110 lines
2.5 KiB
Nix
110 lines
2.5 KiB
Nix
{ config, pkgs, lib, inputs, ... }:
|
|
{
|
|
imports =
|
|
[
|
|
inputs.sops-nix.nixosModules.sops
|
|
../../modules/base
|
|
../../modules/development
|
|
../../modules/server
|
|
#./hardware-configuration.nix
|
|
];
|
|
|
|
#programs.nvf.enable = lib.mkForce false;
|
|
|
|
networking.hostName = "kurin";
|
|
|
|
# hardware.raspberry-pi."4" = {
|
|
# dwc2.enable = true;
|
|
# };
|
|
|
|
# Secrets
|
|
|
|
sops = {
|
|
defaultSopsFile = ../../secrets/kurin.yaml;
|
|
defaultSopsFormat = "yaml";
|
|
age.keyFile = "/nix/keys.txt";
|
|
};
|
|
|
|
sops.secrets."users_dark_password".neededForUsers = true;
|
|
users.users.dark.hashedPasswordFile = config.sops.secrets."users_dark_password".path;
|
|
|
|
|
|
## SSH Host Key
|
|
#services.openssh.hostKeys = [{
|
|
# path = config.sops.secrets.host_private_key.path;
|
|
# type = "ed25519";
|
|
#}];
|
|
#sops.secrets.host_private_key.restartUnits = ["sshd.service"];
|
|
# boot.initrd.secrets = {
|
|
# "/etc/dropbear/ssh_host_key" = lib.mkForce config.sops.secrets.host_private_key.path;
|
|
# };
|
|
|
|
# NFS support
|
|
# boot.supportedFilesystems = {
|
|
# nfs = true;
|
|
# };
|
|
# environment.systemPackages = with pkgs; [
|
|
# nfs-utils
|
|
# ];
|
|
|
|
|
|
fileSystems."/boot/firmware".options = lib.mkForce [ "nofail" ];
|
|
#fileSystems."/".fsType = lib.mkForce "btrfs";
|
|
#fileSystems."/".options = lib.mkForce [ "compress=lz0" ];
|
|
|
|
sdImage = {
|
|
compressImage = false;
|
|
firmwarePartitionName = "boot";
|
|
firmwareSize = 256;
|
|
};
|
|
|
|
# fileSystems."/containers" = {
|
|
# mountPoint = "/containers";
|
|
# device = "192.168.10.108:/i-data/3c7fc725/nfs/compose";
|
|
# fsType = "nfs";
|
|
# options = [ "vers=3" "soft" "intr" "nolock" "acl" "ac" ];
|
|
# };
|
|
|
|
#systemd.mounts.containers = {
|
|
# requires = [ "network-online.target" ];
|
|
#};
|
|
|
|
# systemd.services.docker = {
|
|
# after = [ "containers.mount" ];
|
|
# requires = [ "containers.mount" ];
|
|
# wantedBy = lib.mkForce [];
|
|
# };
|
|
|
|
# systemd.sockets.docker.upheldBy = [ "containers.mount" ];
|
|
|
|
#fileSystems."/var/lib/docker" = {
|
|
# mountPoint = "/var/lib/docker";
|
|
#fsType = "glusterfs";
|
|
#device = "sircu.pi:kurin-docker";
|
|
#fsType = "nfs";
|
|
#device = "192.168.10.108:/kurin-docker";
|
|
#options = [ "nfsvers=4.0" ];
|
|
#};
|
|
|
|
#zramSwap = {
|
|
# enable = true;
|
|
# algorithm = "zstd";
|
|
# memoryPercent = 40;
|
|
#};
|
|
|
|
sops.secrets."wireless_passwords".mode = "0440";
|
|
networking.wireless = {
|
|
enable = true;
|
|
networks = {
|
|
"Sinox" = {
|
|
pskRaw = "ext:Sinox";
|
|
};
|
|
};
|
|
scanOnLowSignal = false;
|
|
secretsFile = config.sops.secrets."wireless_passwords".path;
|
|
userControlled = true;
|
|
};
|
|
|
|
system.stateVersion = "25.11";
|
|
}
|