nixcfg/systems/x86_64-linux/mx/default.nix

{ pkgs, lib, ... }:
{
  imports = [
    ./hardware-configuration.nix
    ./rspamd.nix
    ./goaccess.nix
    ./nextcloud.nix
    ./backup.nix
    ./users.nix
    ./kicker.nix
    ./mailserver.nix
    ./acme.nix
    ./forgejo.nix
    ./nginx.nix
    ./network.nix
  ];

  metacfg = {
    base.enable = true;
    nix.enable = true;
    podman.enable = true;
    secureboot.enable = false;
  };

  security = {
    tpm2.enable = lib.mkDefault true;
    tpm2.abrmd.enable = lib.mkDefault true;
  };

  system.autoUpgrade = {
    enable = true;
    dates = "04:00";
    operation = "switch";
    allowReboot = true;
    flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
  };

  programs.git.config.safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
  programs.git.enable = true;

  environment.systemPackages = with pkgs; [
    age
    apacheHttpd # for mkpasswd
    efibootmgr
    fgallery
    git
    htop
    mdadm
    rrsync
    tpm2-pkcs11
    tpm2-pkcs11.out
    tpm2-tools
    zola
  ];

  sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];

  services.openssh = {
    enable = true;
    hostKeys = [
      {
        path = "/var/lib/secrets/ssh_host_ed25519_key";
        type = "ed25519";
      }
      {
        path = "/var/lib/secrets/ssh_host_rsa_key";
        type = "rsa";
        bits = 4096;
      }
    ];
  };

  systemd.services = {
    check_boot = {
      serviceConfig = {
        Type = "oneshot";
        Environment = "PATH=/run/current-system/sw/bin";
        ExecStart = toString (
          pkgs.writeShellScript "check_boot.sh" ''
            CURRENT=$(df /boot | grep /boot | awk '{ print $5}' | sed 's/%//g')
            THRESHOLD=85

            if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
                ${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
            Your /boot partition remaining free space is critically low. Used: $CURRENT%
            EOF
            fi
          ''
        );
      };
      wantedBy = [ "default.target" ];
    };
  };

  systemd.timers = {
    check_boot = {
      timerConfig = {
        OnCalendar = "daily";
      };
      wantedBy = [ "timers.target" ];
    };
  };

  systemd.services = {
    check_root = {
      serviceConfig = {
        Type = "oneshot";
        Environment = "PATH=/run/current-system/sw/bin";
        ExecStart = toString (
          pkgs.writeShellScript "check_root.sh" ''
            CURRENT=$(df / | grep / | awk '{ print $5}' | sed 's/%//g')
            THRESHOLD=85

            if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
                ${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
            Your root partition remaining free space is critically low. Used: $CURRENT%
            EOF
            fi
          ''
        );
      };
      wantedBy = [ "default.target" ];
    };
  };

  systemd.timers = {
    check_root = {
      timerConfig = {
        OnCalendar = "daily";
      };
      wantedBy = [ "timers.target" ];
    };
  };

  system.stateVersion = "23.05";
}
A new start 2024-03-21 15:00:36 +01:00			`{ pkgs, lib, ... }:`
			`{`
			`imports = [`
			`./hardware-configuration.nix`
			`./rspamd.nix`
			`./goaccess.nix`
			`./nextcloud.nix`
			`./backup.nix`
			`./users.nix`
			`./kicker.nix`
			`./mailserver.nix`
			`./acme.nix`
			`./forgejo.nix`
			`./nginx.nix`
			`./network.nix`
			`];`

			`metacfg = {`
			`base.enable = true;`
			`nix.enable = true;`
			`podman.enable = true;`
			`secureboot.enable = false;`
			`};`

			`security = {`
			`tpm2.enable = lib.mkDefault true;`
			`tpm2.abrmd.enable = lib.mkDefault true;`
			`};`

