homelab framework module init (everything is a mess)

2025-07-28 02:05:13 +02:00 · 2025-07-28 02:05:13 +02:00 · bcbcc8b17b
commit bcbcc8b17b
parent 0347f4d325
94 changed files with 7289 additions and 436 deletions
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -0,0 +1,106 @@
+{
+  config,
+  lib,
+  pkgs,
+  inputs,
+  outputs,
+  ...
+}: {
+  imports = [
+    # Essential modules for all systems
+    inputs.sops-nix.nixosModules.sops
+    ../modules/homelab
+    # User configurations
+    ../users/plasmagoat.nix
+
+    # Secrets management
+    ../secrets
+  ];
+
+  # Colmena deployment defaults
+  deployment = {
+    targetHost = lib.mkDefault "${config.homelab.hostname}.${config.homelab.domain}";
+    tags = [config.nixpkgs.system config.networking.hostName];
+    replaceUnknownProfiles = lib.mkDefault true;
+    buildOnTarget = lib.mkDefault false;
+  };
+
+  # Basic system configuration that applies to ALL systems
+  nix = {
+    settings = {
+      experimental-features = ["nix-command" "flakes"];
+      auto-optimise-store = true;
+      allowed-users = ["@wheel"];
+      trusted-users = ["root" "@wheel"];
+    };
+
+    gc = {
+      automatic = true;
+      options = "--delete-older-than 15d";
+      dates = "daily";
+    };
+
+    optimise.automatic = true;
+
+    extraOptions = ''
+      keep-outputs = true
+      keep-derivations = true
+    '';
+  };
+
+  # Basic security
+  security.sudo.wheelNeedsPassword = false;
+
+  # SSH configuration
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      PasswordAuthentication = false;
+      PermitRootLogin = "prohibit-password";
+      KbdInteractiveAuthentication = false;
+    };
+  };
+
+  services.sshguard.enable = true;
+  programs.ssh.startAgent = true;
+
+  # Basic packages for all systems
+  environment.systemPackages = with pkgs; [
+    dig
+    nmap
+    traceroute
+    vim
+    git
+    curl
+    python3
+    htop
+    tree
+  ];
+
+  # Timezone and locale
+  time.timeZone = lib.mkDefault "Europe/Copenhagen";
+  console.keyMap = lib.mkDefault "dk-latin1";
+  i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
+
+  # System backup job (applies to all systems)
+  # homelab.global.backups.jobs = [
+  #   {
+  #     name = "system-config";
+  #     backend = "restic";
+  #     paths = [
+  #       "/etc/nixos"
+  #       "/etc/sops"
+  #       "/var/lib/nixos"
+  #     ];
+  #     schedule = "daily";
+  #     excludePatterns = [
+  #       "*/cache/*"
+  #       "*/tmp/*"
+  #     ];
+  #   }
+  # ];
+
+  # Default state version
+  system.stateVersion = lib.mkDefault "25.05";
+}