107 lines
2.1 KiB
Nix
107 lines
2.1 KiB
Nix
|
{ config, pkgs, impermanence, ... }:
|
||
|
|
||
|
{
|
||
|
imports = [
|
||
|
./hardware-configuration/lb.nix
|
||
|
../common
|
||
|
];
|
||
|
|
||
|
boot.loader = {
|
||
|
grub.enable = false;
|
||
|
raspberryPi = {
|
||
|
enable = true;
|
||
|
version = 3;
|
||
|
firmwareConfig = ''
|
||
|
gpu_mem=16
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
boot.readOnlyNixStore = true;
|
||
|
boot.kernelParams = [ "console=tty1" ];
|
||
|
boot.tmp.cleanOnBoot = true;
|
||
|
|
||
|
fileSystems = {
|
||
|
|
||
|
"/" = {
|
||
|
device = "tmpfs";
|
||
|
fsType = "tmpfs";
|
||
|
options = [ "size=500M" "mode=755" ];
|
||
|
};
|
||
|
|
||
|
"/boot" = {
|
||
|
device = "/dev/mmcblk0p1";
|
||
|
fsType = "vfat";
|
||
|
options = [ "ro" ];
|
||
|
};
|
||
|
|
||
|
"/nix" = {
|
||
|
device = "/dev/mmcblk0p2";
|
||
|
fsType = "ext4";
|
||
|
};
|
||
|
|
||
|
"/state" = {
|
||
|
device = "/dev/mmcblk0p3";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=state" "compress=zstd" "ro" ];
|
||
|
neededForBoot = true;
|
||
|
};
|
||
|
|
||
|
"/mnt/btr_pool" = {
|
||
|
device = "/dev/mmcblk0p3";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvolid=5" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
"/mnt/data" = {
|
||
|
device = "/dev/mmcblk0p3";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=data" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
"/srv/certs" = {
|
||
|
device = "/dev/mmcblk0p3";
|
||
|
fsType = "btrfs";
|
||
|
options = [ "subvol=certs" "compress=zstd" ];
|
||
|
};
|
||
|
|
||
|
};
|
||
|
|
||
|
swapDevices = [ ];
|
||
|
|
||
|
environment.persistence."/state" = {
|
||
|
files = [
|
||
|
"/etc/machine-id"
|
||
|
"/etc/nix/id_rsa"
|
||
|
"/etc/ssh/ssh_host_ed25519_key"
|
||
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||
|
"/etc/ssh/ssh_host_ed25519_key-cert.pub"
|
||
|
"/etc/ssh/user_ca.pub"
|
||
|
"/etc/nixos"
|
||
|
];
|
||
|
};
|
||
|
|
||
|
networking.hostName = "lb";
|
||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||
|
|
||
|
services.nginx = {
|
||
|
enable = true;
|
||
|
virtualHosts = {
|
||
|
|
||
|
"homer.monotremata.xyz" = {
|
||
|
sslCertificate = "/srv/certs/acme/monotremata.xyz/fullchain.pem";
|
||
|
sslCertificateKey = "/srv/certs/acme/monotremata.xyz/key.pem";
|
||
|
addSSL = true;
|
||
|
onlySSL = true;
|
||
|
locations."/" = {
|
||
|
recommendedProxySettings = true;
|
||
|
proxyWebsockets = true;
|
||
|
proxyPass = "http://narwhal:8020/";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
};
|
||
|
};
|
||
|
|
||
|
system.stateVersion = "23.05";
|
||
|
}
|