106 lines
2.2 KiB
Nix
106 lines
2.2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
inputs,
|
|
outputs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
# Essential modules for all systems
|
|
inputs.sops-nix.nixosModules.sops
|
|
../modules/homelab
|
|
# User configurations
|
|
../users/plasmagoat.nix
|
|
|
|
# Secrets management
|
|
../secrets
|
|
];
|
|
|
|
# Colmena deployment defaults
|
|
deployment = {
|
|
targetHost = lib.mkDefault "${config.homelab.hostname}.${config.homelab.domain}";
|
|
tags = [config.nixpkgs.system config.networking.hostName];
|
|
replaceUnknownProfiles = lib.mkDefault true;
|
|
buildOnTarget = lib.mkDefault false;
|
|
};
|
|
|
|
# Basic system configuration that applies to ALL systems
|
|
nix = {
|
|
settings = {
|
|
experimental-features = ["nix-command" "flakes"];
|
|
auto-optimise-store = true;
|
|
allowed-users = ["@wheel"];
|
|
trusted-users = ["root" "@wheel"];
|
|
};
|
|
|
|
gc = {
|
|
automatic = true;
|
|
options = "--delete-older-than 15d";
|
|
dates = "daily";
|
|
};
|
|
|
|
optimise.automatic = true;
|
|
|
|
extraOptions = ''
|
|
keep-outputs = true
|
|
keep-derivations = true
|
|
'';
|
|
};
|
|
|
|
# Basic security
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
# SSH configuration
|
|
services.openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
PermitRootLogin = "prohibit-password";
|
|
KbdInteractiveAuthentication = false;
|
|
};
|
|
};
|
|
|
|
services.sshguard.enable = true;
|
|
programs.ssh.startAgent = true;
|
|
|
|
# Basic packages for all systems
|
|
environment.systemPackages = with pkgs; [
|
|
dig
|
|
nmap
|
|
traceroute
|
|
vim
|
|
git
|
|
curl
|
|
python3
|
|
htop
|
|
tree
|
|
];
|
|
|
|
# Timezone and locale
|
|
time.timeZone = lib.mkDefault "Europe/Copenhagen";
|
|
console.keyMap = lib.mkDefault "dk-latin1";
|
|
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
|
|
|
|
# System backup job (applies to all systems)
|
|
# homelab.global.backups.jobs = [
|
|
# {
|
|
# name = "system-config";
|
|
# backend = "restic";
|
|
# paths = [
|
|
# "/etc/nixos"
|
|
# "/etc/sops"
|
|
# "/var/lib/nixos"
|
|
# ];
|
|
# schedule = "daily";
|
|
# excludePatterns = [
|
|
# "*/cache/*"
|
|
# "*/tmp/*"
|
|
# ];
|
|
# }
|
|
# ];
|
|
|
|
# Default state version
|
|
system.stateVersion = lib.mkDefault "25.05";
|
|
}
|