nix-dotfiles/systems/jeeves/configuration.nix

{ pkgs, lib, ... }:
{
  
  console.keyMap = "us";
  networking = {
    hostId = "1beb3027";
    firewall.enable = false;
  };

  boot = {
    zfs.extraPools = [
      "Media"
      "Storage"
      "Torenting"
    ];
    filesystem = "zfs";
    useSystemdBoot = true;
  };

  virtualisation = {
    docker = {
      enable = true;
      recommendedDefaults = true;
      logDriver = "local";
      storageDriver = "overlay2";
      daemon."settings" = {
        experimental = true;
        data-root = "/var/lib/docker";
        exec-opts = [ "native.cgroupdriver=systemd" ];
        log-opts = {
          max-size = "10m";
          max-file = "5";
        };
      };
    };

    podman = {
      enable = true;
      recommendedDefaults = true;
    };
  };

  environment = {
    systemPackages = with pkgs; [ docker-compose ];
    etc = {
      # Creates /etc/lynis/custom.prf
      "lynis/custom.prf" = {
        text = ''
          skip-test=BANN-7126
          skip-test=BANN-7130
          skip-test=DEB-0520
          skip-test=DEB-0810
          skip-test=FIRE-4513
          skip-test=HRDN-7222
          skip-test=KRNL-5820
          skip-test=LOGG-2190
          skip-test=LYNIS
          skip-test=TOOL-5002
        '';
        mode = "0440";
      };
    };
  };

  services = {
    nfs.server.enable = true;

    openssh.ports = [ 629 ];

    plex = {
      enable = true;
      dataDir = "/ZFS/Media/Plex/";
    };

    smartd.enable = true;

    sysstat.enable = true;

    usbguard = {
      enable = false;
      rules = ''
        allow id 1532:0241
      '';
    };

    zfs = {
      trim.enable = true;
      autoScrub.enable = true;
    };

    zerotierone = {
      enable = true;
      joinNetworks = [
        "e4da7455b2ae64ca"
        "52b337794f23c1d4"
      ];
    };
  };

  system.stateVersion = "23.11";
}
Feature/adding jeeves (#112) * Feature/factorio (#109) * add factorio * add factorio server * add new user * fixed typo * jeeves base * allow jeeves to be built into an ISO Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * server-side fixes * Disable sops on jeeves temporarily Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix flake.nix inputs Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add sops for jeeves * update jeeves age key Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * efi variables fix? Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * updating sops * remove alice Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove richie Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * usbguard :( Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove iso from image Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add alice zt * restore home-manager Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix comment Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add jeeves key Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * restore original config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * revert canTouchEfiVariables keeping it in line with other servers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * removed working-config.nix * Get rid of dummy user Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * update lock Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * added plex * initial format Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * removed lib.mkDefault from PermitRootLogin --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> Co-authored-by: Richie Cahill <richie@tmmworkshop.com> 2024-03-17 21:55:48 -04:00			`{ pkgs, lib, ... }:`
			`{`
central locale setting 2024-04-10 17:26:41 -04:00
Feature/adding jeeves (#112) * Feature/factorio (#109) * add factorio * add factorio server * add new user * fixed typo * jeeves base * allow jeeves to be built into an ISO Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * server-side fixes * Disable sops on jeeves temporarily Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix flake.nix inputs Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add sops for jeeves * update jeeves age key Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * efi variables fix? Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * updating sops * remove alice Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove richie Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * usbguard :( Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * remove iso from image Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add alice zt * restore home-manager Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * fix comment Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * add jeeves key Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * restore original config Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * revert canTouchEfiVariables keeping it in line with other servers Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * removed working-config.nix * Get rid of dummy user Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * update lock Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * added plex * initial format Signed-off-by: ahuston-0 <aliceghuston@gmail.com> * removed lib.mkDefault from PermitRootLogin --------- Signed-off-by: ahuston-0 <aliceghuston@gmail.com> Co-authored-by: Dennis <52411861+DerDennisOP@users.noreply.github.com> Co-authored-by: Richie Cahill <richie@tmmworkshop.com> 2024-03-17 21:55:48 -04:00			`console.keyMap = "us";`
			`networking = {`
			`hostId = "1beb3027";`
			`firewall.enable = false;`
			`};`

			`boot = {`
			`zfs.extraPools = [`
			`"Media"`
			`"Storage"`
			`"Torenting"`
			`];`
			`filesystem = "zfs";`
			`useSystemdBoot = true;`
			`};`

			`virtualisation = {`
			`docker = {`
			`enable = true;`
			`recommendedDefaults = true;`
			`logDriver = "local";`
			`storageDriver = "overlay2";`
			`daemon."settings" = {`
			`experimental = true;`
			`data-root = "/var/lib/docker";`
			`exec-opts = [ "native.cgroupdriver=systemd" ];`
			`log-opts = {`
			`max-size = "10m";`
			`max-file = "5";`
			`};`
			`};`
			`};`

			`podman = {`
			`enable = true;`
			`recommendedDefaults = true;`
			`};`
			`};`

			`environment = {`
			`systemPackages = with pkgs; [ docker-compose ];`
			`etc = {`
			`# Creates /etc/lynis/custom.prf`
			`"lynis/custom.prf" = {`
			`text = ''`
			`skip-test=BANN-7126`
			`skip-test=BANN-7130`
			`skip-test=DEB-0520`
			`skip-test=DEB-0810`
			`skip-test=FIRE-4513`
			`skip-test=HRDN-7222`
			`skip-test=KRNL-5820`
			`skip-test=LOGG-2190`
			`skip-test=LYNIS`
			`skip-test=TOOL-5002`
			`'';`
			`mode = "0440";`
			`};`
			`};`
			`};`

			`services = {`
			`nfs.server.enable = true;`

			`openssh.ports = [ 629 ];`

			`plex = {`
			`enable = true;`
			`dataDir = "/ZFS/Media/Plex/";`
			`};`

			`smartd.enable = true;`

			`sysstat.enable = true;`

			`usbguard = {`
			`enable = false;`
			`rules = ''`
			`allow id 1532:0241`
			`'';`
			`};`

			`zfs = {`
			`trim.enable = true;`
			`autoScrub.enable = true;`
			`};`

			`zerotierone = {`
			`enable = true;`
			`joinNetworks = [`
			`"e4da7455b2ae64ca"`
			`"52b337794f23c1d4"`
			`];`
			`};`
			`};`

			`system.stateVersion = "23.11";`
			`}`