# Do not modify this file! It was generated by `nixos-generate-config` # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { config, lib, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; networking.hostId = "ce196a02"; networking.hostName = "telperion"; boot = { initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; initrd.kernelModules = [ ]; kernelModules = [ "kvm-intel" ]; extraModulePackages = [ ]; }; fileSystems."/" = { device = "zroot/root"; fsType = "zfs"; }; fileSystems."/nix" = { device = "zroot/nix"; fsType = "zfs"; }; fileSystems."/var" = { device = "zroot/var"; fsType = "zfs"; }; fileSystems."/home" = { device = "zroot/home"; fsType = "zfs"; }; swapDevices = [ ]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; sops = { # Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default. secrets = { "bind/rndc-keys/externaldns" = { owner = config.users.users.named.name; inherit (config.users.users.named) group; sopsFile = ./secrets.sops.yaml; }; "bind/zones/jahanson.tech" = { owner = config.users.users.named.name; inherit (config.users.users.named) group; sopsFile = ./secrets.sops.yaml; }; "1password-credentials.json" = { mode = "0444"; sopsFile = ./secrets.sops.yaml; }; }; }; # System settings and services. mySystem = { purpose = "Production"; system.motd.networkInterfaces = [ "enp2s0" "wlp3s0" ]; services = { podman.enable = true; onepassword-connect = { enable = true; credentialsFile = config.sops.secrets."1password-credentials.json".path; }; bind = { enable = true; extraConfig = import ./config/bind.nix { inherit config; }; }; }; }; }