97 lines
2.4 KiB
Nix
97 lines
2.4 KiB
Nix
# sudo nixos-rebuild switch --flake .#nix-builder --target-host root@192.168.3.118
|
|
# or
|
|
# deploy .#builder
|
|
{ config, pkgs, ... }:
|
|
|
|
{
|
|
imports = [ ./hardware-configuration.nix ];
|
|
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.device = "/dev/sda";
|
|
|
|
# Emulated systems used as alternative to cross-compiling
|
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
|
|
|
networking.hostName = "nix-builder";
|
|
networking.networkmanager.enable = true;
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
modules = {
|
|
keymap.enable = true;
|
|
locales.enable = true;
|
|
};
|
|
|
|
users.users.nix = {
|
|
isNormalUser = true;
|
|
description = "Nix";
|
|
extraGroups = [
|
|
"networkmanager"
|
|
"wheel"
|
|
];
|
|
};
|
|
|
|
nix.settings.trusted-users = [ "@wheel" ];
|
|
nix.settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
|
|
# Setup binary caches
|
|
nix.settings = {
|
|
substituters = [
|
|
"https://nix-community.cachix.org"
|
|
"https://cache.nixos.org/"
|
|
];
|
|
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
|
|
};
|
|
|
|
# optimize store by hardlinking store files
|
|
nix.optimise.automatic = true;
|
|
nix.optimise.dates = [ "03:15" ];
|
|
|
|
nix.gc.automatic = true;
|
|
nix.gc.dates = "weekly";
|
|
nix.gc.options = "--delete-older-than 30d";
|
|
|
|
# Garbage collect up to 30 GiB when only 5 GiB storage left
|
|
nix.extraOptions = ''
|
|
min-free = ${toString (5 * 1024 * 1024 * 1024)}
|
|
max-free = ${toString (30 * 1024 * 1024 * 1024)}
|
|
min-free-check-interval = 60
|
|
'';
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
htop
|
|
mc
|
|
];
|
|
|
|
# services.ollama = {
|
|
# enable = true;
|
|
# acceleration = "cuda";
|
|
# };
|
|
services.open-webui = {
|
|
enable = true;
|
|
port = 8080;
|
|
openFirewall = true;
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
# require public key authentication for better security
|
|
settings.PasswordAuthentication = false;
|
|
settings.KbdInteractiveAuthentication = false;
|
|
settings.PermitRootLogin = "yes";
|
|
};
|
|
users.users."root".openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
|
|
];
|
|
|
|
# security.pam.sshAgentAuth.enable = true; # enable sudo via ssh
|
|
|
|
# ======================== DO NOT CHANGE THIS ========================
|
|
system.stateVersion = "23.11";
|
|
# ======================== DO NOT CHANGE THIS ========================
|
|
}
|