Add fluffy config
This commit is contained in:
parent
ad2e8fea61
commit
2312db2e1f
202
nixos/machines/fluffy/configuration.nix
Normal file
202
nixos/machines/fluffy/configuration.nix
Normal file
|
@ -0,0 +1,202 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
#wireguard = import ../../../common/wireguard.nix;
|
||||
#inherit (config.m-0) hosts prefix;
|
||||
#nixos-unstable = (import ../../../nix/sources.nix).nixos-unstable;
|
||||
#inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
|
||||
in
|
||||
{
|
||||
|
||||
#disabledModules = [
|
||||
# "services/misc/home-assistant.nix"
|
||||
#];
|
||||
|
||||
imports = [
|
||||
#"${nixos-unstable}/nixos/modules/services/misc/home-assistant.nix"
|
||||
./hardware-configuration.nix
|
||||
../../roles
|
||||
../../roles/admin.nix
|
||||
../../roles/fonts.nix
|
||||
../../roles/earlyoom.nix
|
||||
../../roles/standalone
|
||||
];
|
||||
|
||||
fileSystems =
|
||||
let
|
||||
btrfsOptions = { options = [ "compress=zstd" "autodefrag" "noatime" ]; };
|
||||
in
|
||||
{
|
||||
"/disk" = btrfsOptions;
|
||||
"/nix" = btrfsOptions;
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
# nixos.source = "/disk/persist/maralorn/git/config";
|
||||
machine-id.source = "/disk/persist/machine-id";
|
||||
};
|
||||
|
||||
#systemd.services."activate-home-manager" = {
|
||||
# path = [ pkgs.nix pkgs.dbus ];
|
||||
# script = ''
|
||||
# if [[ -e /home/maralorn/.mode ]]; then
|
||||
# MODE="$(cat /home/maralorn/.mode)"
|
||||
# else
|
||||
# MODE="orga"
|
||||
# fi
|
||||
# /disk/volatile/maralorn/modes/$MODE/activate
|
||||
# '';
|
||||
# serviceConfig = {
|
||||
# Type = "oneshot";
|
||||
# User = "maralorn";
|
||||
# };
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# # Try to avoid race conditions, when the user get’s logged in before activation was completed.
|
||||
# before = [ "display-manager.service" ];
|
||||
#};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /disk/persist/root 700 root root - -"
|
||||
"d /disk/persist/root/.ssh 700 root root - -"
|
||||
"d /disk/persist/maralorn 700 maralorn users - -"
|
||||
"d /home/maralorn/.config 700 maralorn users - -"
|
||||
"Z /home/maralorn - maralorn users - -"
|
||||
"d /disk/volatile/maralorn 700 maralorn users - -"
|
||||
"d /disk/persist/var/lib/hass - - - - -"
|
||||
"d /tmp/scans/scans 777 ftp ftp - -"
|
||||
"L+ /var/lib/waydroid - - - - /disk/persist/var/lib/waydroid"
|
||||
"L+ /root/.ssh - - - - /disk/persist/root/.ssh"
|
||||
];
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
initrd = {
|
||||
luks.devices."crypted-nixos" = {
|
||||
# device defined in hardware-configuration.nix
|
||||
allowDiscards = true;
|
||||
keyFile = "/diskkey.bin";
|
||||
};
|
||||
secrets = {
|
||||
"diskkey.bin" = "/disk/persist/diskkey.bin"; # Key can live on crypted disk, is copied to initrd on install
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "fluffy";
|
||||
domain = "lo.m-0.eu";
|
||||
interfaces.enp1s0.useDHCP = true;
|
||||
#wireguard.interfaces = {
|
||||
# m0wire = {
|
||||
# allowedIPsAsRoutes = false;
|
||||
# ips = [ "${hosts.zeus-wg}/112" ];
|
||||
# privateKeyFile = "/disk/persist/wireguard-private-key";
|
||||
# peers = [
|
||||
# {
|
||||
# publicKey = wireguard.pub.hera;
|
||||
# allowedIPs = [ "::/0" ];
|
||||
# endpoint = "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
|
