{ config, pkgs, device, ... }: { imports = [ # Include the results of the hardware scan. ./services ./mirai.nix # ./docker.nix ]; virtualisation.docker.enable = true; # virtualisation.podman = { # enable = true; # dockerSocket.enable = true; # defaultNetwork.dnsname.enable = true; # }; users.extraUsers.${device.user}.extraGroups = ["docker"]; environment.systemPackages = with pkgs; [ arion ]; security.sudo.wheelNeedsPassword = false; sops = { secrets."builder/mirai/cache/private" = {}; secrets.users = { sopsFile = ../../secrets/users.yaml; format = "yaml"; key = ""; }; }; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; nix = { settings = { max-jobs = 1; cores = 8; auto-optimise-store = true; extra-experimental-features = "nix-command flakes auto-allocate-uids"; trusted-users = [device.user "remotebuilder"]; trusted-substituters = [ "https://nix-community.cachix.org" "https://nixos-raspberrypi.cachix.org" # "https://sh.darksailor.dev" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" # "mirai:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM=" ]; }; extraOptions = '' build-users-group = nixbld extra-nix-path = nixpkgs=flake:nixpkgs builders-use-substitutes = true secret-key-files = ${config.sops.secrets."builder/mirai/cache/private".path} ''; gc = { automatic = true; dates = "daily"; options = "--delete-older-than 5d"; }; package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32 distributedBuilds = true; }; users.users.${device.user} = { isNormalUser = true; extraGroups = ["wheel" "docker" "media"]; openssh.authorizedKeys.keyFiles = [ ../../secrets/id_ed25519.pub ../../secrets/id_ios.pub ]; }; users.users.remotebuilder = { isNormalUser = true; openssh.authorizedKeys.keyFiles = [ ../../secrets/id_ed25519.pub ]; }; users.groups.media = {}; nixpkgs.config.allowUnfree = true; networking.hostName = "mirai"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "Europe/Helsinki"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. # i18n.defaultLocale = "en_US.UTF-8"; # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; # useXkbConfig = true; # use xkb.options in tty. # }; # Enable the X11 windowing system. # services.xserver.enable = true; # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; # Enable CUPS to print documents. # services.printing.enable = true; # Enable sound. # hardware.pulseaudio.enable = true; # OR # services.pipewire = { # enable = true; # pulse.enable = true; # }; # Enable touchpad support (enabled default in most desktopManager). # services.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. # users.users.alice = { # isNormalUser = true; # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. # packages = with pkgs; [ # firefox # tree # ]; # }; # List packages installed in system profile. To search, run: # $ nix search wget # environment.systemPackages = with pkgs; [ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # wget # ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; # programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; # }; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [22 80 443]; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # # Most users should NEVER change this value after the initial install, for any reason, # even if you've upgraded your system to a new NixOS release. # # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how # to actually do that. # # This value being lower than the current NixOS release does NOT mean your system is # out of date, out of support, or vulnerable. # # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, # and migrated your data accordingly. # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.11"; # Did you read the comment? }