-
Notifications
You must be signed in to change notification settings - Fork 22
/
Copy pathconfiguration.nix
81 lines (74 loc) · 1.54 KB
/
configuration.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
# SPDX-FileCopyrightText: 2022-2024 TII (SSRC) and the Ghaf contributors
# SPDX-License-Identifier: Apache-2.0
{
self,
pkgs,
inputs,
modulesPath,
lib,
config,
...
}:
{
imports =
[
./disk-config.nix
(modulesPath + "/profiles/qemu-guest.nix")
inputs.sops-nix.nixosModules.sops
inputs.disko.nixosModules.disko
]
++ (with self.nixosModules; [
common
service-openssh
service-monitoring
user-jrautiola
user-fayad
user-cazfi
user-karim
user-mika
user-bmg
user-flokli
user-hrosten
user-ktu
user-mkaapu
user-vjuntunen
user-alextserepov
]);
# this server has been installed with 24.05
system.stateVersion = lib.mkForce "24.05";
nixpkgs.hostPlatform = "x86_64-linux";
hardware.enableRedistributableFirmware = true;
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
loki_password.owner = "promtail";
};
};
services.monitoring = {
metrics = {
enable = true;
ssh = true;
};
logs = {
enable = true;
lokiAddress = "https://monitoring.vedenemo.dev";
auth.password_file = config.sops.secrets.loki_password.path;
};
};
networking = {
hostName = "ghaf-proxy";
useDHCP = true;
};
boot = {
# use predictable network interface names (eth0)
kernelParams = [ "net.ifnames=0" ];
loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
};
environment.systemPackages = with pkgs; [
screen
tmux
];
}