Harald Hoyer
20cefaf839
Adjust default garbage collection intervals and retention periods. Set default GC to run weekly and retain 14 days on nixos module and to run daily and retain 7 days on the 64-linux module. Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
141 lines
3.1 KiB
Nix
141 lines
3.1 KiB
Nix
{ pkgs, lib, ... }:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./rspamd.nix
|
|
./goaccess.nix
|
|
./nextcloud.nix
|
|
./backup.nix
|
|
./users.nix
|
|
./kicker.nix
|
|
./mailserver.nix
|
|
./acme.nix
|
|
./forgejo.nix
|
|
./nginx.nix
|
|
./network.nix
|
|
];
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = false;
|
|
};
|
|
|
|
security = {
|
|
tpm2.enable = lib.mkDefault true;
|
|
tpm2.abrmd.enable = lib.mkDefault true;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
dates = "04:00";
|
|
operation = "switch";
|
|
allowReboot = true;
|
|
flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
|
|
};
|
|
|
|
gc = {
|
|
dates = "daily";
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
|
|
programs.git.config.safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
age
|
|
apacheHttpd # for mkpasswd
|
|
efibootmgr
|
|
fgallery
|
|
git
|
|
htop
|
|
mdadm
|
|
rrsync
|
|
tpm2-pkcs11
|
|
tpm2-pkcs11.out
|
|
tpm2-tools
|
|
zola
|
|
];
|
|
|
|
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
hostKeys = [
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
bits = 4096;
|
|
}
|
|
];
|
|
};
|
|
|
|
systemd.services = {
|
|
check_boot = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
Environment = "PATH=/run/current-system/sw/bin";
|
|
ExecStart = toString (
|
|
pkgs.writeShellScript "check_boot.sh" ''
|
|
CURRENT=$(df /boot | grep /boot | awk '{ print $5}' | sed 's/%//g')
|
|
THRESHOLD=85
|
|
|
|
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
|
|
${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
|
|
Your /boot partition remaining free space is critically low. Used: $CURRENT%
|
|
EOF
|
|
fi
|
|
''
|
|
);
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.timers = {
|
|
check_boot = {
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
};
|
|
wantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.services = {
|
|
check_root = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
Environment = "PATH=/run/current-system/sw/bin";
|
|
ExecStart = toString (
|
|
pkgs.writeShellScript "check_root.sh" ''
|
|
CURRENT=$(df / | grep / | awk '{ print $5}' | sed 's/%//g')
|
|
THRESHOLD=85
|
|
|
|
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
|
|
${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
|
|
Your root partition remaining free space is critically low. Used: $CURRENT%
|
|
EOF
|
|
fi
|
|
''
|
|
);
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.timers = {
|
|
check_root = {
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
};
|
|
wantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|