122 lines
2.9 KiB
Nix
122 lines
2.9 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
users.users.admin.linger = true;
|
|
age.identityPaths = [ "${config.users.users.admin.home}/.ssh/id_ed25519" ];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
hardware.nvidia-container-toolkit.enable = true;
|
|
|
|
services.xserver.videoDrivers = [ "nvidia" ];
|
|
|
|
hardware.graphics.enable = true;
|
|
|
|
hardware.nvidia = {
|
|
modesetting.enable = true;
|
|
powerManagement.enable = true;
|
|
powerManagement.finegrained = false;
|
|
open = false;
|
|
nvidiaSettings = false;
|
|
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
|
};
|
|
|
|
networking.hostName = "nixos-server";
|
|
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.device = "/dev/vda";
|
|
boot.loader.grub.useOSProber = true;
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
zsh
|
|
htop
|
|
fastfetch
|
|
restic
|
|
nixpkgs-fmt
|
|
nixfmt-rfc-style
|
|
];
|
|
|
|
networking.firewall.enable = false;
|
|
networking.interfaces.ens18.ipv4.addresses = [
|
|
{
|
|
address = "192.168.0.30";
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
networking.defaultGateway = "192.168.0.1";
|
|
networking.nameservers = [ "1.1.1.1" ];
|
|
|
|
boot.kernel.sysctl = {
|
|
"net.ipv4.ip_unprivileged_port_start" = 80;
|
|
"net.ipv4.conf.all.src_valid_mark" = 1;
|
|
"net.ipv4.conf.all.forwarding" = 1;
|
|
"net.ipv4.ip_forward" = 1;
|
|
};
|
|
|
|
virtualisation = {
|
|
containers.enable = true;
|
|
podman = {
|
|
enable = true;
|
|
autoPrune.enable = true;
|
|
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
|
dockerCompat = true;
|
|
# Required for containers under podman-compose to be able to talk to each other.
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
};
|
|
};
|
|
|
|
age.secrets = {
|
|
"restic/environmentFile".file = ../../secrets/restic/environmentFile.age;
|
|
"restic/repositoryFile".file = ../../secrets/restic/repositoryFile.age;
|
|
"restic/passwordFile".file = ../../secrets/restic/passwordFile.age;
|
|
};
|
|
|
|
services.restic.backups.backup = {
|
|
initialize = true;
|
|
environmentFile = config.age.secrets."restic/environmentFile".path;
|
|
repositoryFile = config.age.secrets."restic/repositoryFile".path;
|
|
passwordFile = config.age.secrets."restic/passwordFile".path;
|
|
|
|
paths = [
|
|
"/mnt/services"
|
|
"/mnt/data"
|
|
];
|
|
|
|
exclude = [
|
|
"/mnt/services/cctv"
|
|
];
|
|
|
|
pruneOpts = [
|
|
"--keep-daily 7"
|
|
"--keep-weekly 5"
|
|
"--keep-monthly 12"
|
|
];
|
|
|
|
};
|
|
|
|
systemd.timers."prune-podman" = {
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
OnCalendar = "weekly";
|
|
Persistent = true;
|
|
Unit = "podman-prune.service";
|
|
};
|
|
};
|
|
|
|
systemd.services."prune-podman" = {
|
|
script = ''
|
|
set -eu
|
|
${pkgs.coreutils}/bin/echo "heeeeelpppppp"
|
|
${pkgs.podman}/bin/podman system prune -af
|
|
'';
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
User = "admin";
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "24.11";
|
|
|
|
# give permissions for zigbee USB transceiver
|
|
system.activationScripts.script.text = ''chmod o+rw /dev/ttyACM0'';
|
|
}
|