infra/nix/os/devices/steveej-t14/system.nix

{
  pkgs,
  lib,
  config,
  ...
}: let
  keys = import ../../../variables/keys.nix;
  passwords = import ../../../variables/passwords.crypt.nix;
in {
  nix = {
    binaryCaches = ["https://holochain-ci.cachix.org" "https://cache.holo.host/"];
    binaryCachePublicKeys = [
      "holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="
      "cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="
      "cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ="
    ];

    settings.extra-experimental-features = ["impure-derivations"];
    settings.system-features = ["recursive-nix"];
  };

  # TASK: new device
  networking.hostName = "steveej-t14"; # Define your hostname.

  networking.bridges."virbr1".interfaces = [];
  networking.interfaces."virbr1".ipv4.addresses = [
    {
      address = "10.254.254.254";
      prefixLength = 24;
    }
  ];

  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
    # syncthing
    22000

    # iperf3
    5201
  ];

  networking.firewall.logRefusedConnections = false;
  networking.usePredictableInterfaceNames = false;

  services.printing = {
    enable = true;
    drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];
  };

  services.fprintd.enable = true;
  security.pam.services = {
    login.fprintAuth = true;
    sudo.fprintAuth = true;
  };

  # virtualization
  virtualisation = {
    libvirtd = {enable = true;};

    virtualbox.host = {
      enable = false;
      addNetworkInterface = false;
    };

    docker = {
      enable = true;
      extraOptions = "--experimental";
    };
  };

  services.samba.extraConfig = ''
    # client min protocol = NT1
  '';

  security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];

  services.xserver.videoDrivers = lib.mkForce ["amdgpu"];
  services.xserver.serverFlagsSection = ''
    Option "BlankTime" "0"
    Option "StandbyTime" "0"
    Option "SuspendTime" "0"
    Option "OffTime" "0"
  '';

  time.timeZone = lib.mkForce passwords.timeZone.stefan;

  hardware.ledger.enable = true;
}
format and change 2023-02-07 18:23:51 +01:00			`{`
			`pkgs,`
			`lib,`
			`config,`
			`...`
			`}: let`
fix(nix): move location related values to encrypted file 2022-11-19 16:33:35 -06:00			`keys = import ../../../variables/keys.nix;`
			`passwords = import ../../../variables/passwords.crypt.nix;`
steveej-t14: init 2020-12-21 14:35:50 +01:00			`in {`
steveej-t14: use holochain-ci binary cache 2021-08-20 23:28:23 +02:00			`nix = {`
format and change 2023-02-07 18:23:51 +01:00			`binaryCaches = ["https://holochain-ci.cachix.org" "https://cache.holo.host/"];`
steveej-t14: use holochain-ci binary cache 2021-08-20 23:28:23 +02:00			`binaryCachePublicKeys = [`
			`"holochain-ci.cachix.org-1:5IUSkZc0aoRS53rfkvH9Kid40NpyjwCMCzwRTXy+QN8="`
steveej-t14: enable smb v1 and add holo.host nix cache 2022-01-10 17:49:31 +01:00			`"cache.holo.host-1:lNXIXtJgS9Iuw4Cu6X0HINLu9sTfcjEntnrgwMQIMcE="`
			`"cache.holo.host-2:ZJCkX3AUYZ8soxTLfTb60g+F3MkWD7hkH9y8CgqwhDQ="`
steveej-t14: use holochain-ci binary cache 2021-08-20 23:28:23 +02:00			`];`
feat: tweak nix settings for newer features 2023-01-26 11:27:09 +01:00
format and change 2023-02-07 18:23:51 +01:00			`settings.extra-experimental-features = ["impure-derivations"];`
			`settings.system-features = ["recursive-nix"];`
steveej-t14: use holochain-ci binary cache 2021-08-20 23:28:23 +02:00			`};`
steveej-t14: init 2020-12-21 14:35:50 +01:00
			`# TASK: new device`
			`networking.hostName = "steveej-t14"; # Define your hostname.`

format and change 2023-02-07 18:23:51 +01:00			`networking.bridges."virbr1".interfaces = [];`
			`networking.interfaces."virbr1".ipv4.addresses = [`
			`{`
			`address = "10.254.254.254";`
			`prefixLength = 24;`
			`}`
			`];`
steveej-t14: init 2020-12-21 14:35:50 +01:00
			`networking.firewall.enable = true;`
			`networking.firewall.allowedTCPPorts = [`
			`# syncthing`
			`22000`

			`# iperf3`
			`5201`
			`];`

			`networking.firewall.logRefusedConnections = false;`
			`networking.usePredictableInterfaceNames = false;`

			`services.printing = {`
			`enable = true;`
format and change 2023-02-07 18:23:51 +01:00			`drivers = with pkgs; [hplip mfcl3770cdw.driver mfcl3770cdw.cupswrapper];`
steveej-t14: init 2020-12-21 14:35:50 +01:00			`};`

			`services.fprintd.enable = true;`
			`security.pam.services = {`
			`login.fprintAuth = true;`
			`sudo.fprintAuth = true;`
			`};`

			`# virtualization`
			`virtualisation = {`
format and change 2023-02-07 18:23:51 +01:00			`libvirtd = {enable = true;};`
steveej-t14: init 2020-12-21 14:35:50 +01:00
			`virtualbox.host = {`
chore: nixfmt * 2022-10-31 11:04:38 +01:00			`enable = false;`
steveej-t14: init 2020-12-21 14:35:50 +01:00			`addNetworkInterface = false;`
			`};`

			`docker = {`
			`enable = true;`
			`extraOptions = "--experimental";`
			`};`
			`};`

steveej-t14: enable smb v1 and add holo.host nix cache 2022-01-10 17:49:31 +01:00			`services.samba.extraConfig = ''`
			`# client min protocol = NT1`
			`'';`

format and change 2023-02-07 18:23:51 +01:00			`security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];`
steveej-t14: init 2020-12-21 14:35:50 +01:00
format and change 2023-02-07 18:23:51 +01:00			`services.xserver.videoDrivers = lib.mkForce ["amdgpu"];`
steveej-t14: init 2020-12-21 14:35:50 +01:00			`services.xserver.serverFlagsSection = ''`
			`Option "BlankTime" "0"`
			`Option "StandbyTime" "0"`
			`Option "SuspendTime" "0"`
			`Option "OffTime" "0"`
			`'';`

fix(nix): move location related values to encrypted file 2022-11-19 16:33:35 -06:00			`time.timeZone = lib.mkForce passwords.timeZone.stefan;`

steveej-t14: init 2020-12-21 14:35:50 +01:00			`hardware.ledger.enable = true;`
			`}`