server-conf/common.nix
2024-05-02 09:35:50 +02:00

146 lines
3.3 KiB
Nix

{
lib,
pkgs,
config,
self,
...
}:
{
networking = {
wireless = {
#enable = true;
networks = { };
};
nameservers = [ "192.168.88.251" ];
networkmanager.enable = true;
};
time.timeZone = "Europe/Berlin";
boot.initrd.systemd.enableTpm2 = false;
users.mutableUsers = false;
services.nix-serve = {
enable = true;
openFirewall = true;
secretKeyFile = "${./init/cache.pem}";
};
nix = {
settings = {
substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"http://192.168.88.251:5000"
"http://192.168.88.252:5000"
"http://192.168.88.253:5000"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"binarycache.example.com:fbOZkjmYt+dpxlSZbhNNT0WOAApJ1ZLvBBfQkTsBMis="
];
trusted-users = [ "root" ];
sandbox = true;
require-sigs = true;
max-jobs = "auto";
auto-optimise-store = true;
allowed-users = [ "*" ];
experimental-features = [
"nix-command"
"flakes"
];
warn-dirty = true;
use-xdg-base-directories = true;
keep-going = true;
builders-use-substitutes = true;
};
distributedBuilds = true;
package = pkgs.nixVersions.unstable;
registry = lib.mkForce (
(lib.mapAttrs (_: flake: { inherit flake; })) (
(lib.filterAttrs (_: lib.isType "flake")) self.inputs
)
// {
self.flake = self;
}
);
nixPath = lib.mkForce [ "/etc/nix/path" ];
};
nixpkgs = {
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
environment.etc = lib.mapAttrs' (name: value: {
name = "nix/path/${name}";
value.source = value.flake;
}) config.nix.registry;
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "backup";
};
systemd.services.nix-daemon.serviceConfig.LimitNOFILE = lib.mkForce 1048576000;
system.autoUpgrade = {
enable = true;
dates = "hourly";
randomizedDelaySec = "10min";
flake = "git+https://git.missing.ninja/lf3/server-conf.git";
};
networking.hosts = {
"192.168.88.251" =
(builtins.attrNames self.nixosConfigurations.mio-mio-mate.config.services.nginx.virtualHosts)
++ [
"dns"
"ldap.it3"
self.nixosConfigurations.mio-mio-mate.config.networking.hostName
];
"192.168.88.252" = [ self.nixosConfigurations.club-mate.config.networking.hostName ];
"192.168.88.253" = [
self.nixosConfigurations.flora-mate.config.networking.hostName
"ap"
"minecraft"
"minecraft.it3"
];
"192.168.88.1" = [ "router" "router.it3" ];
};
programs = {
fish = {
enable = true;
};
};
services.openssh = {
enable = true;
banner = "Hackers are in Your System!!!\n";
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
};
};
documentation = {
enable = false;
doc.enable = false;
dev.enable = false;
info.enable = false;
nixos = {
enable = false;
includeAllModules = false;
options.warningsAreErrors = false;
};
man = {
enable = false;
generateCaches = false;
};
};
}