2024-07-07 09:45:26 -05:00
|
|
|
# Do not modify this file! It was generated by `nixos-generate-config`
|
|
|
|
# and may be overwritten by future invocations. Please make changes
|
|
|
|
# to /etc/nixos/configuration.nix instead.
|
|
|
|
{ config, lib, modulesPath, ... }:
|
|
|
|
|
|
|
|
{
|
|
|
|
imports =
|
|
|
|
[
|
|
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
|
|
];
|
|
|
|
|
|
|
|
networking.hostId = "ce196a02";
|
|
|
|
networking.hostName = "telperion";
|
|
|
|
boot = {
|
|
|
|
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
|
|
|
initrd.kernelModules = [ ];
|
|
|
|
kernelModules = [ "kvm-intel" ];
|
|
|
|
extraModulePackages = [ ];
|
|
|
|
};
|
2024-07-30 18:47:59 -05:00
|
|
|
fileSystems = {
|
|
|
|
"/" = {
|
|
|
|
device = "zroot/root";
|
|
|
|
fsType = "zfs";
|
|
|
|
};
|
2024-07-07 09:45:26 -05:00
|
|
|
|
2024-07-30 18:47:59 -05:00
|
|
|
"/nix" = {
|
|
|
|
device = "zroot/nix";
|
|
|
|
fsType = "zfs";
|
|
|
|
};
|
2024-07-07 09:45:26 -05:00
|
|
|
|
2024-07-30 18:47:59 -05:00
|
|
|
"/var" = {
|
|
|
|
device = "zroot/var";
|
|
|
|
fsType = "zfs";
|
|
|
|
};
|
2024-07-07 09:45:26 -05:00
|
|
|
|
2024-07-30 18:47:59 -05:00
|
|
|
"/home" = {
|
|
|
|
device = "zroot/home";
|
|
|
|
fsType = "zfs";
|
|
|
|
};
|
2024-07-07 09:45:26 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
swapDevices = [ ];
|
|
|
|
|
|
|
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
|
|
|
2024-07-07 12:27:41 -05:00
|
|
|
sops = {
|
|
|
|
# Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
|
|
|
|
secrets = {
|
|
|
|
"bind/rndc-keys/externaldns" = {
|
|
|
|
owner = config.users.users.named.name;
|
|
|
|
inherit (config.users.users.named) group;
|
|
|
|
sopsFile = ./secrets.sops.yaml;
|
|
|
|
};
|
|
|
|
"bind/zones/jahanson.tech" = {
|
|
|
|
owner = config.users.users.named.name;
|
|
|
|
inherit (config.users.users.named) group;
|
|
|
|
sopsFile = ./secrets.sops.yaml;
|
|
|
|
};
|
|
|
|
"1password-credentials.json" = {
|
|
|
|
mode = "0444";
|
|
|
|
sopsFile = ./secrets.sops.yaml;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-07-07 09:45:26 -05:00
|
|
|
# System settings and services.
|
|
|
|
mySystem = {
|
|
|
|
purpose = "Production";
|
2024-07-30 18:47:59 -05:00
|
|
|
system = {
|
|
|
|
motd.networkInterfaces = [ "enp2s0" "wlp3s0" ];
|
|
|
|
resticBackup = {
|
|
|
|
local.enable = false;
|
|
|
|
remote.enable = false;
|
|
|
|
local.noWarning = true;
|
|
|
|
remote.noWarning = true;
|
|
|
|
};
|
|
|
|
};
|
2024-07-07 12:27:41 -05:00
|
|
|
|
|
|
|
services = {
|
|
|
|
podman.enable = true;
|
2024-07-07 15:15:51 -05:00
|
|
|
|
2024-07-07 12:27:41 -05:00
|
|
|
onepassword-connect = {
|
|
|
|
enable = true;
|
|
|
|
credentialsFile = config.sops.secrets."1password-credentials.json".path;
|
|
|
|
};
|
2024-07-07 15:15:51 -05:00
|
|
|
|
2024-07-07 12:27:41 -05:00
|
|
|
bind = {
|
|
|
|
enable = true;
|
|
|
|
extraConfig = import ./config/bind.nix { inherit config; };
|
|
|
|
};
|
2024-07-07 15:15:51 -05:00
|
|
|
|
2024-07-07 15:13:10 -05:00
|
|
|
haproxy = {
|
|
|
|
enable = true;
|
|
|
|
config = import ./config/haproxy.nix { inherit config; };
|
2024-07-15 17:38:21 -05:00
|
|
|
tcpPorts = [ 6443 6444 50000 ];
|
2024-07-07 15:13:10 -05:00
|
|
|
};
|
2024-08-13 19:11:35 -05:00
|
|
|
|
|
|
|
matchbox = {
|
|
|
|
enable = true;
|
2024-08-25 10:32:55 -05:00
|
|
|
# /var/lib/matchbox/{profiles,groups,ignition,cloud,generic}
|
|
|
|
dataPath = "/opt/talbox/data";
|
|
|
|
# /var/lib/matchbox/assets
|
|
|
|
assetPath = "/opt/talbox/assets";
|
2024-08-13 19:11:35 -05:00
|
|
|
};
|
|
|
|
|
|
|
|
dnsmasq = {
|
|
|
|
enable = true;
|
2024-08-25 10:32:55 -05:00
|
|
|
tftpRoot = "/opt/talbox";
|
2024-08-13 19:11:35 -05:00
|
|
|
bootAsset = "http://10.1.1.57:8086/boot.ipxe";
|
|
|
|
};
|
2024-07-07 12:27:41 -05:00
|
|
|
};
|
2024-07-07 09:45:26 -05:00
|
|
|
};
|
|
|
|
}
|