157 lines
3.9 KiB
Nix
157 lines
3.9 KiB
Nix
{ zentralwerk, secretsFile, config, pkgs, ... }:
|
||
|
||
{
|
||
imports = [ ./hardware-configuration.nix ];
|
||
|
||
c3d2 = {
|
||
isInHq = true;
|
||
hq.interface = "eno1";
|
||
hq.enableBinaryCache = false;
|
||
users.k-ot = true;
|
||
users.emery = true;
|
||
};
|
||
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
|
||
|
||
nixpkgs.config.allowUnfree = true;
|
||
nix = {
|
||
useSandbox = true;
|
||
buildCores = 4;
|
||
maxJobs = 4;
|
||
};
|
||
|
||
sops.defaultSopsFile = secretsFile;
|
||
sops.secrets = {
|
||
"ceph/secret" = {};
|
||
};
|
||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||
|
||
# Use the systemd-boot EFI boot loader.
|
||
boot.loader.systemd-boot.enable = true;
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||
|
||
networking.hostName = "glotzbert"; # Define your hostname.
|
||
networking.interfaces.eno1.useDHCP = true;
|
||
|
||
# Select internationalisation properties.
|
||
console = {
|
||
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
|
||
keyMap = "de";
|
||
};
|
||
i18n.defaultLocale = "en_US.UTF-8";
|
||
|
||
environment.systemPackages = with pkgs; [
|
||
screen
|
||
chromium
|
||
firefox
|
||
mpv
|
||
kodi
|
||
ceph
|
||
];
|
||
|
||
systemd.user.services.x11vnc = {
|
||
description = "X11 VNC server";
|
||
wantedBy = [ "graphical-session.target" ];
|
||
partOf = [ "graphical-session.target" ];
|
||
serviceConfig = {
|
||
ExecStart = ''
|
||
${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
|
||
'';
|
||
RestartSec = 3;
|
||
Restart = "always";
|
||
};
|
||
};
|
||
|
||
# Enable the OpenSSH daemon.
|
||
services.openssh.enable = true;
|
||
|
||
# Or disable the firewall altogether.
|
||
networking.firewall.enable = false;
|
||
|
||
# Enable sound.
|
||
sound.enable = true;
|
||
hardware.pulseaudio = {
|
||
enable = true;
|
||
# Users must be in "audio" group
|
||
systemWide = true;
|
||
support32Bit = true;
|
||
zeroconf.discovery.enable = true;
|
||
zeroconf.publish.enable = true;
|
||
tcp = {
|
||
enable = true;
|
||
anonymousClients.allowAll = true;
|
||
};
|
||
extraConfig = ''
|
||
load-module module-tunnel-sink server=pulsebert.hq.c3d2.de
|
||
'';
|
||
extraClientConf = ''
|
||
default-server = pulsebert.hq.c3d2.de
|
||
'';
|
||
};
|
||
|
||
# Enable the X11 windowing system.
|
||
services.xserver.enable = true;
|
||
services.xserver.layout = "de";
|
||
services.xserver.xkbOptions = "eurosign:e";
|
||
|
||
services.xserver.displayManager = {
|
||
lightdm = { enable = true; };
|
||
autoLogin = {
|
||
enable = true;
|
||
user = "k-ot";
|
||
};
|
||
defaultSession = "gnome-xorg";
|
||
};
|
||
services.xserver.desktopManager = {
|
||
gnome.enable = true;
|
||
kodi.enable = true;
|
||
};
|
||
|
||
security.sudo = {
|
||
enable = true;
|
||
wheelNeedsPassword = false;
|
||
};
|
||
|
||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||
users.groups."k-ot" = { gid = 1000; };
|
||
users.users."k-ot" = {
|
||
isNormalUser = true;
|
||
uid = 1000;
|
||
group = "k-ot";
|
||
extraGroups = [ "wheel" "networkmanager" "audio" "video" ];
|
||
openssh.authorizedKeys.keys = [
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 astro"
|
||
];
|
||
};
|
||
|
||
services.ceph = {
|
||
enable = true;
|
||
global.fsid = "d7c5c9c7-a227-4e33-ab43-3f4aa1eb0630";
|
||
client.enable = true;
|
||
};
|
||
fileSystems."/mnt/storage" =
|
||
let
|
||
monHosts = pkgs.lib.concatMapStringsSep "," (host:
|
||
zentralwerk.lib.config.site.net.cluster.hosts4.${host}
|
||
) [ "server5" "server6" "server8" ];
|
||
in {
|
||
fsType = "ceph";
|
||
device = "${monHosts}:/";
|
||
options = [
|
||
"_netdev"
|
||
"name=c3d2"
|
||
"secretfile=${config.sops.secrets."ceph/secret".path}"
|
||
"noatime"
|
||
"x-systemd.automount"
|
||
"x-systemd.device-timeout=5"
|
||
];
|
||
};
|
||
|
||
# This value determines the NixOS release with which your system is to be
|
||
# compatible, in order to avoid breaking some software such as database
|
||
# servers. You should change this only after NixOS release notes say you
|
||
# should.
|
||
system.stateVersion = "18.09"; # Did you read the comment?
|
||
|
||
}
|