hosts/ivy/default.nix (view raw)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
{ inputs, pkgs, ... }:
{
imports = [
../common/default.nix
./hardware.nix
./ports.nix
./caddy
./services
inputs.tranquil.nixosModules.tranquil-pds
];
age.secrets.ivy-vaultwarden.file = ../../secrets/ivy/vaultwarden.age;
age.secrets.ivy-immich.file = ../../secrets/ivy/immich.age;
age.secrets.ivy-tranquil.file = ../../secrets/ivy/tranquil.age;
nix.settings.trusted-users = [
"root"
"@wheel"
"apr"
];
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
kernelPackages = pkgs.linuxPackages_latest;
};
networking = {
hostName = "ivy";
networkmanager.enable = true;
firewall = {
allowedTCPPorts = [
22
80
443
11434
5555
];
allowedUDPPorts = [ ];
enable = true;
};
};
security.sudo.wheelNeedsPassword = false;
users.users.apr.uid = 1000;
system.stateVersion = "25.11";
}
|