forked from c3d2/nix-config
2021-12-08 01:19:03 +01:00

157 lines
3.9 KiB
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ zentralwerk, secretsFile, config, pkgs, ... }:
imports = [ ./hardware-configuration.nix ];
c3d2 = {
isInHq = true;
hq.interface = "eno1";
hq.enableBinaryCache = false;
users.k-ot = true;
users.emery = true;
users.users.emery.cryptHomeLuks = "/home/emery.luks.img";
nixpkgs.config.allowUnfree = true;
nix = {
useSandbox = true;
buildCores = 4;
maxJobs = 4;
sops.defaultSopsFile = secretsFile;
sops.secrets = {
"ceph/secret" = {};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
networking.hostName = "glotzbert"; # Define your hostname.
networking.interfaces.eno1.useDHCP = true;
# Select internationalisation properties.
console = {
font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
keyMap = "de";
i18n.defaultLocale = "en_US.UTF-8";
environment.systemPackages = with pkgs; [
systemd.user.services.x11vnc = {
description = "X11 VNC server";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
${pkgs.x11vnc}/bin/x11vnc -shared -forever -passwd k-ot
RestartSec = 3;
Restart = "always";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Or disable the firewall altogether.
networking.firewall.enable = false;
# Enable sound.
sound.enable = true;
hardware.pulseaudio = {
enable = true;
# Users must be in "audio" group
systemWide = true;
support32Bit = true;
zeroconf.discovery.enable = true;
zeroconf.publish.enable = true;
tcp = {
enable = true;
anonymousClients.allowAll = true;
extraConfig = ''
load-module module-tunnel-sink server=pulsebert.hq.c3d2.de
extraClientConf = ''
default-server = pulsebert.hq.c3d2.de
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.xkbOptions = "eurosign:e";
services.xserver.displayManager = {
lightdm = { enable = true; };
autoLogin = {
enable = true;
user = "k-ot";
defaultSession = "gnome-xorg";
services.xserver.desktopManager = {
gnome.enable = true;
kodi.enable = true;
security.sudo = {
enable = true;
wheelNeedsPassword = false;
# Define a user account. Don't forget to set a password with passwd.
users.groups."k-ot" = { gid = 1000; };
users.users."k-ot" = {
isNormalUser = true;
uid = 1000;
group = "k-ot";
extraGroups = [ "wheel" "networkmanager" "audio" "video" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 astro"
services.ceph = {
enable = true;
global.fsid = "d7c5c9c7-a227-4e33-ab43-3f4aa1eb0630";
client.enable = true;
fileSystems."/mnt/storage" =
monHosts = pkgs.lib.concatMapStringsSep "," (host:
) [ "server5" "server6" "server8" ];
in {
fsType = "ceph";
device = "${monHosts}:/";
options = [
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?