{ zentralwerk, secretsFile, config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; c3d2 = { isInHq = true; hq.interface = "eno1"; hq.enableBinaryCache = false; users.k-ot = true; users.emery = true; }; users.users.emery.cryptHomeLuks = "/home/emery.luks.img"; nixpkgs.config.allowUnfree = true; nix = { useSandbox = true; buildCores = 4; maxJobs = 4; }; sops.defaultSopsFile = secretsFile; sops.secrets = { "ceph/secret" = {}; }; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.kernelPackages = pkgs.linuxPackages_latest; networking.hostName = "glotzbert"; # Define your hostname. networking.interfaces.eno1.useDHCP = true; # Select internationalisation properties. console = { font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; keyMap = "de"; }; i18n.defaultLocale = "en_US.UTF-8"; environment.systemPackages = with pkgs; [ screen chromium firefox mpv kodi ceph ]; systemd.user.services.x11vnc = { description = "X11 VNC server"; wantedBy = [ "graphical-session.target" ]; partOf = [ "graphical-session.target" ]; serviceConfig = { ExecStart = '' ${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot ''; RestartSec = 3; Restart = "always"; }; }; # Enable the OpenSSH daemon. services.openssh.enable = true; # Or disable the firewall altogether. networking.firewall.enable = false; # Enable sound. sound.enable = true; hardware.pulseaudio = { enable = true; # Users must be in "audio" group systemWide = true; support32Bit = true; zeroconf.discovery.enable = true; zeroconf.publish.enable = true; tcp = { enable = true; anonymousClients.allowAll = true; }; extraConfig = '' load-module module-tunnel-sink server=pulsebert.hq.c3d2.de ''; extraClientConf = '' default-server = pulsebert.hq.c3d2.de ''; }; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.layout = "de"; services.xserver.xkbOptions = "eurosign:e"; services.xserver.displayManager = { lightdm = { enable = true; }; autoLogin = { enable = true; user = "k-ot"; }; defaultSession = "gnome-xorg"; }; services.xserver.desktopManager = { gnome.enable = true; kodi.enable = true; }; security.sudo = { enable = true; wheelNeedsPassword = false; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.groups."k-ot" = { gid = 1000; }; users.users."k-ot" = { isNormalUser = true; uid = 1000; group = "k-ot"; extraGroups = [ "wheel" "networkmanager" "audio" "video" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 astro" ]; }; services.ceph = { enable = true; global.fsid = "d7c5c9c7-a227-4e33-ab43-3f4aa1eb0630"; client.enable = true; }; fileSystems."/mnt/storage" = let monHosts = pkgs.lib.concatMapStringsSep "," (host: zentralwerk.lib.config.site.net.cluster.hosts4.${host} ) [ "server5" "server6" "server8" ]; in { fsType = "ceph"; device = "${monHosts}:/"; options = [ "_netdev" "name=c3d2" "secretfile=${config.sops.secrets."ceph/secret".path}" "noatime" "x-systemd.automount" "x-systemd.device-timeout=5" ]; }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "18.09"; # Did you read the comment? }