dotfiles/nix/systems/omen.nix
main 67350ae10d
Changes for omen
Signed-off-by: main <magic_rb@redalder.org>
2021-11-07 23:28:33 +01:00

147 lines
3.4 KiB
Nix

inputs: {
system = "x86_64-linux";
modules = [
../nixos-modules/default.nix
inputs.home-manager.nixosModules.home-manager
({ pkgs, config, secret, ... }: {
home-manager.users."main" =
{ ... }: {
imports = [ ../home-manager/modules/default.nix ];
magic_rb = {
optimisation.march = "skylake";
pins = inputs;
config = {
allowUnfree = true;
};
overlays = inputs.self.overlays;
programs = {
alacritty.enable = true;
bash = {
enable = true;
enableDirenv = true;
};
ssh.enable = true;
emacs.enable = true;
xmonad.enable = true;
gpg.enable = true;
multimc.enable = false;
};
packageCollections = {
"3dPrinting".enable = false;
cmdline.enable = true;
graphical.enable = true;
rust.enable = true;
webdev.enable = false;
wine.enable = false;
};
};
services.syncthing.enable = true;
home.stateVersion = "20.09";
};
services.vault-agent = {
enable = true;
settings = {
vault = {
address = "https://${secret.network.ips.vault.dns}:8200";
client_cert = "/etc/vault-agent/client.crt";
client_key = "/etc/vault-agent/client.key";
};
auto_auth = {
method = [
{
"cert" = {
name = "system-omen";
};
}
];
};
template = [
{
source = pkgs.writeText "wg0.key.tpl" ''
{{ with secret "kv/data/systems/omen/wireguard" }}{{ .Data.data.private_key }}{{ end }}
'';
destination = "/var/secrets/wg0.key";
}
];
};
};
magic_rb = {
optimisation.march = "skylake";
grub = {
enable = true;
efi.enable = true;
};
xserver = {
enable = true;
gpu = "nvidia";
xmonad = true;
nvidia = {
prime = true;
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
qwertyNeo2 = true;
mimickInTty = true;
};
pins = inputs;
config = {
allowUnfree = true;
};
overlays = inputs.self.overlays;
hardware.omen = true;
flakes.enable = true;
pulseaudio.enable = true;
sshdEmacs.enable = true;
networking = {
bluetooth = true;
networkManager = true;
};
};
programs.steam.enable = true;
services.openssh = {
enable = true;
};
networking = {
hostName = "omen";
useDHCP = false;
interfaces.eno1.useDHCP = true;
hostId = "10c7ffc5";
wireguard.interfaces."wg0" = {
} // config.magic_rb.secret.wireguard."omen";
};
security.pki.certificates = [ (builtins.readFile ../redalder.org.crt) ];
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
time.timeZone = "Europe/Bratislava";
system.stateVersion = "20.09";
})
];
}