nixos-config/hosts/nuc/default.nix

{ config, pkgs, lib, ... }:
{
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
      ./modules/adguard
      ./modules/networks
      ./modules/backup
      ./modules/hydra
      ./modules/nextcloud
      ./modules/vaultwarden
      ./modules/nginx
    ];

  boot = {
    loader.systemd-boot.enable = true;
    loader.efi.canTouchEfiVariables = true;
    kernelPackages = pkgs.linuxPackages_latest;
    tmp.useTmpfs = true;
  };
  services.btrfs.autoScrub.enable = true;
  nix.settings = {
    auto-optimise-store = true;
  };

  sops.secrets."store/secretkey" = { };
  nix.extraOptions = ''
    secret-key-files = ${config.sops.secrets."store/secretkey".path}
  '';

  environment.persistence."/nix/persist/system" = {
    directories = [
      "/etc/ssh"
      "/root/.local/share/zsh"
    ];
    files = [
      "/etc/machine-id"
    ];
  };
  # impermanence fixes
  sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
  sops.gnupg.sshKeyPaths = lib.mkForce [ ];

  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "dvorak";
  };

  environment.systemPackages = with pkgs; [
    vim
    wget
    htop-vim
    helix
    lsof
    btdu
  ];
  programs.git = {
    enable = true;
    config = {
      user.name = "Rouven Seifert";
      user.email = "rouven@rfive.de";
    };
  };

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  security = {
    audit.enable = true;
    auditd.enable = true;
  };


  # firmware updates
  services.fwupd.enable = true;
  users.users.root.initialHashedPassword = "$y$j9T$hYM7FT2hn3O7OWBn9uz8e0$XquxONcPSke6YjdRGwOzGxC0/92hgP7PIB0y0K.Qdr/";
  users.users.root.openssh.authorizedKeys.keyFiles = [
    ../../keys/ssh/rouven-thinkpad
    ../../keys/ssh/root-thinkpad
    ../../keys/ssh/rouven-pixel
  ];

  system.stateVersion = "22.11";

}
fixed missing import 2023-05-30 21:15:46 +02:00			`{ config, pkgs, lib, ... }:`
added nuc 2023-01-23 17:30:09 +01:00			`{`
			`nix.settings.experimental-features = [ "nix-command" "flakes" ];`
			`imports =`
			`[`
			`# Include the results of the hardware scan.`
			`./hardware-configuration.nix`
configured adguard 2023-04-27 17:27:57 +02:00			`./modules/adguard`
networkd for the nuc 2023-01-23 23:35:44 +01:00			`./modules/networks`
configured backups for the nuc 2023-04-12 22:09:37 +02:00			`./modules/backup`
added a basic hydra 2023-05-01 21:05:49 +02:00			`./modules/hydra`
maybe I should also use the modules 2023-01-24 12:05:09 +01:00			`./modules/nextcloud`
fixed vaultwarden 2023-01-25 14:24:10 +01:00			`./modules/vaultwarden`
maybe I should also use the modules 2023-01-24 12:05:09 +01:00			`./modules/nginx`
added nuc 2023-01-23 17:30:09 +01:00			`];`

			`boot = {`
			`loader.systemd-boot.enable = true;`
			`loader.efi.canTouchEfiVariables = true;`
preparing nuc for reinstall 2023-02-17 21:35:12 +01:00			`kernelPackages = pkgs.linuxPackages_latest;`
flake updates 2023-04-16 13:43:30 +02:00			`tmp.useTmpfs = true;`
added nuc 2023-01-23 17:30:09 +01:00			`};`
preparing nuc for reinstall 2023-02-17 21:35:12 +01:00			`services.btrfs.autoScrub.enable = true;`
added a basic hydra 2023-05-01 21:05:49 +02:00			`nix.settings = {`
			`auto-optimise-store = true;`
			`};`
replace http cache with build machines and ssh 2023-06-12 16:49:45 +02:00
			`sops.secrets."store/secretkey" = { };`
			`nix.extraOptions = ''`
			`secret-key-files = ${config.sops.secrets."store/secretkey".path}`
			`'';`

configured impermanence for the nuc 2023-05-30 20:36:52 +02:00			`environment.persistence."/nix/persist/system" = {`
			`directories = [`
			`"/etc/ssh"`
fix nuc zsh history 2023-06-08 10:16:06 +02:00			`"/root/.local/share/zsh"`
configured impermanence for the nuc 2023-05-30 20:36:52 +02:00			`];`
			`files = [`
			`"/etc/machine-id"`
			`];`
			`};`
fixed impermanence secrets for the nuc 2023-05-30 21:15:01 +02:00			`# impermanence fixes`
			`sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];`
			`sops.gnupg.sshKeyPaths = lib.mkForce [ ];`
added nuc 2023-01-23 17:30:09 +01:00
			`time.timeZone = "Europe/Berlin";`

			`i18n.defaultLocale = "en_US.UTF-8";`
			`console = {`
			`font = "Lat2-Terminus16";`
			`keyMap = "dvorak";`
			`};`

			`environment.systemPackages = with pkgs; [`
			`vim`
			`wget`
updates and zfs tweaks 2023-01-28 22:28:56 +01:00			`htop-vim`
flake cleanup and iso tweaks 2023-05-05 16:17:31 +02:00			`helix`
flake update and minor fixes 2023-05-28 13:15:29 +02:00			`lsof`
nextcloud 26 -> nextcloud 27 2023-06-19 10:37:17 +02:00			`btdu`
added nuc 2023-01-23 17:30:09 +01:00			`];`
			`programs.git = {`
			`enable = true;`
			`config = {`
			`user.name = "Rouven Seifert";`
			`user.email = "rouven@rfive.de";`
			`};`
			`};`

			`# Enable the OpenSSH daemon.`
			`services.openssh.enable = true;`
configured a spotify widget for waybar 2023-06-03 21:42:12 +02:00			`security = {`
			`audit.enable = true;`
			`auditd.enable = true;`
			`};`

enable firmware updates for the nuc 2023-04-17 11:16:50 +02:00
			`# firmware updates`
			`services.fwupd.enable = true;`
set nuc root password 2023-05-30 20:46:59 +02:00			`users.users.root.initialHashedPassword = "$y$j9T$hYM7FT2hn3O7OWBn9uz8e0$XquxONcPSke6YjdRGwOzGxC0/92hgP7PIB0y0K.Qdr/";`
added nuc 2023-01-23 17:30:09 +01:00			`users.users.root.openssh.authorizedKeys.keyFiles = [`
			`../../keys/ssh/rouven-thinkpad`
replace http cache with build machines and ssh 2023-06-12 16:49:45 +02:00			`../../keys/ssh/root-thinkpad`
added nuc 2023-01-23 17:30:09 +01:00			`../../keys/ssh/rouven-pixel`
			`];`

cleanup and restructuring 2023-04-06 22:31:45 +02:00			`system.stateVersion = "22.11";`
added nuc 2023-01-23 17:30:09 +01:00
			`}`