nix-dotfiles/hosts/tsuki/configuration.nix

110 lines
2.3 KiB
Nix
Raw Normal View History

{ config, lib, secrets, modulesPath, ... }:
2022-03-07 16:01:52 +01:00
{
imports = [
2024-01-23 05:24:47 +01:00
./hardware-configuration.nix
2022-03-07 16:01:52 +01:00
2023-07-12 01:40:49 +02:00
./services/atuin.nix
./services/borg.nix
2024-06-09 15:25:47 +02:00
./services/gitea-runners.nix
./services/grafana
2023-01-16 17:16:07 +01:00
./services/headscale.nix
2024-01-23 05:40:19 +01:00
./services/hedgedoc.nix
2023-03-06 21:12:14 +01:00
./services/kanidm.nix
2022-06-22 20:16:57 +02:00
./services/matrix
2023-01-16 16:06:34 +01:00
./services/minecraft
./services/nginx
2023-01-04 14:32:11 +01:00
./services/osuchan.nix
./services/plex.nix
2022-06-22 20:16:57 +02:00
./services/postgres.nix
2024-01-23 05:29:17 +01:00
./services/samba.nix
./services/taskserver.nix
./services/vaultwarden.nix
./services/vscode-server.nix
2024-06-29 02:14:31 +02:00
./services/wstunnel.nix
2023-07-12 01:57:20 +02:00
./services/scrapers/nhk-easy-news/default.nix
2022-06-22 20:16:57 +02:00
];
2022-03-07 16:01:52 +01:00
system.stateVersion = "22.05";
machineVars = {
headless = true;
dataDrives = {
2022-06-22 20:16:57 +02:00
drives = {
2024-01-23 05:24:47 +01:00
backup = "/data/backup";
cirno = "/data/cirno";
media = "/data/media";
home = "/home";
2022-06-22 20:16:57 +02:00
};
2024-01-23 05:24:47 +01:00
default = "/data";
2022-06-22 20:16:57 +02:00
};
};
2022-03-07 16:01:52 +01:00
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
# security.pam.services.login.unixAuth = true;
networking = {
2024-01-23 05:33:48 +01:00
hostName = "tsuki";
2024-06-25 22:26:09 +02:00
hostId = "8425e349";
2022-03-07 16:01:52 +01:00
networkmanager.enable = true;
interfaces.ens18.useDHCP = true;
firewall.enable=true;
};
2023-07-28 21:49:49 +02:00
services.openssh.enable = true;
systemd.services."sshd@".serviceConfig = {
Nice = -15;
IOSchedulingClass = "realtime";
2022-03-07 16:01:52 +01:00
};
2022-06-02 16:33:21 +02:00
users = {
users = {
media = {
description = "User responsible for owning all sorts of server media files";
isSystemUser = true;
group = "media";
};
nix-builder = {
description = "User for executing distributed builds via SSH";
isSystemUser = true;
group = "nix-builder";
openssh.authorizedKeys.keyFiles = [ secrets.keys.ssh.nixBuilders.tsuki.public ];
};
};
groups = {
media = {};
2023-12-18 20:59:48 +01:00
nix-builder = {};
2022-03-07 16:01:52 +01:00
};
};
sops.secrets."drives/cirno/credentials" = {};
2022-03-07 16:01:52 +01:00
virtualisation = {
docker.enable = true;
};
2024-01-23 05:24:47 +01:00
services.zfs.autoScrub.enable = true;
boot = {
2024-01-23 05:24:47 +01:00
zfs.requestEncryptionCredentials = false;
loader = {
grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
2024-01-23 05:24:47 +01:00
mirroredBoots = [
{ devices = [ "nodev" ]; path = "/boot"; }
];
};
};
};
2022-03-07 16:01:52 +01:00
}