feat(jeeves)!: add config

Automatic disk partitioning using `disko` Automatic secrets management using `agenix` Automatic deployment using `deploy-rs`
2023-10-16 21:42:10 +03:00 · 2023-10-16 21:42:10 +03:00 · 8f17e5849a
commit 8f17e5849a
parent 64950f00f3
12 changed files with 869 additions and 55 deletions
--- a/machines/nixos/x86_64-linux/jeeves/configuration.nix
+++ b/machines/nixos/x86_64-linux/jeeves/configuration.nix
@ -0,0 +1,122 @@
+{ inputs, outputs, lib, pkgs, config, ... }:
+{
+  imports = [
+    (import ./disko.nix { inherit inputs outputs; })
+    inputs.agenix.nixosModules.default
+    ./network.nix
+  ];
+
+  nixpkgs = {
+    hostPlatform = "x86_64-linux";
+    config = {
+      allowUnfree = true;
+    };
+    overlays = [
+    ];
+  };
+
+  networking.hostName = "jeeves";
+
+  boot = {
+    loader.systemd-boot.enable = true;
+    kernelPackages = pkgs.linuxPackages_latest;
+    initrd.availableKernelModules = [
+      "nvme"
+    ];
+  };
+
+  hardware.enableRedistributableFirmware = true;
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  nix = {
+    registry =
+      lib.mapAttrs
+        (_: value: {
+          flake = value;
+        })
+        inputs;
+
+    nixPath =
+      lib.mapAttrsToList
+        (key: value:
+          "${key}=${value.to.path}")
+        config.nix.registry;
+
+    settings = {
+      experimental-features = "nix-command flakes";
+      auto-optimise-store = true;
+    };
+  };
+
+  programs.zsh.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    git
+    neovim
+  ];
+
+  # NOTE: made with `mkpasswd -m sha-516`
+  age.secrets."home/jeeves_password".file = ../../../../secrets/home/jeeves_password.age;
+  users = {
+    mutableUsers = true;
+    users = {
+      jeeves = {
+        isNormalUser = true;
+        shell = pkgs.zsh;
+        passwordFile = config.age.secrets."home/jeeves_password".path;
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBj8ZGcvI80WrJWV+dNy1a3L973ydSNqtwcVHzurDUaW (none)"
+        ];
+        extraGroups = [
+          "wheel"
+          "networkmanager"
+          "audio"
+          "docker"
+        ];
+      };
+    };
+  };
+
+  # reo101.jellyfin = {
+  #   enable = true;
+  #   image = "docker.io/jellyfin/jellyfin:latest";
+  #   volumes = [
+  #     "/var/cache/jellyfin/config:/config"
+  #     "/var/cache/jellyfin/cache:/cache"
+  #     "/var/log/jellyfin:/log"
+  #     "/data/media/jellyfin:/media:ro"
+  #   ];
+  #   ports = [
+  #     "8096:8096"
+  #   ];
+  # };
+
+  security.sudo.extraRules= [
+    {
+      users = [
+        "jeeves"
+      ];
+      commands = [
+        {
+          command = "ALL" ;
+          options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
+        }
+      ];
+    }
+  ];
+
+  services.openssh = {
+    enable = true;
+    settings = {
+      PermitRootLogin = "no";
+      PasswordAuthentication = false;
+    };
+  };
+
+  boot.plymouth = {
+    enable = true;
+  };
+
+  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "23.05";
+}