dotnix/machines/gunpowder/default.nix

104 lines
2.0 KiB
Nix

{ pkgs, ... }:
let
username = "jolheiser";
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJh5aUDN/KN28+4tbayXRQliLyKFZaCZtUMEBNaJfHYj";
in
{
imports = [ ./hardware.nix ];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"quiet"
"splash"
];
loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
enableCryptodisk = true;
};
};
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
boot.initrd.luks.devices = {
"luks-1f9bde68-9c4c-423c-a95f-17aa170dd2b4".keyFile = "/crypto_keyfile.bin";
"luks-a2ca1842-1ce0-437e-ba5e-8864a41e81cb" = {
device = "/dev/disk/by-uuid/a2ca1842-1ce0-437e-ba5e-8864a41e81cb";
keyFile = "/crypto_keyfile.bin";
};
};
networking = {
hostName = "gunpowder";
networkmanager.enable = true;
firewall.enable = true;
};
services = {
xserver = {
enable = true;
displayManager.lightdm.enable = true;
desktopManager.xfce.enable = true;
};
openssh.enable = true;
tailscale.enable = true;
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
resolved.enable = true;
# media
jellyfin = {
enable = true;
openFirewall = true;
};
sonarr = {
enable = true;
openFirewall = true;
};
radarr = {
enable = true;
openFirewall = true;
};
bazarr = {
enable = true;
openFirewall = true;
};
prowlarr = {
enable = true;
openFirewall = true;
};
};
users = {
users = {
"${username}" = {
extraGroups = [
"wheel"
"docker"
"storage"
];
isNormalUser = true;
openssh.authorizedKeys.keys = [ key ];
};
"root".openssh.authorizedKeys.keys = [ key ];
};
groups.media.members = [
"jolheiser"
"olheiser"
"jellyfin"
"radarr"
"sonarr"
];
};
environment.systemPackages = with pkgs; [ qbittorrent ];
system.stateVersion = "22.11";
}