2023-01-09 13:13:56 +00:00
|
|
|
{ config, pkgs, lib, ... }:
|
2023-01-09 22:41:09 +00:00
|
|
|
|
2023-01-09 13:13:56 +00:00
|
|
|
let
|
|
|
|
secrets = import ./secrets.nix;
|
|
|
|
in {
|
|
|
|
imports = [
|
|
|
|
./hardware-configuration.nix
|
|
|
|
./mastodon.nix
|
|
|
|
];
|
|
|
|
|
|
|
|
boot.loader = {
|
|
|
|
efi.canTouchEfiVariables = true;
|
|
|
|
grub = {
|
|
|
|
enable = true;
|
|
|
|
efiSupport = true;
|
|
|
|
device = "nodev";
|
|
|
|
mirroredBoots = [{
|
|
|
|
devices = [ "nodev" ];
|
|
|
|
path = "/boot-fallback";
|
|
|
|
}];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
hostName = "lor-sh";
|
|
|
|
hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id"));
|
|
|
|
|
|
|
|
useDHCP = false;
|
|
|
|
|
|
|
|
interfaces.eno1 = {
|
|
|
|
ipv4 = secrets.ipv4;
|
|
|
|
ipv6 = secrets.ipv6;
|
|
|
|
};
|
|
|
|
|
|
|
|
nameservers = [ "1.1.1.1" ];
|
|
|
|
|
|
|
|
firewall = {
|
|
|
|
enable = true;
|
|
|
|
allowedTCPPorts = [ 80 443 ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
users.extraUsers.root = {
|
|
|
|
openssh.authorizedKeys.keys = secrets.pubkeys;
|
|
|
|
};
|
|
|
|
|
|
|
|
services.openssh.enable = true;
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
vim htop git
|
|
|
|
];
|
|
|
|
|
|
|
|
services.postgresql.settings = {
|
|
|
|
max_connections = "512";
|
|
|
|
shared_buffers = "4096MB";
|
|
|
|
};
|
|
|
|
|
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
defaults.email = secrets.letsencryptEmail;
|
|
|
|
};
|
|
|
|
|
2023-01-09 22:41:09 +00:00
|
|
|
services.zfs = {
|
|
|
|
autoScrub.enable = true;
|
|
|
|
trim.enable = true;
|
|
|
|
};
|
|
|
|
|
2023-01-09 13:13:56 +00:00
|
|
|
time.timeZone = "UTC";
|
|
|
|
|
|
|
|
system.autoUpgrade = {
|
|
|
|
enable = true;
|
|
|
|
allowReboot = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
system.stateVersion = "22.11";
|
|
|
|
|
|
|
|
nix = {
|
|
|
|
optimise.automatic = true;
|
|
|
|
gc = {
|
|
|
|
automatic = true;
|
|
|
|
options = "--delete-older-than 7d";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|