82 lines
1.9 KiB
Nix
82 lines
1.9 KiB
Nix
{ repoFlake
|
|
, pkgs
|
|
, lib
|
|
, config
|
|
, nodeFlake
|
|
, nodeName
|
|
, localDomainName
|
|
, system
|
|
, ...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
# repoFlake.inputs.sops-nix.nixosModules.sops
|
|
|
|
# ../../profiles/common/user.nix
|
|
|
|
{
|
|
nix.nixPath = [
|
|
"nixpkgs=${pkgs.path}"
|
|
];
|
|
|
|
nix.settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
|
|
nix.settings.max-jobs = lib.mkDefault "auto";
|
|
nix.settings.cores = lib.mkDefault 0;
|
|
}
|
|
|
|
{
|
|
services.openssh.enable = true;
|
|
services.openssh.settings.PermitRootLogin = "yes";
|
|
|
|
# users.commonUsers = {
|
|
# enable = true;
|
|
# enableNonRoot = false;
|
|
# rootPasswordFile = config.sops.secrets.passwords-root.path;
|
|
# };
|
|
|
|
users.users.root.password = "install";
|
|
|
|
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
|
|
# sops.defaultSopsFormat = "yaml";
|
|
|
|
# sops.secrets.passwords-root.neededForUsers = true;
|
|
}
|
|
];
|
|
|
|
networking = {
|
|
hostName = nodeName;
|
|
useNetworkd = false;
|
|
|
|
networkmanager.enable = false;
|
|
|
|
firewall.enable = false;
|
|
};
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
# We exclude a number of modules included in the default list. A non-insignificant amount do
|
|
# not apply to embedded hardware like this, so simply skip the defaults.
|
|
#
|
|
# Custom kernel is required as a lot of MTK components misbehave when built as modules.
|
|
# They fail to load properly, leaving the system without working ethernet, they'll oops on
|
|
# remove. MTK-DSA parts and PCIe were observed to do this.
|
|
|
|
# boot.initrd.includeDefaultModules = false;
|
|
# boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
|
|
# boot.initrd.availableKernelModules = ["nvme"];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
# hardware.enableRedistributableFirmware = true;
|
|
|
|
environment.systemPackages = [
|
|
pkgs.busybox
|
|
];
|
|
|
|
fileSystems."/".label = "x13s_root";
|
|
}
|