			`system.autoUpgrade = {`
			`enable = true;`
			`dates = "04:00";`
			`operation = "switch";`
			`allowReboot = true;`
			`flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";`
			`};`

feat: Add git safe directory to system config This commit adds a git safe directory to the system config. This is to ensure that the git configurations are securely stored in "/var/lib/gitea/repositories/harald/nixcfg.git". 2024-06-12 10:41:52 +02:00			`programs.git.config.safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";`
feat: Enable git program in mx The configuration file for the mx system has been updated to enable the git program. 2024-06-12 10:49:49 +02:00			`programs.git.enable = true;`
feat: Add git safe directory to system config This commit adds a git safe directory to the system config. This is to ensure that the git configurations are securely stored in "/var/lib/gitea/repositories/harald/nixcfg.git". 2024-06-12 10:41:52 +02:00
A new start 2024-03-21 15:00:36 +01:00			`environment.systemPackages = with pkgs; [`
			`age`
			`apacheHttpd # for mkpasswd`
			`efibootmgr`
			`fgallery`
			`git`
			`htop`
			`mdadm`
			`rrsync`
			`tpm2-pkcs11`
			`tpm2-pkcs11.out`
			`tpm2-tools`
			`zola`
			`];`

			`sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];`

			`services.openssh = {`
			`enable = true;`
			`hostKeys = [`
			`{`
			`path = "/var/lib/secrets/ssh_host_ed25519_key";`
			`type = "ed25519";`
			`}`
			`{`
			`path = "/var/lib/secrets/ssh_host_rsa_key";`
			`type = "rsa";`
			`bits = 4096;`
			`}`
			`];`
			`};`

feat: Add systemd service to monitor boot disk space This commit introduces a new systemd service that runs daily to check the disk usage of the /boot partition. If utilization exceeds a set threshold, it triggers a warning email. This will ensure prompt alerts on critically low boot disk space, helping in maintaining a stable system. 2024-05-17 16:29:30 +02:00			`systemd.services = {`
			`check_boot = {`
			`serviceConfig = {`
			`Type = "oneshot";`
			`Environment = "PATH=/run/current-system/sw/bin";`
			`ExecStart = toString (`
			`pkgs.writeShellScript "check_boot.sh" ''`
			`CURRENT=$(df /boot \| grep /boot \| awk '{ print $5}' \| sed 's/%//g')`
			`THRESHOLD=85`

			`if [ "$CURRENT" -gt "$THRESHOLD" ] ; then`
			`${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF`
			`Your /boot partition remaining free space is critically low. Used: $CURRENT%`
			`EOF`
			`fi`
			`''`
			`);`
			`};`
			`wantedBy = [ "default.target" ];`
			`};`
			`};`

			`systemd.timers = {`
			`check_boot = {`
			`timerConfig = {`
			`OnCalendar = "daily";`
			`};`
			`wantedBy = [ "timers.target" ];`
			`};`
			`};`

feat(systemd): add check_root service and timer A new systemd service, `check_root`, has been added which checks disk usage of the root directory. If usage exceeds 85%, an email alert is sent. In addition to this service, a corresponding systemd timer is added to trigger this check daily. 2024-05-17 16:58:44 +02:00			`systemd.services = {`
			`check_root = {`
			`serviceConfig = {`
			`Type = "oneshot";`
			`Environment = "PATH=/run/current-system/sw/bin";`
			`ExecStart = toString (`
			`pkgs.writeShellScript "check_root.sh" ''`
			`CURRENT=$(df / \| grep / \| awk '{ print $5}' \| sed 's/%//g')`
			`THRESHOLD=85`

			`if [ "$CURRENT" -gt "$THRESHOLD" ] ; then`
			`${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF`
			`Your root partition remaining free space is critically low. Used: $CURRENT%`
			`EOF`
			`fi`
			`''`
			`);`
			`};`
			`wantedBy = [ "default.target" ];`
			`};`
			`};`

			`systemd.timers = {`
			`check_root = {`
			`timerConfig = {`
			`OnCalendar = "daily";`
			`};`
			`wantedBy = [ "timers.target" ];`
			`};`
			`};`

A new start 2024-03-21 15:00:36 +01:00			`system.stateVersion = "23.05";`
			`}`