demeter.nix (2164B)
1 { pkgs, lib, ... }: 2 3 with lib; 4 let 5 hostname = "demeter"; 6 # secretPath = ../../secrets/machines.nix; 7 # secretCondition = (builtins.pathExists secretPath); 8 # 9 # ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}"; 10 # ips = lists.optionals secretCondition ([ "${ip}/24" ]); 11 # endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP; 12 # endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0; 13 # endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; 14 15 metadata = importTOML ../../ops/hosts.toml; 16 in 17 { 18 imports = [ 19 (import ../../users/vincent) 20 (import ../../users/root) 21 ]; 22 23 boot = { 24 kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; 25 initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; 26 loader = { 27 grub.enable = false; 28 generic-extlinux-compatible.enable = true; 29 }; 30 }; 31 32 fileSystems = { 33 "/" = { 34 device = "/dev/disk/by-label/NIXOS_SD"; 35 fsType = "ext4"; 36 options = [ "noatime" ]; 37 }; 38 }; 39 40 networking = { 41 hostName = hostname; 42 firewall.enable = false; # we are in safe territory :D 43 # bridges.br1.interfaces = [ "enp0s31f6" ]; 44 # useDHCP = false; 45 # interfaces.br1 = { 46 # useDHCP = true; 47 # }; 48 }; 49 50 core.boot.systemd-boot = lib.mkForce false; 51 # boot.cleanTmpDir = lib.mkForce false; 52 # boot.loader.systemd-boot.enable = lib.mkForce false; 53 # profiles.base.systemd-boot = lib.mkForce true; 54 # 55 modules = { 56 profiles.home = true; 57 services = { 58 bind.enable = true; 59 # syncthing = { 60 # enable = true; 61 # guiAddress = "${metadata.hosts.sakhalin.wireguard.addrs.v4}:8384"; 62 # }; 63 avahi.enable = true; 64 ssh.enable = true; 65 }; 66 }; 67 68 # services = { 69 # wireguard = { 70 # enable = true; 71 # ips = ips; 72 # endpoint = endpointIP; 73 # endpointPort = endpointPort; 74 # endpointPublicKey = endpointPublicKey; 75 # }; 76 # }; 77 security.apparmor.enable = true; 78 security.pam.enableSSHAgentAuth = true; 79 }