nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom
nixcfg / hosts / valefar / default.nix
at 67e4051a2df2451a4030dc2ab3b5bc09376149d7 3.0 kB view raw
1# hosts/valefar/configuration.nix (or default.nix) 2{ config, lib, pkgs, modulesPath, inputs, ... }: 3 4{ 5 imports = [ 6 # Host-specific hardware 7 ./hardware.nix 8 ./secrets.nix 9 #../../common/nvidia.nix 10 11 # Common modules shared across hosts 12 ../../common/system.nix 13 ../../common/users.nix 14 ../../common/services.nix 15 ../../common/efi.nix 16 17 # Common secrets 18 ../../host-secrets.nix 19 ]; 20 21 # Enable modules 22 modules.garage.enable = true; 23 modules.forgejo.enable = true; 24 25 system.stateVersion = "24.11"; 26 27 # pin host platform & microcode 28 nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 29 hardware.cpu.intel.updateMicrocode = lib.mkDefault 30 config.hardware.enableRedistributableFirmware; 31 32 networking.hostName = "valefar"; 33 networking.hostId = "2a07da90"; 34 35 networking = { 36 firewall.enable = false; 37 firewall.trustedInterfaces = [ 38 "tailscale0" 39 ]; 40 nameservers = [ "10.0.0.210" "1.1.1.1" ]; 41 useDHCP = true; 42 firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 43 }; 44 45 services.resolved = { 46 enable = true; 47 dnssec = "false"; 48 domains = [ "~." ]; 49 fallbackDns = [ "10.0.0.210" "1.1.1.1" ]; 50 dnsovertls = "false"; 51 }; 52 53 boot.supportedFilesystems = [ "zfs" ]; 54 boot.kernelModules = [ "nct6775" "coretemp" ]; 55 56 boot.zfs.extraPools = [ "garage" "storage" ]; 57 boot.zfs.devNodes = "/dev/disk/by-id"; 58 boot.zfs.forceImportAll = true; 59 60 /*boot.kernelParams = [ "ip=dhcp" ]; 61 boot.initrd = { 62 availableKernelModules = [ "r8169" ]; 63 network = { 64 enable = true; 65 ssh = { 66 enable = true; 67 port = 22; 68 authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0pU82lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb" ]; 69 hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ]; 70 shell = "/bin/cryptsetup-askpass"; 71 }; 72 }; 73 };*/ 74 75 systemd.services.zfs-import-cache.enable = false; 76 systemd.services.zfs-import-scan.enable = true; 77 78 systemd.services.zfs-import-scan = { 79 after = [ "systemd-udev-settle.service" ]; 80 wants = [ "systemd-udev-settle.service" ]; 81 }; 82 83 systemd.mounts = [ 84 { 85 what = "garage"; 86 where = "/garage"; 87 type = "zfs"; 88 after = [ "zfs-import-scan.service" ]; 89 wants = [ "zfs-import-scan.service" ]; 90 } 91 { 92 what = "storage"; 93 where = "/storage"; 94 type = "zfs"; 95 after = [ "zfs-import-scan.service" ]; 96 wants = [ "zfs-import-scan.service" ]; 97 } 98]; 99 100 services.zfs.autoScrub.enable = true; 101 services.zfs.trim.enable = true; 102 103 services.vscode-server.enable = true; 104 services.vscode-server.nodejsPackage = pkgs.nodejs_20; 105 106 environment.systemPackages = with pkgs; [ 107 lm_sensors 108 code-server 109 inputs.agenix.packages.x86_64-linux.default 110 ]; 111 112 virtualisation.docker = { 113 enable = true; 114 enableOnBoot = true; 115 package = pkgs.docker.override { 116 buildGoModule = pkgs.buildGo123Module; 117 }; 118 }; 119}