diff options
author | sterni <sternenseemann@systemli.org> | 2022-06-06T10·37+0200 |
---|---|---|
committer | sterni <sternenseemann@systemli.org> | 2022-11-26T15·51+0000 |
commit | 2490ce968c73181d383b297c2e473605d8ac96c3 (patch) | |
tree | 500dc5aab9316ddfa305780b347428a5065bb428 /users/sterni/machines/edwin/default.nix | |
parent | 7b4a545699f62faecc3b0223a761e1ca456f8cd9 (diff) |
feat(sterni/machines): add edwin r/5336
This adds edwin, the machine running sterni.lv, as well as my idiosyncratic deployment solution. It is based on instantiating the system configuration locally (where you'd work on the configuration), copying the derivation files to the remote machine where the system derivation is realised and deployed. Unfortunately, the first step tends to be quite slow (despite gzip compression), so this may not be the definite way despite its advantages. Change-Id: I30f597692338df3981e01a1b7eee9cdad48f94cb Reviewed-on: https://cl.tvl.fyi/c/depot/+/7293 Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
Diffstat (limited to 'users/sterni/machines/edwin/default.nix')
-rw-r--r-- | users/sterni/machines/edwin/default.nix | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/users/sterni/machines/edwin/default.nix b/users/sterni/machines/edwin/default.nix new file mode 100644 index 000000000000..40700ea1e91b --- /dev/null +++ b/users/sterni/machines/edwin/default.nix @@ -0,0 +1,77 @@ +{ config, lib, pkgs, depot, ... }: + +{ + imports = [ + # Third party modules we use + "${depot.third_party.agenix.src}/modules/age.nix" + # These modules touch things related to booting (filesystems, initrd network…) + ./hardware.nix + ./network.nix + # These modules configure services, websites etc. + ./minecraft.nix + ./gopher.nix + ./http/sterni.lv.nix + ./http/code.sterni.lv.nix + ./http/flipdot.openlab-augsburg.de.nix + ./http/likely-music.sterni.lv.nix + ]; + + config = { + time.timeZone = "Europe/Berlin"; + + nixpkgs.config.allowUnfreeRedistributable = true; + nix.package = pkgs.nix_2_3; + tvl.cache.enable = true; + + services = { + journald.extraConfig = '' + SystemMaxUse=1024M + ''; + + openssh.enable = true; + }; + + security.acme = { + defaults.email = builtins.getAttr "email" ( + builtins.head ( + builtins.filter (attrs: attrs.username == "sterni") depot.ops.users + ) + ); + acceptTerms = true; + }; + + programs = { + fish.enable = true; + mosh.enable = true; + tmux.enable = true; + }; + + environment.systemPackages = [ + pkgs.weechat + pkgs.wget + pkgs.git + pkgs.stow + pkgs.htop + pkgs.foot.terminfo + pkgs.vim + ]; + + users = { + users = { + root.openssh.authorizedKeys.keys = depot.users.sterni.keys.all; + lukas = { + isNormalUser = true; + extraGroups = [ "wheel" "http" ]; + openssh.authorizedKeys.keys = depot.users.sterni.keys.all; + shell = "${pkgs.fish}/bin/fish"; + }; + }; + }; + + nix.settings.trusted-users = [ + "lukas" + ]; + + system.stateVersion = "20.09"; + }; +} |