nixcfg/systems/x86_64-linux/mx/default.nix

{ pkgs, lib, ... }:
{
  imports = [
    ./hardware-configuration.nix
    ./rspamd.nix
    # ./goaccess.nix
    ./nextcloud.nix
    ./backup.nix
    ./users.nix
    ./kicker.nix
    ./mailserver.nix
    ./acme.nix
    ./forgejo.nix
    ./nginx.nix
    ./network.nix
  ];

  metacfg = {
    base.enable = true;
    nix.enable = true;
    podman.enable = true;
    secureboot.enable = false;
  };

  security = {
    tpm2.enable = lib.mkDefault true;
    tpm2.abrmd.enable = lib.mkDefault true;
  };

  system.autoUpgrade = {
    enable = true;
    dates = "04:00";
    operation = "switch";
    allowReboot = true;
    flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
  };

  nix.gc = {
    dates = "daily";
    options = "--delete-older-than 7d";
  };

  programs.git.config.safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";

  environment.systemPackages = with pkgs; [
    age
    apacheHttpd # for mkpasswd
    efibootmgr
    fgallery
    git
    htop
    mdadm
    rrsync
    tpm2-pkcs11
    tpm2-pkcs11.out
    tpm2-tools
    zola
  ];

  sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];

  services.openssh = {
    enable = true;
    hostKeys = [
      {
        path = "/var/lib/secrets/ssh_host_ed25519_key";
        type = "ed25519";
      }
      {
        path = "/var/lib/secrets/ssh_host_rsa_key";
        type = "rsa";
        bits = 4096;
      }
    ];
  };

  systemd.services = {
    check_boot = {
      serviceConfig = {
        Type = "oneshot";
        Environment = "PATH=/run/current-system/sw/bin";
        ExecStart = toString (
          pkgs.writeShellScript "check_boot.sh" ''
            CURRENT=$(df /boot | grep /boot | awk '{ print $5}' | sed 's/%//g')
            THRESHOLD=85

            if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
                ${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
            Your /boot partition remaining free space is critically low. Used: $CURRENT%
            EOF
            fi
          ''
        );
      };
      wantedBy = [ "default.target" ];
    };
  };

  systemd.timers = {
    check_boot = {
      timerConfig = {
        OnCalendar = "daily";
      };
      wantedBy = [ "timers.target" ];
    };
  };

  systemd.services = {
    check_root = {
      serviceConfig = {
        Type = "oneshot";
        Environment = "PATH=/run/current-system/sw/bin";
        ExecStart = toString (
          pkgs.writeShellScript "check_root.sh" ''
            CURRENT=$(df / | grep / | awk '{ print $5}' | sed 's/%//g')
            THRESHOLD=85

            if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
                ${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
            Your root partition remaining free space is critically low. Used: $CURRENT%
            EOF
            fi
          ''
        );
      };
      wantedBy = [ "default.target" ];
    };
  };

  systemd.timers = {
    check_root = {
      timerConfig = {
        OnCalendar = "daily";
      };
      wantedBy = [ "timers.target" ];
    };
  };

  system.stateVersion = "23.05";
}
A new start 2024-03-21 15:00:36 +01:00			`{ pkgs, lib, ... }:`
			`{`
			`imports = [`
			`./hardware-configuration.nix`
			`./rspamd.nix`
feat: Comment out goaccess in mx/default.nix The goaccess.nix import has been commented out in the mx/default.nix file. This change signifies that the goaccess feature is currently not being utilized or is under maintenance. 2024-06-27 16:18:37 +02:00			`# ./goaccess.nix`
A new start 2024-03-21 15:00:36 +01:00			`./nextcloud.nix`
			`./backup.nix`
			`./users.nix`
			`./kicker.nix`
			`./mailserver.nix`
			`./acme.nix`
			`./forgejo.nix`
			`./nginx.nix`
			`./network.nix`
			`];`

			`metacfg = {`
			`base.enable = true;`
			`nix.enable = true;`
			`podman.enable = true;`
			`secureboot.enable = false;`
			`};`

			`security = {`
			`tpm2.enable = lib.mkDefault true;`
			`tpm2.abrmd.enable = lib.mkDefault true;`
			`};`

