config/systems/base/configuration.nix

140 lines
3.2 KiB
Nix
Raw Normal View History

2024-11-17 20:28:14 +01:00
{
2024-11-17 21:14:36 +01:00
modulesPath,
lib,
pkgs,
...
}:
{
2024-11-22 18:05:37 +01:00
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./fs.nix
];
2024-11-17 20:28:14 +01:00
2024-11-17 21:14:36 +01:00
config = {
2024-11-17 21:16:40 +01:00
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
2024-11-17 21:14:36 +01:00
#Provide a default hostname
networking.hostName = lib.mkDefault "base";
# Enable QEMU Guest for Proxmox
services.qemuGuest.enable = lib.mkDefault true;
2024-11-22 18:05:37 +01:00
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
2024-11-17 21:14:36 +01:00
# Allow remote updates with flakes and non-root users
nix.settings.trusted-users = [
"root"
"@wheel"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
2024-11-22 16:03:21 +01:00
# Set up user for remote admin
users.users."maintenance" = {
isNormalUser = true;
group = "maintenance";
extraGroups = [ "wheel" ];
2024-11-22 18:05:37 +01:00
openssh.authorizedKeys.keyFiles = [ ../../authorized_keys ];
2024-11-22 16:03:21 +01:00
};
2024-12-26 16:35:13 +01:00
users.groups."maintenance" = { };
2024-11-22 16:03:21 +01:00
2024-11-17 21:14:36 +01:00
# Enable mDNS for `hostname.local` addresses
services.avahi.enable = true;
2024-11-22 18:05:37 +01:00
services.avahi.nssmdns4 = true;
2024-11-17 21:14:36 +01:00
services.avahi.publish = {
enable = true;
addresses = true;
};
# Some sane packages we need on every system
environment.systemPackages = with pkgs; [
vim
git
2024-11-22 20:34:32 +01:00
ceph-client
2024-11-17 21:14:36 +01:00
];
# Don't ask for passwords
security.sudo.wheelNeedsPassword = false;
# Enable ssh
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.ssh.startAgent = true;
2024-11-22 18:05:37 +01:00
environment.persistence."/persistent" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/nixos"
];
files = [
"/etc/machine-id"
# SSH Server
2024-11-22 20:27:08 +01:00
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
# Ceph Client
2024-11-22 20:29:51 +01:00
"/etc/ceph/ceph.client.vm.keyring"
2024-11-22 18:05:37 +01:00
];
2024-11-17 21:14:36 +01:00
};
services.ceph = {
enable = true;
global = {
fsid = "b9b22d11-3492-49a6-92b7-b36cdf0161fe";
2024-12-26 16:35:13 +01:00
monHost = "v2:192.168.10.3:3300/0,v1:192.168.10.3:6789/0";
};
};
# Resize partition on boot
systemd.repart.partitions = {
"00-esp" = {
Type = "esp";
SizeMinBytes = "550M";
SizeMaxBytes = "550M";
Format = "vfat";
};
"10-root" = {
Type = "linux-generic";
Format = "btrfs";
};
};
boot.initrd = {
# Custom systemd units in the initrd
systemd = {
enable = true;
services = {
resize-gpt = {
description = "Resize GPT to use full disk size";
path = [ pkgs.gptfdisk ];
wants = [ "systemd-repart.service" ];
before = [ "systemd-repart.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "/run/current-system/sw/bin/sgdisk --move-second-header /dev/sdX";
};
};
};
repart = {
enable = true;
device = "/dev/sda";
};
};
};
2024-11-17 21:14:36 +01:00
system.stateVersion = lib.mkDefault "24.05";
};
2024-11-17 20:28:14 +01:00
}