cdombroski/nix-configs
1
0
Fork 0
Code Activity Actions

modular!

Browse source
This commit is contained in:
Chris Dombroski 2024-04-27 22:10:36 -04:00
parent e90ae21400
commit b469af3d5b
9 changed files with 57 additions and 282 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
.direnv/ .direnv/
result result
*.swp

3
modules/aarch64-emu.nix Normal file
View file

@ -0,0 +1,3 @@
{...}: {
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}

5
modules/common/common.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
programs.vim.defaultEditor = true;
}

19
modules/common/nix.nix Normal file
View file

@ -0,0 +1,19 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
git
nix-output-monitor
];
nix = {
settings.experimental-features = [ "nix-command" "flakes" ];
gc = {
automatic = true;
options = "--delete-older-than 30d";
dates = "weekly";
};
optimise.automatic = true;
};
system.autoUpgrade = {
enable = true;
flake = "git+https://git.icanttype.org/cdombroski/nix-configs.git";
};
}

6
modules/common/sshd.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc="
];
}

8
modules/networkd-base.nix Normal file
View file

@ -0,0 +1,8 @@
{...}: {
systemd.network.enable = true;
networking.useNetworkd = true;
services.resolved = {
enable = true;
fallbackDns = [ "8.8.8.8" ];
};
}

23
systems/orangepihole/configuration.nix
View file

@ -5,6 +5,7 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/common.nix ../../modules/common.nix
../../modules/networkd-base.nix
]; ];
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
@ -13,9 +14,7 @@
networking = { networking = {
hostName = "orangepihole"; # Define your hostname. hostName = "orangepihole"; # Define your hostname.
useNetworkd = true;
}; };
systemd.network.enable = true;
systemd.network.networks."40-end0" = { systemd.network.networks."40-end0" = {
matchConfig.Name = "end0"; matchConfig.Name = "end0";
address = [ "10.42.69.2/24" "fd72:3dd5:21ae:3c97::2/64" ]; address = [ "10.42.69.2/24" "fd72:3dd5:21ae:3c97::2/64" ];
@ -36,11 +35,9 @@
ipv6SendRAConfig.EmitDNS = false; ipv6SendRAConfig.EmitDNS = false;
ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ]; ipv6Prefixes = [ { ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; } ];
}; };
time.timeZone = "America/New_York";
zramSwap.enable = true; zramSwap.enable = true;
swapDevices = [ {device="/swapfile"; size=1024;}]; swapDevices = [ {device="/swapfile"; size=1024;}];
services.resolved.enable = true;
services.unbound = { services.unbound = {
enable = true; enable = true;
settings = { settings = {
@ -68,24 +65,18 @@
''; '';
}; };
}; };
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc="
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget wget
]; ];
services.openssh.enable = true; networking.firewall = {
allowedUDPPorts = [ 53 67 68 ];
networking.firewall.enable = false; allowedTCPPorts = [ 53 ];
system.autoUpgrade = {
enable = true;
flake = "git+https://git.icanttype.org/cdombroski/nix-configs.git";
}; };
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
nix.buildMachines = [ { nix.buildMachines = [ {
hostName = "zeus"; hostName = "zeus";
@ -97,9 +88,5 @@
}]; }];
nix.distributedBuilds = true; nix.distributedBuilds = true;
nix.extraOptions = "builders-use-substitutes = true"; nix.extraOptions = "builders-use-substitutes = true";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.gc.automatic = true;
nix.gc.options = "--delete-older-than 7d";
nix.optimise.automatic = true;
} }

