Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f96f769b2b6ee5ecb2f10bcca18aefddb27073dc
Olympus/system-config/configuration/homebox/default.nix
blaknull f96f769b2b start authentik on boot
2024-11-10 14:15:17 -06:00

256 lines
6.0 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{ config, pkgs, lib, inputs, ... }:
{
imports =
[
./hardware-configuration.nix
inputs.disko.nixosModules.default
(import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; })
inputs.impermanence.nixosModules.impermanence
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
inputs.system.nixosModule
];
boot = {
#kernelPackages = pkgs.linuxKernel.packages.linux_6_6;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
hardware = {
opengl = {
enable = true;
driSupport = true;
extraPackages = with pkgs; [
nvidia-vaapi-driver
];
};
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
};
bluetooth.enable = true;
pulseaudio.enable = false;
};
services = {
xserver = {
enable = true;
videoDrivers = ["nvidia"];
};
displayManager.enable = true;
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
environment.sessionVariables = {
WLR_BACKENDS = "headless";
WLR_LIBINPUT_NO_DEVICES = "1";
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users.defaultUserShell = pkgs.zsh;
nixpkgs.config.allowUnfree = true;
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
networking = {
hostName = "homebox";
nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 22 80 443 9000 ];
hosts = {
"192.168.100.11" = [ "blunkall.us" "*.blunkall.us" "*.local.blunkall.us" ];
};
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "enp6s0";
};
};
system.stateVersion = "23.05"; # Did you read the comment?
users.users."nathan" = {
isNormalUser = true;
initialPassword = "7567";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
"docker"
]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
docker
docker-compose
];
#virtualisation.oci-containers.backend = "podman";
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/root_vg/root /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist/system" = {
hideMounts = true;
directories = [
"/etc/nixos"
"/var/log"
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
sops = {
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets/secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
"authentik/pass" = {};
"authentik/secret_key" = {};
};
};
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {inherit inputs;};
users = {
"nathan" = lib.mkMerge [
inputs.nathan.homeManagerModule
{
config.homeconfig = {
hyprland.enable = true;
swaylock.enable = true;
wal.enable = true;
wayvnc.enable = true;
mpd.enable = true;
ags.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
};
}
];
};
};
sysconfig = {
opts = {
sddm.enable = true;
openssh.enable = true;
pipewire.enable = true;
ags.enable = true;
hyprland.enable = true;
git.enable = true;
nh.enable = true;
steam.enable = false;
virtualization = {
traefik.enable = true;
authentik.enable = true;
"blunkall.us".enable = true;
gitlab.enable = false;
};
};
};
fonts.packages = with pkgs; [ nerdfonts ];
}
Reference in New Issue View Git Blame Copy Permalink