-
Notifications
You must be signed in to change notification settings - Fork 32
/
configuration.nix
executable file
·171 lines (153 loc) · 4.59 KB
/
configuration.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
{ config, pkgs, lib, ... }:
{
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
# !!! Set to specific linux kernel version
boot.kernelPackages = pkgs.linuxPackages;
# Disable ZFS on kernel 6
boot.supportedFilesystems = lib.mkForce [
"vfat"
"xfs"
"cifs"
"ntfs"
];
# !!! Needed for the virtual console to work on the RPi 3, as the default of 16M doesn't seem to be enough.
# If X.org behaves weirdly (I only saw the cursor) then try increasing this to 256M.
# On a Raspberry Pi 4 with 4 GB, you should either disable this parameter or increase to at least 64M if you want the USB ports to work.
boot.kernelParams = [ "cma=256M" ];
# File systems configuration for using the installer's partition layout
fileSystems = {
# Prior to 19.09, the boot partition was hosted on the smaller first partition
# Starting with 19.09, the /boot folder is on the main bigger partition.
# The following is to be used only with older images.
/*
"/boot" = {
device = "/dev/disk/by-label/NIXOS_BOOT";
fsType = "vfat";
};
*/
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
# !!! Adding a swap file is optional, but strongly recommended!
swapDevices = [{ device = "/swapfile"; size = 1024; }];
# systemPackages
environment.systemPackages = with pkgs; [
vim
curl
wget
nano
bind
kubectl
kubernetes-helm
iptables
openvpn
python3
nodejs
docker-compose
];
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
# Some sample service.
# Use dnsmasq as internal LAN DNS resolver.
services.dnsmasq = {
enable = false;
settings.servers = [ "8.8.8.8" "8.8.4.4" "1.1.1.1" ];
settings.extraConfig = ''
address=/fenrir.test/192.168.100.6
address=/recalune.test/192.168.100.7
address=/eth.nixpi.test/192.168.100.3
address=/wlan.nixpi.test/192.168.100.4
'';
};
# services.openvpn = {
# # You can set openvpn connection
# servers = {
# privateVPN = {
# config = "config /home/nixos/vpn/privatvpn.conf";
# };
# };
# };
programs.zsh = {
enable = true;
ohMyZsh = {
enable = true;
theme = "bira";
};
};
virtualisation.docker.enable = true;
networking.firewall.enable = false;
# WiFi
hardware = {
enableRedistributableFirmware = true;
firmware = [ pkgs.wireless-regdb ];
};
# Networking
networking = {
# useDHCP = true;
interfaces.wlan0 = {
useDHCP = false;
ipv4.addresses = [{
# I used static IP over WLAN because I want to use it as local DNS resolver
address = "192.168.1.4";
prefixLength = 24;
}];
};
interfaces.eth0 = {
useDHCP = true;
# I used DHCP because sometimes I disconnect the LAN cable
#ipv4.addresses = [{
# address = "192.168.100.3";
# prefixLength = 24;
#}];
};
# Enabling WIFI
wireless.enable = true;
wireless.interfaces = [ "wlan0" ];
# If you want to connect also via WIFI to your router
# wireless.networks."SATRIA".psk = "wifipassword";
# You can set default nameservers
# nameservers = [ "192.168.100.3" "192.168.100.4" "192.168.100.1" ];
# You can set default gateway
# defaultGateway = {
# address = "192.168.1.1";
# interface = "eth0";
# };
};
# forwarding
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = true;
"net.ipv4.tcp_ecn" = true;
};
# put your own configuration here, for example ssh keys:
users.defaultUserShell = pkgs.zsh;
users.mutableUsers = true;
users.groups = {
nixos = {
gid = 1000;
name = "nixos";
};
};
users.users = {
nixos = {
uid = 1000;
home = "/home/nixos";
name = "nixos";
group = "nixos";
shell = pkgs.zsh;
extraGroups = [ "wheel" "docker" ];
};
};
users.users.root.openssh.authorizedKeys.keys = [
# This is my public key
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqlXJv/noNPmZMIfjJguRX3O+Z39xeoKhjoIBEyfeqgKGh9JOv7IDBWlNnd3rHVnVPzB9emiiEoAJpkJUnWNBidL6vPYn13r6Zrt/2WLT6TiUFU026ANdqMjIMEZrmlTsfzFT+OzpBqtByYOGGe19qD3x/29nbszPODVF2giwbZNIMo2x7Ww96U4agb2aSAwo/oQa4jQsnOpYRMyJQqCUhvX8LzvE9vFquLlrSyd8khUsEVV/CytmdKwUUSqmlo/Mn7ge/S12rqMwmLvWFMd08Rg9NHvRCeOjgKB4EI6bVwF8D6tNFnbsGVzTHl7Cosnn75U11CXfQ6+8MPq3cekYr lucernae@lombardia-N43SM"
];
system.stateVersion = "23.05";
}