diff --git a/flake.nix b/flake.nix index fcec411..b486522 100644 --- a/flake.nix +++ b/flake.nix @@ -75,6 +75,26 @@ specialArgs = {inherit myData;} // inputs; }; + nixosConfigurations.fwminex = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/fwminex/configuration.nix + + ./modules + + agenix.nixosModules.default + home-manager.nixosModules.home-manager + + { + #age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age; + #age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age; + #age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age; + } + ]; + + specialArgs = {inherit myData;} // inputs; + }; + nixosConfigurations.vno1-rp3b = nixpkgs.lib.nixosSystem { modules = [ ./hosts/vno1-rp3b/configuration.nix diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix new file mode 100644 index 0000000..cfad248 --- /dev/null +++ b/hosts/fwminex/configuration.nix @@ -0,0 +1,111 @@ +{ + config, + pkgs, + myData, + ... +}: { + zfs-root = { + boot = { + enable = true; + devNodes = "/dev/disk/by-id/"; + bootDevices = ["nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NS0TA01331A"]; + immutable = false; + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" ]; + removableEfi = true; + }; + }; + + boot.binfmt.emulatedSystems = ["aarch64-linux"]; + + boot.loader.grub.extraEntries = '' + menuentry "Debian via bpool label" { + search --set=bpool --label bpool + configfile "$(bpool)/@/BOOT/debian@/grub/grub.cfg" + } + menuentry "Debian 3915eee7610a7d61" { + search --set=root 3915eee7610a7d61 + configfile "/BOOT/debian@/grub/grub.cfg" + } + menuentry "Debian 4113456512205749601" { + search --set=root 4113456512205749601 + configfile "/BOOT/debian@/grub/grub.cfg" + } + ''; + + fileSystems."/var/lib/docker" = { + device = "rpool/nixos/docker"; + fsType = "zfs"; + }; + + mj = { + stateVersion = "23.05"; + timeZone = "Europe/Vilnius"; + + base = { + zfs.enable = true; + users = { + devEnvironment = true; + passwd = { + root.initialPassword = "live"; + motiejus.initialPassword = "live"; + motiejus.extraGroups = ["networkmanager"]; + #root.passwordFile = config.age.secrets.root-passwd-hash.path; + #motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path; + }; + }; + + snapshot = { + enable = true; + mountpoints = ["/home" "/var/lib" "/var/log"]; + }; + + unitstatus = { + enable = true; + email = "motiejus+alerts@jakstys.lt"; + }; + + }; + + services = { + node_exporter.enable = true; + + deployerbot = { + follower = { + enable = true; + uidgid = myData.uidgid.updaterbot-deployee; + publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey; + }; + }; + + postfix = { + enable = true; + saslPasswdPath = config.age.secrets.sasl-passwd.path; + }; + + syncthing = { + enable = false; + dataDir = "/home/motiejus/"; + user = "motiejus"; + group = "users"; + }; + + }; + }; + + services = { + tailscale.enable = true; + + xserver = { + enable = true; + desktopManager.gnome.enable = true; + displayManager.gdm.enable = true; + }; + }; + + networking = { + hostId = "bcfc4f5f"; + hostName = "fwminex"; + domain = "motiejus.jakst"; + networkmanager.enable = true; + }; +} diff --git a/modules/base/users/default.nix b/modules/base/users/default.nix index e9a1342..5f0af32 100644 --- a/modules/base/users/default.nix +++ b/modules/base/users/default.nix @@ -23,6 +23,11 @@ type = nullOr str; default = null; }; + + extraGroups = lib.mkOption { + type = listOf str; + default = []; + }; }; } )); @@ -39,7 +44,7 @@ motiejus = { isNormalUser = true; - extraGroups = ["wheel"]; + extraGroups = ["wheel"] ++ passwd.motiejus.extraGroups; uid = myData.uidgid.motiejus; openssh.authorizedKeys.keys = [myData.people_pubkeys.motiejus]; }