lor.sh/configuration.nix

85 lines
1.4 KiB
Nix

{ config, pkgs, lib, ... }:
let
secrets = import ./secrets.nix;
in {
imports = [
./hardware-configuration.nix
./mastodon.nix
];
boot.loader = {
efi.canTouchEfiVariables = true;
grub = {
enable = true;
efiSupport = true;
device = "nodev";
mirroredBoots = [{
devices = [ "nodev" ];
path = "/boot-fallback";
}];
};
};
networking = {
hostName = "lor-sh";
hostId = (builtins.substring 0 8 (builtins.readFile "/etc/machine-id"));
useDHCP = false;
interfaces.eno1 = {
ipv4 = secrets.ipv4;
ipv6 = secrets.ipv6;
};
nameservers = [ "1.1.1.1" ];
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
};
users.extraUsers.root = {
openssh.authorizedKeys.keys = secrets.pubkeys;
};
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
vim htop git
];
services.postgresql.settings = {
max_connections = "512";
shared_buffers = "4096MB";
};
security.acme = {
acceptTerms = true;
defaults.email = secrets.letsencryptEmail;
};
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
};
time.timeZone = "UTC";
system.autoUpgrade = {
enable = true;
allowReboot = true;
};
system.stateVersion = "22.11";
nix = {
optimise.automatic = true;
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
};
}