61 lines
1.4 KiB
Nix
61 lines
1.4 KiB
Nix
# Edit this configuration file to define what should be installed on
|
||
# your system. Help is available in the configuration.nix(5) man page
|
||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||
|
||
{ config, pkgs, lib, flake-inputs, ... }:
|
||
|
||
{
|
||
networking.networkmanager.enable = false;
|
||
|
||
virtualisation = {
|
||
kvmgt.enable = true;
|
||
libvirtd = {
|
||
enable = true;
|
||
qemu = {
|
||
runAsRoot = true;
|
||
verbatimConfig = ''
|
||
cgroup_device_acl = ["/dev/kvmfr0", "/dev/kvm"]
|
||
'';
|
||
swtpm = {
|
||
enable = true;
|
||
};
|
||
};
|
||
};
|
||
containers = {
|
||
enable = true;
|
||
policy = {
|
||
default = [ { type = "insecureAcceptAnything"; } ];
|
||
transports = {
|
||
docker-daemon = {
|
||
"" = [ { type = "insecureAcceptAnything"; } ];
|
||
};
|
||
};
|
||
};
|
||
};
|
||
};
|
||
|
||
hardware.nvidia-container-toolkit.enable = true;
|
||
|
||
services.openssh.enable = true;
|
||
networking.firewall.enable = true;
|
||
|
||
environment.systemPackages = [ pkgs.nfs-utils ];
|
||
services.openiscsi = {
|
||
enable = true;
|
||
name = "${config.networking.hostName}-initiatorhost";
|
||
};
|
||
|
||
systemd.network.wait-online.enable = lib.mkDefault false;
|
||
networking.useDHCP = false;
|
||
#services.tcsd.enable = true;
|
||
|
||
security.sudo = {
|
||
enable = true;
|
||
extraRules = [
|
||
{ users = [ "%wheel" ];
|
||
commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ];
|
||
}
|
||
];
|
||
};
|
||
}
|