146 lines
3.3 KiB
Nix
146 lines
3.3 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
self,
|
|
...
|
|
}:
|
|
{
|
|
networking = {
|
|
wireless = {
|
|
#enable = true;
|
|
networks = { };
|
|
};
|
|
nameservers = [ "192.168.88.251" ];
|
|
networkmanager.enable = true;
|
|
};
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
boot.initrd.systemd.enableTpm2 = false;
|
|
|
|
users.mutableUsers = false;
|
|
|
|
services.nix-serve = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
secretKeyFile = "${./init/cache.pem}";
|
|
};
|
|
|
|
nix = {
|
|
settings = {
|
|
substituters = [
|
|
"https://cache.nixos.org"
|
|
"https://nix-community.cachix.org"
|
|
"http://192.168.88.251:5000"
|
|
"http://192.168.88.252:5000"
|
|
"http://192.168.88.253:5000"
|
|
];
|
|
trusted-public-keys = [
|
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
"binarycache.example.com:fbOZkjmYt+dpxlSZbhNNT0WOAApJ1ZLvBBfQkTsBMis="
|
|
];
|
|
trusted-users = [ "root" ];
|
|
sandbox = true;
|
|
require-sigs = true;
|
|
max-jobs = "auto";
|
|
auto-optimise-store = true;
|
|
allowed-users = [ "*" ];
|
|
experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
warn-dirty = true;
|
|
use-xdg-base-directories = true;
|
|
keep-going = true;
|
|
builders-use-substitutes = true;
|
|
};
|
|
distributedBuilds = true;
|
|
package = pkgs.nixVersions.unstable;
|
|
registry = lib.mkForce (
|
|
(lib.mapAttrs (_: flake: { inherit flake; })) (
|
|
(lib.filterAttrs (_: lib.isType "flake")) self.inputs
|
|
)
|
|
// {
|
|
self.flake = self;
|
|
}
|
|
);
|
|
nixPath = lib.mkForce [ "/etc/nix/path" ];
|
|
};
|
|
|
|
nixpkgs = {
|
|
config = {
|
|
allowUnfree = true;
|
|
nvidia.acceptLicense = true;
|
|
};
|
|
};
|
|
|
|
environment.etc = lib.mapAttrs' (name: value: {
|
|
name = "nix/path/${name}";
|
|
value.source = value.flake;
|
|
}) config.nix.registry;
|
|
|
|
home-manager = {
|
|
useGlobalPkgs = true;
|
|
useUserPackages = true;
|
|
backupFileExtension = "backup";
|
|
};
|
|
|
|
systemd.services.nix-daemon.serviceConfig.LimitNOFILE = lib.mkForce 1048576000;
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
dates = "hourly";
|
|
randomizedDelaySec = "10min";
|
|
flake = "git+https://git.missing.ninja/lf3/server-conf.git";
|
|
};
|
|
|
|
networking.hosts = {
|
|
"192.168.88.251" =
|
|
(builtins.attrNames self.nixosConfigurations.mio-mio-mate.config.services.nginx.virtualHosts)
|
|
++ [
|
|
"dns"
|
|
"ldap.it3"
|
|
self.nixosConfigurations.mio-mio-mate.config.networking.hostName
|
|
];
|
|
"192.168.88.252" = [ self.nixosConfigurations.club-mate.config.networking.hostName ];
|
|
"192.168.88.253" = [
|
|
self.nixosConfigurations.flora-mate.config.networking.hostName
|
|
"ap"
|
|
"minecraft"
|
|
"minecraft.it3"
|
|
];
|
|
"192.168.88.1" = [ "router" "router.it3" ];
|
|
};
|
|
|
|
programs = {
|
|
fish = {
|
|
enable = true;
|
|
};
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
banner = "Hackers are in Your System!!!\n";
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
};
|
|
};
|
|
documentation = {
|
|
enable = false;
|
|
doc.enable = false;
|
|
dev.enable = false;
|
|
info.enable = false;
|
|
nixos = {
|
|
enable = false;
|
|
includeAllModules = false;
|
|
options.warningsAreErrors = false;
|
|
};
|
|
man = {
|
|
enable = false;
|
|
generateCaches = false;
|
|
};
|
|
};
|
|
}
|