nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/config/host-config/lambda.nix

149 lines
4.1 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
shinobi-port = "7080";
shinobi-od-port = "7082";
state-dir = "/state"; # This must be a string!
home-assistant-port = 8123;
parent-config = config;
generate-mac = pkgs.lib.network.generate-mac-address;
in {
boot = {
loader.grub.copyKernels = true;
kernelModules = [ "rpcsec_gss_krb5" ];
};
networking = {
interfaces = {
enp3s0f0.useDHCP = false;
enp3s0f1.useDHCP = false;
enp4s0f0.useDHCP = false;
enp4s0f1.useDHCP = false;
intif0.useDHCP = true;
};
};
systemd.tmpfiles.rules = [
"L /root/.gnupg - - - - ${state-dir}/user/root/gnupg"
"L /root/.ssh/id_rsa - - - - ${state-dir}/user/root/ssh/id_rsa"
"L /root/.ssh/id_rsa.pub - - - - ${state-dir}/user/root/ssh/id_rsa.pub"
"L /root/.ssh/known_hosts - - - - ${state-dir}/user/root/ssh/known_hosts"
];
services.openssh.hostKeys = [
{
path = "${state-dir}/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
{
path = "${state-dir}/ssh/ssh_host_ed25519_key";
type = "ed25519";
bits = 4096;
}
];
environment.etc = {
"ssh/ssh_host_rsa_key" = {
source = "${state-dir}/ssh/ssh_host_rsa_key";
user = "root";
group = "root";
mode = "0400";
};
"ssh/ssh_host_rsa_key.pub" = {
source = "${state-dir}/ssh/ssh_host_rsa_key.pub";
user = "root";
group = "root";
mode = "0444";
};
"ssh/ssh_host_ed25519_key" = {
source = "${state-dir}/ssh/ssh_host_ed25519_key";
user = "root";
group = "root";
mode = "0400";
};
"ssh/ssh_host_ed25519_key.pub" = {
source = "${state-dir}/ssh/ssh_host_ed25519_key.pub";
user = "root";
group = "root";
mode = "0444";
};
nixos.source = "/etc/nixos-live";
"host-config.nix".source = "/state/host/host-config.nix";
adjtime.source = "/state/host/adjtime";
NIXOS.source = "/state/host/NIXOS";
};
security.sudo.extraConfig = ''
# Due to rollback, sudo will lecture after every reboot
Defaults lecture = never
'';
# services.nginx = {
# enable = true;
# recommendedOptimisation = true;
# recommendedProxySettings = true;
# recommendedGzipSettings = true;
# virtualHosts."home.sea.fudo.org" = {
# locations."/" = {
# proxyPass = "http://localhost:${toString home-assistant-port}";
# proxyWebsockets = true;
# };
# };
# };
# virtualisation = {
# docker = {
# enable = true;
# enableOnBoot = true;
# autoPrune = { enable = true; };
# };
# oci-containers = {
# backend = "docker";
# containers = {
# home-assistant = {
# image = "homeassistant/home-assistant:stable";
# autoStart = true;
# environment.TZ = config.time.timeZone;
# # ports = [ "${toString home-assistant-port}:8123" ];
# volumes = [ "/state/services/home-assistant:/config" ];
# extraOptions = [ "--network=host" "--device=/dev/ttyACM0" ];
# };
# # shinobi = {
# # image = "shinobisystems/shinobi:latest";
# # ports = [ "${shinobi-port}:8080" ];
# # volumes = [
# # "/state/shinobi/plugins:/home/Shinobi/plugins"
# # "/state/shinobi/config:/home/Shinobi/config"
# # "/state/shinobi/videos:/home/Shinobi/videos"
# # "/state/shinobi/db-data:/var/lib/mysql"
# # "/etc/localtime:/etc/localtime:ro"
# # ];
# # };
# # shinobi-od = {
# # image = "shinobisystems/shinobi-tensorflow:latest";
# # volumes =
# # [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
# # ports = [ "${shinobi-od-port}:8082" ];
# # environment = {
# # PLUGIN_HOST = "panopticon.sea.fudo.org";
# # PLUGIN_PORT = shinobi-port;
# # PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
# # };
# # };
# # photoprism = { image = "photoprism/photoprism"; };
# };
# };
# };
}
Reference in New Issue View Git Blame Copy Permalink