tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity
nix/systems/nixos-he4/default.nix

141 lines
4.4 KiB
Nix
Raw Blame History

{ config
, lib
, pkgs
, modulesPath
, system
, inputs
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
../../os-mods/cachix
../../os-mods/common
../../os-mods/netdata
../../os-mods/network
../../os-mods/virt
./disko.nix
];
config = {
system.stateVersion = "23.11";
environment.systemPackages = with pkgs; [
cryptsetup
];
users.users = {
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1"
];
tristand = {
isNormalUser = true;
description = "tristand";
extraGroups = [ "docker" "networkmanager" "wheel" ];
hashedPassword = "$6$Wj.XY8JgH5EWuog4$HnbtPJXDEqKXFrzkPVEjih3PytcpBCrkfL7TAwkXd0IFced7kGMlZNliNsAqQ3XqfyUzAYiiKTIqoPVJEk.s..";
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
];
};
taq = {
isNormalUser = true;
description = "taq";
extraGroups = [ "docker" "networkmanager" "wheel" ];
hashedPassword = "$6$rkCVbHd2sV36Y38p$e5WTTK58ha7RDDYnfjxAdbzYyNJ2miMD2tkE9.8BHCGyb5vjPNYslClrzYIhxOmujEOllmREXcIgGiUpiMv8Y.";
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1"
];
};
};
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.tristand = import ../../users/admin-shell.nix {
username = "tristand";
inherit pkgs config inputs system lib;
};
};
nix.settings.system-features = [
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
# "gccarch-x86-64-v3"
# "gccarch-znver3"
];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
kernelParams = [
# "ip=192.168.1.35::192.168.1.1:255.255.255.0:my-server-initrd:eth0:none"
"ip=dhcp"
];
supportedFilesystems = [ "bcachefs" ];
loader = {
systemd-boot = {
enable = true;
configurationLimit = 32;
};
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [ "ahci" "nvme" "xhci_pci" "sd_mod" ];
kernelModules = [ "igb" ];
systemd.enable = true;
network = {
enable = true;
ssh = {
enable = true;
port = 2222;
hostKeys = [
/etc/nixos/ext/ssh/ssh_host_ed25519_key
/etc/nixos/ext/ssh/ssh_host_rsa_key
];
authorizedKeys = with lib;
concatLists (mapAttrsToList
(name: user:
if elem "wheel" user.extraGroups
then user.openssh.authorizedKeys.keys
else [ ])
config.users.users);
};
# postCommands = ''
# echo 'cryptsetup-askpass' >> /root/.profile
# '';
};
};
};
networking = {
hostName = "nixos-he4";
useDHCP = lib.mkDefault true;
};
hardware = {
enableRedistributableFirmware = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
zramSwap.enable = true;
};
}
Reference in a new issue View git blame Copy permalink