diff options
Diffstat (limited to 'nix-conf/machines/edrahil')
-rw-r--r-- | nix-conf/machines/edrahil/configuration.nix | 35 | ||||
-rw-r--r-- | nix-conf/machines/edrahil/hardware-configuration.nix | 11 | ||||
-rw-r--r-- | nix-conf/machines/edrahil/network-configuration.nix | 21 |
3 files changed, 45 insertions, 22 deletions
diff --git a/nix-conf/machines/edrahil/configuration.nix b/nix-conf/machines/edrahil/configuration.nix index 76b294b..d78c2a8 100644 --- a/nix-conf/machines/edrahil/configuration.nix +++ b/nix-conf/machines/edrahil/configuration.nix @@ -1,5 +1,9 @@ -{ config, pkgs, ... }: { - imports = [ ./hardware-configuration.nix ./network-configuration.nix ]; +{ config, pkgs, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./network-configuration.nix + ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -7,7 +11,10 @@ networking.hostName = "edrahil"; networking.firewall = { enable = true; - allowedTCPPorts = [ 113 2222 ]; + allowedTCPPorts = [ + 113 + 2222 + ]; }; services.openssh = { @@ -43,7 +50,10 @@ isNormalUser = true; home = "/home/djm"; description = "David Morgan"; - extraGroups = [ "wheel" "plocate" ]; + extraGroups = [ + "wheel" + "plocate" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCurCpxZCHtByB5wXzsjTXwMyDSB4+B8rq5XY6EGss58NwD8jc5cII4i+QUbCOGTiAggSZUSC9YIP24hjpOeNT/IYs5m7Qn1B9MtBAiUSrIYew8eDwnMLlPzN+k2x9zCrJeCHIvGJaFHPXTh1Lf5Jt2fPVGW9lksE/XUVOe6ht4N/b+nqqszXFhc8Ug6le2bC1YeTCVEf8pjlh/I7DkDBl6IB8uEXc3X2vxxbV0Z4vlBrFkkAywcD3j5VlS/QYfBr4BICNmq/sO3fMkbMbtAPwuFxeL4+h6426AARQZiSS0qVEc8OoFRBVx3GEH5fqVAWfB1geyLzei22HbjUcT9+xN davidmo@gendros" @@ -56,11 +66,13 @@ ''; security.doas = { enable = true; - extraRules = [{ - users = [ "djm" ]; - noPass = true; - keepEnv = true; - }]; + extraRules = [ + { + users = [ "djm" ]; + noPass = true; + keepEnv = true; + } + ]; }; programs.zsh.enable = true; @@ -73,7 +85,10 @@ wget ]; - nix.settings.trusted-users = [ "root" "djm" ]; + nix.settings.trusted-users = [ + "root" + "djm" + ]; nix.optimise.automatic = true; nix.optimise.dates = [ "03:00" ]; diff --git a/nix-conf/machines/edrahil/hardware-configuration.nix b/nix-conf/machines/edrahil/hardware-configuration.nix index e20c7a7..c8ee3f5 100644 --- a/nix-conf/machines/edrahil/hardware-configuration.nix +++ b/nix-conf/machines/edrahil/hardware-configuration.nix @@ -1,8 +1,13 @@ -{ modulesPath, ... }: { +{ modulesPath, ... }: +{ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub.device = "/dev/sda"; - boot.initrd.availableKernelModules = - [ "ata_piix" "uhci_hcd" "vmw_pvscsi" "xen_blkfront" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "vmw_pvscsi" + "xen_blkfront" + ]; boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/sda1"; diff --git a/nix-conf/machines/edrahil/network-configuration.nix b/nix-conf/machines/edrahil/network-configuration.nix index 626232c..b8ce55f 100644 --- a/nix-conf/machines/edrahil/network-configuration.nix +++ b/nix-conf/machines/edrahil/network-configuration.nix @@ -1,13 +1,16 @@ -{ ... }: { +{ ... }: +{ networking = { - interfaces.ens3.ipv6.addresses = [{ - # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here, - # as we cannot set a file path to read it from. - # Populate/update with: - # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' secrets/edrahil.yaml | doas tee /root/.config/secrets/ipv6_address - address = builtins.readFile "/root/.config/secrets/ipv6_address"; - prefixLength = 64; - }]; + interfaces.ens3.ipv6.addresses = [ + { + # Emulate nix-sops. Technically an anti-pattern, but IP addresses aren't real secrets, and this has to be embedded here, + # as we cannot set a file path to read it from. + # Populate/update with: + # SOPS_AGE_KEY=$(doas ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) sops -d --extract '["ipv6_address"]' secrets/edrahil.yaml | doas tee /root/.config/secrets/ipv6_address + address = builtins.readFile "/root/.config/secrets/ipv6_address"; + prefixLength = 64; + } + ]; defaultGateway6 = { address = "fe80::1"; interface = "ens3"; |