };
in
2024-07-13 03:13:00 -05:00
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
2024-07-14 06:02:32 -05:00
inputs.disko.nixosModules.disko
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
2024-07-13 03:13:00 -05:00
];
boot = {
2024-07-13 05:04:49 -05:00
initrd = {
availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ "nfs" ];
supportedFilesystems = [ "nfs" ];
};
2024-07-13 03:13:00 -05:00
kernelModules = [ "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
extraModulePackages = [ ];
2024-07-13 05:04:49 -05:00
kernelParams = [ "iommu=pt" "intel_iommu=on" "zfs.zfs_arc_max=107374182400" ]; # 100GB
2024-07-13 03:13:00 -05:00
};
2024-07-13 05:04:49 -05:00
2024-07-14 07:36:54 -05:00
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
2024-07-22 06:58:38 -05:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/W445gX2IINRbE6crIMwgN6Ks8LTzAXR86pS9xp335 root@Sting"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
2024-07-14 07:36:54 -05:00
];
2024-07-13 03:13:00 -05:00
# Network settings
networking = {
2024-07-13 05:04:49 -05:00
hostName = "gandalf";
2024-07-13 03:13:00 -05:00
hostId = "e2fc95cd";
useDHCP = false; # needed for bridge
networkmanager.enable = true;
# TODO: Add ports specifically.
2024-07-26 21:56:54 -05:00
firewall.enable = false;
2024-07-13 03:13:00 -05:00
interfaces = {
"enp130s0f0".useDHCP = true;
"enp130s0f1".useDHCP = true;
};
# For VMs
bridges = {
"br0" = {
interfaces = [ "enp130s0f1" ];
};
};
};
swapDevices = [ ];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
sops = {
secrets = {
"lego/dnsimple/token" = {
mode = "0444";
sopsFile = ./secrets.sops.yaml;
};
2024-07-26 23:01:01 -05:00
"borg/repository/location" = {
sopsFile = ./secrets.sops.yaml;
};
"borg/repository/passphrase" = {
2024-07-26 21:52:12 -05:00
sopsFile = ./secrets.sops.yaml;
};
};
};
2024-07-26 15:23:35 -05:00
2024-07-13 03:13:00 -05:00
# System settings and services.
mySystem = {
purpose = "Production";
2024-07-13 05:04:49 -05:00
system = {
motd.networkInterfaces = [ "enp130s0f0" "enp130s0f1" ];
# ZFS
zfs.enable = true;
zfs.mountPoolsAtBoot = [ "eru" ];
# NFS
nfs.enable = true;
# Samba
samba.enable = true;
samba.shares = import ./config/samba-shares.nix { };
samba.extraConfig = import ./config/samba-config.nix { };
2024-07-26 15:23:35 -05:00
resticBackup.local.enable = false;
resticBackup.remote.enable = false;
2024-07-26 21:52:12 -05:00
# # Borg
# borgbackup = {
# enable = true;
# paths = [ "/home" ];
# exclude = [ ];
# repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
# repoKeyPath = "/run/secrets/borgbackup/telchar";
# };
2024-07-26 22:25:10 -05:00
};
services = {
podman.enable = true;
libvirt-qemu.enable = true;
2024-07-26 22:25:10 -05:00
# Sanoid
sanoid = {
enable = true;
inherit (sanoidConfig.outputs) templates datasets;
};
2024-07-26 15:23:35 -05:00
2024-07-26 22:25:10 -05:00
# Unifi & Lego-Auto
unifi.enable = true;
lego-auto = {
enable = true;
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
domains = "gandalf.jahanson.tech";
email = "joe@veri.dev";
provider = "dnsimple";
};
};
2024-07-26 22:25:10 -05:00
};
}