-
Notifications
You must be signed in to change notification settings - Fork 4
/
configuration.nix
78 lines (70 loc) · 1.77 KB
/
configuration.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{
config,
pkgs,
outputs,
inputs,
...
}: {
imports = [
./hardware-configuration.nix
./acme.nix
./quassel.nix
../../modules/nixpkgs.nix
../../modules/nix.nix
../../users
inputs.agenix.nixosModules.default
outputs.nixosModules.vpn
];
networking = {
hostName = "altaria";
domain = "fzakaria.com";
};
age.secrets = {
"github-runner.token" = {
file = ../../users/fmzakari/secrets/github-runner.token.age;
};
};
security = {
sudo = {
enable = true;
wheelNeedsPassword = false;
};
};
services = {
# Enable the tailscale VPN
vpn.enable = true;
# Register a single GitHub Runner for our CI
github-runners.${config.networking.hostName} = {
enable = true;
ephemeral = true;
replace = true;
tokenFile = config.age.secrets."github-runner.token".path;
url = "https://github.com/fzakaria/nix-home";
extraLabels = [pkgs.system];
extraPackages = with pkgs; [cachix];
};
prometheus = {
exporters = {
node = {
enable = true;
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
# https://github.com/prometheus/node_exporter?tab=readme-ov-file#enabled-by-default
enabledCollectors = ["systemd" "processes"];
port = 9002;
};
};
};
openssh = {
enable = true;
startWhenNeeded = true;
banner = ''
Welcome to my EC2 instance. Happy hacking!
'';
settings = {
PasswordAuthentication = false;
};
};
};
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11";
}