Harald Hoyer
4390f2ae09
Remove duplicate configurations for the rot8000 git filter from both mx and base modules. This change helps to streamline the code by ensuring that the unnecessary and redundant configurations are eliminated.
148 lines
3.2 KiB
Nix
148 lines
3.2 KiB
Nix
{ pkgs, lib, ... }:
|
|
{
|
|
imports = [
|
|
# ./goaccess.nix
|
|
./acme.nix
|
|
./backup.nix
|
|
./coturn.nix
|
|
./forgejo.nix
|
|
./hardware-configuration.nix
|
|
./kicker.nix
|
|
./mailserver.nix
|
|
./network.nix
|
|
./nextcloud.nix
|
|
./nginx.nix
|
|
./postgresql.nix
|
|
./rspamd.nix
|
|
./users.nix
|
|
];
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = false;
|
|
tools = {
|
|
direnv.enable = true;
|
|
};
|
|
};
|
|
|
|
security = {
|
|
tpm2.enable = lib.mkDefault true;
|
|
tpm2.abrmd.enable = lib.mkDefault true;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
dates = "04:00";
|
|
operation = "switch";
|
|
allowReboot = true;
|
|
flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
|
|
};
|
|
|
|
nix.gc = {
|
|
dates = "daily";
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
|
|
programs.git.config = {
|
|
safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
age
|
|
apacheHttpd # for mkpasswd
|
|
efibootmgr
|
|
fgallery
|
|
git
|
|
htop
|
|
mdadm
|
|
rrsync
|
|
tpm2-pkcs11
|
|
tpm2-pkcs11.out
|
|
tpm2-tools
|
|
zola
|
|
];
|
|
|
|
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
hostKeys = [
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
bits = 4096;
|
|
}
|
|
];
|
|
};
|
|
|
|
systemd.services = {
|
|
check_boot = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
Environment = "PATH=/run/current-system/sw/bin";
|
|
ExecStart = toString (
|
|
pkgs.writeShellScript "check_boot.sh" ''
|
|
CURRENT=$(df /boot | grep /boot | awk '{ print $5}' | sed 's/%//g')
|
|
THRESHOLD=85
|
|
|
|
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
|
|
${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
|
|
Your /boot partition remaining free space is critically low. Used: $CURRENT%
|
|
EOF
|
|
fi
|
|
''
|
|
);
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.timers = {
|
|
check_boot = {
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
};
|
|
wantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.services = {
|
|
check_root = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
Environment = "PATH=/run/current-system/sw/bin";
|
|
ExecStart = toString (
|
|
pkgs.writeShellScript "check_root.sh" ''
|
|
CURRENT=$(df / | grep / | awk '{ print $5}' | sed 's/%//g')
|
|
THRESHOLD=85
|
|
|
|
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
|
|
${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
|
|
Your root partition remaining free space is critically low. Used: $CURRENT%
|
|
EOF
|
|
fi
|
|
''
|
|
);
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.timers = {
|
|
check_root = {
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
};
|
|
wantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|