141 lines
3.3 KiB
Nix
141 lines
3.3 KiB
Nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||
# and may be overwritten by future invocations. Please make changes
|
||
# to /etc/nixos/configuration.nix instead.
|
||
{ config, lib, inputs, ... }:
|
||
let
|
||
sanoidConfig = import ./config/sanoid.nix { };
|
||
disks = import ./config/disks.nix;
|
||
smartdDevices = map (device: { inherit device; }) disks;
|
||
in
|
||
{
|
||
imports =
|
||
[
|
||
inputs.disko.nixosModules.disko
|
||
(import ../../profiles/disko-nixos.nix { disks = [ "/dev/sda|/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_Plus_500GB_S58SNM0W406409E" ]; })
|
||
];
|
||
|
||
# Debug
|
||
# boot.zfs.forceImportRoot = lib.mkForce true;
|
||
|
||
boot = {
|
||
initrd = {
|
||
kernelModules = [ "nfs" ];
|
||
supportedFilesystems = [ "nfs" ];
|
||
};
|
||
|
||
kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ];
|
||
extraModulePackages = [ ];
|
||
kernelParams = [ "zfs.zfs_arc_max=107374182400" ]; # 100GB
|
||
};
|
||
|
||
users.users.root.openssh.authorizedKeys.keys = [
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAGSFTSVPt43PBpSMSF1dGTzN2JbxztDZUml7g4+PnWe CSI-Driver@talos"
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/W445gX2IINRbE6crIMwgN6Ks8LTzAXR86pS9xp335 root@Sting"
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBROTzSefJGJeCNUgNLbE5l4sHHg2fHUO4sCwqvP+zAd root@Gollum"
|
||
];
|
||
|
||
|
||
# VSCode Compatibility Settings
|
||
programs = {
|
||
_1password.enable = true;
|
||
nix-ld.enable = true;
|
||
};
|
||
services.vscode-server = {
|
||
enable = true;
|
||
};
|
||
|
||
# Home Manager
|
||
home-manager.users.jahanson = {
|
||
# Git settings
|
||
# TODO: Move to config module.
|
||
programs.git = {
|
||
enable = true;
|
||
userName = "Joseph Hanson";
|
||
userEmail = "joe@veri.dev";
|
||
|
||
extraConfig = {
|
||
core.autocrlf = "input";
|
||
init.defaultBranch = "main";
|
||
pull.rebase = true;
|
||
rebase.autoStash = true;
|
||
};
|
||
};
|
||
};
|
||
|
||
# Network settings
|
||
networking = {
|
||
hostName = "shadowfax";
|
||
hostId = "a885fabe";
|
||
useDHCP = false; # needed for bridge
|
||
networkmanager.enable = true;
|
||
firewall.enable = false;
|
||
interfaces = {
|
||
"enp36s0f0".useDHCP = true;
|
||
"enp36s0f1".useDHCP = true;
|
||
};
|
||
};
|
||
|
||
swapDevices = [ ];
|
||
|
||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||
|
||
sops = {
|
||
secrets = { };
|
||
};
|
||
|
||
services = {
|
||
smartd = {
|
||
devices = smartdDevices;
|
||
};
|
||
};
|
||
|
||
# System settings and services.
|
||
mySystem = {
|
||
purpose = "Production";
|
||
system = {
|
||
motd.networkInterfaces = [ "enp36s0f0" ];
|
||
# Incus
|
||
incus = {
|
||
enable = true;
|
||
preseed = import ./config/incus-preseed.nix { };
|
||
};
|
||
|
||
# ZFS
|
||
zfs.enable = true;
|
||
zfs.mountPoolsAtBoot = [
|
||
"nahar"
|
||
"moria"
|
||
];
|
||
|
||
# NFS
|
||
nfs.enable = true;
|
||
|
||
resticBackup = {
|
||
local.enable = false;
|
||
remote.enable = false;
|
||
local.noWarning = true;
|
||
remote.noWarning = true;
|
||
};
|
||
};
|
||
|
||
services = {
|
||
podman.enable = true;
|
||
libvirt-qemu.enable = true;
|
||
|
||
# Scrutiny
|
||
scrutiny = {
|
||
enable = true;
|
||
devices = disks;
|
||
extraCapabilities = [ "SYS_RAWIO" ];
|
||
containerVolumeLocation = "/nahar/containers/volumes/scrutiny";
|
||
port = 8585;
|
||
};
|
||
|
||
# Sanoid
|
||
sanoid = {
|
||
enable = true;
|
||
inherit (sanoidConfig.outputs) templates datasets;
|
||
};
|
||
};
|
||
};
|
||
}
|