			`system.autoUpgrade = {`
			`enable = true;`
			`dates = "04:00";`
			`operation = "switch";`
			`allowReboot = true;`
			`flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";`
			`};`

fix: replace gc with nix.gc for mx 2024-06-25 10:39:55 +02:00			`nix.gc = {`
feat: Update garbage collection options Adjust default garbage collection intervals and retention periods. Set default GC to run weekly and retain 14 days on nixos module and to run daily and retain 7 days on the 64-linux module. Signed-off-by: Harald Hoyer <harald@hoyer.xyz> 2024-06-25 10:09:51 +02:00			`dates = "daily";`
			`options = "--delete-older-than 7d";`
			`};`

feat: Add git safe directory to system config This commit adds a git safe directory to the system config. This is to ensure that the git configurations are securely stored in "/var/lib/gitea/repositories/harald/nixcfg.git". 2024-06-12 10:41:52 +02:00			`programs.git.config.safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";`

A new start 2024-03-21 15:00:36 +01:00			`environment.systemPackages = with pkgs; [`
			`age`
			`apacheHttpd # for mkpasswd`
			`efibootmgr`
			`fgallery`
			`git`
			`htop`
			`mdadm`
			`rrsync`
			`tpm2-pkcs11`
			`tpm2-pkcs11.out`
			`tpm2-tools`
			`zola`
			`];`

			`sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];`

			`services.openssh = {`
			`enable = true;`
			`hostKeys = [`
			`{`
			`path = "/var/lib/secrets/ssh_host_ed25519_key";`
			`type = "ed25519";`
			`}`
			`{`
			`path = "/var/lib/secrets/ssh_host_rsa_key";`
			`type = "rsa";`
			`bits = 4096;`
			`}`
			`];`
			`};`

feat: Add systemd service to monitor boot disk space This commit introduces a new systemd service that runs daily to check the disk usage of the /boot partition. If utilization exceeds a set threshold, it triggers a warning email. This will ensure prompt alerts on critically low boot disk space, helping in maintaining a stable system. 2024-05-17 16:29:30 +02:00			`systemd.services = {`
			`check_boot = {`
			`serviceConfig = {`
			`Type = "oneshot";`
			`Environment = "PATH=/run/current-system/sw/bin";`
			`ExecStart = toString (`
			`pkgs.writeShellScript "check_boot.sh" ''`
			`CURRENT=$(df /boot \| grep /boot \| awk '{ print $5}' \| sed 's/%//g')`
			`THRESHOLD=85`

			`if [ "$CURRENT" -gt "$THRESHOLD" ] ; then`
			`${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF`
			`Your /boot partition remaining free space is critically low. Used: $CURRENT%`
			`EOF`
			`fi`
			`''`
			`);`
			`};`
			`wantedBy = [ "default.target" ];`
			`};`
			`};`

			`systemd.timers = {`
			`check_boot = {`
			`timerConfig = {`
			`OnCalendar = "daily";`
			`};`
			`wantedBy = [ "timers.target" ];`
			`};`
			`};`

feat(systemd): add check_root service and timer A new systemd service, `check_root`, has been added which checks disk usage of the root directory. If usage exceeds 85%, an email alert is sent. In addition to this service, a corresponding systemd timer is added to trigger this check daily. 2024-05-17 16:58:44 +02:00			`systemd.services = {`
			`check_root = {`
			`serviceConfig = {`
			`Type = "oneshot";`
			`Environment = "PATH=/run/current-system/sw/bin";`
			`ExecStart = toString (`
			`pkgs.writeShellScript "check_root.sh" ''`
			`CURRENT=$(df / \| grep / \| awk '{ print $5}' \| sed 's/%//g')`
			`THRESHOLD=85`

			`if [ "$CURRENT" -gt "$THRESHOLD" ] ; then`
			`${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF`
			`Your root partition remaining free space is critically low. Used: $CURRENT%`
			`EOF`
			`fi`
			`''`
			`);`
			`};`
			`wantedBy = [ "default.target" ];`
			`};`
			`};`

			`systemd.timers = {`
			`check_root = {`
			`timerConfig = {`
			`OnCalendar = "daily";`
			`};`
			`wantedBy = [ "timers.target" ];`
			`};`
			`};`

A new start 2024-03-21 15:00:36 +01:00			`system.stateVersion = "23.05";`
			`}`