210 lines
5.2 KiB
Nix
Executable File
210 lines
5.2 KiB
Nix
Executable File
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
|
|
{
|
|
lib,
|
|
namespace,
|
|
...
|
|
}:
|
|
let
|
|
net = lib.${namespace}.network;
|
|
in
|
|
{
|
|
imports = [
|
|
./adguard.nix
|
|
./boot.nix
|
|
./sops.nix
|
|
];
|
|
|
|
virtualisation.docker.enable = true;
|
|
|
|
${namespace} = {
|
|
|
|
sops.enable = true;
|
|
|
|
# ###################################################
|
|
# # Impermanence # #
|
|
# ###################################################
|
|
impermanence = {
|
|
enable = true;
|
|
# extraDirectories = [
|
|
# {
|
|
# directory = "/var/cache/ccache";
|
|
# user = "nobody";
|
|
# group = "nobody";
|
|
# mode = "u=rwx,g=rwx,o=rx";
|
|
# }
|
|
# ];
|
|
};
|
|
|
|
# ###################################################
|
|
# # Hardware # #
|
|
# ###################################################
|
|
|
|
hardware = {
|
|
disko = {
|
|
enable = true;
|
|
firmware = {
|
|
enableFirmware = true;
|
|
};
|
|
};
|
|
raspberry-pi = {
|
|
enable = true;
|
|
variant = "5";
|
|
bootType = "uefi";
|
|
pwm.enable = false;
|
|
disable-wifi.enable = false;
|
|
modesetting.enable = false;
|
|
i2c.enable = false;
|
|
apply-overlays-dtmerge.enable = false;
|
|
|
|
overlays = {
|
|
pi5DisableWifi.enable = true;
|
|
pi5DisableBluetooth.enable = true;
|
|
pi5i2c0.enable = true;
|
|
pi5i2c1.enable = true;
|
|
pi5i2c2.enable = true;
|
|
pi5i2c3.enable = true;
|
|
pi5Sdio.enable = true;
|
|
pi5Spi21cs.enable = true;
|
|
pi5Spi22cs.enable = true;
|
|
pi5Spi31cs.enable = true;
|
|
pi5Spi32cs.enable = true;
|
|
pi5Spi51cs.enable = true;
|
|
pi5Spi52cs.enable = true;
|
|
pi5Uart0.enable = true;
|
|
pi5Uart1.enable = true;
|
|
pi5Uart2.enable = true;
|
|
pi5Uart3.enable = true;
|
|
pi5Uart4.enable = true;
|
|
pi5Vc4Kms.enable = true;
|
|
bcm2712d0.enable = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
headless.enable = true;
|
|
|
|
# ###################################################
|
|
# # Desktop # #
|
|
# ###################################################
|
|
|
|
desktop.hyprland.enable = false;
|
|
|
|
# ###################################################
|
|
# # User # #
|
|
# ###################################################
|
|
|
|
user = {
|
|
name = "matt";
|
|
mutableUsers = false;
|
|
extraGroups = [ "docker" ];
|
|
};
|
|
|
|
# ###################################################
|
|
# # Services # #
|
|
# ###################################################
|
|
|
|
services = {
|
|
attic = {
|
|
enable = true;
|
|
port = net.ports.pi5.attic;
|
|
listenAddress = "[::]";
|
|
environmentFile = "/run/secrets/pi5/attic-key";
|
|
configDir = "/mnt/attic-store";
|
|
};
|
|
|
|
nebula = {
|
|
enable = true;
|
|
isLighthouse = true;
|
|
port = 4242;
|
|
secretsPrefix = "pi5/nebula";
|
|
secretsFile = lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml";
|
|
hostSecretName = "lighthouse";
|
|
stats = {
|
|
enable = true;
|
|
listenAddress = "127.0.0.1";
|
|
statsPort = 8474;
|
|
};
|
|
};
|
|
|
|
nebula-ui = {
|
|
enable = true;
|
|
port = 8473;
|
|
networkName = "jallen-nebula";
|
|
caCertSecretKey = "pi5/nebula/ca-cert";
|
|
caKeySecretKey = "pi5/nebula/ca-key";
|
|
secretsFile = lib.snowfall.fs.get-file "secrets/pi5-secrets.yaml";
|
|
statsListenAddress = "127.0.0.1";
|
|
statsPort = 8474;
|
|
reverseProxy = {
|
|
enable = true;
|
|
subdomain = "nebula";
|
|
};
|
|
};
|
|
};
|
|
|
|
# ###################################################
|
|
# # Network # #
|
|
# ###################################################
|
|
|
|
network = {
|
|
hostName = net.hosts.pi5.hostname;
|
|
ipv4 = {
|
|
inherit (net.hosts.pi5) gateway;
|
|
method = "manual";
|
|
address = net.hosts.pi5.lan4;
|
|
dns = "1.1.1.1";
|
|
interface = "end0";
|
|
};
|
|
firewall = {
|
|
enable = true;
|
|
allowPing = true;
|
|
allowedTCPPorts = [
|
|
53
|
|
net.ports.pi5.attic
|
|
];
|
|
allowedUDPPorts = [ 53 ];
|
|
};
|
|
networkmanager.profiles = {
|
|
"static-end0" = {
|
|
type = "ethernet";
|
|
interface = "end0";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# ###################################################
|
|
# # FileSystems # #
|
|
# ###################################################
|
|
|
|
fileSystems."/mnt/attic-store" = {
|
|
device = "/dev/disk/by-uuid/E81DBFCC-066E-46A3-8018-AA3BF4573074";
|
|
fsType = "xfs";
|
|
options = [
|
|
"defaults"
|
|
"noatime"
|
|
"nofail"
|
|
];
|
|
};
|
|
|
|
users = {
|
|
users = {
|
|
atticd = {
|
|
isSystemUser = true;
|
|
group = "atticd";
|
|
extraGroups = [ "keys" ];
|
|
};
|
|
};
|
|
groups = {
|
|
atticd = { };
|
|
};
|
|
};
|
|
|
|
boot.supportedFilesystems = [ "bcachefs" ];
|
|
|
|
programs.seahorse.enable = false;
|
|
}
|