-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfiguration.nix
128 lines (110 loc) · 2.99 KB
/
configuration.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
{ config, pkgs, lib, ... }:
let
wakeVader = macPath: pkgs.writeShellScriptBin "wakevader" ''
#!/usr/bin/env bash
${pkgs.wakeonlan}/bin/wakeonlan $(cat ${macPath})
'';
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
boot = {
kernelParams = ["cma-256M"];
kernelPackages = pkgs.linuxPackages_6_1;
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = false;
raspberryPi = {
enable = true;
version = 4;
#uboot.enable = true;
firmwareConfig = ''
gpu_mem=256
'';
};
};
# custom /tmp in filesystems
# I needed more storage in order for nix to be able to build things
# default tmpOnTmpfs allocates 50% of RAM, which is 2GiB on this system
tmpOnTmpfs = false;
};
time.timeZone = "Europe/London";
nixpkgs.config.allowUnfree = true;
powerManagement.cpuFreqGovernor = "ondemand";
networking = {
useDHCP = false;
hostName = "hk47";
networkmanager.enable = false;
wireless = {
enable = false;
interfaces = ["wlan0"];
};
interfaces.eth0.useDHCP = true;
interfaces.wlan0.useDHCP = true;
firewall.enable = true;
#firewall.allowedTCPPorts = [8443 21063 21604];
#firewall.allowedUDPPorts = [5353];
firewall.allowedTCPPorts = [
# open a bunch of ports home-assistant's homekit bridge
21064
# 40000
];
firewall.allowedUDPPorts = [
# open a bunch of ports home-assistant's homekit bridge
5353
#1900
#44608
#36389
#1900
#34183
#57495
#42717
];
};
age.secrets = {
tailscale.file = ../../secrets/hk47.tailscale.age;
vader-mac = {
file = ../../secrets/hk47.vader-mac.age;
owner = "ag";
group = "users";
};
};
users.mutableUsers = true;
environment.systemPackages = with pkgs; [
vim raspberrypi-eeprom
libraspberrypi
(wakeVader config.age.secrets.vader-mac.path)
];
services.openssh.enable = true;
services.avahi = {
enable = true;
reflector = true;
nssmdns = true;
allowInterfaces = ["eth0"];
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
nix = {
package = pkgs.nixVersions.stable;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
alexghr.tailscale = {
enable = true;
authKeyFile = config.age.secrets.tailscale.path;
exitNode = true;
};
}