74 lines
1.6 KiB
Nix
74 lines
1.6 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
inputs,
|
|
outputs,
|
|
modulesPath,
|
|
...
|
|
}: {
|
|
imports = [
|
|
# inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
|
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
|
|
|
|
./hardware-configuration.nix
|
|
|
|
# Import shared settings
|
|
../../shared
|
|
];
|
|
|
|
nixpkgs.overlays = [
|
|
(final: super: {
|
|
makeModulesClosure = x:
|
|
super.makeModulesClosure (x // {allowMissing = true;});
|
|
})
|
|
];
|
|
|
|
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
|
sops.defaultSopsFile = ./secrets/sops.yaml;
|
|
|
|
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
|
|
|
boot.initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835" "cma=256M" "console=tty0"];
|
|
|
|
sdImage.compressImage = false;
|
|
|
|
home-manager = {
|
|
extraSpecialArgs = {inherit inputs outputs;};
|
|
users = {
|
|
# Import your home-manager configuration
|
|
lillian = import ../../../home-manager/hosts/wheatley;
|
|
};
|
|
};
|
|
|
|
networking.hostName = "wheatley";
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
# require public key authentication for better security
|
|
settings.PasswordAuthentication = false;
|
|
settings.KbdInteractiveAuthentication = false;
|
|
settings.PermitRootLogin = "no";
|
|
};
|
|
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowPing = false;
|
|
allowedTCPPorts = [
|
|
22 # SSH
|
|
5349 # STUN tls
|
|
5350 # STUN tls alt
|
|
80 # http
|
|
443 # https
|
|
];
|
|
allowedUDPPortRanges = [
|
|
{
|
|
from = 49152;
|
|
to = 49999;
|
|
} # TURN relay
|
|
];
|
|
};
|
|
|
|
system.stateVersion = "25.05";
|
|
nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
|
|
}
|