motiejus/config
1
Fork 0
Code Packages Releases Activity

add fwminex

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-09-13 12:17:43 +03:00
parent e12e139128
commit e38f446793
3 changed files with 137 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
flake.nix
View File

@ -75,6 +75,26 @@
specialArgs = {inherit myData;} // inputs;
};
nixosConfigurations.fwminex = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/fwminex/configuration.nix
./modules
agenix.nixosModules.default
home-manager.nixosModules.home-manager
{
#age.secrets.motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
#age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age;
#age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
}
];
specialArgs = {inherit myData;} // inputs;
};
nixosConfigurations.vno1-rp3b = nixpkgs.lib.nixosSystem {
modules = [
./hosts/vno1-rp3b/configuration.nix

111
hosts/fwminex/configuration.nix Normal file
View File

@ -0,0 +1,111 @@
{
config,
pkgs,
myData,
...
}: {
zfs-root = {
boot = {
enable = true;
devNodes = "/dev/disk/by-id/";
bootDevices = ["nvme-Samsung_SSD_970_EVO_Plus_2TB_S6P1NS0TA01331A"];
immutable = false;
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" ];
removableEfi = true;
};
};
boot.binfmt.emulatedSystems = ["aarch64-linux"];
boot.loader.grub.extraEntries = ''
menuentry "Debian via bpool label" {
search --set=bpool --label bpool
configfile "$(bpool)/@/BOOT/debian@/grub/grub.cfg"
}
menuentry "Debian 3915eee7610a7d61" {
search --set=root 3915eee7610a7d61
configfile "/BOOT/debian@/grub/grub.cfg"
}
menuentry "Debian 4113456512205749601" {
search --set=root 4113456512205749601
configfile "/BOOT/debian@/grub/grub.cfg"
}
'';
fileSystems."/var/lib/docker" = {
device = "rpool/nixos/docker";
fsType = "zfs";
};
mj = {
stateVersion = "23.05";
timeZone = "Europe/Vilnius";
base = {
zfs.enable = true;
users = {
devEnvironment = true;
passwd = {
root.initialPassword = "live";
motiejus.initialPassword = "live";
motiejus.extraGroups = ["networkmanager"];
#root.passwordFile = config.age.secrets.root-passwd-hash.path;
#motiejus.passwordFile = config.age.secrets.motiejus-passwd-hash.path;
};
};
snapshot = {
enable = true;
mountpoints = ["/home" "/var/lib" "/var/log"];
};
unitstatus = {
enable = true;
email = "motiejus+alerts@jakstys.lt";
};
};
services = {
node_exporter.enable = true;
deployerbot = {
follower = {
enable = true;
uidgid = myData.uidgid.updaterbot-deployee;
publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;
};
};
postfix = {
enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path;
};
syncthing = {
enable = false;
dataDir = "/home/motiejus/";
user = "motiejus";
group = "users";
};
};
};
services = {
tailscale.enable = true;
xserver = {
enable = true;
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
};
};
networking = {
hostId = "bcfc4f5f";
hostName = "fwminex";
domain = "motiejus.jakst";
networkmanager.enable = true;
};
}

7
modules/base/users/default.nix
View File

@ -23,6 +23,11 @@
type = nullOr str;
default = null;
};
extraGroups = lib.mkOption {
type = listOf str;
default = [];
};
};
}
));
@ -39,7 +44,7 @@
motiejus =
{
isNormalUser = true;
extraGroups = ["wheel"];
extraGroups = ["wheel"] ++ passwd.motiejus.extraGroups;
uid = myData.uidgid.motiejus;
openssh.authorizedKeys.keys = [myData.people_pubkeys.motiejus];
}