fix template + minor refactor
This commit is contained in:
parent
a953365bc7
commit
c304ab680f
78
nixos/common/common.nix
Normal file
78
nixos/common/common.nix
Normal file
|
@ -0,0 +1,78 @@
|
||||||
|
{ config, lib, pkgs, ... }: {
|
||||||
|
imports = [
|
||||||
|
./users
|
||||||
|
./modules
|
||||||
|
];
|
||||||
|
|
||||||
|
# Clean /tmp on boot.
|
||||||
|
boot.cleanTmpDir = true;
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = lib.mkDefault "Europe/Amsterdam";
|
||||||
|
|
||||||
|
# Systemd OOMd
|
||||||
|
# Fedora enables these options by default. See the 10-oomd-* files here:
|
||||||
|
# https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
|
||||||
|
systemd.oomd = {
|
||||||
|
enableRootSlice = true;
|
||||||
|
enableUserServices = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Nix Settings
|
||||||
|
nix = {
|
||||||
|
package = pkgs.nixUnstable;
|
||||||
|
settings = {
|
||||||
|
auto-optimise-store = true;
|
||||||
|
trusted-users = [ "root" "victor" ];
|
||||||
|
substituters = [
|
||||||
|
"https://cachix.cachix.org"
|
||||||
|
"https://nix-community.cachix.org"
|
||||||
|
"https://nixpkgs-review-bot.cachix.org"
|
||||||
|
"https://colmena.cachix.org"
|
||||||
|
"https://hyprland.cachix.org"
|
||||||
|
"https://cache.garnix.io"
|
||||||
|
"https://0x76-infra.cachix.org"
|
||||||
|
"https://webcord.cachix.org"
|
||||||
|
];
|
||||||
|
trusted-public-keys = [
|
||||||
|
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
|
||||||
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
|
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
|
||||||
|
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
|
||||||
|
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||||
|
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
|
||||||
|
"0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="
|
||||||
|
"webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
|
||||||
|
];
|
||||||
|
};
|
||||||
|
optimise = {
|
||||||
|
automatic = true;
|
||||||
|
dates = [ "weekly" ];
|
||||||
|
};
|
||||||
|
gc = {
|
||||||
|
automatic = true;
|
||||||
|
dates = "weekly";
|
||||||
|
randomizedDelaySec = "3h";
|
||||||
|
options = "--delete-older-than 7d";
|
||||||
|
};
|
||||||
|
extraOptions = ''
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
# Limit the systemd journal to 100 MB of disk or the
|
||||||
|
# last 7 days of logs, whichever happens first.
|
||||||
|
services.journald.extraConfig = ''
|
||||||
|
SystemMaxUse=100M
|
||||||
|
MaxFileSec=7day
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Enable SSH
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
passwordAuthentication = false;
|
||||||
|
permitRootLogin = lib.mkDefault "no";
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,85 +1,14 @@
|
||||||
{ config, lib, pkgs, inputs, ... }: {
|
{ inputs, lib, config, ... }: {
|
||||||
imports = [
|
# This file deals with everything requiring `inputs`, the rest being delagated to `common.nix`
|
||||||
|
# this is because we can't import inputs from all contexts as that can lead to infinite recursion.
|
||||||
|
import = [
|
||||||
|
./common.nix
|
||||||
inputs.vault-secrets.nixosModules.vault-secrets
|
inputs.vault-secrets.nixosModules.vault-secrets
|
||||||
./users
|
|
||||||
./modules
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Clean /tmp on boot.
|
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
||||||
boot.cleanTmpDir = true;
|
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = lib.mkDefault "Europe/Amsterdam";
|
|
||||||
|
|
||||||
# Systemd OOMd
|
|
||||||
# Fedora enables these options by default. See the 10-oomd-* files here:
|
|
||||||
# https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
|
|
||||||
systemd.oomd = {
|
|
||||||
enableRootSlice = true;
|
|
||||||
enableUserServices = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Nix Settings
|
|
||||||
nix = {
|
|
||||||
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
|
||||||
package = pkgs.nixUnstable;
|
|
||||||
registry.nixpkgs.flake = inputs.nixpkgs;
|
|
||||||
settings = {
|
|
||||||
auto-optimise-store = true;
|
|
||||||
trusted-users = [ "root" "victor" ];
|
|
||||||
substituters = [
|
|
||||||
"https://cachix.cachix.org"
|
|
||||||
"https://nix-community.cachix.org"
|
|
||||||
"https://nixpkgs-review-bot.cachix.org"
|
|
||||||
"https://colmena.cachix.org"
|
|
||||||
"https://hyprland.cachix.org"
|
|
||||||
"https://cache.garnix.io"
|
|
||||||
"https://0x76-infra.cachix.org"
|
|
||||||
"https://webcord.cachix.org"
|
|
||||||
];
|
|
||||||
trusted-public-keys = [
|
|
||||||
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
|
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
||||||
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
|
|
||||||
"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
|
|
||||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
|
||||||
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
|
|
||||||
"0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="
|
|
||||||
"webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
|
|
||||||
];
|
|
||||||
};
|
|
||||||
optimise = {
|
|
||||||
automatic = true;
|
|
||||||
dates = [ "weekly" ];
|
|
||||||
};
|
|
||||||
gc = {
|
|
||||||
automatic = true;
|
|
||||||
dates = "weekly";
|
|
||||||
randomizedDelaySec = "3h";
|
|
||||||
options = "--delete-older-than 7d";
|
|
||||||
};
