# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
inputs,
...
}:
# let
# sanoidConfig = import ./config/sanoid.nix { };
# disks = import ./config/disks.nix;
# smartdDevices = map (device: { inherit device; }) disks;
# in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.disko.nixosModules.disko
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; })
];
boot = {
initrd = {
availableKernelModules = [
"ehci_pci"
"ahci"
"mpt3sas"
"isci"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ "nfs" ];
supportedFilesystems = [ "nfs" ];
};
kernelModules = [
"kvm-intel"
"vfio"
"vfio_iommu_type1"
"vfio_pci"
"vfio_virqfd"
];
extraModulePackages = [ ];
kernelParams = [
"iommu=pt"
"intel_iommu=on"
"zfs.zfs_arc_max=107374182400"
]; # 100GB
};
swapDevices = [ ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
];
# Network settings
networking = {
hostName = "gandalf";
hostId = "e2fc95cd";
useDHCP = false; # needed for bridge
networkmanager.enable = true;
firewall.enable = false;
nftables.enable = false;
interfaces = {
"enp130s0f0".useDHCP = true;
"eno1".useDHCP = true;
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# VSCode Compatibility Settings
programs.nix-ld.enable = true;
services.vscode-server = {
enable = true;
};
# Home Manager
home-manager.users.jahanson = {
# Git settings
# TODO: Move to config module.
programs.git = {
enable = true;
userName = "Joseph Hanson";
userEmail = "joe@veri.dev";
extraConfig = {
core.autocrlf = "input";
init.defaultBranch = "main";
pull.rebase = true;
rebase.autoStash = true;
};
};
};
# sops
sops = {
secrets = {
"borg/repository/passphrase" = {
sopsFile = ./secrets.sops.yaml;
};
"syncthing/publicCert" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
mode = "400";
restartUnits = [ "syncthing.service" ];
};
"syncthing/privateKey" = {
sopsFile = ./secrets.sops.yaml;
owner = "jahanson";
mode = "400";
restartUnits = [ "syncthing.service" ];
};
};
};
services = {
# Smart daemon for monitoring disk health.
smartd = {
# devices = smartdDevices;
# Short test every day at 2:00 AM and long test every Sunday at 4:00 AM.
defaults.monitored = "-a -o on -s (S/../.././02|L/../../7/04)";
};
# ZFS Exporter
prometheus.exporters.zfs.enable = true;
# samba = {
# enable = true;
# settings = import ./config/samba-config.nix { };
# openFirewall = true;
# };
};
# System settings and services.
mySystem = {
purpose = "Production";
system = {
motd.networkInterfaces = [
"enp130s0f0"
"eno1"
];
# Incus
# incus = {
# enable = true;
# preseed = import ./config/incus-preseed.nix { };
# webuiport = 8445;
# };
# ZFS
zfs.enable = true;
# zfs.mountPoolsAtBoot = [ "eru" ];
# NFS
nfs.enable = true;
};
services = {
libvirt-qemu.enable = true;
podman.enable = true;
# Syncthing
syncthing = {
enable = true;
user = "jahanson";
publicCertPath = config.sops.secrets."syncthing/publicCert".path;
privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
};
# # Scrutiny
# scrutiny = {
# enable = true;
# devices = disks;
# extraCapabilities = [ "SYS_RAWIO" ];
# containerVolumeLocation = "/eru/containers/volumes/scrutiny";
# port = 8585;
# };
# Sanoid
# sanoid = {
# enable = true;
# inherit (sanoidConfig.outputs) templates datasets;
# };
};
};
}