diff options
| author | Mark Nipper <nipsy@bitgnome.net> | 2025-04-09 09:14:43 -0700 |
|---|---|---|
| committer | Mark Nipper <nipsy@bitgnome.net> | 2025-04-09 09:14:43 -0700 |
| commit | 838c5f367c65e12a918bd3cb8f05e45b3538ee60 (patch) | |
| tree | 3526d99f292ff9451f64601c2dc98cd07e8b87a4 /hosts/fangorn/default.nix | |
| parent | 81d8bca206fcd5fa0f86fd5a68edaf41aaf60966 (diff) | |
| download | nix-838c5f367c65e12a918bd3cb8f05e45b3538ee60.tar nix-838c5f367c65e12a918bd3cb8f05e45b3538ee60.tar.gz nix-838c5f367c65e12a918bd3cb8f05e45b3538ee60.tar.bz2 nix-838c5f367c65e12a918bd3cb8f05e45b3538ee60.tar.lz nix-838c5f367c65e12a918bd3cb8f05e45b3538ee60.tar.xz nix-838c5f367c65e12a918bd3cb8f05e45b3538ee60.tar.zst nix-838c5f367c65e12a918bd3cb8f05e45b3538ee60.zip | |
Add host fangorn
Diffstat (limited to 'hosts/fangorn/default.nix')
| -rw-r--r-- | hosts/fangorn/default.nix | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix new file mode 100644 index 0000000..4edee29 --- /dev/null +++ b/hosts/fangorn/default.nix @@ -0,0 +1,102 @@ +{ config, inputs, outputs, pkgs, ... }: { + boot = { + kernelPackages = pkgs.linuxPackages_6_12; + loader = { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 3; + }; + supportedFilesystems = [ "zfs" ]; + zfs = { + devNodes = "/dev/disk/by-label"; + package = pkgs.master.zfs; + }; + }; + + environment.systemPackages = with pkgs; [ + signal-desktop + #master.wsmancli + ]; + + imports = [ + ./disks.nix + ./hardware-configuration.nix + ../common/core + #../common/optional/db.nix + #../common/optional/dev.nix + #../common/optional/ebooks.nix + #../common/optional/games.nix + #../common/optional/misc.nix + #../common/optional/multimedia.nix + ../common/optional/pipewire.nix + ../common/optional/services/openssh.nix + #../common/optional/services/tlp.nix + #../common/optional/services/xorg.nix + #../common/optional/sound.nix + ../common/optional/wdt.nix + ../common/optional/zfs.nix + ../common/users/don + ../common/users/nipsy + ../common/users/root + ]; + + networking = { + hostId = "6f1faddc"; + hostName = "fangorn"; + networkmanager.enable = true; + nftables.enable = true; + }; + + nixpkgs = { + config.allowUnfree = true; + hostPlatform = "x86_64-linux"; + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.master-packages + outputs.overlays.stable-packages + ]; + }; + + services.openssh.settings.X11Forwarding = true; + services.xserver.videoDrivers = [ "amdgpu" ]; + + #sops = { + # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + # defaultSopsFile = ../secrets/fangorn.yaml; + + # secrets = { + # "nftables/ssh" = {}; + # "nix-access-token-github" = {}; + # "ssh_config".path = "/root/.ssh/config"; + # }; + #}; + + system.stateVersion = "23.11"; + + #systemd.services."nftables-extra" = let rules_script = '' + # ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path} + # ''; in { + # description = "nftables extra firewall rules"; + # reload = rules_script; + # script = rules_script; + # serviceConfig = { + # RemainAfterExit = true; + # Type = "oneshot"; + # }; + # unitConfig = { + # ConditionPathExists = config.sops.secrets."nftables/ssh".path; + # ReloadPropagatedFrom = "nftables.service"; + # }; + # wantedBy = [ "multi-user.target" ]; + # after = [ "nftables.service" ]; + # partOf = [ "nftables.service" ]; + #}; + + #systemd.paths."nftables-extra" = { + # pathConfig = { + # PathExists = config.sops.secrets."nftables/ssh".path; + # }; + # wantedBy = [ "multi-user.target" ]; + #}; +} |