{ pkgs, lib, ... }: { imports = [ # ./goaccess.nix ./acme.nix ./backup.nix ./coturn.nix ./forgejo.nix ./hardware-configuration.nix ./kicker.nix ./mailserver.nix ./network.nix ./nextcloud.nix ./nginx.nix ./postgresql.nix ./rspamd.nix ./users.nix ]; metacfg = { base.enable = true; nix.enable = true; podman.enable = true; secureboot.enable = false; tools = { direnv.enable = true; }; }; security = { tpm2.enable = lib.mkDefault true; tpm2.abrmd.enable = lib.mkDefault true; }; system.autoUpgrade = { enable = true; dates = "04:00"; operation = "switch"; allowReboot = true; flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx"; }; nix.gc = { dates = "daily"; options = "--delete-older-than 7d"; }; programs.git.config = { safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git"; "filter \"rot8000\"" = { smudge = "${pkgs.metacfg.rot8000}/bin/rot8000"; clean = "${pkgs.metacfg.rot8000}/bin/rot8000"; }; }; environment.systemPackages = with pkgs; [ age apacheHttpd # for mkpasswd efibootmgr fgallery git htop mdadm rrsync tpm2-pkcs11 tpm2-pkcs11.out tpm2-tools zola ]; sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ]; services.openssh = { enable = true; hostKeys = [ { path = "/var/lib/secrets/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/var/lib/secrets/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } ]; }; systemd.services = { check_boot = { serviceConfig = { Type = "oneshot"; Environment = "PATH=/run/current-system/sw/bin"; ExecStart = toString ( pkgs.writeShellScript "check_boot.sh" '' CURRENT=$(df /boot | grep /boot | awk '{ print $5}' | sed 's/%//g') THRESHOLD=85 if [ "$CURRENT" -gt "$THRESHOLD" ] ; then ${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF Your /boot partition remaining free space is critically low. Used: $CURRENT% EOF fi '' ); }; wantedBy = [ "default.target" ]; }; }; systemd.timers = { check_boot = { timerConfig = { OnCalendar = "daily"; }; wantedBy = [ "timers.target" ]; }; }; systemd.services = { check_root = { serviceConfig = { Type = "oneshot"; Environment = "PATH=/run/current-system/sw/bin"; ExecStart = toString ( pkgs.writeShellScript "check_root.sh" '' CURRENT=$(df / | grep / | awk '{ print $5}' | sed 's/%//g') THRESHOLD=85 if [ "$CURRENT" -gt "$THRESHOLD" ] ; then ${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF Your root partition remaining free space is critically low. Used: $CURRENT% EOF fi '' ); }; wantedBy = [ "default.target" ]; }; }; systemd.timers = { check_root = { timerConfig = { OnCalendar = "daily"; }; wantedBy = [ "timers.target" ]; }; }; system.stateVersion = "23.05"; }