+13

flake.nix

··· 152 152 ]; 153 153 }; 154 154 }; 155 155 + 156 156 + nixosConfigurations = { 157 157 + iso = nixpkgs.lib.nixosSystem { 158 158 + system = "x86_64-linux"; 159 159 + modules = [ 160 160 + ({ config = { nix.registry.nixpkgs.flake = nixpkgs; }; }) 161 161 + { 162 162 + imports = [ ./hosts/iso/configuration.nix ]; 163 163 + _module.args.self = self; 164 164 + } 165 165 + ]; 166 166 + }; 167 167 + }; 155 168 }; 156 169 }

+1

home.nix

··· 52 52 chromium 53 53 evolution 54 54 nix-your-shell 55 55 + pass 55 56 56 57 gnome3.gnome-tweaks 57 58 gnome3.gnome-shell-extensions

+116

hosts/iso/configuration.nix

··· 1 1 + { config, pkgs, lib, ... }: 2 2 + 3 3 + { 4 4 + imports = 5 5 + [ 6 6 + ./hardware-configuration.nix 7 7 + ../ssh.nix 8 8 + ]; 9 9 + 10 10 + boot.loader.systemd-boot.enable = true; 11 11 + boot.loader.efi.canTouchEfiVariables = true; 12 12 + 13 13 + networking.hostName = "iso"; 14 14 + networking.networkmanager.enable = true; 15 15 + 16 16 + time.timeZone = "Europe/Helsinki"; 17 17 + 18 18 + i18n.defaultLocale = "en_US.UTF-8"; 19 19 + 20 20 + i18n.extraLocaleSettings = { 21 21 + LC_ADDRESS = "en_US.UTF-8"; 22 22 + LC_IDENTIFICATION = "en_US.UTF-8"; 23 23 + LC_MEASUREMENT = "en_US.UTF-8"; 24 24 + LC_MONETARY = "en_US.UTF-8"; 25 25 + LC_NAME = "en_US.UTF-8"; 26 26 + LC_NUMERIC = "en_US.UTF-8"; 27 27 + LC_PAPER = "en_US.UTF-8"; 28 28 + LC_TELEPHONE = "en_US.UTF-8"; 29 29 + LC_TIME = "en_US.UTF-8"; 30 30 + }; 31 31 + 32 32 + sound.enable = true; 33 33 + hardware.pulseaudio.enable = true; 34 34 + hardware.opengl = { 35 35 + enable = true; 36 36 + extraPackages = with pkgs; [ 37 37 + intel-media-driver 38 38 + vaapiIntel 39 39 + vaapiVdpau 40 40 + libvdpau-va-gl 41 41 + intel-compute-runtime 42 42 + ]; 43 43 + }; 44 44 + 45 45 + security = { 46 46 + doas.enable = true; 47 47 + sudo.enable = true; 48 48 + doas.extraConfig = '' 49 49 + permit nopass :wheel 50 50 + ''; 51 51 + doas.extraRules = [{ 52 52 + users = [ "icy" ]; 53 53 + }]; 54 54 + }; 55 55 + 56 56 + users.users.icy = { 57 57 + isNormalUser = true; 58 58 + description = "icy"; 59 59 + extraGroups = [ "networkmanager" "wheel" "docker" ]; 60 60 + packages = with pkgs; [ ]; 61 61 + }; 62 62 + 63 63 + users.users.git = { 64 64 + isNormalUser = true; 65 65 + description = "git"; 66 66 + extraGroups = [ "networkmanager" "wheel" ]; 67 67 + homeMode = "755"; 68 68 + packages = with pkgs; [ ]; 69 69 + }; 70 70 + 71 71 + 72 72 + nixpkgs.config.allowUnfree = true; 73 73 + environment.systemPackages = with pkgs; [ 74 74 + vim 75 75 + wget 76 76 + git 77 77 + ]; 78 78 + 79 79 + services = { 80 80 + openssh.enable = true; 81 81 + tailscale.enable = true; 82 82 + # nix-snapshotter.enable = true; 83 83 + }; 84 84 + 85 85 + # services.k3s = let address = "100.77.4.74"; in { 86 86 + # enable = true; 87 87 + # role = "agent"; 88 88 + # extraFlags = "--node-ip=${address} --node-external-ip=${address} --flannel-iface=tailscale0"; 89 89 + # serverAddr = "https://sini:6443"; 90 90 + # tokenFile = "/var/lib/rancher/k3s/token"; 91 91 + # }; 92 92 + 93 93 + services.openiscsi = { 94 94 + enable = true; 95 95 + name = config.networking.hostName; 96 96 + }; 97 97 + 98 98 + environment.etc = { 99 99 + "rancher/k3s/registries.yaml" = { 100 100 + text = '' 101 101 + mirrors: 102 102 + sini:5000: 103 103 + endpoint: 104 104 + - "http://sini:5000" 105 105 + ''; 106 106 + }; 107 107 + }; 108 108 + 109 109 + systemd.tmpfiles.rules = [ 110 110 + "L+ /usr/local/bin - - - - /run/current-system/sw/bin/" 111 111 + ]; 112 112 + 113 113 + nix.settings.experimental-features = [ "nix-command" "flakes" ]; 114 114 + system.stateVersion = "24.05"; 115 115 + } 116 116 +

+43

hosts/iso/hardware-configuration.nix

··· 1 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 2 + # and may be overwritten by future invocations. Please make changes 3 3 + # to /etc/nixos/configuration.nix instead. 4 4 + { config, lib, pkgs, modulesPath, ... }: 5 5 + 6 6 + { 7 7 + imports = 8 8 + [ 9 9 + (modulesPath + "/installer/scan/not-detected.nix") 10 10 + ]; 11 11 + 12 12 + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; 13 13 + boot.initrd.kernelModules = [ ]; 14 14 + boot.kernelModules = [ ]; 15 15 + boot.extraModulePackages = [ ]; 16 16 + 17 17 + fileSystems."/" = 18 18 + { 19 19 + device = "/dev/disk/by-uuid/355bf4cf-648a-4c43-8741-ac1804e2d31a"; 20 20 + fsType = "ext4"; 21 21 + }; 22 22 + 23 23 + fileSystems."/boot" = 24 24 + { 25 25 + device = "/dev/disk/by-uuid/4E8B-13EC"; 26 26 + fsType = "vfat"; 27 27 + options = [ "fmask=0077" "dmask=0077" ]; 28 28 + }; 29 29 + 30 30 + swapDevices = 31 31 + [{ device = "/dev/disk/by-uuid/c056b71a-e6eb-49ca-a137-3a24d9e299d9"; }]; 32 32 + 33 33 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 34 34 + # (the default) this is the recommended approach. When using systemd-networkd it's 35 35 + # still possible to use this option, but it's recommended to use it in conjunction 36 36 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 37 37 + networking.useDHCP = lib.mkDefault true; 38 38 + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; 39 39 + 40 40 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 41 41 + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 42 42 + } 43 43 +