steveej-t14: init

2020-12-21 14:35:50 +01:00 · 2020-12-21 14:35:50 +01:00 · aef08954ab
commit aef08954ab
parent 11b8b11d9a
9 changed files with 220 additions and 0 deletions
--- a/nix/os/devices/steveej-t14/system.nix
+++ b/nix/os/devices/steveej-t14/system.nix
@ -0,0 +1,78 @@
+{ pkgs
+, lib
+, config
+, ... }:
+
+let
+  keys = import ../../../variables/keys.nix;
+in {
+
+  # TASK: new device
+  networking.hostName = "steveej-t14"; # Define your hostname.
+
+  networking.bridges."virbr1".interfaces = [];
+  networking.interfaces."virbr1".ipv4.addresses = [
+      { address = "10.254.254.254"; prefixLength = 24; }
+  ];
+
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [
+    # syncthing
+    22000
+
+    # iperf3
+    5201
+  ];
+
+  networking.firewall.logRefusedConnections = false;
+  networking.usePredictableInterfaceNames = false;
+
+  services.printing = {
+    enable = true;
+    drivers = with pkgs; [
+      hplip
+      mfcl3770cdw.driver
+      mfcl3770cdw.cupswrapper
+    ];
+  };
+
+  services.fprintd.enable = true;
+  security.pam.services = {
+    login.fprintAuth = true;
+    sudo.fprintAuth = true;
+  };
+
+  # virtualization
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+    };
+
+    virtualbox.host = {
+      enable = false ;
+      addNetworkInterface = false;
+    };
+
+    docker = {
+      enable = true;
+      extraOptions = "--experimental";
+    };
+  };
+
+
+  security.pki.certificateFiles = [
+    "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+  ];
+
+  services.xserver.videoDrivers = [ "modesetting" ];
+  services.xserver.serverFlagsSection = ''
+    Option "BlankTime" "0"
+    Option "StandbyTime" "0"
+    Option "SuspendTime" "0"
+    Option "OffTime" "0"
+  '';
+
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+
+  hardware.ledger.enable = true;
+}