117 lines
3 KiB
Nix
117 lines
3 KiB
Nix
{
|
||
pkgs,
|
||
lib,
|
||
...
|
||
}: let
|
||
vars = import ../../vars.nix;
|
||
in {
|
||
imports = [../common/global/locale.nix];
|
||
# NixOS wants to enable GRUB by default
|
||
boot.loader.grub.enable = false;
|
||
# Enables the generation of /boot/extlinux/extlinux.conf
|
||
boot.loader.generic-extlinux-compatible.enable = true;
|
||
|
||
# !!! Set to specific linux kernel version
|
||
boot.kernelPackages = pkgs.linuxPackages;
|
||
|
||
# Disable ZFS on kernel 6
|
||
boot.supportedFilesystems = lib.mkForce [
|
||
"vfat"
|
||
"xfs"
|
||
"cifs"
|
||
"ntfs"
|
||
];
|
||
|
||
# !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
|
||
# If X.org behaves weirdly (I only saw the cursor) then try increasing this to 256M.
|
||
# On a Raspberry Pi 4 with 4 GB, you should either disable this parameter or increase to at least 64M if you want the USB ports to work.
|
||
boot.kernelParams = ["cma=256M"];
|
||
|
||
# File systems configuration for using the installer's partition layout
|
||
fileSystems = {
|
||
# Prior to 19.09, the boot partition was hosted on the smaller first partition
|
||
# Starting with 19.09, the /boot folder is on the main bigger partition.
|
||
# The following is to be used only with older images.
|
||
/*
|
||
"/boot" = {
|
||
device = "/dev/disk/by-label/NIXOS_BOOT";
|
||
fsType = "vfat";
|
||
};
|
||
*/
|
||
"/" = {
|
||
device = "/dev/disk/by-label/NIXOS_SD";
|
||
fsType = "ext4";
|
||
};
|
||
};
|
||
|
||
# !!! Adding a swap file is optional, but strongly recommended!
|
||
swapDevices = [
|
||
{
|
||
device = "/swapfile";
|
||
size = 1024;
|
||
}
|
||
];
|
||
|
||
# systemPackages
|
||
environment.systemPackages = with pkgs; [
|
||
neovim
|
||
curl
|
||
wget
|
||
];
|
||
|
||
services.openssh = {
|
||
enable = true;
|
||
settings.PermitRootLogin = "yes";
|
||
};
|
||
|
||
services.restic.server = {
|
||
enable = true;
|
||
dataDir = "/mnt/backups";
|
||
extraFlags = ["--no-auth"];
|
||
};
|
||
|
||
services.tailscale = {
|
||
enable = true;
|
||
useRoutingFeatures = "server";
|
||
};
|
||
|
||
virtualisation.docker.enable = true;
|
||
|
||
networking.firewall.enable = false;
|
||
|
||
# Networking
|
||
networking.useDHCP = true;
|
||
|
||
# forwarding
|
||
boot.kernel.sysctl = {
|
||
"net.ipv4.conf.all.forwarding" = true;
|
||
"net.ipv6.conf.all.forwarding" = true;
|
||
"net.ipv4.tcp_ecn" = true;
|
||
};
|
||
|
||
# put your own configuration here, for example ssh keys:
|
||
users.mutableUsers = true;
|
||
users.users.nixos = {
|
||
isNormalUser = true;
|
||
password = "changeme";
|
||
extraGroups = ["wheel" "docker"];
|
||
openssh.authorizedKeys.keys = [
|
||
#Adalbert
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJd6Gut34abkwlZ4tZVBO4Qt7CkIpPm/Z8R6JCisjnYy openpgp:0xBD0CFCA0"
|
||
|
||
#Ludwig
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
|
||
|
||
#Franz
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIINCjLoirHMos7c9lRatWtSYAk68xbUGc8vPU0wFxIzj openpgp:0x7430326E"
|
||
];
|
||
};
|
||
users.users.admin = {
|
||
isNormalUser = true;
|
||
extraGroups = ["wheel"]; # Enable ‘sudo’ for the user.
|
||
hashedPassword = "blablabla"; # generate with `mkpasswd`
|
||
};
|
||
nix.settings.trusted-users = ["admin" "ghoscht" "nixos"];
|
||
|
||
system.stateVersion = "23.11";
|
||
}
|