diff options
author | Mark Nipper <nipsy@bitgnome.net> | 2024-07-04 13:24:36 -0700 |
---|---|---|
committer | Mark Nipper <nipsy@bitgnome.net> | 2024-07-04 13:24:36 -0700 |
commit | 12722eb59146fa91e5307200c1b356578ac3d413 (patch) | |
tree | 2ac39bbe099cb055e6a7b13411cf34660a5ba1cf /hosts/arrakis/default.nix | |
parent | 29240178db8af670ce3eede245d38894880cc735 (diff) | |
download | nix-12722eb59146fa91e5307200c1b356578ac3d413.tar nix-12722eb59146fa91e5307200c1b356578ac3d413.tar.gz nix-12722eb59146fa91e5307200c1b356578ac3d413.tar.bz2 nix-12722eb59146fa91e5307200c1b356578ac3d413.tar.lz nix-12722eb59146fa91e5307200c1b356578ac3d413.tar.xz nix-12722eb59146fa91e5307200c1b356578ac3d413.tar.zst nix-12722eb59146fa91e5307200c1b356578ac3d413.zip |
Initial arrakis configuration
Diffstat (limited to 'hosts/arrakis/default.nix')
-rw-r--r-- | hosts/arrakis/default.nix | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix new file mode 100644 index 0000000..e1cd540 --- /dev/null +++ b/hosts/arrakis/default.nix @@ -0,0 +1,78 @@ +{ config, pkgs, ... }: { + boot = { + initrd.kernelModules = [ "zfs" ]; + kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs.devNodes = "/dev/disk/by-label"; + }; + + environment.systemPackages = with pkgs; [ + signal-desktop + ]; + + imports = [ + ./hardware-configuration.nix + ../common/core + ../common/optional/db.nix + ../common/optional/dev.nix + ../common/optional/ebooks.nix + ../common/optional/games.nix + ../common/optional/google-authenticator.nix + ../common/optional/misc.nix + ../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/sdr.nix + ../common/optional/services/openssh.nix + ../common/optional/services/xorg.nix + ../common/optional/sound.nix + ../common/optional/zfs.nix + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + hostId = "2ae4c89f"; + hostName = "arrakis"; + nftables.enable = true; + }; + + services.openssh.settings.X11Forwarding = true; + services.xserver.videoDrivers = [ "nvidia" ]; + + #sops = { + # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # defaultSopsFile = ../secrets/arrakis.yaml; + + # secrets = { + # "nftables/ssh" = {}; + # }; + #}; + + system.stateVersion = "23.11"; + + #systemd.services."nftables-extra" = { + # description = "nftables extra firewall rules"; + # script = '' + # ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + # ''; + # serviceConfig = { + # RemainAfterExit = true; + # Type = "oneshot"; + # }; + # unitConfig = { + # ConditionPathExists = config.sops.secrets."nftables/ssh".path; + # }; + # wantedBy = [ "multi-user.target" ]; + #}; + #systemd.paths."nftables-extra" = { + # pathConfig = { + # PathExists = config.sops.secrets."nftables/ssh".path; + # }; + # wantedBy = [ "multi-user.target" ]; + #}; +} |