2024-11-20 05:46:39 +01:00
|
|
|
{ pkgs, ... }:
|
2024-11-20 05:46:39 +01:00
|
|
|
{
|
|
|
|
|
imports = [
|
2024-11-20 05:46:39 +01:00
|
|
|
./prometheus-node-exporter.nix
|
2024-11-20 05:46:39 +01:00
|
|
|
./nginx.nix
|
2024-11-20 05:46:39 +01:00
|
|
|
../../users/colmena-deploy
|
2024-11-20 05:46:39 +01:00
|
|
|
../../users/yuri
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
|
|
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
|
console = {
|
|
|
|
|
keyMap = "de-latin1";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
|
|
|
|
|
|
nix.settings = {
|
2024-11-20 05:46:39 +01:00
|
|
|
trusted-users = [ "colmena-deploy" ];
|
2024-11-20 05:46:39 +01:00
|
|
|
auto-optimise-store = true;
|
|
|
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nix.gc = {
|
|
|
|
|
automatic = true;
|
|
|
|
|
dates = "weekly";
|
|
|
|
|
options = "--delete-older-than 30d";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
htop
|
|
|
|
|
parted
|
|
|
|
|
tmux
|
|
|
|
|
nano
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
2024-11-20 05:46:39 +01:00
|
|
|
openFirewall = true;
|
2024-11-20 05:46:39 +01:00
|
|
|
settings = {
|
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
|
KbdInteractiveAuthentication = false;
|
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-11-20 05:46:39 +01:00
|
|
|
security.acme = {
|
|
|
|
|
defaults.email = "acme@grzb.de";
|
|
|
|
|
acceptTerms = true;
|
2024-11-20 05:46:39 +01:00
|
|
|
preliminarySelfsigned = true;
|
2024-11-20 05:46:39 +01:00
|
|
|
};
|
|
|
|
|
|
2024-11-20 05:46:39 +01:00
|
|
|
services.fstrim.enable = true;
|
|
|
|
|
}
|
