2023-10-19 22:11:57 +00:00
|
|
|
{ config, lib, pkgs, inputs, ... }:
|
2023-09-18 20:42:25 +00:00
|
|
|
|
2023-12-07 23:04:00 +00:00
|
|
|
let
|
|
|
|
|
meta = import ../meta.nix;
|
2023-12-06 23:45:34 +00:00
|
|
|
flakes = lib.filterAttrs (name: value: value ? outputs) inputs;
|
2023-12-07 23:04:00 +00:00
|
|
|
nixRegistry = builtins.mapAttrs (name: v: { flake = v; }) flakes;
|
2023-10-08 16:11:54 +00:00
|
|
|
in {
|
2023-10-19 22:11:57 +00:00
|
|
|
imports = with inputs; [
|
|
|
|
|
nix-index-database.nixosModules.nix-index
|
|
|
|
|
agenix.nixosModules.default
|
|
|
|
|
|
|
|
|
|
microvm.nixosModules.host
|
|
|
|
|
|
2023-10-19 22:59:20 +00:00
|
|
|
self.nixosModules.boot
|
2023-10-19 22:11:57 +00:00
|
|
|
];
|
|
|
|
|
|
2023-11-01 01:57:40 +00:00
|
|
|
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
2023-12-06 23:45:34 +00:00
|
|
|
nix.registry = nixRegistry;
|
2023-11-01 01:57:40 +00:00
|
|
|
|
2023-10-19 22:11:57 +00:00
|
|
|
deployment = {
|
|
|
|
|
allowLocalDeployment = true;
|
|
|
|
|
buildOnTarget = true;
|
|
|
|
|
};
|
|
|
|
|
|
2023-10-20 13:00:46 +00:00
|
|
|
age.secrets.nix-store.file = ../secrets/nix-store.age;
|
2023-10-20 11:15:59 +00:00
|
|
|
|
2023-10-08 21:33:04 +00:00
|
|
|
boot.binfmt.emulatedSystems =
|
|
|
|
|
lib.lists.remove pkgs.system [ "x86_64-linux" "aarch64-linux" ];
|
2023-10-08 16:11:54 +00:00
|
|
|
programs.command-not-found.enable = false;
|
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
settings.PasswordAuthentication = false;
|
|
|
|
|
};
|
|
|
|
|
programs = {
|
|
|
|
|
mtr.enable = true;
|
|
|
|
|
neovim = {
|
2023-09-18 20:42:25 +00:00
|
|
|
enable = true;
|
2023-10-08 16:11:54 +00:00
|
|
|
defaultEditor = true;
|
|
|
|
|
viAlias = true;
|
|
|
|
|
vimAlias = true;
|
2023-09-18 20:42:25 +00:00
|
|
|
};
|
2023-10-08 16:11:54 +00:00
|
|
|
zsh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enableBashCompletion = true;
|
|
|
|
|
autosuggestions.enable = true;
|
|
|
|
|
syntaxHighlighting.enable = true;
|
|
|
|
|
ohMyZsh.enable = true;
|
2023-09-18 20:42:25 +00:00
|
|
|
};
|
2023-10-08 16:11:54 +00:00
|
|
|
tmux = {
|
|
|
|
|
enable = true;
|
|
|
|
|
terminal = "screen256-color";
|
|
|
|
|
clock24 = true;
|
2023-09-18 20:42:25 +00:00
|
|
|
};
|
2023-11-30 14:16:17 +00:00
|
|
|
ssh.knownHosts = builtins.mapAttrs (name: value: {
|
|
|
|
|
inherit (value) publicKey;
|
|
|
|
|
extraHostNames = [ value.targetHost ];
|
2023-11-30 21:09:21 +00:00
|
|
|
}) meta.hosts;
|
2023-10-08 16:11:54 +00:00
|
|
|
bash.enableCompletion = true;
|
|
|
|
|
mosh.enable = true;
|
|
|
|
|
};
|
2023-12-12 15:53:58 +00:00
