config/hosts/vno3-rp3b/configuration.nix

172 lines
3.7 KiB
Nix
Raw Normal View History

2023-08-15 07:09:11 +03:00
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{
config,
pkgs,
myData,
...
2024-07-29 15:39:54 +03:00
}:
{
imports = [ ../../modules/profiles/sdcard ];
2023-08-15 07:09:11 +03:00
2024-08-27 08:57:17 +03:00
age.secrets = {
motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
datapool-passphrase.file = ../../secrets/vno3-rp3b/datapool-passphrase.age;
};
2023-11-27 18:17:27 +02:00
boot = {
initrd = {
2024-07-29 15:39:54 +03:00
availableKernelModules = [ "usbhid" ];
kernelModules = [
"vc4"
"bcm2835_dma"
];
2023-11-27 18:17:27 +02:00
};
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
2024-07-29 15:39:54 +03:00
kernelModules = [ ];
extraModulePackages = [ ];
supportedFilesystems = [ "zfs" ];
2023-11-27 18:17:27 +02:00
zfs.forceImportRoot = false;
};
2023-09-11 11:01:33 +03:00
powerManagement.cpuFreqGovernor = "ondemand";
2023-08-15 07:09:11 +03:00
2023-11-27 18:17:27 +02:00
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
"/data" = {
device = "datapool/root";
fsType = "zfs";
};
"/data/borg" = {
device = "datapool/root/borg";
fsType = "zfs";
};
"/data/shared" = {
device = "datapool/root/shared";
fsType = "zfs";
};
2023-09-11 14:20:07 +03:00
};
2023-09-11 13:25:46 +03:00
2024-07-29 15:39:54 +03:00
swapDevices = [ ];
2023-08-15 07:09:11 +03:00
mj = {
stateVersion = "23.05";
timeZone = "Europe/Vilnius";
username = "motiejus";
2023-08-15 07:09:11 +03:00
base = {
2023-09-14 21:38:29 +03:00
zfs.enable = true;
2024-02-04 16:18:47 +02:00
users = {
enable = true;
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
2023-08-15 07:09:11 +03:00
};
unitstatus = {
enable = true;
email = "motiejus+alerts@jakstys.lt";
};
2023-09-21 20:04:16 +03:00
snapshot = {
enable = true;
2024-07-29 15:39:54 +03:00
mountpoints = [ "/data/shared" ];
2023-09-21 20:04:16 +03:00
};
2023-08-15 07:09:11 +03:00
};
services = {
2024-11-03 20:18:09 +02:00
printing.enable = true;
tailscale.enable = true;
2023-08-18 09:31:19 +03:00
node_exporter.enable = true;
2024-09-17 11:40:34 +03:00
ping_exporter.enable = true;
2023-08-18 09:31:19 +03:00
2023-09-11 15:51:33 +03:00
borgstor = {
enable = true;
dataDir = "/data/borg";
2024-07-31 09:15:46 +03:00
sshKeys = with myData; [
2024-07-31 09:19:13 +03:00
hosts."fwminex.servers.jakst".publicKey
2024-07-31 09:15:46 +03:00
people_pubkeys.motiejus
];
2023-09-11 15:51:33 +03:00
};
2023-08-15 07:09:11 +03:00
postfix = {
enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path;
};
2023-08-16 16:54:17 +03:00
2023-08-16 20:06:09 +03:00
deployerbot = {
follower = {
2024-07-31 09:19:13 +03:00
publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
2023-08-16 20:06:09 +03:00
enable = true;
2024-07-29 15:39:54 +03:00
sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
2023-08-16 20:06:09 +03:00
uidgid = myData.uidgid.updaterbot-deployee;
};
};
2023-09-12 13:31:46 +03:00
jakstpub = {
enable = true;
dataDir = "/data/shared";
2024-07-29 15:39:54 +03:00
requires = [ "data-shared.mount" ];
2023-09-12 13:31:46 +03:00
uidgid = myData.uidgid.jakstpub;
2023-09-12 23:18:46 +03:00
hostname = "hdd.jakstys.lt";
2023-09-12 13:31:46 +03:00
};
2023-08-15 07:09:11 +03:00
};
};
services = {
chrony.extraConfig = ''
makestep 1 -1
'';
# shared printing
avahi = {
2024-11-03 17:56:22 +02:00
enable = true;
nssmdns4 = true;
openFirewall = true;
publish = {
enable = true;
userServices = true;
};
2024-11-03 17:56:22 +02:00
};
printing = {
openFirewall = true;
allowFrom = [ "all" ];
browsing = true;
defaultShared = true;
};
2024-11-03 17:48:29 +02:00
};
2024-11-03 17:38:21 +02:00
environment.etc = {
"datapool-passphrase.txt".source = config.age.secrets.datapool-passphrase.path;
};
environment.systemPackages = with pkgs; [
raspberrypi-eeprom
libraspberrypi
2023-09-15 10:49:27 +03:00
borgbackup
];
2023-08-17 15:07:26 +03:00
2023-08-15 07:09:11 +03:00
networking = {
hostId = "4bd17751";
hostName = "vno3-rp3b";
2023-08-15 07:09:11 +03:00
domain = "servers.jakst";
2023-09-14 13:24:40 +03:00
dhcpcd.enable = true;
2023-09-21 15:08:26 +03:00
firewall.rejectPackets = true;
2023-08-15 07:09:11 +03:00
};
2023-08-15 17:14:40 +03:00
nixpkgs.hostPlatform = "aarch64-linux";
2023-08-15 07:09:11 +03:00
security.rtkit.enable = true;
}