forked from pub-solar/os
teutat3s
80c1a7927a
collection Reason: it has already happened a few times, that flora-6 ran out of disk space. With this fix, hopefully the garbage collection should kick in earlier and prevent this from happening
155 lines
4.1 KiB
Nix
155 lines
4.1 KiB
Nix
{
|
||
config,
|
||
latestModulesPath,
|
||
lib,
|
||
inputs,
|
||
pkgs,
|
||
profiles,
|
||
self,
|
||
...
|
||
}: let
|
||
psCfg = config.pub-solar;
|
||
in {
|
||
imports = [
|
||
# Include the results of the hardware scan.
|
||
./hardware-configuration.nix
|
||
./triton-vmtools.nix
|
||
|
||
./caddy.nix
|
||
./drone.nix
|
||
./keycloak.nix
|
||
./gitea.nix
|
||
./mailman.nix
|
||
|
||
profiles.base-user
|
||
profiles.users.root # make sure to configure ssh keys
|
||
profiles.users.barkeeper
|
||
|
||
"${latestModulesPath}/services/misc/gitea.nix"
|
||
];
|
||
disabledModules = [
|
||
"services/misc/gitea.nix"
|
||
];
|
||
|
||
config = {
|
||
# # #
|
||
# # # pub.solar options
|
||
# # #
|
||
pub-solar.core = {
|
||
disk-encryption-active = false;
|
||
iso-options.enable = true;
|
||
lite = true;
|
||
};
|
||
|
||
# Allow sudo without a password for the barkeeper user
|
||
security.sudo.extraRules = [
|
||
{
|
||
users = ["${psCfg.user.name}"];
|
||
commands = [
|
||
{
|
||
command = "ALL";
|
||
options = ["NOPASSWD"];
|
||
}
|
||
];
|
||
}
|
||
];
|
||
|
||
# Override nix.conf for more agressive garbage collection
|
||
nix.extraOptions = lib.mkForce ''
|
||
min-free = 536870912
|
||
keep-outputs = false
|
||
keep-derivations = false
|
||
fallback = true
|
||
'';
|
||
|
||
# Machine user for CI pipelines
|
||
users.users.hakkonaut = {
|
||
description = "CI and automation user";
|
||
home = "/var/nix/iso-cache";
|
||
useDefaultShell = true;
|
||
uid = 998;
|
||
group = "hakkonaut";
|
||
isSystemUser = true;
|
||
openssh.authorizedKeys.keys = [
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5MvCwNRtCcP1pSDrn0XZTNlpOqYnjHDm9/OI4hECW hakkonaut@flora-6"
|
||
];
|
||
};
|
||
|
||
users.groups.hakkonaut = {};
|
||
|
||
# # #
|
||
# # # Triton host specific options
|
||
# # # DO NOT ALTER below this line, changes might render system unbootable
|
||
# # #
|
||
|
||
# Use the systemd-boot EFI boot loader.
|
||
boot.loader.systemd-boot.enable = true;
|
||
boot.loader.efi.canTouchEfiVariables = true;
|
||
|
||
# Force getting the hostname from cloud-init
|
||
networking.hostName = lib.mkDefault "";
|
||
|
||
# Set your time zone.
|
||
time.timeZone = "Europe/Berlin";
|
||
|
||
# Select internationalisation properties.
|
||
console = {
|
||
font = "Lat2-Terminus16";
|
||
keyMap = "us";
|
||
};
|
||
|
||
# List packages installed in system profile. To search, run:
|
||
# $ nix search wget
|
||
environment.systemPackages = with pkgs; [
|
||
git
|
||
vim
|
||
wget
|
||
];
|
||
|
||
# Some programs need SUID wrappers, can be configured further or are
|
||
# started in user sessions.
|
||
# programs.mtr.enable = true;
|
||
# programs.gnupg.agent = {
|
||
# enable = true;
|
||
# enableSSHSupport = true;
|
||
# };
|
||
|
||
# List services that you want to enable:
|
||
services.cloud-init.enable = true;
|
||
services.cloud-init.ext4.enable = true;
|
||
services.cloud-init.network.enable = true;
|
||
# use the default NixOS cloud-init config, but add some SmartOS customization to it
|
||
environment.etc."cloud/cloud.cfg.d/90_smartos.cfg".text = ''
|
||
datasource_list: [ SmartOS ]
|
||
|
||
# Do not create the centos/ubuntu/debian user
|
||
users: [ ]
|
||
|
||
# mount second disk with label ephemeral0, gets formated by cloud-init
|
||
# this will fail to get added to /etc/fstab as it's read-only, but should
|
||
# mount at boot anyway
|
||
mounts:
|
||
- [ vdb, /data, auto, "defaults,nofail" ]
|
||
'';
|
||
|
||
# Enable the OpenSSH daemon.
|
||
services.openssh = {
|
||
enable = true;
|
||
passwordAuthentication = false;
|
||
permitRootLogin = "no";
|
||
};
|
||
|
||
# We manage the firewall with nix, too
|
||
# altough triton can also manage firewall rules via the triton fwrule subcommand
|
||
networking.firewall.enable = true;
|
||
|
||
# This value determines the NixOS release from which the default
|
||
# settings for stateful data, like file locations and database versions
|
||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||
# this value at the release version of the first install of this system.
|
||
# Before changing this value read the documentation for this option
|
||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||
system.stateVersion = "22.05"; # Did you read the comment?
|
||
};
|
||
}
|