Stefan Junker
5af42df5a9
this configures a standalone USB device that doesn't need configuration of the firmware's EFI variables.
66 lines
1.1 KiB
Nix
66 lines
1.1 KiB
Nix
{ repoFlake
|
|
, pkgs
|
|
, lib
|
|
, config
|
|
, nodeFlake
|
|
, nodeName
|
|
, localDomainName
|
|
, system
|
|
, ...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
repoFlake.inputs.sops-nix.nixosModules.sops
|
|
nodeFlake.inputs.disko.nixosModules.disko
|
|
./disko.nix
|
|
|
|
../../profiles/common/user.nix
|
|
|
|
{
|
|
nix.nixPath = [
|
|
"nixpkgs=${pkgs.path}"
|
|
];
|
|
|
|
nix.settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
|
|
nix.settings.max-jobs = lib.mkDefault "auto";
|
|
}
|
|
|
|
{
|
|
services.openssh.enable = true;
|
|
services.openssh.settings.PermitRootLogin = "yes";
|
|
services.openssh.openFirewall = true;
|
|
|
|
users.commonUsers = {
|
|
enable = true;
|
|
enableNonRoot = true;
|
|
};
|
|
|
|
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
|
|
sops.defaultSopsFormat = "yaml";
|
|
}
|
|
];
|
|
|
|
networking = {
|
|
hostName = nodeName;
|
|
|
|
firewall.enable = true;
|
|
|
|
useNetworkd = true;
|
|
networkmanager.enable = false;
|
|
};
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
environment.systemPackages = [
|
|
pkgs.util-linux
|
|
pkgs.coreutils
|
|
pkgs.vim
|
|
];
|
|
}
|