2023-09-13 12:17:43 +03:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
myData,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
zfs-root = {
|
|
|
|
|
boot = {
|
|
|
|
|
enable = true;
|
|
|
|
|
devNodes = "/dev/disk/by-id/";
|
|
|
|
|
bootDevices = ["nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NS0TA01331A"];
|
|
|
|
|
immutable = false;
|
2023-09-13 14:14:25 +03:00
|
|
|
forceNoDev2305 = true;
|
2023-09-14 12:40:16 +03:00
|
|
|
availableKernelModules = ["usb_storage" "sd_mod" "iwlwifi" "xhci_pci" "thunderbolt" "nvme" "usbhid"];
|
2023-09-13 12:17:43 +03:00
|
|
|
removableEfi = true;
|
2023-09-13 13:54:22 +03:00
|
|
|
partitionScheme = {
|
|
|
|
|
efiBoot = "-part1";
|
|
|
|
|
bootPool = "-part2";
|
|
|
|
|
rootPool = "-part4";
|
|
|
|
|
};
|
2023-09-13 12:17:43 +03:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-09-14 12:40:16 +03:00
|
|
|
powerManagement.cpuFreqGovernor = "powersave";
|
|
|
|
|
hardware.cpu.intel.updateMicrocode = true;
|
|
|
|
|
nixpkgs.hostPlatform = "x86_64-linux";
|
|
|
|
|
|
2023-09-13 12:17:43 +03:00
|
|
|
boot.binfmt.emulatedSystems = ["aarch64-linux"];
|
|
|
|
|
|
2023-09-14 06:41:37 +03:00
|
|
|
#swapDevices = [];
|
2023-09-13 15:18:25 +03:00
|
|
|
|
2023-09-13 12:17:43 +03:00
|
|
|
boot.loader.grub.extraEntries = ''
|
|
|
|
|
menuentry "Debian via bpool label" {
|
|
|
|
|
search --set=bpool --label bpool
|
|
|
|
|
configfile "$(bpool)/@/BOOT/debian@/grub/grub.cfg"
|
|
|
|
|
}
|
|
|
|
|
menuentry "Debian 3915eee7610a7d61" {
|
|
|
|
|
search --set=root 3915eee7610a7d61
|
|
|
|
|
configfile "/BOOT/debian@/grub/grub.cfg"
|
|
|
|
|
}
|
|
|
|
|
menuentry "Debian 4113456512205749601" {
|
|
|
|
|
search --set=root 4113456512205749601
|
|
|
|
|
configfile "/BOOT/debian@/grub/grub.cfg"
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
mj = {
|
|
|
|
|
stateVersion = "23.05";
|
|
|
|
|
timeZone = "Europe/Vilnius";
|
|
|
|
|
|
|
|
|
|
base = {
|
|
|
|
|
zfs.enable = true;
|
|
|
|
|
users = {
|
|
|
|
|
devEnvironment = true;
|
|
|
|
|
passwd = {
|
|
|
|
|
root.initialPassword = "live";
|
|
|
|
|
motiejus.initialPassword = "live";
|
|
|
|
|
motiejus.extraGroups = ["networkmanager"];
|
|
|
|
|
#root.passwordFile = config.age.secrets.root-passwd-hash.path;
|
|
|
|
|
#motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
snapshot = {
|
|
|
|
|
enable = true;
|
|
|
|
|
mountpoints = ["/home" "/var/lib" "/var/log"];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
unitstatus = {
|
|
|
|
|
enable = true;
|
|
|
|
|
email = "motiejus+alerts@jakstys.lt";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
node_exporter.enable = true;
|
2023-09-14 14:37:55 +03:00
|
|
|
sshguard.enable = false;
|
|
|
|
|
tailscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
silenceLogs = true;
|
|
|
|
|
};
|
2023-09-13 12:17:43 +03:00
|
|
|
|
|
|
|
|
deployerbot = {
|
|
|
|
|
follower = {
|
|
|
|
|
enable = true;
|
|
|
|
|
uidgid = myData.uidgid.updaterbot-deployee;
|
|
|
|
|
publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2023-09-13 13:30:16 +03:00
|
|
|
#postfix = {
|
|
|
|
|
# enable = true;
|
|
|
|
|
# saslPasswdPath = config.age.secrets.sasl-passwd.path;
|
|
|
|
|
#};
|
2023-09-13 12:17:43 +03:00
|
|
|
|
|
|
|
|
syncthing = {
|
|
|
|
|
enable = false;
|
|
|
|
|
dataDir = "/home/motiejus/";
|
|
|
|
|
user = "motiejus";
|
|
|
|
|
group = "users";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services = {
|
|
|
|
|
|
|
|
|
|
xserver = {
|
|
|
|
|
enable = true;
|
|
|
|
|
desktopManager.gnome.enable = true;
|
|
|
|
|
displayManager.gdm.enable = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking = {
|
2023-09-13 14:46:58 +03:00
|
|
|
hostId = "3a54afcd";
|
2023-09-13 12:17:43 +03:00
|
|
|
hostName = "fwminex";
|
|
|
|
|
domain = "motiejus.jakst";
|
|
|
|
|
networkmanager.enable = true;
|
2023-09-14 06:41:37 +03:00
|
|
|
|
|
|
|
|
# WIP
|
|
|
|
|
firewall.enable = false;
|
2023-09-13 12:17:43 +03:00
|
|
|
};
|
|
|
|
|
}
|
