athens/nix/hosts/plato/configuration.nix

201 lines
4.6 KiB
Nix
Raw Normal View History

{ pkgs, config, ... }:
let
2023-09-15 22:20:24 -04:00
automount_opts = "uid=1000,gid=1000,x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
inherit (config.sops) secrets;
in
{
2021-12-18 12:40:52 -05:00
imports = [
# Include the results of the hardware scan.
2021-03-07 22:06:39 -05:00
./hardware-configuration.nix
../../modules/base/nixos.nix
../../modules/coredns
2022-06-30 17:43:11 -04:00
../../modules/drone
../../modules/drone/runner-docker.nix
2021-10-13 21:11:36 -04:00
../../modules/gitea
2021-06-07 21:15:08 -04:00
../../modules/matrix
2022-08-09 21:35:47 -04:00
../../modules/minecraft
2022-06-04 12:53:24 -04:00
../../modules/postgresql
../../modules/sops
2022-12-03 23:14:48 -05:00
../../modules/traefik
2021-03-07 22:06:39 -05:00
];
2023-09-10 14:27:05 -04:00
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
2023-09-10 14:27:05 -04:00
loader = {
efi.canTouchEfiVariables = true;
systemd-boot = {
# Use the systemd-boot EFI boot loader.
enable = true;
configurationLimit = 3;
};
};
tmp.cleanOnBoot = true;
2023-09-10 14:27:05 -04:00
};
2021-03-07 22:06:39 -05:00
# Set your time zone.
time.timeZone = "America/Toronto";
2023-09-10 14:27:05 -04:00
networking = {
hostName = "plato"; # Define your hostname.
useDHCP = false;
interfaces = {
enp10s0.useDHCP = true;
enp9s0.useDHCP = true;
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
firewall.enable = false;
};
2021-03-07 22:06:39 -05:00
security.sudo.wheelNeedsPassword = false;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
2021-03-17 20:30:41 -04:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5spf4diguK+w7iYLFr565++6DjHukWfvpN2ru9dCRk nixbuild"
2021-03-07 22:06:39 -05:00
];
2024-12-07 20:46:15 -05:00
environment.systemPackages = with pkgs; [
cifs-utils
pinentry
weechat
];
2023-09-10 14:27:05 -04:00
fileSystems = {
"/mnt/downloads" = {
device = "//parthenon/Downloads";
fsType = "cifs";
options = [
"${automount_opts},credentials=${secrets.filesystems-parthenon.path}"
];
2023-09-10 14:27:05 -04:00
};
2023-09-10 14:27:05 -04:00
"/mnt/music" = {
device = "//parthenon/Music";
fsType = "cifs";
options = [
"${automount_opts},credentials=${secrets.filesystems-parthenon.path}"
];
2023-09-10 14:27:05 -04:00
};
"/mnt/video" = {
device = "//parthenon/Video";
fsType = "cifs";
options = [
"${automount_opts},credentials=${secrets.filesystems-parthenon.path}"
];
2023-09-10 14:27:05 -04:00
};
2021-03-07 22:06:39 -05:00
};
2021-09-24 21:30:15 -04:00
power.ups = {
enable = true;
2023-12-10 14:53:55 -05:00
mode = "netserver";
2021-09-24 21:30:15 -04:00
ups."cyberpower" = {
description = "Cyberpower EC650LCD";
driver = "usbhid-ups";
port = "auto";
};
2023-12-10 14:53:55 -05:00
upsd = {
enable = true;
listen = [
{ address = "0.0.0.0"; }
];
};
users.upsmon = {
passwordFile = secrets.upsmon.path;
2024-08-27 17:58:52 -04:00
upsmon = "primary";
2023-12-10 14:53:55 -05:00
};
upsmon.monitor."cyberpower".user = "upsmon";
2021-09-24 21:30:15 -04:00
};
2021-10-09 18:15:38 -04:00
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
2024-03-15 10:45:46 -04:00
sops.secrets = {
filesystems-parthenon = { };
upsmon = { };
};
2021-05-10 21:42:30 -04:00
services = {
2022-07-05 17:34:19 -04:00
borgbackup.jobs."borgbase" = {
paths = [
"/var/backup"
];
2023-09-30 13:29:52 -04:00
repo = "ssh://fk0o7077@fk0o7077.repo.borgbase.com/./repo";
2022-07-05 17:34:19 -04:00
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/borgbackup/passphrase";
};
environment.BORG_RSH = "ssh -i /root/borgbackup/ssh_key";
compression = "auto,lzma";
startAt = "daily";
};
2024-02-16 11:50:50 -05:00
2021-05-10 21:42:30 -04:00
grafana = {
enable = true;
2022-10-24 16:23:09 -04:00
settings = {
server = {
domain = "plato.walkah.lab";
http_port = 2342;
http_addr = "0.0.0.0";
};
};
2021-05-10 21:42:30 -04:00
};
prometheus = {
scrapeConfigs = [
{
job_name = "node";
2024-12-07 20:46:15 -05:00
static_configs = [
{
targets = [
"plato:9100"
"agent:9100"
"form:9100"
"matter:9100"
"purpose:9100"
"socrates:9100"
];
}
];
2021-05-10 21:42:30 -04:00
}
{
job_name = "coredns";
2024-12-07 20:46:15 -05:00
static_configs = [ { targets = [ "plato:9153" ]; } ];
2021-05-10 21:42:30 -04:00
}
2021-06-21 22:56:05 -04:00
{
job_name = "ipfs";
metrics_path = "/debug/metrics/prometheus";
2024-12-07 20:46:15 -05:00
static_configs = [
{
targets = [
"agent:5001"
"form:5001"
"matter:5001"
"purpose:5001"
];
}
];
2021-06-21 22:56:05 -04:00
}
2021-05-10 21:42:30 -04:00
];
};
2023-09-10 14:27:05 -04:00
tailscale = {
useRoutingFeatures = "server";
};
};
2024-12-07 20:46:15 -05:00
walkah.coredns = {
enable = true;
};
2023-09-10 14:27:05 -04:00
virtualisation.docker = {
enable = true;
# Clean docker images periodically
autoPrune = {
enable = true;
flags = [ "--all" ];
};
2021-05-10 21:42:30 -04:00
};
2021-03-07 22:06:39 -05:00
}