2023-10-16 20:42:10 +02:00
|
|
|
{ inputs, outputs, lib, pkgs, config, ... }:
|
|
|
|
|
{
|
|
|
|
|
imports = [
|
2023-11-17 15:03:25 +01:00
|
|
|
inputs.hardware.nixosModules.common-cpu-amd
|
|
|
|
|
inputs.hardware.nixosModules.common-gpu-amd
|
2023-10-16 20:42:10 +02:00
|
|
|
(import ./disko.nix { inherit inputs outputs; })
|
|
|
|
|
inputs.agenix.nixosModules.default
|
|
|
|
|
./network.nix
|
2023-10-23 07:47:06 +02:00
|
|
|
./wireguard.nix
|
2023-11-17 15:03:25 +01:00
|
|
|
./jellyfin.nix
|
2023-12-07 20:18:20 +01:00
|
|
|
./mindustry.nix
|
2023-10-16 20:42:10 +02:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
nixpkgs = {
|
|
|
|
|
hostPlatform = "x86_64-linux";
|
|
|
|
|
config = {
|
|
|
|
|
allowUnfree = true;
|
|
|
|
|
};
|
|
|
|
|
overlays = [
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.hostName = "jeeves";
|
|
|
|
|
|
|
|
|
|
boot = {
|
|
|
|
|
loader.systemd-boot.enable = true;
|
|
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
|
initrd.availableKernelModules = [
|
|
|
|
|
"nvme"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hardware.enableRedistributableFirmware = true;
|
|
|
|
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
|
|
|
|
|
|
|
|
nix = {
|
|
|
|
|
registry =
|
|
|
|
|
lib.mapAttrs
|
|
|
|
|
(_: value: {
|
|
|
|
|
flake = value;
|
|
|
|
|
})
|
|
|
|
|
inputs;
|
|
|
|
|
|
|
|
|
|
nixPath =
|
|
|
|
|
lib.mapAttrsToList
|
|
|
|
|
(key: value:
|
|
|
|
|
"${key}=${value.to.path}")
|
|
|
|
|
config.nix.registry;
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
experimental-features = "nix-command flakes";
|
|
|
|
|
auto-optimise-store = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
git
|
|
|
|
|
neovim
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
# NOTE: made with `mkpasswd -m sha-516`
|
2023-11-17 15:03:25 +01:00
|
|
|
age.secrets."jeeves_password".file = ../../../../secrets/home/jeeves_password.age;
|
|
|
|
|
|
2023-10-16 20:42:10 +02:00
|
|
|
users = {
|
|
|
|
|
mutableUsers = true;
|
|
|
|
|
users = {
|
|
|
|
|
jeeves = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
shell = pkgs.zsh;
|
2023-11-17 15:03:25 +01:00
|
|
|
hashedPasswordFile = config.age.secrets."jeeves_password".path;
|
2023-10-16 20:42:10 +02:00
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW (none)"
|
|
|
|
|
];
|
|
|
|
|
extraGroups = [
|
|
|
|
|
"wheel"
|
|
|
|
|
"networkmanager"
|
|
|
|
|
"audio"
|
|
|
|
|
"docker"
|
2023-11-17 15:03:25 +01:00
|
|
|
"transmission"
|
2023-10-16 20:42:10 +02:00
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# reo101.jellyfin = {
|
|
|
|
|
# enable = true;
|
|
|
|
|
# image = "docker.io/jellyfin/jellyfin:latest";
|
|
|
|
|
# volumes = [
|
|
|
|
|
# "/var/cache/jellyfin/config:/config"
|
|
|
|
|
# "/var/cache/jellyfin/cache:/cache"
|
|
|
|
|
# "/var/log/jellyfin:/log"
|
|
|
|
|
# "/data/media/jellyfin:/media:ro"
|
|
|
|
|
# ];
|
|
|
|
|
# ports = [
|
|
|
|
|
# "8096:8096"
|
|
|
|
|
# ];
|
|
|
|
|
# };
|
|
|
|
|
|
|
|
|
|
security.sudo.extraRules= [
|
|
|
|
|
{
|
|
|
|
|
users = [
|
|
|
|
|
"jeeves"
|
|
|
|
|
];
|
|
|
|
|
commands = [
|
|
|
|
|
{
|
|
|
|
|
command = "ALL" ;
|
|
|
|
|
options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings = {
|
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
boot.plymouth = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
|
|
|
|
system.stateVersion = "23.05";
|
|
|
|
|
}
|
