nix-configs/nixos-configurations/orangepihole.nix

176 lines
3.7 KiB
Nix
Raw Normal View History

2024-09-20 21:16:48 -04:00
{
config,
pkgs,
modulesPath,
ezModules,
lib,
inputs,
...
}:
2024-04-05 22:04:41 -04:00
{
2024-09-05 19:08:29 -04:00
imports = [
# Include the results of the hardware scan.
2024-09-20 21:16:48 -04:00
"${modulesPath}/installer/scan/not-detected.nix"
inputs.impermanence.nixosModules.impermanence
2024-12-29 18:59:34 -05:00
ezModules.dhcp
2024-09-20 21:16:48 -04:00
ezModules.networkd-base
2024-12-29 18:59:34 -05:00
ezModules.unbound
2024-05-11 12:51:25 -04:00
];
2024-04-05 22:04:41 -04:00
2024-09-20 21:16:48 -04:00
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
timeout = 1;
};
tmp.cleanOnBoot = true;
};
fileSystems = {
"/" = {
device = "none";
fsType = "tmpfs";
options = [
"defaults"
"mode=755"
];
};
"/persist" = {
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs";
neededForBoot = true;
options = [
"compress=lzo"
"autodefrag"
"defaults"
"subvol=@nixos/root"
];
};
"/boot" = {
device = "/dev/disk/by-uuid/a4d76da9-b8eb-4615-9d64-a36e1383da80";
fsType = "ext4";
options = [ "defaults" ];
};
"/nix" = {
device = "/dev/disk/by-uuid/6df53c4f-42b6-478b-8be4-f7887ad18b5b";
fsType = "btrfs";
options = [
"compress=lzo"
"autodefrag"
"defaults"
"subvol=@nixos/nix"
];
};
};
2024-12-31 11:06:02 -05:00
mainInterface = "end0";
2024-12-31 13:28:56 -05:00
mainInterfaceConfig = "40-end0";
2024-09-20 21:16:48 -04:00
2024-04-05 22:04:41 -04:00
networking = {
hostName = "orangepihole"; # Define your hostname.
2024-09-20 21:16:48 -04:00
useDHCP = lib.mkDefault true;
2024-04-05 22:04:41 -04:00
};
2024-12-31 13:28:56 -05:00
systemd.network.networks."40-end0" = {
2024-04-05 22:04:41 -04:00
matchConfig.Name = "end0";
2024-09-05 19:08:29 -04:00
address = [
"10.42.69.2/24"
"fd72:3dd5:21ae:3c97::2/64"
];
dns = [
"10.42.69.2"
2024-12-31 11:06:02 -05:00
"10.42.69.100"
2024-09-05 19:08:29 -04:00
];
2024-04-05 22:04:41 -04:00
domains = [ "icanttype.org" ];
gateway = [ "10.42.69.1" ];
dhcpServerConfig = {
PoolOffset = 150;
2024-09-20 21:16:48 -04:00
};
2024-04-05 22:04:41 -04:00
};
zramSwap.enable = true;
2024-09-05 19:08:29 -04:00
swapDevices = [
{
device = "/persist/swapfile";
2024-12-29 18:59:34 -05:00
size = 4096;
2024-09-05 19:08:29 -04:00
}
];
2024-05-11 13:23:02 -04:00
services = {
unbound = {
enable = true;
2024-05-16 09:39:14 -04:00
localControlSocketPath = "/var/lib/unbound/control.sock";
2024-05-11 13:23:02 -04:00
settings = {
server = {
2024-07-15 15:34:07 -04:00
do-ip6 = "no";
2024-05-11 13:23:02 -04:00
qname-minimisation = "yes";
interface = [ "end0" ];
2024-09-05 19:08:29 -04:00
access-control = [
"10.0.0.0/8 allow"
"fc::/7 allow"
];
2024-05-11 13:23:02 -04:00
};
2024-09-05 19:08:29 -04:00
include = [
"/etc/unbound/ads.conf"
2024-09-20 21:16:48 -04:00
"${../configs/unbound-local.conf}"
2024-09-05 19:08:29 -04:00
];
2024-04-05 22:04:41 -04:00
};
};
2024-05-11 13:23:02 -04:00
journald.storage = "volatile";
2024-04-05 22:04:41 -04:00
};
2024-05-11 12:51:25 -04:00
2024-05-11 11:44:00 -04:00
environment = {
2024-09-21 21:50:25 -04:00
systemPackages = [
pkgs.vim
pkgs.wget
2024-05-11 11:44:00 -04:00
];
persistence."/persist" = {
hideMounts = true;
2024-09-05 19:08:29 -04:00
directories = [
"/var/lib/nixos"
"/var/lib/systemd"
"/tmp"
];
2024-05-11 11:44:00 -04:00
files = [
"/etc/machine-id"
"/etc/adjtime"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
2024-05-11 12:53:43 -04:00
"/etc/unbound/ads.conf"
2024-05-11 11:44:00 -04:00
];
};
};
2024-04-05 22:04:41 -04:00
system.stateVersion = "23.11"; # Did you read the comment?
2024-05-11 12:51:25 -04:00
sops.secrets."nixremote/sshkey" = { };
2024-09-20 21:16:48 -04:00
nix = {
distributedBuilds = true;
2024-10-24 12:44:23 -04:00
# settings.max-jobs = 0;
2024-09-20 21:16:48 -04:00
buildMachines = [
{
hostName = "zeus";
systems = [
"x86_64-linux"
"aarch64-linux"
];
protocol = "ssh-ng";
sshKey = config.sops.secrets."nixremote/sshkey".path;
sshUser = "nixremote";
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
};
2024-05-11 11:44:00 -04:00
programs.ssh.extraConfig = ''
Host zeus
User nixremote
2024-05-11 13:04:32 -04:00
StrictHostKeyChecking accept-new
2024-05-11 11:44:00 -04:00
IdentitiesOnly yes
IdentityFile ${config.sops.secrets."nixremote/sshkey".path}
'';
2024-09-20 21:16:48 -04:00
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
2024-04-05 22:04:41 -04:00
}