harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nixcfg/systems/x86_64-linux/mx/default.nix
Harald Hoyer 4045aa1859 refactor(mx): extract disk check services into disk-check.nix 
Share the check script via a parameterized mkDiskCheck function over
{ name, mountPoint, label } and iterate an attrset to emit the boot
and root services plus their daily timers.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-20 10:28:27 +02:00

113 lines
2 KiB
Nix
Raw Blame History

{
pkgs,
lib,
config,
...
}:
{
imports = [
# ./goaccess.nix
./acme.nix
./backup.nix
./coturn.nix
./disk-check.nix
./forgejo.nix
./hardware-configuration.nix
./headscale.nix
./kicker.nix
./mailserver.nix
./network.nix
./nextcloud.nix
./nextcloud-claude-bot
./nginx.nix
./ntfy.nix
./postgresql.nix
./rspamd.nix
./rustdesk.nix
./users.nix
];
services.tailscale.enable = true;
metacfg = {
services.nginxBase.enable = true;
services.acmeBase.enable = true;
emailOnFailure.enable = true;
base.enable = true;
nix.enable = true;
podman.enable = true;
secureboot.enable = false;
tools = {
direnv.enable = true;
};
};
security = {
tpm2.enable = lib.mkDefault true;
tpm2.abrmd.enable = lib.mkDefault true;
};
system.autoUpgrade = {
enable = true;
dates = "04:00";
operation = "switch";
allowReboot = true;
flake = lib.mkForce "/root/nixcfg/.#mx";
};
systemd.services.nixos-upgrade = {
path = [ pkgs.git ];
preStart = ''
cd /root/nixcfg
git fetch origin
git reset --hard origin/HEAD
'';
};
nix.gc = {
dates = "daily";
options = "--delete-older-than 7d";
};
programs.git.config = {
safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
};
environment.systemPackages = with pkgs; [
age
apacheHttpd # for mkpasswd
efibootmgr
fgallery
git
htop
mdadm
rrsync
tpm2-pkcs11
tpm2-pkcs11.out
tpm2-tools
zola
];
sops.secrets.ntfy = {
sopsFile = ../../../.secrets/hetzner/ntfy.yaml;
};
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
services.openssh = {
enable = true;
hostKeys = [
{
path = "/var/lib/secrets/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/var/lib/secrets/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
system.stateVersion = "23.05";
}
Reference in a new issue View git blame Copy permalink