forked from c3d2/nix-config
89 lines
2.3 KiB
Nix
89 lines
2.3 KiB
Nix
{ zentralwerk, config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./hydra.nix
|
|
./cache.nix
|
|
./updater.nix
|
|
];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
security.pam.enableSSHAgentAuth = true;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
passwordAuthentication = false;
|
|
};
|
|
|
|
programs.mosh.enable = true;
|
|
|
|
nix = {
|
|
useSandbox = false;
|
|
maxJobs = 4;
|
|
buildCores = 20;
|
|
gc = {
|
|
automatic = true;
|
|
dates = lib.mkForce "06:00";
|
|
options = "--delete-older-than 14d";
|
|
};
|
|
sshServe.enable = true;
|
|
trustedUsers = [ "@wheel" ];
|
|
};
|
|
|
|
boot = {
|
|
tmpOnTmpfs = true;
|
|
kernelModules = [ "kvm-intel" ];
|
|
kernelParams = [ "mitigations=off" "preempt=none" ];
|
|
# For cross-building
|
|
binfmt.emulatedSystems = [ "armv6l-linux" "armv7l-linux" "aarch64-linux" "riscv32-linux" "riscv64-linux" ];
|
|
};
|
|
|
|
networking = {
|
|
hostName = "hydra";
|
|
firewall.enable = false;
|
|
defaultGateway = "172.20.73.1";
|
|
interfaces.enp3s0 = {
|
|
useDHCP = false;
|
|
tempAddress = "disabled";
|
|
ipv4.addresses = [{
|
|
address = "172.20.73.49";
|
|
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
|
}];
|
|
};
|
|
nameservers = [ "172.20.73.8" "9.9.9.9" ];
|
|
};
|
|
networking.interfaces.eth0 = {
|
|
useDHCP = false;
|
|
tempAddress = "disabled";
|
|
};
|
|
systemd.network.networks."40-eth0"
|
|
.networkConfig = {
|
|
IPv6AcceptRA = true;
|
|
LinkLocalAddressing = "ipv6";
|
|
};
|
|
|
|
nixpkgs.config.packageOverrides = pkgs: {
|
|
# HACK: nix-2.5.1 is broken <https://github.com/NixOS/nix/issues/5728>
|
|
nixUnstable = pkgs.nixUnstable.overrideAttrs (oa: rec {
|
|
version = "2.6${VERSION_SUFFIX}";
|
|
VERSION_SUFFIX = "pre20220107_${pkgs.lib.substring 0 7 src.rev}";
|
|
patches = [];
|
|
src = pkgs.fetchFromGitHub {
|
|
owner = "nixos";
|
|
repo = "nix";
|
|
rev = "fcddaa4b9b22a910a24a513bc05579a12eb1db41";
|
|
sha256 = "1v5z2kc9gard6sqxqi73w37x1jfa9ja04svkwr9f1dfj3vl3xygp";
|
|
};
|
|
});
|
|
};
|
|
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
# compatible, in order to avoid breaking some software such as database
|
|
# servers. You should change this only after NixOS release notes say you
|
|
# should.
|
|
system.stateVersion = "20.09"; # Did you read the comment?
|
|
}
|