112 lines
2.7 KiB
Nix
112 lines
2.7 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
user = "payas";
|
|
hostname = "bebop";
|
|
in
|
|
{
|
|
# Enable GPU acceleration
|
|
hardware.raspberry-pi."4".fkms-3d.enable = false;
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
# compatible, in order to avoid breaking some software such as database
|
|
# servers. You should change this only after NixOS release notes say you
|
|
# should.
|
|
system.stateVersion = "22.05"; # Did you read the comment?
|
|
|
|
time.timeZone = "Asia/Kolkata";
|
|
|
|
nix = {
|
|
settings = {
|
|
trusted-public-keys = [
|
|
"enterprise-nix-cache:z8I4D9VcVa4rbc13EWtv3WTuOCcqmywKwguViFwQw+A="
|
|
];
|
|
|
|
trusted-users = [ user ];
|
|
};
|
|
};
|
|
|
|
# because stupid getoutline.com
|
|
nixpkgs.config = {
|
|
allowUnfree = true;
|
|
permittedInsecurePackages = [
|
|
"nodejs-16.20.0"
|
|
];
|
|
};
|
|
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "/dev/disk/by-label/NIXOS_SD";
|
|
fsType = "ext4";
|
|
options = [ "noatime" ];
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
hostName = hostname;
|
|
hosts = {
|
|
"192.168.0.5" = [ "hermes" ];
|
|
"192.168.0.7" = [ "bebop" ];
|
|
"192.168.0.164" = [ "titan" ];
|
|
"192.168.0.181" = [ "lapetus" ];
|
|
"192.168.0.239" = [ "rhea" ];
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
direnv
|
|
nix-direnv
|
|
];
|
|
|
|
# Make sure dumb ssh-add is run on every interactive entry
|
|
# Make no mistake, this is a hack. But until I find better solution, it works.
|
|
programs.fish.interactiveShellInit = ''
|
|
function ndiff -d "NixOS diff"
|
|
command nix store diff-closures /nix/var/nix/profiles/system-$argv[1]-link /nix/var/nix/profiles/system-$argv[2]-link
|
|
end
|
|
|
|
eval (ssh-add ~/.ssh/bebop_ed25519)
|
|
'';
|
|
|
|
users = {
|
|
# mutableUsers = false;
|
|
|
|
groups = {
|
|
wiki.members = [ "${user}" "etebase-server" "paperless" ];
|
|
};
|
|
|
|
users = {
|
|
root.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLfc2MW5f4Qn1ifAjPPSTRjDST9Bpwn4M8pWvtYrlnY nixos@wsl@hermes"
|
|
];
|
|
|
|
"${user}" = {
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" "docker" ];
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLfc2MW5f4Qn1ifAjPPSTRjDST9Bpwn4M8pWvtYrlnY nixos@wsl@hermes"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
documentation = {
|
|
enable = false;
|
|
man.enable = false;
|
|
};
|
|
|
|
# Enable auto-update
|
|
# This will only update as long as I push and update the original flake remotely
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
persistent = true;
|
|
allowReboot = true;
|
|
flake = "git+https://git.bhankas.org/payas/nixos#bebop";
|
|
dates = "04:00";
|
|
randomizedDelaySec = "05min";
|
|
rebootWindow = {
|
|
lower = "04:30";
|
|
upper = "05:30";
|
|
};
|
|
};
|
|
}
|