105
systems/smolboi/configuration.nix
View file

@ -1,7 +1,3 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
@ -9,21 +5,16 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/common.nix ../../modules/common.nix
../../modules/aarch64-emu.nix
../../modules/smartd.nix ../../modules/smartd.nix
]; ];
# Use the systemd-boot EFI boot loader.
boot = { boot = {
blacklistedKernelModules = [ "k10temp" ]; blacklistedKernelModules = [ "k10temp" ];
extraModulePackages = with config.boot.kernelPackages; [ zenpower ]; extraModulePackages = with config.boot.kernelPackages; [ zenpower ];
kernelParams = [ "amd_pstate=passive" ]; kernelParams = [ "amd_pstate=passive" ];
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
plymouth = {
enable = false;
theme = "breeze";
};
binfmt.emulatedSystems = [ "aarch64-linux" ];
binfmt.registrations.appimage = { binfmt.registrations.appimage = {
wrapInterpreterInShell = false; wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run"; interpreter = "${pkgs.appimage-run}/bin/appimage-run";
@ -38,23 +29,9 @@
networking = { networking = {
hostName = "smolboi"; # Define your hostname. hostName = "smolboi"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networkmanager.enable = true; # Easiest to use and most distros use this by default. networkmanager.enable = true; # Easiest to use and most distros use this by default.
firewall.allowedTCPPorts = [ 22000 ]; firewall.allowedTCPPorts = [ 22000 ];
}; };
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
sandbox = true;
};
gc = {
automatic = true;
options = "--delete-older-than 30d";
dates = "weekly";
};
optimise.automatic = true;
};
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ permittedInsecurePackages = [
@ -80,27 +57,7 @@
}; };
}; };
# Set your time zone.
time.timeZone = "America/New_York";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
system.autoUpgrade = {
enable = true;
flake = "git+https://git.icanttype.org/cdombroski/nix-configs.git";
};
# Enable the X11 windowing system.
services = { services = {
xserver = { xserver = {
enable = true; enable = true;
@ -111,11 +68,6 @@
desktopManager.plasma5.enable = true; desktopManager.plasma5.enable = true;
}; };
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
printing = { printing = {
enable = true; enable = true;
drivers = [ pkgs.gutenprint ]; drivers = [ pkgs.gutenprint ];
@ -135,7 +87,6 @@
hardware.openrgb.enable = true; hardware.openrgb.enable = true;
resolved.enable = true; resolved.enable = true;
btrfs.autoScrub.enable = true; btrfs.autoScrub.enable = true;
openssh.enable = true;
}; };
hardware = { hardware = {
sane = { sane = {
@ -145,35 +96,15 @@
bluetooth.enable = true; bluetooth.enable = true;
}; };
# Enable sound.
security = { security = {
rtkit.enable = true; rtkit.enable = true;
}; };
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc="
];
users.users.cdombroski = { users.users.cdombroski = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
uid = 1000; uid = 1000;
}; };
# List packages installed in system profile. To search, run:
# $ nix search wget
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
vim-full # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. vim-full # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
@ -183,16 +114,12 @@
chromium chromium
skanlite skanlite
htop htop
git
kate kate
cifs-utils cifs-utils
]; ];
pathsToLink = [ "/share/bash-completion" ]; pathsToLink = [ "/share/bash-completion" ];
}; };
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs = { programs = {
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
@ -222,25 +149,11 @@
}; };
gamescope.enable = true; gamescope.enable = true;
}; };
# List services that you want to enable:
zramSwap = { zramSwap = {
enable = true; enable = true;
writebackDevice = "/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d"; writebackDevice = "/dev/disk/by-partuuid/e8f5eaf8-46ca-40de-854a-f6dfe964b92d";
}; };
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
fileSystems = { fileSystems = {
"/".options = [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; "/".options = [ "compress=lzo" "autodefrag" "discard=async" "defaults" ];
"/nix".options = [ "compress=lzo" "autodefrag" "discard=async" "noatime" "defaults" ]; "/nix".options = [ "compress=lzo" "autodefrag" "discard=async" "noatime" "defaults" ];
@ -248,22 +161,6 @@
"/home".options = [ "compress=lzo" "autodefrag" "discard=async" "defaults" ]; "/home".options = [ "compress=lzo" "autodefrag" "discard=async" "defaults" ];
}; };
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
} }

