katja's git: nixfiles

ctucx' nixfiles

path: /nodes/briefkasten/default.nix 2.14 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 {

  system          = "x86_64-linux";

  sshPubKey       = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8mi9ZKPdhn20g9gyxE7NYBq/vAKemW4lhaQlLw5QVc";

  mainInterface   = "brlan";

  ip4IsPrivate    = true;
  ip4Address      = "10.0.0.1";
  ip4PrefixLength = 8;

  ip6IsPrivate    = false;
  ip6Address      = "2a03:4000:4d:5e:acab::1";
  ip6PrefixLength = 112;

  configuration = { node, secrets, config, ctucxConfig, lib, pkgs, ... }: {

    imports = [
      ./hardware-configuration.nix
      ./impermanence.nix

      ctucxConfig.configure.router
      ctucxConfig.configure.smarthome

      ctucxConfig.services.prometheus-exporters
      ctucxConfig.services.restic-server

      ctucxConfig.services.ca

      # website / webservices
      ctucxConfig.websites."photos.katja.wtf"
      ctucxConfig.websites."music.home.ctu.cx"
      ctucxConfig.websites."audiobooks.home.ctu.cx"
      ctucxConfig.websites."fedi.home.ctu.cx"
      ctucxConfig.websites."gomuks.ctu.cx"

      # syncthing (and it's backup)
      ./syncthing.nix
      ./backupScript.nix

      ./scanner-sftp.nix
    ];

    home-manager.users.katja.imports = [
      ctucxConfig.homeManager.programs.yt-dlp
      ctucxConfig.homeManager.programs.ocrmypdf
    ];

    age.secrets.resticServerBriefkasten.file = secrets.allNodes.resticServer.briefkasten;
    age.secrets.resticServerWanderduene.file = secrets.allNodes.resticServer.wanderduene;

    dns.zones."katja.wtf".subdomains = {
      "home.infra".AAAA       = [ node.ip6Address ];
    };

    boot = {
      kernelModules = [ "intel_rapl_common" ];

      # seems to make realtek ethernet faster?
      kernelParams = [ "pcie_aspm=off" ];

      initrd.network.ssh.hostKeys = [ "/nix/persist/etc/ssh/ssh_host_ed25519_key" ];
    };

    systemd.network.networks."5-mainInterface".enable = false;

    services = {
      ntfysh-notify.enable = true;
      usbmuxd.enable       = true;
      logind.powerKey      = "ignore";
    };

    powerManagement.cpuFreqGovernor    = "powersave";
    hardware.cpu.intel.updateMicrocode = true;

    system.stateVersion = "22.11"; # Did you read the comment?
    home-manager.users.katja.home.stateVersion = "22.11";

  };

}