75 lines
1.6 KiB
Nix
75 lines
1.6 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports = [ ./hydra.nix ./cache.nix ];
|
|
|
|
c3d2 = {
|
|
users = {
|
|
emery = true;
|
|
windsleep = true;
|
|
};
|
|
# hq.statistics.enable = true;
|
|
};
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
security.acme = {
|
|
email = "mail@c3d2.de";
|
|
acceptTerms = true;
|
|
};
|
|
security.pam.enableSSHAgentAuth = true;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
passwordAuthentication = false;
|
|
};
|
|
|
|
programs.mosh.enable = true;
|
|
|
|
nix = {
|
|
useSandbox = false;
|
|
maxJobs = 4;
|
|
buildCores = 20;
|
|
autoOptimiseStore = true;
|
|
gc = {
|
|
automatic = true;
|
|
dates = "06:00";
|
|
options = "--delete-older-than 14d";
|
|
};
|
|
sshServe.enable = true;
|
|
trustedUsers = [ "@wheel" ];
|
|
};
|
|
|
|
boot = {
|
|
tmpOnTmpfs = true;
|
|
# For cross-building
|
|
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
|
};
|
|
|
|
fileSystems."/" = {
|
|
fsType = "rootfs";
|
|
device = "rootfs";
|
|
};
|
|
|
|
networking = {
|
|
hostName = "hydra";
|
|
firewall.enable = false;
|
|
defaultGateway = "172.20.73.1";
|
|
interfaces.eth0.ipv4.addresses = [{
|
|
address = "172.20.73.49";
|
|
prefixLength = 26;
|
|
}];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [ tmux htop vim gitMinimal nixFlakes ];
|
|
nix.extraOptions = ''
|
|
experimental-features = nix-command flakes
|
|
'';
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
# compatible, in order to avoid breaking some software such as database
|
|
# servers. You should change this only after NixOS release notes say you
|
|
# should.
|
|
system.stateVersion = "20.09"; # Did you read the comment?
|
|
}
|