This repository has been archived on 2024-07-15. You can view files and clone it, but cannot push or open issues or pull requests.
nix-config/nixos/telperion/configuration.nix

133 lines
3.9 KiB
Nix
Raw Normal View History

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
2024-04-29 10:42:31 -05:00
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
2024-04-29 09:23:51 -05:00
sops = {
2024-04-29 12:55:40 -05:00
# Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
2024-04-29 09:23:51 -05:00
secrets = {
2024-04-29 12:53:50 -05:00
"bind/rndc-keys/externaldns" = {
2024-04-29 11:08:53 -05:00
owner = config.users.users.named.name;
inherit (config.users.users.named) group;
2024-04-29 09:23:51 -05:00
};
2024-04-29 12:55:40 -05:00
"bind/zones/jahanson.tech" = {
owner = config.users.users.named.name;
inherit (config.users.users.named) group;
};
2024-04-29 09:23:51 -05:00
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Network settings
networking = {
2024-04-29 11:46:21 -05:00
hostName = "telperion"; # Define your hostname.
networkmanager.enable = true;
};
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# Define a user account. Don't forget to set a password with passwd.
users.users.jahanson = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [
tree
];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
2024-04-30 07:50:04 -05:00
matchbox-server
];
2024-04-29 21:42:18 -05:00
# Bind DNS server for externaldns on k8s to push zone updates
2024-04-29 09:23:51 -05:00
services.bind = {
enable = true;
2024-04-29 13:01:13 -05:00
extraConfig = import ./config/bind.nix {inherit config;};
2024-04-29 09:23:51 -05:00
};
services.dnsmasq = {
2024-04-29 21:42:18 -05:00
enable = true;
resolveLocalQueries = false;
settings = {
2024-04-30 14:35:29 -05:00
port=0;
dhcp-range = [ "10.1.1.1,proxy,255.255.255.0" ];
enable-tftp = true;
tftp-root="/srv/tftp";
# if request comes from older PXE ROM, chainload to iPXE (via TFTP)
2024-04-30 14:22:13 -05:00
# also this hack sucks, but it works
pxe-service=''
2024-04-30 14:25:58 -05:00
tag:#ipxe,x86PC,"PXE chainload to iPXE",undionly.kpxe
2024-04-30 14:22:13 -05:00
pxe-service=tag:ipxe,0,matchbox,http://10.1.1.57:8080/boot.ipxe
'';
# if request comes from iPXE user class, set tag "ipxe"
dhcp-userclass="set:ipxe,iPXE";
# point ipxe tagged requests to the matchbox iPXE boot script (via HTTP)
# pxe-service="tag:ipxe,0,matchbox,http://10.1.1.57:8080/boot.ipxe";
log-queries = true;
log-dhcp = true;
};
2024-04-29 21:42:18 -05:00
};
2024-04-30 07:50:04 -05:00
# Matchbox Server for PXE booting via device profiles
2024-04-30 07:52:27 -05:00
users.groups.matchbox = {};
2024-04-30 07:50:04 -05:00
users.users = {
matchbox = {
2024-04-30 07:56:56 -05:00
home = "/srv/matchbox";
2024-04-30 07:50:04 -05:00
group = "matchbox";
2024-04-30 07:52:27 -05:00
isSystemUser = true;
2024-04-30 07:50:04 -05:00
};
};
systemd.services.matchbox = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
2024-04-30 08:13:43 -05:00
ExecStart = "${pkgs.matchbox-server}/bin/matchbox -address=0.0.0.0:8080 -data-path=/srv/matchbox -assets-path=/srv/matchbox/assets -log-level=debug";
2024-04-30 07:50:04 -05:00
Restart = "on-failure";
2024-04-30 08:13:43 -05:00
User = "matchbox";
Group = "matchbox";
2024-04-30 07:50:04 -05:00
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
2024-04-29 10:49:52 -05:00
system.stateVersion = "24.05"; # Did you read the comment?
}