2023-06-11 23:09:59 +02:00
|
|
|
# SPDX-FileCopyrightText: 2022 Richard Brežák <richard@brezak.sk>
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: LGPL-3.0-or-later
|
2024-03-02 21:57:21 +01:00
|
|
|
{
|
|
|
|
inputs,
|
|
|
|
lib',
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}: let
|
|
|
|
inherit
|
|
|
|
(lib')
|
2023-06-11 23:09:59 +02:00
|
|
|
flip
|
|
|
|
mapAttrs
|
2023-06-18 20:07:47 +02:00
|
|
|
singleton
|
2023-09-28 10:31:25 +02:00
|
|
|
loadSecrets
|
2024-03-02 21:57:21 +01:00
|
|
|
mkAfter
|
|
|
|
;
|
2023-06-11 23:09:59 +02:00
|
|
|
|
|
|
|
config' = config;
|
2024-03-02 21:57:21 +01:00
|
|
|
in {
|
2023-06-11 23:09:59 +02:00
|
|
|
flake.nixosConfigurations.omen = inputs.nixpkgs.lib.nixosSystem {
|
|
|
|
system = "x86_64-linux";
|
2023-06-18 20:07:47 +02:00
|
|
|
lib = lib';
|
2023-06-11 23:09:59 +02:00
|
|
|
|
|
|
|
specialArgs = {
|
|
|
|
config' = config';
|
|
|
|
inputs' = inputs;
|
2023-06-18 20:07:47 +02:00
|
|
|
secret = loadSecrets inputs.secret;
|
2023-06-11 23:09:59 +02:00
|
|
|
};
|
|
|
|
|
2024-03-02 21:57:21 +01:00
|
|
|
modules =
|
|
|
|
singleton
|
|
|
|
({
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
secret,
|
|
|
|
...
|
|
|
|
}: {
|
|
|
|
imports = [
|
|
|
|
./uk3s.nix
|
|
|
|
../../common/steam.nix
|
|
|
|
../../common/sound.nix
|
|
|
|
../../common/remote_access.nix
|
|
|
|
./xserver.nix
|
|
|
|
./grub.nix
|
|
|
|
./networking.nix
|
|
|
|
./filesystems.nix
|
|
|
|
./hardware.nix
|
|
|
|
./users.nix
|
|
|
|
./nixpkgs.nix
|
|
|
|
./firewall.nix
|
|
|
|
./microvm.nix
|
|
|
|
./impermenance.nix
|
|
|
|
./numen.nix
|
|
|
|
../../../overlays/ifstate/module.nix
|
|
|
|
# ./test-vm.nix
|
|
|
|
|
|
|
|
inputs.microvm.nixosModules.host
|
|
|
|
inputs.notnft.nixosModules.default
|
|
|
|
inputs.self.nixosModules.notnft
|
|
|
|
inputs.self.nixosModules.microvm-extras-host
|
|
|
|
inputs.impermenance.nixosModules.impermanence
|
|
|
|
];
|
|
|
|
|
|
|
|
_module.args.nixinate = {
|
|
|
|
host = secret.network.ips.omen.vpn or "";
|
|
|
|
sshUser = "main";
|
|
|
|
|
|
|
|
buildOn = "local";
|
|
|
|
substituteOnTarget = true;
|
|
|
|
hermetic = false;
|
|
|
|
nixOptions = [
|
|
|
|
"--override-input secret path://$HOME/dotfiles/secret"
|
2023-06-11 23:09:59 +02:00
|
|
|
];
|
2024-03-02 21:57:21 +01:00
|
|
|
};
|
2023-06-11 23:09:59 +02:00
|
|
|
|
2024-03-02 21:57:21 +01:00
|
|
|
services.fwupd.enable = true;
|
2023-09-28 10:31:25 +02:00
|
|
|
|
2024-03-02 21:57:21 +01:00
|
|
|
services.syncthing = {
|
|
|
|
enable = true;
|
|
|
|
user = "main";
|
|
|
|
group = "main";
|
|
|
|
};
|
2023-06-11 23:09:59 +02:00
|
|
|
|
2024-03-02 21:57:21 +01:00
|
|
|
services.sshd.enable = true;
|
2023-06-11 23:09:59 +02:00
|
|
|
|
2024-03-02 21:57:21 +01:00
|
|
|
# Makes QEMU recompile https://github.com/NixOS/nixpkgs/issues/221056
|
|
|
