servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Added tako

Browse Source
This commit is contained in:
uttarayan21
2025-11-26 18:15:12 +05:30
parent 58594d582b
commit b5399c5cc8
51 changed files with 1922 additions and 4307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

186
nixos/tako/configuration.nix Normal file
View File

@@ -0,0 +1,186 @@
{
config,
pkgs,
device,
...
}: {
imports = [
# Include the results of the hardware scan.
./services
./tako.nix
# ./docker.nix
];
virtualisation.docker.enable = true;
# virtualisation.podman = {
# enable = true;
# dockerSocket.enable = true;
# defaultNetwork.dnsname.enable = true;
# };
users.extraUsers.${device.user}.extraGroups = ["docker"];
environment.systemPackages = with pkgs; [
arion
];
security.sudo.wheelNeedsPassword = false;
sops = {
secrets."builder/tako/cache/private" = {};
secrets.users = {
sopsFile = ../../secrets/users.yaml;
format = "yaml";
key = "";
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nix = {
settings = {
max-jobs = 1;
cores = 8;
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "fs0c131y" "remotebuilder"];
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
# "https://sh.darksailor.dev"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# "tako:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="
];
};
extraOptions = ''
build-users-group = nixbld
extra-nix-path = nixpkgs=flake:nixpkgs
builders-use-substitutes = true
secret-key-files = ${config.sops.secrets."builder/tako/cache/private".path}
'';
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 5d";
};
package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32
distributedBuilds = true;
};
users.users.fs0c131y = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "media"];
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
../../secrets/id_ios.pub
];
};
users.users.remotebuilder = {
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
];
};
users.groups.media = {};
nixpkgs.config.allowUnfree = true;
networking.hostName = "tako"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Helsinki";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22 80 443];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}