128 lines
4.2 KiB
Nix
128 lines
4.2 KiB
Nix
{ pkgs, lib, ... }: {
|
|
networking.hostName = ""; # Allows overriding via DHCP
|
|
|
|
system.stateVersion = "24.11";
|
|
|
|
users.mutableUsers = false;
|
|
nixpkgs.config.allowUnfree = true;
|
|
services.automatic-timezoned.enable = true;
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
networking.wireless.enable = false;
|
|
|
|
# Basic Utilities
|
|
environment.systemPackages = with pkgs; [
|
|
# Basic Utilities
|
|
bc pv killall unzip
|
|
|
|
# System Monitoring / TUI QoL Tools
|
|
btop iotop tmux byobu
|
|
|
|
# Applications
|
|
vim_configurable
|
|
|
|
# File Systems
|
|
nfs-utils cifs-utils exfatprogs
|
|
];
|
|
|
|
##############################################################################
|
|
##############################################################################
|
|
##############################################################################
|
|
# Services
|
|
|
|
services.uptimed.enable = true;
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = lib.mkForce "no";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
virtualisation.docker.enable = true;
|
|
virtualisation.containers.enable = true;
|
|
|
|
zramSwap = {
|
|
enable = true;
|
|
algorithm = "zstd";
|
|
memoryPercent = 200;
|
|
};
|
|
|
|
##############################################################################
|
|
##############################################################################
|
|
##############################################################################
|
|
# Disable Default User
|
|
|
|
services.getty.autologinUser = lib.mkForce null;
|
|
|
|
users.groups.nixos = {};
|
|
users.users.nixos.group = "nixos";
|
|
users.users.nixos.isSystemUser = lib.mkForce true;
|
|
users.users.nixos.isNormalUser = lib.mkForce false;
|
|
users.users.nixos.initialHashedPassword = lib.mkForce "!";
|
|
|
|
# Disable root as well
|
|
users.users.root.initialHashedPassword = lib.mkForce "!";
|
|
|
|
##############################################################################
|
|
##############################################################################
|
|
##############################################################################
|
|
# Users
|
|
|
|
users.users.lauren_lagarde = {
|
|
isNormalUser = true;
|
|
description = "Lauren Lagarde";
|
|
extraGroups = [ "docker" "wheel" "libvirtd" "disks" ];
|
|
initialHashedPassword = "$y$j9T$KqTFvSj9TYmRXugVbiSgj.$RbvxcGlY/DbLFioa64ntY5RO4Ym0CMswhegeQj5qHyD";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCl881A1gvgCx+4ECrmJnO2QCTiqjaOLfAegKAAkvWNFKL0rDfsj8tZULUcyn87HYsRrdmqCOQ62GOjQyK803azq7QTxwY4vjczkJxico4LnIToTobcz+JkgF6Rf/h74bs9dHk4ZU853FRBz3wi/14rI10Iwckt37B1ayJacpELuzFobKYip2FjiL1vNH3tiAFR131z+YBByvNX+uJYEhpsI0xry9zbsSUWUq5/YFpmjezblzYRokfsReYiKJeQBeROSeRC/xFBSnikECSylNI4sw5VIpGXFIxL5xhss+s+3dnb+LFQ+zInOYxkVRydYc/In9Wz6Tu7v07K8bjvE7nQwHenoGtRW590Xu0rJApS+k8Cu16sCO2QFj/aI+gCrhU0ymM0aicr0hFAME6Y7j9HcR6PxYxnXZjI7cfqhO5TG8jot25SPzJcvH3EV5oPKtAkw9XA+8+nAI9czFlUgHnuMJAqw1IGOD3qozwqZ5yn1+kG7FZJRpvaPc5pK2HtqaAKJmnRuVaWcFuNALh86gr7Qn8IEp8Q+YyKmDqrMZ4KLJUMnVqn4y0HVS1eB5nVujaJZUGJWA4q3og0FE/2kH74WEp2ZtuJAoEPcgfZ6Ns7BmmXIZU7qu4kQoQ73b3mn6hCi5xlQ/sClzwHYkRPo4tST64ED/UIRPCYe1byNUWSww== lauren@lagarde.dev"
|
|
];
|
|
};
|
|
|
|
##############################################################################
|
|
##############################################################################
|
|
##############################################################################
|
|
# Persistent Docker
|
|
|
|
systemd.mounts = [
|
|
{
|
|
type = "ext4";
|
|
options = "rw";
|
|
what = "/dev/sda";
|
|
where = "/persistent";
|
|
}
|
|
];
|
|
|
|
systemd.automounts = [
|
|
{
|
|
wantedBy = [ "multi-user.target" ];
|
|
where = "/persistent";
|
|
}
|
|
];
|
|
|
|
virtualisation.docker.daemon.settings = {
|
|
data-root = "/persistent/docker-root";
|
|
};
|
|
|
|
virtualisation.oci-containers.backend = "docker";
|
|
virtualisation.oci-containers.containers = {
|
|
dockge = {
|
|
image = "louislam/dockge";
|
|
ports = [
|
|
"5001:5001"
|
|
];
|
|
volumes = [
|
|
"/var/run/docker.sock:/var/run/docker.sock"
|
|
"/persistent/stacks/dockge/data:/app/data"
|
|
"/root/.docker/:/root/.docker"
|
|
"/persistent/stacks:/persistent/stacks"
|
|
];
|
|
environment = {
|
|
DOCKGE_STACKS_DIR = "/persistent/stacks";
|
|
};
|
|
};
|
|
};
|
|
}
|