|
|
|
services.tailscale = {
|
|
|
|
|
enable = true;
|
|
|
|
|
openFirewall = true;
|
|
|
|
|
useRoutingFeatures = lib.mkDefault "client";
|
|
|
|
|
permitCertUid = "ar";
|
|
|
|
|
};
|
2023-09-18 20:42:25 +00:00
|
|
|
|
2023-11-30 14:16:17 +00:00
|
|
|
deployment.targetHost =
|
2023-11-30 21:09:21 +00:00
|
|
|
lib.mkDefault meta.hosts.${config.networking.hostName}.targetHost;
|
2023-11-30 14:16:17 +00:00
|
|
|
|
2023-10-08 16:11:54 +00:00
|
|
|
nix = {
|
|
|
|
|
package = pkgs.nixUnstable;
|
|
|
|
|
extraOptions = ''
|
|
|
|
|
experimental-features = nix-command flakes
|
|
|
|
|
'';
|
2023-10-20 11:18:58 +00:00
|
|
|
settings = {
|
2023-10-20 13:45:55 +00:00
|
|
|
trusted-users = [ "ar" "root" ];
|
2023-10-20 13:00:46 +00:00
|
|
|
substituters = (if config.networking.hostName != "scylla" then
|
|
|
|
|
[
|
2023-10-20 13:45:55 +00:00
|
|
|
"ssh://nix-ssh@i.am-a.cat?trusted=1&ssh-key=${config.age.secrets.nix-store.path}"
|
2023-10-20 13:00:46 +00:00
|
|
|
]
|
|
|
|
|
else
|
|
|
|
|
[ ]) ++ (if config.networking.hostName != "zorigami" then
|
|
|
|
|
[
|
2023-10-20 13:45:55 +00:00
|
|
|
"ssh://nix-ssh@is-a.cat?trusted=1&ssh-key=${config.age.secrets.nix-store.path}"
|
2023-10-20 13:00:46 +00:00
|
|
|
]
|
|
|
|
|
else
|
|
|
|
|
[ ]);
|
2023-10-20 11:18:58 +00:00
|
|
|
trusted-substituters = (if config.networking.hostName != "scylla" then
|
2023-10-20 13:00:46 +00:00
|
|
|
[
|
2023-10-20 13:45:55 +00:00
|
|
|
"ssh://nix-ssh@i.am-a.cat?trusted=1&ssh-key=${config.age.secrets.nix-store.path}"
|
2023-10-20 13:00:46 +00:00
|
|
|
]
|
2023-10-20 11:15:59 +00:00
|
|
|
else
|
|
|
|
|
[ ]) ++ (if config.networking.hostName != "zorigami" then
|
2023-10-20 13:00:46 +00:00
|
|
|
[
|
2023-10-20 13:45:55 +00:00
|
|
|
"ssh://nix-ssh@is-a.cat?trusted=1&ssh-key=${config.age.secrets.nix-store.path}"
|
2023-10-20 13:00:46 +00:00
|
|
|
]
|
2023-10-20 11:15:59 +00:00
|
|
|
else
|
|
|
|
|
[ ]);
|
2023-10-20 11:18:58 +00:00
|
|
|
};
|
2023-10-08 16:11:54 +00:00
|
|
|
};
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
nixpkgs.config.allowBroken = true;
|
2023-10-19 22:11:57 +00:00
|
|
|
nixpkgs.overlays = [ inputs.self.overlays.nibylandia ];
|
2023-09-18 20:42:25 +00:00
|
|
|
|
2023-10-08 16:11:54 +00:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
file
|
|
|
|
|
git
|
|
|
|
|
libarchive
|
|
|
|
|
lm_sensors
|
|
|
|
|
lshw
|
|
|
|
|
lsof
|
|
|
|
|
pciutils
|
|
|
|
|
pv
|
|
|
|
|
strace
|
|
|
|
|
usbutils
|
|
|
|
|
wget
|
|
|
|
|
zip
|
2023-10-30 14:31:12 +00:00
|
|
|
# config.boot.kernelPackages.perf
|
2023-10-08 16:11:54 +00:00
|
|
|
age
|
|
|
|
|
dstat
|
|
|
|
|
