nix-config/hosts/lb/default.nix

107 lines
2.1 KiB
Nix

{ config, pkgs, impermanence, ... }:
{
imports = [
../../hardware-configuration/lb.nix
../../common
];
boot.loader = {
grub.enable = false;
raspberryPi = {
enable = true;
version = 3;
firmwareConfig = ''
gpu_mem=16
'';
};
};
boot.readOnlyNixStore = true;
boot.kernelParams = [ "console=tty1" ];
boot.tmp.cleanOnBoot = true;
fileSystems = {
"/" = {
device = "tmpfs";
fsType = "tmpfs";
options = [ "size=500M" "mode=755" ];
};
"/boot" = {
device = "/dev/mmcblk0p1";
fsType = "vfat";
options = [ "ro" ];
};
"/nix" = {
device = "/dev/mmcblk0p2";
fsType = "ext4";
};
"/state" = {
device = "/dev/mmcblk0p3";
fsType = "btrfs";
options = [ "subvol=state" "compress=zstd" "ro" ];
neededForBoot = true;
};
"/mnt/btr_pool" = {
device = "/dev/mmcblk0p3";
fsType = "btrfs";
options = [ "subvolid=5" "compress=zstd" ];
};
"/mnt/data" = {
device = "/dev/mmcblk0p3";
fsType = "btrfs";
options = [ "subvol=data" "compress=zstd" ];
};
"/srv/certs" = {
device = "/dev/mmcblk0p3";
fsType = "btrfs";
options = [ "subvol=certs" "compress=zstd" ];
};
};
swapDevices = [ ];
environment.persistence."/state" = {
files = [
"/etc/machine-id"
"/etc/nix/id_rsa"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_ed25519_key-cert.pub"
"/etc/ssh/user_ca.pub"
"/etc/nixos"
];
};
networking.hostName = "lb";
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
virtualHosts = {
"homer.monotremata.xyz" = {
sslCertificate = "/srv/certs/acme/monotremata.xyz/fullchain.pem";
sslCertificateKey = "/srv/certs/acme/monotremata.xyz/key.pem";
addSSL = true;
onlySSL = true;
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
proxyPass = "http://narwhal:8020/";
};
};
};
};
system.stateVersion = "23.05";
}