nix-dotfiles/hosts/tsuki/configuration.nix

108 lines
2.3 KiB
Nix
Raw Normal View History

{ secrets, ... }:
2022-03-07 16:01:52 +01:00
{
imports = [
2022-06-22 20:16:57 +02:00
./hardware-configuration.nix
2022-03-07 16:01:52 +01:00
# ./services/calibre.nix
2022-06-22 20:16:57 +02:00
# ./services/dokuwiki.nix
./services/gitea
2022-06-22 20:16:57 +02:00
# ./services/gitlab
./services/grafana.nix
./services/hydra.nix
# ./services/jitsi.nix
# ./services/keycloak.nix
# ./services/libvirt.nix
2022-06-22 20:16:57 +02:00
./services/matrix
./services/nginx
2022-06-22 20:16:57 +02:00
# ./services/openldap.nix
# ./services/openvpn.nix
./services/plex.nix
2022-06-22 20:16:57 +02:00
./services/postgres.nix
./services/samba.nix
./services/searx.nix
# ./services/syncthing.nix
./services/vscode-server.nix
2022-06-22 20:16:57 +02:00
];
2022-03-07 16:01:52 +01:00
# TODO: See ../common.nix
services.xserver.enable = false;
services.xserver.displayManager.lightdm.enable = false;
machineVars = {
headless = true;
2022-06-02 16:33:21 +02:00
dataDrives = let
2022-06-22 20:16:57 +02:00
momiji = "/data2";
in {
drives = {
cirno = "/data";
inherit momiji;
};
default = momiji;
};
};
2022-03-07 16:01:52 +01:00
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
# security.pam.services.login.unixAuth = true;
boot.loader = {
grub = {
enable = true;
version = 2;
efiSupport = true;
fsIdentifier = "label";
device = "nodev";
efiInstallAsRemovable = true;
};
# efi.efiSysMountPoint = "/boot/efi";
# efi.canTouchEfiVariables = true;
};
networking = {
hostName = "Tsuki";
networkmanager.enable = true;
interfaces.ens18.useDHCP = true;
firewall.enable=true;
};
services = {
openssh.enable = true;
2022-03-07 16:01:52 +01:00
printing.enable = true;
cron = {
enable = true;
systemCronJobs = [
# "*/5 * * * * root date >> /tmp/cron.log"
];
};
};
2022-06-02 16:33:21 +02:00
users = {
users = {
media = {
description = "User responsible for owning all sorts of server media files";
isSystemUser = true;
group = "media";
};
nix-builder = {
description = "User for executing distributed builds via SSH";
isSystemUser = true;
group = "nix-builder";
openssh.authorizedKeys.keyFiles = [ secrets.keys.ssh.nixBuilders.tsuki.public ];
};
};
groups = {
media = {};
nix-builder = {};
2022-03-07 16:01:52 +01:00
};
};
virtualisation = {
docker.enable = true;
};
}