htop
|
|
|
|
|
iperf
|
|
|
|
|
xxd
|
|
|
|
|
tcpdump
|
|
|
|
|
traceroute
|
2023-10-14 23:29:23 +00:00
|
|
|
jq
|
2023-12-06 23:37:49 +00:00
|
|
|
dnsutils
|
2023-12-12 15:53:58 +00:00
|
|
|
tailscale
|
2023-10-08 16:11:54 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
documentation = {
|
|
|
|
|
man.enable = true;
|
|
|
|
|
doc.enable = true;
|
|
|
|
|
dev.enable = true;
|
|
|
|
|
info.enable = true;
|
|
|
|
|
nixos.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2023-11-30 21:09:21 +00:00
|
|
|
users.users.root.openssh.authorizedKeys.keys = meta.users.ar;
|
2023-10-08 16:11:54 +00:00
|
|
|
|
|
|
|
|
users.mutableUsers = false;
|
|
|
|
|
|
|
|
|
|
users.defaultUserShell = pkgs.zsh;
|
|
|
|
|
|
|
|
|
|
users.groups.ar = { gid = 1000; };
|
|
|
|
|
users.users.ar = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
uid = 1000;
|
|
|
|
|
group = "ar";
|
|
|
|
|
extraGroups = [
|
|
|
|
|
"users"
|
|
|
|
|
"wheel"
|
|
|
|
|
"systemd-journal"
|
|
|
|
|
"docker"
|
|
|
|
|
"vboxusers"
|
|
|
|
|
"podman"
|
|
|
|
|
"tss"
|
|
|
|
|
"nitrokey"
|
|
|
|
|
"tss"
|
|
|
|
|
"plugdev"
|
|
|
|
|
"video"
|
|
|
|
|
"dialout"
|
|
|
|
|
"networkmanager"
|
|
|
|
|
];
|
|
|
|
|
hashedPassword = lib.mkDefault null;
|
2023-11-30 21:09:21 +00:00
|
|
|
openssh.authorizedKeys.keys = meta.users.ar;
|
2023-09-18 20:42:25 +00:00
|
|
|
};
|
2023-10-08 21:44:41 +00:00
|
|
|
|
|
|
|
|
console.keyMap = "us";
|
|
|
|
|
i18n = {
|
|
|
|
|
defaultLocale = "en_CA.UTF-8";
|
|
|
|
|
supportedLocales = [
|
|
|
|
|
"en_CA.UTF-8/UTF-8"
|
|
|
|
|
"en_US.UTF-8/UTF-8"
|
|
|
|
|
"en_DK.UTF-8/UTF-8"
|
|
|
|
|
"pl_PL.UTF-8/UTF-8"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
time.timeZone = "Europe/Warsaw";
|
2023-10-14 21:24:33 +00:00
|
|
|
|
|
|
|
|
systemd.network = {
|
|
|
|
|
enable = true;
|
|
|
|
|
netdevs.virbr0.netdevConfig = {
|
|
|
|
|
Kind = "bridge";
|
|
|
|
|
Name = "virbr0";
|
|
|
|
|
};
|
|
|
|
|
networks.virbr0 = {
|
|
|
|
|
matchConfig.Name = "virbr0";
|
|
|
|
|
# Hand out IP addresses to MicroVMs.
|
|
|
|
|
# Use `networkctl status virbr0` to see leases.
|
|
|
|
|
networkConfig = {
|
|
|
|
|
DHCPServer = true;
|
|
|
|
|
IPv6SendRA = true;
|
|
|
|
|
};
|
|
|
|
|
addresses = [
|
|
|
|
|
{ addressConfig.Address = "10.0.0.1/24"; }
|
|
|
|
|
{ addressConfig.Address = "fd12:3456:789a::1/64"; }
|
|
|
|
|
];
|
|
|
|
|
ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64"; }];
|
|
|
|
|
};
|
|
|
|
|
networks.microvm-eth0 = {
|
|
|
|
|
matchConfig.Name = "vm-*";
|
|
|
|
|
networkConfig.Bridge = "virbr0";
|
|
|
|
|
};
|
|
|
|
|
};
|
2023-09-18 20:42:25 +00:00
|
|
|
}
|
