infra/nixos/hosts/eidola/configuration.nix

88 lines
1.7 KiB
Nix

{
config,
lib,
pkgs,
...
}: {
imports = [
./hardware.nix
./disk-config.nix
./mounts.nix
./secrets.nix
./nebula.nix
# ./k3s.nix
];
networking.hostName = "eidola"; # Define your hostname.
time.timeZone = "America/New_York"; # Set your time zone.
# Allow unfree packages (firmware)
nixpkgs.config.allowUnfree = true;
# Basic networking
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [5201 8081];
networking.firewall.allowedUDPPorts = [5201];
# Locales
i18n.defaultLocale = "en_US.UTF-8";
console = {
keyMap = "us";
};
# Users - eidola & root
users.users = {
root.hashedPasswordFile = config.sops.secrets."root-pw".path;
eidola = {
isNormalUser = true;
extraGroups = ["wheel"];
hashedPasswordFile = config.sops.secrets."user-pw".path;
openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
};
};
# Packages
environment.systemPackages = with pkgs; [
rsync
git
vim
fastfetch
btop
];
environment.variables.EDITOR = "vim";
# Enable ssh server
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
listenAddresses = [
{
addr = "10.13.1.1";
port = 22;
}
];
};
# My modules
gen.hardening.disableSack = true;
gen.bootloader.luksSsh = {
enable = true;
port = 48722;
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
};
boot.initrd.network.udhcpc.enable = true;
# Proxmox
services.proxmox-ve = {
enable = true;
openFirewall = false;
};
# TODO: add a bridge
# TODO: make sure proxmox stuff is persisted
system.stateVersion = "24.05";
}