rhelmot
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/sites/daisy/configuration.nix

178 lines
4.8 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ../../configuration-desktop.nix ];
boot.initrd.supportedFilesystems = [ "zfs" ];
boot.initrd.systemd.enable = true;
services.zfs.autoScrub.enable = true;
services.zfs.trim.enable = true;
# fstrim is also enabled by nixos-hardware, but only runs for /boot
#services.fprintd.enable = true;
# fix hang on initial login
#security.pam.services.login.fprintAuth = false;
networking.hostName = "daisy";
networking.hostId = "293a1290";
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 80 443 1337 1338 8081 2222 ];
networking.firewall.allowedUDPPorts = [ 1337 ];
system.stateVersion = "24.11";
#services.immich.enable = true;
hardware.ipu6 = {
enable = true;
platform = "ipu6ep";
};
# not sure when this commit will reach upstream
boot.kernelPackages = pkgs.linuxPackages_latest.extend ( self: super: {
ipu6-drivers = super.ipu6-drivers.overrideAttrs (
final: previous: rec {
src = builtins.fetchGit {
url = "https://github.com/intel/ipu6-drivers.git";
ref = "master";
rev = "b4ba63df5922150ec14ef7f202b3589896e0301a";
};
patches = [
"${src}/patches/0001-v6.10-IPU6-headers-used-by-PSYS.patch"
] ;
}
);
} );
environment.systemPackages = [
pkgs.idapro9
pkgs.qemu_kvm
(pkgs.runCommand "OVMF-fd" {} ''
mkdir -p $out/share/FV
ln -s ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd $out/share/FV/OVMF_CODE.fd
'')
pkgs.OVMF.fd
];
services.tailscale = {
enable = true;
openFirewall = true;
};
#services.influxdb2 = {
# enable = true;
# provision = {
# enable = true;
# initialSetup = {
# organization = "default";
# bucket = "default";
# passwordFile = "/var/lib/influxdb2-secrets/admin.password";
# tokenFile = "/var/lib/influxdb2-secrets/admin.token";
# };
# organizations.shellphish = {
# buckets.logs = { };
# buckets.metrics = { };
# auths.sometoken = {
# tokenFile = "/var/lib/influxdb2-secrets/shellphish.token";
# readBuckets = [ "logs" "metrics" ];
# writeBuckets = [ "logs" "metrics" ];
# };
# };
# #users.someuser.passwordFile = pkgs.writeText "tmp-pw" "abcgoiuhaoga";
# };
# settings.http-bind-address = "127.0.0.1:8086";
#};
#services.grafana = {
# enable = true;
#};
#services.vector = {
# enable = true;
# journaldAccess = true;
# settings = {
# sources.system_logs.type = "journald";
# sources.system_metrics = {
# type = "host_metrics";
# filesystem.mountpoints.excludes = [
# "/run*"
# "/dev*"
# "/sys*"
# "/proc*"
# ];
# };
# transforms.transformed_logs = {
# type = "remap";
# inputs = [ "system_logs" ];
# source = ''
# tmp = .
# del(.)
# .message = tmp.message
# .timestamp = tmp.timestamp
# .unit = tmp._SYSTEMD_UNIT
# del(tmp.message)
# .payload = tmp
# '';
# };
# sinks.db_logs = {
# type = "influxdb_logs";
# inputs = [ "transformed_logs" ];
# org = "shellphish";
# token = "48da0c6c524bf0c9291272a3c2a029d1";
# bucket = "logs";
# endpoint = "http://localhost:8086/";
# tags = [ "unit" ];
# measurement = "journald";
# };
# sinks.db_metrics = {
# type = "influxdb_metrics";
# inputs = [ "system_metrics" ];
# org = "shellphish";
# token = "48da0c6c524bf0c9291272a3c2a029d1";
# bucket = "metrics";
# endpoint = "http://localhost:8086/";
# };
# };
#};
#networking.extraHosts = ''
# 127.0.0.1 celestebingo
# 127.0.0.1 sockets-celestebingo
#'';
#programs.celestegame = {
# enable = true;
# withEverest = true;
# withOlympus = true;
# writableDir = "/var/lib/celeste";
#};
#services.postgresql.package = pkgs.postgresql_17_jit;
#services.tulip = {
# enable = true;
# nginxHost = "tulip";
# servicesFile = "/var/lib/tulip/services.txt";
# sslKeyLogFile = "/var/lib/tulip/sslkeylog";
# convertersDir = "/var/lib/tulip/converters";
# convertersPython = "/var/lib/tulip/converters/.venv/bin/python";
# convertersProcesses = 8;
# ctf = {
# flagRegex = "flag\\{[[:digit:]]{6}_[[:digit:]]{6}\\}";
# tickStart = "2025-08-05T19:00:00Z";
# tickLength = 120 * 1000;
# vulnboxIp = "fd00:1337:1312:100::7";
# };
#};
#systemd.services.tulip-assembler.path = with pkgs; [bash];
##shellphish.ubuntuEnclave.enable = true;
#services.noscope = {
# enable = true;
# nginxHost = "noscope";
#};
}
Reference in New Issue View Git Blame Copy Permalink