home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

demeter.nix (2164B)


      1 { pkgs, lib, ... }:
      2 
      3 with lib;
      4 let
      5   hostname = "demeter";
      6   # secretPath = ../../secrets/machines.nix;
      7   # secretCondition = (builtins.pathExists secretPath);
      8   # 
      9   # ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
     10   # ips = lists.optionals secretCondition ([ "${ip}/24" ]);
     11   # endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
     12   # endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
     13   # endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
     14 
     15   metadata = importTOML ../../ops/hosts.toml;
     16 in
     17 {
     18   imports = [
     19     (import ../../users/vincent)
     20     (import ../../users/root)
     21   ];
     22 
     23   boot = {
     24     kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
     25     initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
     26     loader = {
     27       grub.enable = false;
     28       generic-extlinux-compatible.enable = true;
     29     };
     30   };
     31 
     32   fileSystems = {
     33     "/" = {
     34       device = "/dev/disk/by-label/NIXOS_SD";
     35       fsType = "ext4";
     36       options = [ "noatime" ];
     37     };
     38   };
     39 
     40   networking = {
     41     hostName = hostname;
     42     firewall.enable = false; # we are in safe territory :D
     43     # bridges.br1.interfaces = [ "enp0s31f6" ];
     44     # useDHCP = false;
     45     # interfaces.br1 = {
     46     #   useDHCP = true;
     47     # };
     48   };
     49 
     50   core.boot.systemd-boot = lib.mkForce false;
     51   # boot.cleanTmpDir = lib.mkForce false;
     52   # boot.loader.systemd-boot.enable = lib.mkForce false;
     53   # profiles.base.systemd-boot = lib.mkForce true;
     54   # 
     55   modules = {
     56     profiles.home = true;
     57     services = {
     58       bind.enable = true;
     59       #     syncthing = {
     60       #       enable = true;
     61       #       guiAddress = "${metadata.hosts.sakhalin.wireguard.addrs.v4}:8384";
     62       #     };
     63       avahi.enable = true;
     64       ssh.enable = true;
     65     };
     66   };
     67 
     68   # services = {
     69   #   wireguard = {
     70   #     enable = true;
     71   #     ips = ips;
     72   #     endpoint = endpointIP;
     73   #     endpointPort = endpointPort;
     74   #     endpointPublicKey = endpointPublicKey;
     75   #   };
     76   # };
     77   security.apparmor.enable = true;
     78   security.pam.enableSSHAgentAuth = true;
     79 }