72 lines
1.3 KiB
Nix
72 lines
1.3 KiB
Nix
{ pkgs, lib, ... }:
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
./rspamd.nix
|
|
./goaccess.nix
|
|
./nextcloud.nix
|
|
./backup.nix
|
|
./users.nix
|
|
./kicker.nix
|
|
./mailserver.nix
|
|
./acme.nix
|
|
./forgejo.nix
|
|
./nginx.nix
|
|
./network.nix
|
|
];
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = false;
|
|
};
|
|
|
|
security = {
|
|
tpm2.enable = lib.mkDefault true;
|
|
tpm2.abrmd.enable = lib.mkDefault true;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
dates = "04:00";
|
|
operation = "switch";
|
|
allowReboot = true;
|
|
flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
age
|
|
apacheHttpd # for mkpasswd
|
|
efibootmgr
|
|
fgallery
|
|
git
|
|
htop
|
|
mdadm
|
|
rrsync
|
|
tpm2-pkcs11
|
|
tpm2-pkcs11.out
|
|
tpm2-tools
|
|
zola
|
|
];
|
|
|
|
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
hostKeys = [
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
bits = 4096;
|
|
}
|
|
];
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|