||||
# presharedKeyFile = pkgs.privatePath "wireguard/psk";
|
||||
# persistentKeepalive = 25;
|
||||
# }
|
||||
# ];
|
||||
# postSetup =
|
||||
# [ "${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire" ];
|
||||
# };
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
ssh = {
|
||||
startAgent = true;
|
||||
};
|
||||
};
|
||||
|
||||
security.rtkit.enable = true;
|
||||
#hardware.printers.ensurePrinters = [
|
||||
# {
|
||||
# name = "Klio";
|
||||
# location = "Wohnzimmer";
|
||||
# description = "Brother MFC-L3750CDW";
|
||||
# deviceUri = "ipp://klio.lo.m-0.eu/ipp";
|
||||
# model = "everywhere";
|
||||
# }
|
||||
#];
|
||||
services = {
|
||||
#home-assistant = {
|
||||
# enable = true;
|
||||
# configDir = "/disk/persist/var/lib/hass";
|
||||
# config = {
|
||||
# met = { };
|
||||
# default_config = { };
|
||||
# zha = { };
|
||||
# ipp = { };
|
||||
# brother = { };
|
||||
# };
|
||||
#};
|
||||
#fwupd.enable = true;
|
||||
#upower.enable = true;
|
||||
#printing.enable = true;
|
||||
#vsftpd = {
|
||||
# extraConfig = ''
|
||||
# pasv_enable=Yes
|
||||
# pasv_min_port=51000
|
||||
# pasv_max_port=51999
|
||||
# '';
|
||||
# enable = true;
|
||||
# anonymousUploadEnable = true;
|
||||
# anonymousUser = true;
|
||||
# anonymousUserHome = "/tmp/scans";
|
||||
# anonymousUserNoPassword = true;
|
||||
# anonymousUmask = "000";
|
||||
# writeEnable = true;
|
||||
#};
|
||||
#unbound.enable = true;
|
||||
#fstrim.enable = true;
|
||||
#snapper = {
|
||||
# configs.persist = {
|
||||
# subvolume = "/disk/persist";
|
||||
# extraConfig = ''
|
||||
# TIMELINE_MIN_AGE="3600"
|
||||
# TIMELINE_LIMIT_WEEKLY="4"
|
||||
# TIMELINE_LIMIT_MONTHLY="1"
|
||||
# TIMELINE_LIMIT_YEARLY="0"
|
||||
# TIMELINE_CREATE="yes"
|
||||
# TIMELINE_CLEANUP="yes"
|
||||
# '';
|
||||
# };
|
||||
# cleanupInterval = "15m";
|
||||
# snapshotInterval = "*:00/3:00";
|
||||
#};
|
||||
#prometheus.exporters.node = {
|
||||
# firewallFilter = "-i m0wire -p tcp -m tcp -m multiport --dports 9100,9558";
|
||||
# openFirewall = true;
|
||||
#};
|
||||
#syncthing = {
|
||||
# enable = true;
|
||||
# group = "users";
|
||||
# user = "maralorn";
|
||||
# openDefaultPorts = true;
|
||||
# configDir = "/disk/persist/syncthing";
|
||||
#} // syncthing.declarativeWith [ "hera" "apollo" ] "/disk/persist/maralorn/media";
|
||||
};
|
||||
|
||||
#boot.kernel.sysctl."fs.inotify.max_user_watches" = 204800;
|
||||
console.keyMap = "neo";
|
||||
|
||||
|
||||
networking.interfaces.enp1s0.useDHCP = true;
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.11"; # Did you read the comment?
|
||||
|
||||
}
|
||||
|
34
nixos/machines/fluffy/hardware-configuration.nix
Normal file
34
nixos/machines/fluffy/hardware-configuration.nix
Normal file
|
@ -0,0 +1,34 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/43AC-25F1";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/disk" =
|
||||
{ device = "/dev/disk/by-uuid/573176bd-8420-4174-a39c-0387c1ee1ac8";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."crypted-nixos".device = "/dev/disk/by-uuid/ceb2366c-099a-4ad1-b9b0-1bfa84189a6e";
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "/dev/disk/by-uuid/573176bd-8420-4174-a39c-0387c1ee1ac8";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
Loading…
Reference in a new issue