hosts/valefar/default.nix at eb628e5a7490b8cd6781b5c54f2d1e19bf45dd10 · nekomimi.pet/nixcfg

nekomimi.pet / nixcfg
my nix configs for my servers and desktop
nixcfg / hosts / valefar / default.nix
at eb628e5a7490b8cd6781b5c54f2d1e19bf45dd10 3.0 kB view raw
  1# hosts/valefar/configuration.nix (or default.nix)
  2{ config, lib, pkgs, modulesPath, inputs, ... }:
  3
  4{
  5  imports = [
  6    # Host-specific hardware
  7    ./hardware.nix
  8    ./secrets.nix
  9    #../../common/nvidia.nix
 10    
 11    # Common modules shared across hosts
 12    ../../common/system.nix
 13    ../../common/users.nix
 14    ../../common/services.nix
 15    ../../common/efi.nix
 16    
 17    # Common secrets
 18    ../../host-secrets.nix
 19  ];
 20
 21  # Enable modules
 22  modules.garage.enable = true;
 23  modules.forgejo.enable = true;
 24
 25  system.stateVersion = "24.11";
 26
 27  # pin host platform & microcode
 28  nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
 29  hardware.cpu.intel.updateMicrocode = lib.mkDefault
 30    config.hardware.enableRedistributableFirmware;
 31
 32  networking.hostName = "valefar";
 33  networking.hostId = "2a07da90";
 34
 35  networking = {
 36    firewall.enable = false;
 37    firewall.trustedInterfaces = [
 38	    "tailscale0"
 39    ];
 40    nameservers   = [ "10.0.0.210" "1.1.1.1" ];
 41    useDHCP       = true;
 42    firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
 43  };
 44
 45  services.resolved = {
 46    enable      = true;
 47    dnssec      = "false";
 48    domains     = [ "~." ];
 49    fallbackDns = [ "10.0.0.210" "1.1.1.1" ];
 50    dnsovertls  = "false";
 51  };
 52  
 53  boot.supportedFilesystems = [ "zfs" ];
 54  boot.kernelModules = [ "nct6775" "coretemp" ];
 55
 56  boot.zfs.extraPools = [ "garage" "storage" ];
 57  boot.zfs.devNodes = "/dev/disk/by-id";
 58  boot.zfs.forceImportAll = true;
 59
 60  /*boot.kernelParams = [ "ip=dhcp" ];
 61  boot.initrd = {
 62    availableKernelModules = [ "r8169" ];
 63    network = {
 64      enable = true;
 65      ssh = {
 66        enable = true;
 67        port = 22;
 68        authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0pU82lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb" ];
 69        hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ];
 70        shell = "/bin/cryptsetup-askpass";
 71      };
 72    };
 73  };*/
 74
 75  systemd.services.zfs-import-cache.enable = false;
 76  systemd.services.zfs-import-scan.enable = true;
 77
 78  systemd.services.zfs-import-scan = {
 79    after = [ "systemd-udev-settle.service" ];
 80    wants = [ "systemd-udev-settle.service" ];
 81  };
 82
 83  systemd.mounts = [
 84  {
 85    what = "garage";
 86    where = "/garage";
 87    type = "zfs";
 88    after = [ "zfs-import-scan.service" ];
 89    wants = [ "zfs-import-scan.service" ];
 90  }
 91  {
 92    what = "storage";
 93    where = "/storage";
 94    type = "zfs";
 95    after = [ "zfs-import-scan.service" ];
 96    wants = [ "zfs-import-scan.service" ];
 97  }
 98];
 99
100  services.zfs.autoScrub.enable = true;
101  services.zfs.trim.enable = true;
102
103  services.vscode-server.enable = true;
104  services.vscode-server.nodejsPackage = pkgs.nodejs_20;
105
106  environment.systemPackages = with pkgs; [
107    lm_sensors
108    code-server
109    inputs.agenix.packages.x86_64-linux.default
110  ];
111
112  virtualisation.docker = {
113    enable = true;
114    enableOnBoot = true;
115    package = pkgs.docker.override {
116      buildGoModule = pkgs.buildGo123Module;
117    };
118  };
119}