Commit 84975ccafd72
systems/kobe/boot.nix
@@ -28,6 +28,7 @@
keyFile = "/dev/disk/by-id/mmc-SDC_0x00011fd6";
keyFileSize = 4096;
};
+ initrd.systemd.enableTpm2 = lib.mkForce false;
blacklistedKernelModules = [
"sierra_net" # sierra wireless modules
systems/kobe/extra.nix
@@ -2,21 +2,38 @@
{
imports = [
../common/services/prometheus-exporters-node.nix
+ ../common/services/containers.nix
+ ../common/services/docker.nix
+ ../common/services/lxd.nix
];
# networking.firewall.enable = false;
services = {
+ logind.extraConfig = ''
+ HandleLidSwitch=ignore
+ HandleLidSwitchExternalPower=ignore
+ HandleLidSwitchDocked=ignore
+ '';
wireguard = {
enable = true;
ips = globals.fn.wg-ips globals.machines.kobe.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
+ ollama = {
+ enable = true;
+ # acceleration = "cuda"; # no nivida :D
+ };
+ smartd = {
+ enable = true;
+ devices = [ { device = "/dev/nvme0n1"; } ];
+ };
};
# TODO: could be enable by default for all ?
security.pam.enableSSHAgentAuth = true;
security.apparmor.enable = true;
+ # security.tpm2.enable = lib.mkForce false;
}