|
|
||||||
extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
|
|
||||||
# Limit the systemd journal to 100 MB of disk or the
|
|
||||||
# last 7 days of logs, whichever happens first.
|
|
||||||
services.journald.extraConfig = ''
|
|
||||||
SystemMaxUse=100M
|
|
||||||
MaxFileSec=7day
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Enable SSH
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
passwordAuthentication = false;
|
|
||||||
permitRootLogin = "no";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Configure vault-secrets based on domain
|
|
||||||
vault-secrets = let
|
vault-secrets = let
|
||||||
inherit (config.networking) domain hostName;
|
inherit (config.networking) domain hostName;
|
||||||
server = if domain == "olympus" then "vault" else "vault-0";
|
server = if domain == "olympus" then "vault" else "vault-0";
|
||||||
|
@ -88,4 +17,4 @@
|
||||||
vaultAddress = "http://${server}.${domain}:8200/";
|
vaultAddress = "http://${server}.${domain}:8200/";
|
||||||
approlePrefix = "${domain}-${hostName}";
|
approlePrefix = "${domain}-${hostName}";
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{
|
{
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "22.11";
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
fileSystems."/mnt/storage" = {
|
fileSystems."/mnt/storage" = {
|
||||||
|
|
|
@ -90,6 +90,11 @@
|
||||||
mac = "00:50:56:91:3b:03";
|
mac = "00:50:56:91:3b:03";
|
||||||
nix = false;
|
nix = false;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
hostname = "bazarr";
|
||||||
|
ip = "192.168.0.119";
|
||||||
|
mac = "DE:7C:32:7E:DD:A1";
|
||||||
|
}
|
||||||
{
|
{
|
||||||
hostname = "radarr2";
|
hostname = "radarr2";
|
||||||
ip = "192.168.0.120";
|
ip = "192.168.0.120";
|
||||||
|
@ -101,6 +106,7 @@
|
||||||
ip = "192.168.0.121";
|
ip = "192.168.0.121";
|
||||||
mac = "4e:e7:64:b7:88:b8";
|
mac = "4e:e7:64:b7:88:b8";
|
||||||
profile = "jackett";
|
profile = "jackett";
|
||||||
|
nix = false; # superseded by prowlarr
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "nginx";
|
hostname = "nginx";
|
||||||
|
|
|
@ -30,7 +30,8 @@ let
|
||||||
|
|
||||||
exec Hyprland
|
exec Hyprland
|
||||||
'';
|
'';
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
@ -93,14 +94,14 @@ in {
|
||||||
fileSystems."/nix".options = [ "compress=zstd" "noatime" ];
|
fileSystems."/nix".options = [ "compress=zstd" "noatime" ];
|
||||||
|
|
||||||
# Filesystem dedup
|
# Filesystem dedup
|
||||||
#services.beesd.filesystems = {
|
# services.beesd.filesystems = {
|
||||||
# root = {
|
# root = {
|
||||||
# spec = "LABEL=nixos";
|
# spec = "LABEL=nixos";
|
||||||
# hashTableSizeMB = 256;
|
# hashTableSizeMB = 256;
|
||||||
# verbosity = "crit";
|
# verbosity = "crit";
|
||||||
# extraOptions = [ "--loadavg-target" "2.0" ];
|
# extraOptions = [ "--loadavg-target" "2.0" ];
|
||||||
# };
|
# };
|
||||||
#};
|
# };
|
||||||
|
|
||||||
# Select internationalisation properties.
|
# Select internationalisation properties.
|
||||||
i18n.defaultLocale = "en_GB.utf8";
|
i18n.defaultLocale = "en_GB.utf8";
|
||||||
|
|
|
@ -1,19 +1,27 @@
|
||||||
{ config, pkgs, lib, ... }: {
|
{ config, pkgs, lib, ... }: {
|
||||||
# Can't import common completely due to infinite recursion
|
imports = [ ./common/common.nix ./common/generic-lxc.nix ];
|
||||||
imports = [ ./common/users ./common/generic-lxc.nix ];
|
|
||||||
|
|
||||||
|
proxmoxLXC = {
|
||||||
|
manageNetwork = true;
|
||||||
|
manageHostName = true;
|
||||||
|
privileged = false;
|
||||||
|
};
|
||||||
|
|
||||||
# Enable SSH
|
# Enable SSH
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
passwordAuthentication = false;
|
passwordAuthentication = false;
|
||||||
permitRootLogin = "yes";
|
permitRootLogin = "yes";
|
||||||
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.hostName = "template";
|
networking.hostName = "template";
|
||||||
|
|
||||||
time.timeZone = lib.mkDefault "Europe/Amsterdam";
|
time.timeZone = lib.mkDefault "Europe/Amsterdam";
|
||||||
|
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.useDHCP = true;
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
|
|
||||||
|
users.users.root.initialPassword = "toor";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue