2020-04-27 18:27:17 +00:00
|
|
|
{ pkgs, ... }:
|
2020-04-26 15:50:56 +00:00
|
|
|
|
2020-08-18 16:59:49 +00:00
|
|
|
let
|
|
|
|
|
secrets = import ./secrets.nix;
|
|
|
|
|
|
|
|
|
|
# Import comma with local nix-index preferred over the comma one.
|
2020-08-27 15:31:53 +00:00
|
|
|
comma = import (builtins.fetchTarball
|
2022-01-22 18:08:11 +00:00
|
|
|
"https://github.com/nix-community/comma/archive/refs/tags/1.1.0.tar.gz") {
|
2020-08-27 15:31:53 +00:00
|
|
|
inherit pkgs;
|
|
|
|
|
};
|
2020-07-07 21:03:15 +00:00
|
|
|
|
|
|
|
|
in {
|
2021-12-14 01:01:20 +00:00
|
|
|
boot = {
|
|
|
|
|
# Explicitly enable drivetemp for SATA drive temperature reporting in hwmon.
|
|
|
|
|
kernelModules = [ "drivetemp" ];
|
2022-02-01 01:01:07 +00:00
|
|
|
|
|
|
|
|
# 2022 LTS kernel, expected EOL of October 2023.
|
|
|
|
|
kernelPackages = pkgs.linuxPackages_5_15;
|
2021-12-14 01:01:20 +00:00
|
|
|
};
|
|
|
|
|
|
2020-04-26 15:50:56 +00:00
|
|
|
# Console configuration.
|
|
|
|
|
console = {
|
|
|
|
|
font = "Lat2-Terminus16";
|
|
|
|
|
keyMap = "us";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Locale and time.
|
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
|
time.timeZone = "America/Detroit";
|
|
|
|
|
|
|
|
|
|
environment = {
|
|
|
|
|
# Put ~/bin in PATH.
|
|
|
|
|
homeBinInPath = true;
|
|
|
|
|
|
2020-04-26 15:55:40 +00:00
|
|
|
# Packages which should be installed on every machine.
|
|
|
|
|
systemPackages = with pkgs; [
|
2022-02-01 00:23:13 +00:00
|
|
|
age
|
2020-06-06 14:04:44 +00:00
|
|
|
bandwhich
|
2020-05-24 16:30:08 +00:00
|
|
|
bc
|
2022-02-08 16:52:19 +00:00
|
|
|
bintools-unwrapped
|
2020-04-26 15:55:40 +00:00
|
|
|
byobu
|
2020-08-18 16:59:49 +00:00
|
|
|
comma
|
2020-04-26 15:55:40 +00:00
|
|
|
dmidecode
|
|
|
|
|
ethtool
|
2022-02-16 13:04:12 +00:00
|
|
|
file
|
2022-01-22 18:08:11 +00:00
|
|
|
fwupd
|
2020-04-26 15:55:40 +00:00
|
|
|
gcc
|
|
|
|
|
go
|
|
|
|
|
git
|
2020-06-12 20:59:09 +00:00
|
|
|
gnumake
|
2022-02-09 17:54:32 +00:00
|
|
|
gptfdisk
|
2020-04-26 15:55:40 +00:00
|
|
|
htop
|
|
|
|
|
iftop
|
2022-02-06 15:53:31 +00:00
|
|
|
iotop
|
2020-04-26 15:55:40 +00:00
|
|
|
iperf3
|
|
|
|
|
jq
|
2022-03-02 15:04:19 +00:00
|
|
|
killall
|
2020-04-26 15:55:40 +00:00
|
|
|
lm_sensors
|
|
|
|
|
lshw
|
2022-02-08 00:59:07 +00:00
|
|
|
lsof
|
2020-07-26 02:48:25 +00:00
|
|
|
lsscsi
|
2021-10-29 04:21:05 +00:00
|
|
|
magic-wormhole
|
2020-06-19 12:44:04 +00:00
|
|
|
minicom
|
2020-04-28 13:05:51 +00:00
|
|
|
mkpasswd
|
2020-04-27 19:24:28 +00:00
|
|
|
mtr
|
2020-04-26 15:55:40 +00:00
|
|
|
ndisc6
|
|
|
|
|
neofetch
|
|
|
|
|
nethogs
|
|
|
|
|
nixfmt
|
2020-04-27 18:12:18 +00:00
|
|
|
nix-linter
|
2020-04-26 15:55:40 +00:00
|
|
|
nmap
|
2020-07-09 18:20:44 +00:00
|
|
|
nmon
|
2020-04-26 15:55:40 +00:00
|
|
|
pciutils
|
2020-06-24 18:06:57 +00:00
|
|
|
pkg-config
|
2022-02-08 00:59:07 +00:00
|
|
|
pv
|
2022-01-22 18:08:11 +00:00
|
|
|
rustup
|
2020-05-18 01:06:48 +00:00
|
|
|
smartmontools
|
2022-02-08 16:52:19 +00:00
|
|
|
sysstat
|
2020-04-26 15:55:40 +00:00
|
|
|
tcpdump
|
|
|
|
|
tmux
|
2020-05-18 01:06:48 +00:00
|
|
|
unixtools.xxd
|
2020-06-19 12:44:04 +00:00
|
|
|
unzip
|
2020-04-26 15:55:40 +00:00
|
|
|
usbutils
|
|
|
|
|
wget
|
|
|
|
|
wireguard-tools
|
2022-03-02 15:04:19 +00:00
|
|
|
xterm
|
2020-04-26 15:55:40 +00:00
|
|
|
];
|
2020-04-26 15:50:56 +00:00
|
|
|
};
|
|
|
|
|
|
2022-02-01 01:38:55 +00:00
|
|
|
# Enable firmware updates when possible.
|
|
|
|
|
hardware.enableRedistributableFirmware = true;
|
|
|
|
|
|
2020-07-07 21:03:15 +00:00
|
|
|
nix = {
|
|
|
|
|
# Automatic Nix GC.
|
|
|
|
|
gc = {
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = "04:00";
|
2022-02-01 02:48:20 +00:00
|
|
|
options = "--delete-older-than 7d";
|
2020-07-07 21:03:15 +00:00
|
|
|
};
|
|
|
|
|
extraOptions = ''
|
|
|
|
|
min-free = ${toString (500 * 1024 * 1024)}
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
# Automatic store optimization.
|
|
|
|
|
autoOptimiseStore = true;
|
|
|
|
|
};
|
|
|
|
|
|
2022-01-22 18:08:11 +00:00
|
|
|
# Services which run on all deployed machines.
|
2022-01-09 17:13:50 +00:00
|
|
|
services = {
|
|
|
|
|
fstrim.enable = true;
|
2022-01-22 18:08:11 +00:00
|
|
|
fwupd.enable = true;
|
2022-01-09 17:13:50 +00:00
|
|
|
prometheus.exporters.node.enable = true;
|
|
|
|
|
};
|
2020-07-07 20:59:43 +00:00
|
|
|
|
2020-04-26 15:50:56 +00:00
|
|
|
system = {
|
|
|
|
|
# Automatic upgrades.
|
2020-08-17 16:12:40 +00:00
|
|
|
autoUpgrade.enable = true;
|
2020-04-26 15:50:56 +00:00
|
|
|
|
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
|
|
|
# compatible, in order to avoid breaking some software such as database
|
|
|
|
|
# servers. You should change this only after NixOS release notes say you
|
|
|
|
|
# should.
|
|
|
|
|
stateVersion = "20.03"; # Did you read the comment?
|
|
|
|
|
};
|
2020-07-07 21:03:15 +00:00
|
|
|
|
2021-01-22 18:27:00 +00:00
|
|
|
# Make systemd manage the hardware watchdog.
|
|
|
|
|
systemd.watchdog.runtimeTime = "60s";
|
|
|
|
|
|
2020-07-07 21:03:15 +00:00
|
|
|
users = {
|
|
|
|
|
# Force declarative user configuration.
|
|
|
|
|
mutableUsers = false;
|
|
|
|
|
|
|
|
|
|
# Set up matt's account, enable sudo and SSH login.
|
|
|
|
|
users.matt = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
uid = 1000;
|
2021-01-23 19:18:51 +00:00
|
|
|
extraGroups = [ "dialout" "libvirtd" "networkmanager" "wheel" ];
|
2020-07-07 21:03:15 +00:00
|
|
|
hashedPassword = secrets.users.matt_password_hash;
|
|
|
|
|
|
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5i5d0mRKAf02m+ju+I1KrAYw3Ny2IHXy88mgyragBN Matt Layher (mdlayher@gmail.com)"
|
|
|
|
|
];
|
|
|
|
|
};
|
2022-02-06 15:53:31 +00:00
|
|
|
|
|
|
|
|
# Set up root login for emergency console access.
|
|
|
|
|
users.root.hashedPassword = secrets.users.root_password_hash;
|
2020-07-07 21:03:15 +00:00
|
|
|
};
|
2020-04-26 15:50:56 +00:00
|
|
|
}
|
