{ config, pkgs, lib, ... }: let secrets = import ./secrets.nix; in { imports = [ ./hardware-configuration.nix ./mastodon.nix ]; boot.loader = { efi.canTouchEfiVariables = true; grub = { enable = true; efiSupport = true; device = "nodev"; mirroredBoots = [{ devices = [ "nodev" ]; path = "/boot-fallback"; }]; }; }; networking = { hostName = "lor-sh"; hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id")); useDHCP = false; interfaces.eno1 = { ipv4 = secrets.ipv4; ipv6 = secrets.ipv6; }; nameservers = [ "1.1.1.1" ]; firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; }; }; users.extraUsers.root = { openssh.authorizedKeys.keys = secrets.pubkeys; }; services.openssh.enable = true; environment.systemPackages = with pkgs; [ vim htop git tmux ]; services.postgresql.settings = { max_connections = "512"; shared_buffers = "4096MB"; }; security.acme = { acceptTerms = true; defaults.email = secrets.letsencryptEmail; }; services.zfs = { autoScrub.enable = true; trim.enable = true; }; time.timeZone = "UTC"; system.autoUpgrade = { enable = true; allowReboot = true; }; system.stateVersion = "22.11"; nix = { optimise.automatic = true; gc = { automatic = true; options = "--delete-older-than 7d"; }; }; }