# Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, modulesPath, inputs, ... }: let sanoidConfig = import ./config/sanoid.nix { }; in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") inputs.disko.nixosModules.disko (import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda" ]; }) ]; boot = { initrd = { availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "isci" "usbhid" "usb_storage" "sd_mod" ]; kernelModules = [ "nfs" ]; supportedFilesystems = [ "nfs" ]; }; kernelModules = [ "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; extraModulePackages = [ ]; kernelParams = [ "iommu=pt" "intel_iommu=on" "zfs.zfs_arc_max=107374182400" ]; # 100GB }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/W445gX2IINRbE6crIMwgN6Ks8LTzAXR86pS9xp335 root@Sting" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum" ]; # Network settings networking = { hostName = "gandalf"; hostId = "e2fc95cd"; useDHCP = false; # needed for bridge networkmanager.enable = true; # TODO: Add ports specifically. firewall.enable = false; interfaces = { "enp130s0f0".useDHCP = true; "enp130s0f1".useDHCP = true; }; # For VMs bridges = { "br0" = { interfaces = [ "enp130s0f1" ]; }; }; }; swapDevices = [ ]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; sops = { secrets = { "lego/dnsimple/token" = { mode = "0444"; sopsFile = ./secrets.sops.yaml; }; "borg/repositories/gandalf" = { mode = "0444"; sopsFile = ./secrets.sops.yaml; }; }; }; # System settings and services. mySystem = { purpose = "Production"; system = { motd.networkInterfaces = [ "enp130s0f0" "enp130s0f1" ]; # ZFS zfs.enable = true; zfs.mountPoolsAtBoot = [ "eru" ]; # NFS nfs.enable = true; # Samba samba.enable = true; samba.shares = import ./config/samba-shares.nix { }; samba.extraConfig = import ./config/samba-config.nix { }; resticBackup.local.enable = false; resticBackup.remote.enable = false; # # Borg # borgbackup = { # enable = true; # paths = [ "/home" ]; # exclude = [ ]; # repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo"; # repoKeyPath = "/run/secrets/borgbackup/telchar"; # }; }; services = { podman.enable = true; libvirt-qemu.enable = true; # Sanoid sanoid = { enable = true; inherit (sanoidConfig.outputs) templates datasets; }; # Unifi & Lego-Auto unifi.enable = true; lego-auto = { enable = true; dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}"; domains = "gandalf.jahanson.tech"; email = "joe@veri.dev"; provider = "dnsimple"; }; }; }; }