169
systems/zeus/configuration.nix
View file

@ -1,7 +1,3 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
@ -9,52 +5,18 @@
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/common.nix ../../modules/common.nix
../../modules/aarch64-emu.nix
../../modules/networkd-base.nix
../../modules/smartd.nix ../../modules/smartd.nix
]; ];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.zfsSupport = true; boot.loader.grub.zfsSupport = true;
boot.loader.grub.extraEntries = ''
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-/dev/sda4_/dev/sdb4_/dev/sdc4_/dev/sdd4' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod part_gpt
insmod zfs
set root='hd3,gpt3'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd3,gpt3 --hint-efi=hd3,gpt3 --hint-baremetal=ahci3,gpt3 --hint-bios=hd1,gpt3 --hint-efi=hd1,gpt3 --hint-baremetal=ahci1,gpt3 --hint-bios=hd2,gpt3 --hint-efi=hd2,gpt3 --hint-baremetal=ahci2,gpt3 --hint-bios=hd0,gpt3 --hint-efi=hd0,gpt3 --hint-baremetal=ahci0,gpt3 f8ecb74936118c7a
else
search --no-floppy --fs-uuid --set=root f8ecb74936118c7a
fi
echo 'Loading Linux 6.1.0-20-amd64 ...'
linux /BOOT/debian@/vmlinuz-6.1.0-20-amd64 root=ZFS=/ROOT/debian ro root=ZFS=rpool/ROOT/debian quiet splash
echo 'Loading initial ramdisk ...'
initrd /BOOT/debian@/initrd.img-6.1.0-20-amd64
}
'';
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" "/dev/sdf" ]; boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" "/dev/sdc" "/dev/sdd" "/dev/sde" "/dev/sdf" ];
networking.hostName = "zeus"; # Define your hostname. networking.hostName = "zeus"; # Define your hostname.
networking.hostId = "9e95b576"; networking.hostId = "9e95b576";
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.useNetworkd = true;
systemd.network.enable = true;
services.resolved.enable = true;
services.resolved.fallbackDns = [ "8.8.8.8" ];
systemd.network.netdevs = { systemd.network.netdevs = {
bond0 = { bond0 = {
netdevConfig = { netdevConfig = {
@ -117,50 +79,7 @@
}; };
}; };
# Set your time zone.
time.timeZone = "America/New_York";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
virtualisation = { virtualisation = {
containers.enable = true; containers.enable = true;
podman = { podman = {
@ -227,17 +146,6 @@
volumes = [ "postgres-15:/var/lib/postgresql/data" ]; volumes = [ "postgres-15:/var/lib/postgresql/data" ];
extraOptions = [ "--pull=newer" "--network=www" ]; extraOptions = [ "--pull=newer" "--network=www" ];
}; };
# gogs = {
# image = "docker.io/gogs/gogs:latest";
# volumes = [ "gogs-data:/data" ];
# labels = {
# swag = "enable";
# swag_url = "git.icanttype.org";
# swag_port = "3000";
# };
# ports = [ "10022:22" ];
# extraOptions = [ "--pull=newer" "--network=www" ];
# };
calibre = { calibre = {
image = "lscr.io/linuxserver/calibre:latest"; image = "lscr.io/linuxserver/calibre:latest";
volumes = [ "calibre-config:/config" "/video-data:/data" ]; volumes = [ "calibre-config:/config" "/video-data:/data" ];
@ -332,56 +240,29 @@
}; };
}; };
}; };
networking.firewall.interfaces."podman+" = { networking.firewall = {
allowedUDPPorts = [ 53 ]; interfaces."podman+" = {
allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
allowedUDPPorts = [ 137 138 ];
allowedTCPPorts = [ 139 445 ];
}; };
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEApZvmNao6HvjOI3NQ96+Hu+N4MTw20KSvrx7ml8/PD4zb5GXo2sXRROHy0VclIXBEPKPKq93QGCMhfCR0jvr2tSib5CwrCMDnjjRxGJV36jhCE1mOV6TKis1MDdigg/7NSVf+eszUW4ed6CSDNFu3ooVZSwdf4Tja2672ROk1W59rDbfgs0Et7pRNnmWM1q+sTbD0eRbY9+0DXBhx5u4OVjp6eNNmO59WGErVvAAjOnZR3rw2LSX7MDrtzeCe1sdR/28WGPIIUVL8eCorlhzPB6PfrTL1Y/fbWAOGdvs6h+wTPX3ivTlrs8J5AXERCymp/CXIA1mwVjnM9zOklFhun+VvCNNJsZPSM62jrHfD4bP11y1kSt87TORGW517nWdS80oUY6MwxRcN2salwWzZA0sVjIHmvc4FkAuPHhdlMQpkym9fpFfR9taWlxU2NMP/+Quj3NaAPKksPvUGwos8lP8Z+QF5ljedNZFsC5/S0u6Fqoa26zRTnVki4KhfGPyKHXIUp9kNV7PRz4oRizHibUfp05xVMACtVIn+pQU7CaQEJCdYfLpo9gMDZ+6ZanmQX0vCUEyiaimrF/eSCkzjBtqSKMRHLd6ADEFEDxSr5nfaqgkddQVkQiBvngCnKwYcKfINA5mYIIFJZyLxpki03SHT6qGT541iHT3OX9F4MBc="
];
users.users.nixremote = { users.users.nixremote = {
description = "User for remote builds"; description = "User for remote builds";
isNormalUser = true; isNormalUser = true;
uid = 1100; uid = 1100;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole" ];
}; };
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
dive dive
podman-tui podman-tui
docker-compose docker-compose
wireguard-tools wireguard-tools
nix-output-monitor
git
]; ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# programs.msmtp.enable = true;
programs.vim.defaultEditor = true;
nix = {
settings.experimental-features = [ "nix-command" "flakes" ];
settings.trusted-users = [ "nixremote" ];
gc = {
automatic = true;
options = "--delete-older-than 30d";
dates = "weekly";
};
optimise.automatic = true;
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.samba.enable = true; services.samba.enable = true;
services.samba.shares = { services.samba.shares = {
media = { media = {
@ -403,39 +284,7 @@
}; };
services.zfs.zed.enableMail = false; services.zfs.zed.enableMail = false;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
networking.firewall.allowPing = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
system.autoUpgrade = {
enable = true;
flake = "git+https://git.icanttype.org/cdombroski/nix-configs.git";
};
zramSwap.enable = true; zramSwap.enable = true;
} }