156 lines
4 KiB
Nix
156 lines
4 KiB
Nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||
# and may be overwritten by future invocations. Please make changes
|
||
# to /etc/nixos/configuration.nix instead.
|
||
{ config, lib, inputs, ... }:
|
||
{
|
||
imports =
|
||
[
|
||
inputs.disko.nixosModules.disko
|
||
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/nvme4n1" ]; })
|
||
];
|
||
|
||
boot = {
|
||
initrd = {
|
||
kernelModules = [ "nfs" ];
|
||
supportedFilesystems = [ "nfs" ];
|
||
};
|
||
|
||
kernelModules = [ "kvm-intel" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
|
||
extraModulePackages = [ ];
|
||
kernelParams = [ "iommu=pt" "intel_iommu=on" "zfs.zfs_arc_max=107374182400" ]; # 100GB
|
||
};
|
||
|
||
users.users.root.openssh.authorizedKeys.keys = [
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/W445gX2IINRbE6crIMwgN6Ks8LTzAXR86pS9xp335 root@Sting"
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
||
];
|
||
|
||
# VSCode Compatibility Settings
|
||
programs.nix-ld.enable = true;
|
||
services.vscode-server = {
|
||
enable = true;
|
||
};
|
||
|
||
# Home Manager
|
||
home-manager.users.jahanson = {
|
||
# Git settings
|
||
# TODO: Move to config module.
|
||
programs.git = {
|
||
enable = true;
|
||
userName = "Joseph Hanson";
|
||
userEmail = "joe@veri.dev";
|
||
|
||
extraConfig = {
|
||
core.autocrlf = "input";
|
||
init.defaultBranch = "main";
|
||
pull.rebase = true;
|
||
rebase.autoStash = true;
|
||
};
|
||
};
|
||
};
|
||
|
||
# Network settings
|
||
networking = {
|
||
hostName = "gandalf";
|
||
hostId = "e2fc95cd";
|
||
useDHCP = false; # needed for bridge
|
||
networkmanager.enable = true;
|
||
# TODO: Add ports specifically.
|
||
firewall.enable = false;
|
||
interfaces = {
|
||
"enp130s0f0".useDHCP = true;
|
||
"enp130s0f1".useDHCP = true;
|
||
};
|
||
|
||
# For VMs
|
||
# bridges = {
|
||
# "br0" = {
|
||
# interfaces = [ "enp130s0f1" ];
|
||
# };
|
||
# };
|
||
};
|
||
|
||
swapDevices = [ ];
|
||
|
||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||
|
||
sops = {
|
||
secrets = {
|
||
"lego/dnsimple/token" = {
|
||
mode = "0444";
|
||
sopsFile = ./secrets.sops.yaml;
|
||
};
|
||
"borg/repository/passphrase" = {
|
||
sopsFile = ./secrets.sops.yaml;
|
||
};
|
||
};
|
||
};
|
||
|
||
# no de
|
||
services = {
|
||
xserver = {
|
||
enable = false;
|
||
displayManager.gdm.enable = false;
|
||
desktopManager.gnome.enable = false;
|
||
};
|
||
};
|
||
|
||
# System settings and services.
|
||
mySystem = {
|
||
purpose = "Production";
|
||
system = {
|
||
motd.networkInterfaces = [ "enp130s0f0" "enp130s0f1" ];
|
||
# Incus
|
||
incus = {
|
||
enable = true;
|
||
};
|
||
# ZFS
|
||
zfs.enable = true;
|
||
zfs.mountPoolsAtBoot = [ "eru" ];
|
||
# NFS
|
||
nfs.enable = true;
|
||
# Samba
|
||
samba = {
|
||
enable = true;
|
||
shares = import ./config/samba-shares.nix { };
|
||
extraConfig = import ./config/samba-config.nix { };
|
||
};
|
||
resticBackup = {
|
||
local.enable = false;
|
||
remote.enable = false;
|
||
local.noWarning = true;
|
||
remote.noWarning = true;
|
||
};
|
||
# Borg
|
||
# My only borg backup was for the Unifi controller. I've since installed a UDM SE.
|
||
# borgbackup = {
|
||
# enable = true;
|
||
# paths = [ "/eru/containers/volumes/unifi/" ];
|
||
# exclude = [ ];
|
||
# repo = "ssh://t3zvn0dd@t3zvn0dd.repo.borgbase.com/./repo";
|
||
# repoKeyPath = config.sops.secrets."borg/repository/passphrase".path;
|
||
# };
|
||
};
|
||
services = {
|
||
podman.enable = true;
|
||
libvirt-qemu.enable = true;
|
||
|
||
# Sanoid
|
||
sanoid = {
|
||
enable = true;
|
||
inherit (sanoidConfig.outputs) templates datasets;
|
||
};
|
||
|
||
# Unifi & Lego-Auto
|
||
# unifi.enable = true;
|
||
lego-auto = {
|
||
enable = true;
|
||
dnsimpleTokenPath = "${config.sops.secrets."lego/dnsimple/token".path}";
|
||
domains = "gandalf.jahanson.tech";
|
||
email = "joe@veri.dev";
|
||
provider = "dnsimple";
|
||
};
|
||
};
|
||
};
|
||
}
|