75 lines
1.6 KiB
Nix
75 lines
1.6 KiB
Nix
{ pkgs, ... }:
|
|
{
|
|
imports = [
|
|
./prometheus-node-exporter.nix
|
|
./nginx.nix
|
|
../users/colmena-deploy
|
|
../users/yuri
|
|
];
|
|
|
|
time.timeZone = "Europe/Berlin";
|
|
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
console = {
|
|
keyMap = "de-latin1";
|
|
};
|
|
|
|
security.sudo.wheelNeedsPassword = false;
|
|
|
|
nix.settings = {
|
|
trusted-users = [ "colmena-deploy" ];
|
|
auto-optimise-store = true;
|
|
experimental-features = [ "nix-command" "flakes" ];
|
|
};
|
|
|
|
nix.gc = {
|
|
automatic = true;
|
|
dates = "weekly";
|
|
options = "--delete-older-than 30d";
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
htop
|
|
parted
|
|
tmux
|
|
nano
|
|
];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
settings = {
|
|
PasswordAuthentication = false;
|
|
KbdInteractiveAuthentication = false;
|
|
PermitRootLogin = "no";
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
defaults.email = "acme@grzb.de";
|
|
acceptTerms = true;
|
|
preliminarySelfsigned = true;
|
|
};
|
|
|
|
# Print the ed25519 public ssh host key to console when booting
|
|
systemd.units."print-public-ssh-host-key.service" = {
|
|
enable = true;
|
|
text = ''
|
|
[Unit]
|
|
Description=print-public-ssh-host-key.service
|
|
Before=getty@tty1.service
|
|
After=sshd.service
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/run/current-system/sw/bin/bash -c "/run/current-system/sw/bin/echo -e \"----- ED25519 PUBLIC SSH HOST KEY -----\
|
|
\n$(/run/current-system/sw/bin/cut -d ' ' -f 1-2 /etc/ssh/ssh_host_ed25519_key.pub)\""
|
|
RemainAfterExit=no
|
|
StandardOutput=tty
|
|
'';
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
|
|
services.fstrim.enable = true;
|
|
}
|