A new start

systems/x86_64-linux/mx/default.nix

@@ -0,0 +1,71 @@
+{ pkgs, lib, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./rspamd.nix
+    ./goaccess.nix
+    ./nextcloud.nix
+    ./backup.nix
+    ./users.nix
+    ./kicker.nix
+    ./mailserver.nix
+    ./acme.nix
+    ./forgejo.nix
+    ./nginx.nix
+    ./network.nix
+  ];
+
+  metacfg = {
+    base.enable = true;
+    nix.enable = true;
+    podman.enable = true;
+    secureboot.enable = false;
+  };
+
+  security = {
+    tpm2.enable = lib.mkDefault true;
+    tpm2.abrmd.enable = lib.mkDefault true;
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    dates = "04:00";
+    operation = "switch";
+    allowReboot = true;
+    flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
+  };
+
+  environment.systemPackages = with pkgs; [
+    age
+    apacheHttpd # for mkpasswd
+    efibootmgr
+    fgallery
+    git
+    htop
+    mdadm
+    rrsync
+    tpm2-pkcs11
+    tpm2-pkcs11.out
+    tpm2-tools
+    zola
+  ];
+
+  sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
+
+  services.openssh = {
+    enable = true;
+    hostKeys = [
+      {
+        path = "/var/lib/secrets/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+      {
+        path = "/var/lib/secrets/ssh_host_rsa_key";
+        type = "rsa";
+        bits = 4096;
+      }
+    ];
+  };
+
+  system.stateVersion = "23.05";
+}