NixOS-Config/nixos/hosts/wheatley/configuration.nix

74 lines
1.6 KiB
Nix
Raw Normal View History

2024-01-08 15:58:04 +01:00
{
lib,
2024-01-08 15:58:04 +01:00
pkgs,
2024-12-04 00:58:44 +01:00
inputs,
outputs,
modulesPath,
2024-01-08 15:58:04 +01:00
...
}: {
imports = [
# inputs.nixos-hardware.nixosModules.raspberry-pi-4
2024-12-04 00:58:44 +01:00
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
../hardware-configuration.nix
2024-12-04 00:58:44 +01:00
# Import shared settings
../../shared
2024-01-08 15:58:04 +01:00
];
2024-12-04 00:58:44 +01:00
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // {allowMissing = true;});
})
];
2024-12-04 00:58:44 +01:00
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
2024-01-08 15:58:04 +01:00
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
boot.initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835" "cma=256M" "console=tty0"];
2024-01-08 15:58:04 +01:00
2024-12-04 00:58:44 +01:00
sdImage.compressImage = false;
2024-01-08 15:58:04 +01:00
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/wheatley;
2024-01-08 15:58:04 +01:00
};
};
2024-12-04 00:58:44 +01:00
networking.hostName = "wheatley";
2024-12-04 00:58:44 +01:00
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
};
2024-12-04 00:58:44 +01:00
networking.firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [
22 # SSH
5349 # STUN tls
5350 # STUN tls alt
80 # http
443 # https
];
allowedUDPPortRanges = [
{
from = 49152;
to = 49999;
} # TURN relay
];
};
2024-01-08 15:58:04 +01:00
2024-12-04 00:58:44 +01:00
system.stateVersion = "25.05";
nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
2024-01-08 15:58:04 +01:00
}