94 lines
2.2 KiB
Nix
94 lines
2.2 KiB
Nix
{ pkgs, lib, modulesPath, ... }: {
|
|
imports = [
|
|
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
|
#(fetchTarball "https://github.com/nix-community/nixos-vscode-server/tarball/master")
|
|
];
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
gitea-actions-runner
|
|
podman-compose # start group of containers for dev
|
|
podman-tui
|
|
dive
|
|
neovim
|
|
];
|
|
|
|
nix.settings.experimental-features = "nix-command flakes";
|
|
|
|
boot.isContainer = true;
|
|
|
|
virtualisation.containers.enable = true;
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
|
|
# Create a `docker` alias for podman, to use it as a drop-in replacement
|
|
dockerCompat = true;
|
|
|
|
# Required for containers under podman-compose to be able to talk to each other.
|
|
defaultNetwork.settings.dns_enabled = true;
|
|
};
|
|
};
|
|
|
|
|
|
# Set the system version
|
|
system.stateVersion = "unstable";
|
|
|
|
# add nameserver to be able to resolve names in local network
|
|
networking = {
|
|
nameservers = [ "192.168.1.1" ];
|
|
search = [ "lan" ];
|
|
domain = "lan";
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable OpenSSH
|
|
services.sshd.enable = true;
|
|
services.openssh.enable = true;
|
|
services.openssh.settings.PermitRootLogin = "yes";
|
|
|
|
# services.vscode-server.enable = true;
|
|
|
|
services.gitea-actions-runner.instances = {
|
|
runner1 = {
|
|
token = "Pxh7t6Ip39SFjWQyhCjb7xsRC73k5l3JY3jYYzzD";
|
|
url = "http://gitea.lan:80/";
|
|
name = "runner1";
|
|
enable = true;
|
|
labels = [ "ubuntu-latest:docker://ubuntu:latest" ];
|
|
};
|
|
};
|
|
|
|
|
|
# Don't use the host's nix-daemon
|
|
environment.variables.NIX_REMOTE = lib.mkForce "";
|
|
|
|
users.mutableUsers = false; #just activate temporarily to enforce user passwords are original as in this configuration
|
|
users.users.huntemann = {
|
|
isNormalUser = true;
|
|
# password = "hallo";
|
|
hashedPassword = "$y$j9T$hW.doX2GXbs.bfEjlD5B0/$pG0DPva0RvbG3V0gfWUVAXWDPlIiHzr8MmhCUJuVzG2";
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6LLy8IibZsCar/hC2U86lFTp4Of2YO+SMm69p+jh6k Marcus macbook"
|
|
];
|
|
|
|
|
|
extraGroups = [ "wheel" ];
|
|
};
|
|
|
|
security.sudo.extraRules = [
|
|
{
|
|
users = [ "huntemann" ];
|
|
commands = [
|
|
{
|
|
command = "ALL";
|
|
options = [ "NOPASSWD" ]; # Allows running all commands without a password
|
|
}
|
|
];
|
|
}
|
|
];
|
|
}
|