149 lines
3 KiB
Nix
149 lines
3 KiB
Nix
{
|
|
nixos-hardware,
|
|
disko,
|
|
nix-ld-rs,
|
|
...
|
|
}:
|
|
{ pkgs, config, ... }:
|
|
{
|
|
imports = [
|
|
nixos-hardware.nixosModules.common-cpu-intel
|
|
nixos-hardware.nixosModules.common-pc-ssd
|
|
|
|
disko.nixosModules.disko
|
|
|
|
./storage.nix
|
|
./network.nix
|
|
./virtualisation.nix
|
|
./promtail
|
|
../../users/erwin
|
|
../../users/root
|
|
];
|
|
|
|
eboskma = {
|
|
users.erwin = {
|
|
enable = true;
|
|
server = true;
|
|
};
|
|
|
|
base = {
|
|
plymouth.enable = true;
|
|
};
|
|
|
|
nix-common = {
|
|
enable = true;
|
|
remote-builders = true;
|
|
};
|
|
|
|
# libvirtd.enable = true;
|
|
systemd.enable = true;
|
|
tailscale.enable = true;
|
|
};
|
|
|
|
security = {
|
|
sudo-rs = {
|
|
enable = true;
|
|
};
|
|
sudo.enable = false;
|
|
apparmor = {
|
|
enable = true;
|
|
};
|
|
};
|
|
|
|
boot = {
|
|
loader = {
|
|
systemd-boot = {
|
|
enable = true;
|
|
configurationLimit = 10;
|
|
};
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
|
|
initrd = {
|
|
availableKernelModules = [
|
|
"xhci_pci"
|
|
"thunderbolt"
|
|
"nvme"
|
|
"ahci"
|
|
"usb_storage"
|
|
"usbhid"
|
|
"sd_mod"
|
|
"virtio_blk"
|
|
"virtio_pci"
|
|
];
|
|
kernelModules = [ "kvm-intel" ];
|
|
};
|
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
|
kernelModules = [
|
|
"kvm-intel"
|
|
"dm-thin-pool"
|
|
"dm-snapshot"
|
|
];
|
|
# From PVE: ro quiet intel_iommu=on i915.enable_gvt=1 cpufreq.default_governor=ondemand
|
|
# kernelParams = [ "intel_iommu=on" "i915.enable_gvt=1" "cpufreq.default_governor=ondemand" ];
|
|
|
|
extraModulePackages = with config.boot.kernelPackages; [
|
|
(gasket.overrideAttrs (prevAttrs: {
|
|
patches = (prevAttrs.patches or [ ]) ++ [ ./0001-fix-gasket.patch ];
|
|
}))
|
|
];
|
|
|
|
kernel.sysctl = {
|
|
"net.core.rmem_max" = 2500000;
|
|
"net.core.wmem_max" = 2500000;
|
|
};
|
|
};
|
|
|
|
hardware.enableAllFirmware = true;
|
|
|
|
users.users.consoledash = {
|
|
isSystemUser = true;
|
|
home = "/var/lib/consoledash";
|
|
group = "consoledash";
|
|
createHome = true;
|
|
# Stole this from here:
|
|
# https://github.com/mcdonc/.nixconfig/blob/66f427c029eb673c44bb7df919b78485ce3e8b01/videos/restricteduser/script.rst
|
|
# shell =
|
|
# let
|
|
# rbash = pkgs.runCommandNoCC "rbash-${pkgs.bashInteractive.version}" { } ''
|
|
# mkdir -p $out/bin
|
|
# ln -s ${pkgs.bashInteractive}/bin/bash $out/bin/rbash
|
|
# '';
|
|
|
|
# in
|
|
# "${rbash}/bin/rbash";
|
|
shell = "${pkgs.glances}/bin/glances";
|
|
ignoreShellProgramCheck = true;
|
|
hashedPassword = null;
|
|
};
|
|
users.groups.consoledash = { };
|
|
|
|
programs = {
|
|
nix-ld = {
|
|
enable = true;
|
|
package = nix-ld-rs.packages.${pkgs.hostPlatform.system}.nix-ld-rs;
|
|
};
|
|
};
|
|
|
|
services = {
|
|
getty.autologinUser = "consoledash";
|
|
openssh.enable = true;
|
|
lvm = {
|
|
enable = true;
|
|
};
|
|
prometheus.exporters = {
|
|
node = {
|
|
enable = true;
|
|
enabledCollectors = [ "systemd" ];
|
|
};
|
|
};
|
|
|
|
iperf3 = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "24.05";
|
|
}
|