infra/modules/nixos/common/default.nix

{
  config,
  inputs,
  pkgs,
  ...
}:
{
  imports = [
    ./comin.nix
    ../../shared/known-hosts.nix
    ../../shared/nix-daemon.nix
    ./reboot.nix
    ./security.nix
    ./sops-nix.nix
    ./telegraf.nix
    ./users.nix
    inputs.sops-nix.nixosModules.sops
    inputs.agenix.nixosModules.age
    inputs.srvos.nixosModules.server
  ];

  # users in trusted group are trusted by the nix-daemon
  nix.settings.trusted-users = [ "@trusted" ];

  users.groups.trusted = { };

  # Sometimes it fails if a store path is still in use.
  # This should fix intermediate issues.
  systemd.services.nix-gc.serviceConfig = {
    Restart = "on-failure";
  };

  boot.kernelPackages = pkgs.lib.mkIf (
    !config.boot.supportedFilesystems.zfs or false
  ) pkgs.linuxPackages_latest;

  zramSwap.enable = true;

  security.acme.defaults.email = "trash@nix-community.org";
  security.acme.acceptTerms = true;

  # Without configuration this unit will fail...
  # Just disable it since we are using telegraf to monitor raid health.
  systemd.services.mdmonitor.enable = false;

  networking.domain = "nix-community.org";
}
format tree 2024-07-24 19:05:26 +10:00			`{`
			`config,`
			`inputs,`
			`pkgs,`
			`...`
			`}:`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`{`
also deploy telegraf on build02 2021-01-21 16:28:48 +01:00			`imports = [`
modules/nixos: add comin 2024-03-16 11:52:48 +10:00			`./comin.nix`
modules/shared: add known-hosts 2024-03-10 09:26:39 +10:00			`../../shared/known-hosts.nix`
modules/shared: add nix-daemon 2023-07-29 17:37:07 +10:00			`../../shared/nix-daemon.nix`
modules/nixos: separate reboot from auto-upgrade 2023-07-19 15:30:03 +10:00			`./reboot.nix`
also deploy telegraf on build02 2021-01-21 16:28:48 +01:00			`./security.nix`
roles/common: sort imports 2022-12-03 12:45:45 +10:00			`./sops-nix.nix`
modules: refactor telegraf 2024-05-04 18:51:58 +10:00			`./telegraf.nix`
move users configuration to seperate profile 2021-03-04 06:24:57 +01:00			`./users.nix`
flake: refactor 2023-05-16 09:53:27 +10:00			`inputs.sops-nix.nixosModules.sops`
move hercules to agenix 2024-07-09 11:41:05 +10:00			`inputs.agenix.nixosModules.age`
flake: refactor 2023-05-16 09:53:27 +10:00			`inputs.srvos.nixosModules.server`
misc changes 2019-08-12 11:33:34 +02:00			`];`

modules/shared: add nix-daemon 2023-07-29 17:37:07 +10:00			`# users in trusted group are trusted by the nix-daemon`
			`nix.settings.trusted-users = [ "@trusted" ];`

			`users.groups.trusted = { };`

			`# Sometimes it fails if a store path is still in use.`
			`# This should fix intermediate issues.`
			`systemd.services.nix-gc.serviceConfig = {`
			`Restart = "on-failure";`
			`};`

format tree 2024-07-24 19:05:26 +10:00			`boot.kernelPackages = pkgs.lib.mkIf (`
			`!config.boot.supportedFilesystems.zfs or false`
			`) pkgs.linuxPackages_latest;`
modules/nixos/common: use latest kernel 2024-01-07 09:59:08 +10:00
roles/common: enabled zramSwap probably okay to have this as a default as none of the machines have any swap configured 2023-01-04 11:59:51 +10:00			`zramSwap.enable = true;`

acme: migrate to new default option schema 2022-01-09 15:57:46 +01:00			`security.acme.defaults.email = "trash@nix-community.org";`
acme: move to common profile 2021-03-04 10:55:37 +01:00			`security.acme.acceptTerms = true;`

Revert "modules/nixos/common: don't disable mdmonitor" This reverts commit 93f3787188c796bb8a4458debfbb6938fe306dee. 2023-08-29 13:47:15 +10:00			`# Without configuration this unit will fail...`
			`# Just disable it since we are using telegraf to monitor raid health.`
			`systemd.services.mdmonitor.enable = false;`

implement nixos deploy for all hosts 2022-08-13 11:13:06 +02:00			`networking.domain = "nix-community.org";`
Modularise setup, add hardening config 2019-08-11 19:53:02 +01:00			`}`
No results found.