lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity
config-perso/machines/kat-probook/configuration.nix

238 lines
5.1 KiB
Nix
Raw Blame History

{
pkgs,
meta,
users,
lib,
sources,
...
}:
let
inherit (lib) mkMerge;
in
{
deployment.allowLocalDeployment = true;
imports = [
./hardware-configuration.nix
users.catvayor
];
fileSystems."/tmp" = {
fsType = "tmpfs";
device = "tmpfs";
options = [
"nosuid"
"nodev"
"relatime"
"size=12G"
];
};
boot = {
kernel.sysctl."net.ipv4.ip_forward" = true;
binfmt.emulatedSystems = [ "aarch64-linux" ];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
specialisation.router.configuration.imports = [ ./router.nix ];
nix.settings = mkMerge [
((import sources.dgnum-infra { }).mkCacheSettings {
caches = [ "infra" ];
})
];
networking = {
networkmanager = {
enable = true;
unmanaged = [
"enp2s0"
"wg0"
];
ensureProfiles = {
profiles = {
"DGNum" = {
connection = {
id = "DGNum";
type = "wifi";
};
wifi = {
mode = "infrastructure";
ssid = "DGNum";
};
wifi-security = {
key-mgmt = "wpa-eap";
};
"802-1x" = {
anonymous-identity = "anonymous";
eap = "peap";
identity = "lbailly";
password = "38C3";
phase2-auth = "mschapv2";
domain-match = "radius.dgnum.eu";
ca-cert = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
};
ipv4 = {
method = "auto";
};
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
};
};
secrets.entries = [
{
matchId = "DGNum";
matchType = "wifi";
key = "802-1x.password";
file = "/root/dgnum_passwd";
}
];
};
};
firewall.allowedUDPPorts = [
67
53
];
};
# systemd.tmpfiles.rules = [
# "w /sys/devices/system/cpu/cpufreq/policy*/scaling_governor - - - - performance"
# "w /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference - - - - performance"
# ];
systemd.network = {
wait-online.anyInterface = true;
networks = {
"50-wg0" = {
name = "wg0";
address = [
"10.42.1.1/16"
];
networkConfig = {
DNS = [
"100.80.129.176"
];
Domains = "dgnum";
};
};
"50-wg1" = {
name = "wg1";
address = [
"10.10.10.13/24"
];
};
"10-enp2s0" = {
name = "enp2s0";
DHCP = "ipv4";
networkConfig.IPv6AcceptRA = "yes";
dhcpV4Config.RouteMetric = 500;
dhcpV6Config.RouteMetric = 500;
ipv6AcceptRAConfig.RouteMetric = 500;
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/wg/private.key";
RouteTable = "main";
RouteMetric = 2000;
};
wireguardPeers = meta.lib.mkPeers;
};
"50-wg1" = {
netdevConfig = {
Name = "wg1";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/wg/private.key";
RouteTable = "main";
RouteMetric = 2000;
};
wireguardPeers = [
{
AllowedIPs = [
"10.10.10.0/24"
];
PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es=";
Endpoint = "129.199.129.76:1194";
PersistentKeepalive = 25;
}
];
};
};
};
nixpkgs.config.allowUnfree = true;
security.rtkit.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
};
environment.systemPackages = with pkgs; [ brightnessctl ];
fonts.packages = with pkgs; [
fira-code-nerdfont
font-awesome
];
services = {
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
syncthing = {
enable = true;
systemService = true;
dataDir = "/home/catvayor";
user = "catvayor";
group = "users";
openDefaultPorts = true;
settings = {
folders."essentials" = {
path = "~/essentials";
id = "vgpwu-fk3ct";
devices = [
"katel"
];
};
devices.katel.id = "DYOKK7J-HZAF5S7-FYTHQF5-UD5GJZ2-4JMV5I5-STUM3HG-5YM2JPR-LATJNAZ";
};
};
udev.packages = [ pkgs.nitrokey-udev-rules ];
};
programs = {
steam.enable = true;
virt-manager.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
home-manager.users = {
"root".kat.work-tooling = true;
"catvayor".kat.work-tooling = true;
};
virtualisation.libvirtd = {
enable = true;
qemu.vhostUserPackages = [ pkgs.virtiofsd ];
};
system.stateVersion = "23.11";
}
View git blame Copy permalink