|
boot.binfmt.emulatedSystems = [
|
|
|
|
"aarch64-linux"
|
|
|
|
"riscv64-linux"
|
|
|
|
"armv6l-linux"
|
|
|
|
"armv7l-linux"
|
|
|
|
];
|
2023-06-11 23:09:59 +02:00
|
|
|
|
2024-03-02 21:57:21 +01:00
|
|
|
environment.systemPackages = [
|
|
|
|
# (pkgs.man-pages.overrideAttrs (old: rec {
|
|
|
|
# version = "6.05.01";
|
|
|
|
# src = pkgs.fetchurl {
|
|
|
|
# url = "mirror://kernel/linux/docs/man-pages/${old.pname}-${version}.tar.xz";
|
|
|
|
# hash = "sha256-uWq2tEpojJHRtXLlL+zlGeHP0rtMM/5wFPw/0e8/nK4=";
|
|
|
|
# };
|
|
|
|
# nativeBuildInputs = with pkgs; [
|
|
|
|
# git
|
|
|
|
# (pkgs.callPackage inputs.nixpkgs-272363.legacyPackages.${pkgs.stdenv.system}.groff.override {})
|
|
|
|
# ];
|
|
|
|
# }))
|
|
|
|
# (pkgs.man-pages-posix.overrideAttrs (old: rec {
|
|
|
|
# version = "2021-02-14";
|
|
|
|
# src = pkgs.fetchurl {
|
|
|
|
# url = "mirror://kernel/linux/docs/man-pages/man-pages-posix/${old.pname}-${version}.tar.xz";
|
|
|
|
# hash = "";
|
|
|
|
# };
|
|
|
|
# }))
|
|
|
|
pkgs.man-pages-posix
|
|
|
|
];
|
|
|
|
documentation.dev.enable = true;
|
2023-06-11 23:09:59 +02:00
|
|
|
|
2024-03-02 21:57:21 +01:00
|
|
|
systemd.services.nix-daemon.environment.SSH_AUTH_SOCK = "/run/user/${toString config.users.users.main.uid}/gnupg/S.gpg-agent.ssh";
|
|
|
|
systemd.services.nix-daemon.environment.NIX_SSHOPTS = "-o ControlMaster=auto -o ControlPath=/tmp/nix-daemon-controlmasters/%%r@%%h:%%p -o ControlPersist=300s";
|
|
|
|
|
|
|
|
time.timeZone = "Europe/Amsterdam";
|
|
|
|
system.stateVersion = "23.05";
|
|
|
|
|
|
|
|
security.pam.services.sshd.rules.session.pam_exec = let
|
|
|
|
sudoLogin = pkgs.writeShellScript "sudologin" ''
|
|
|
|
echo TESTING > /tmp/pamtest
|
|
|
|
'';
|
|
|
|
in {
|
|
|
|
modulePath = "pam_exec.so";
|
|
|
|
args = [(toString sudoLogin)];
|
|
|
|
control = "optional";
|
|
|
|
order = config.security.pam.services.sshd.rules.session.limits.order + 10;
|
|
|
|
};
|
|
|
|
|
|
|
|
security.pam.services.sudo.rules.session.pam_exec = let
|
|
|
|
sudoLogin = pkgs.writeShellScript "sudologin" ''
|
|
|
|
echo TESTING > /tmp/pamtest
|
|
|
|
'';
|
|
|
|
in {
|
|
|
|
modulePath = "pam_exec.so";
|
|
|
|
args = [(toString sudoLogin)];
|
|
|
|
control = "optional";
|
|
|
|
order = config.security.pam.services.sudo.rules.session.limits.order + 10;
|
|
|
|
};
|
2023-06-11 23:09:59 +02:00
|
|
|
|
2024-03-02 21:57:21 +01:00
|
|
|
virtualisation.podman.enable = true;
|
2023-06-11 23:09:59 +02:00
|
|
|
|
2024-01-18 14:10:57 +01:00
|
|
|
virtualisation.podman.defaultNetwork.settings.subnets = [
|
|
|
|
{
|
|
|
|
gateway = "10.88.0.1";
|
|
|
|
subnet = "10.88.0.0/16";
|
|
|
|
}
|
|
|
|
];
|
2024-03-02 21:57:21 +01:00
|
|
|
virtualisation.podman.dockerCompat = true;
|
2024-01-18 21:13:36 +01:00
|
|
|
});
|
|
|
|
};
|
2023-06-11 23:09:59 +02:00
|
|
|
}
|