Harald Hoyer
ce865160b8
Rustdesk configuration has been temporarily disabled in the system modules. This might be to address an issue or for future refactoring.
159 lines
3.4 KiB
Nix
159 lines
3.4 KiB
Nix
{ pkgs, lib, ... }:
|
|
{
|
|
imports = [
|
|
# ./goaccess.nix
|
|
./acme.nix
|
|
./backup.nix
|
|
./coturn.nix
|
|
./forgejo.nix
|
|
./hardware-configuration.nix
|
|
./kicker.nix
|
|
./mailserver.nix
|
|
./network.nix
|
|
./nextcloud.nix
|
|
./nginx.nix
|
|
./postgresql.nix
|
|
./rspamd.nix
|
|
# ./rustdesk.nix
|
|
./users.nix
|
|
];
|
|
|
|
metacfg = {
|
|
base.enable = true;
|
|
nix.enable = true;
|
|
podman.enable = true;
|
|
secureboot.enable = false;
|
|
tools = {
|
|
direnv.enable = true;
|
|
};
|
|
};
|
|
|
|
security = {
|
|
tpm2.enable = lib.mkDefault true;
|
|
tpm2.abrmd.enable = lib.mkDefault true;
|
|
};
|
|
|
|
system.autoUpgrade = {
|
|
enable = true;
|
|
dates = "04:00";
|
|
operation = "switch";
|
|
allowReboot = true;
|
|
# flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
|
|
flake = lib.mkForce "/root/nixcfg/.#mx";
|
|
};
|
|
|
|
systemd.services.nixos-upgrade = {
|
|
path = [ pkgs.git ];
|
|
preStart = ''
|
|
cd /root/nixcfg
|
|
git fetch origin
|
|
git reset --hard origin/HEAD
|
|
'';
|
|
};
|
|
|
|
nix.gc = {
|
|
dates = "daily";
|
|
options = "--delete-older-than 7d";
|
|
};
|
|
|
|
programs.git.config = {
|
|
safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
age
|
|
apacheHttpd # for mkpasswd
|
|
efibootmgr
|
|
fgallery
|
|
git
|
|
htop
|
|
mdadm
|
|
rrsync
|
|
tpm2-pkcs11
|
|
tpm2-pkcs11.out
|
|
tpm2-tools
|
|
zola
|
|
];
|
|
|
|
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
hostKeys = [
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
{
|
|
path = "/var/lib/secrets/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
bits = 4096;
|
|
}
|
|
];
|
|
};
|
|
|
|
systemd.services = {
|
|
check_boot = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
Environment = "PATH=/run/current-system/sw/bin";
|
|
ExecStart = toString (
|
|
pkgs.writeShellScript "check_boot.sh" ''
|
|
CURRENT=$(df /boot | grep /boot | awk '{ print $5}' | sed 's/%//g')
|
|
THRESHOLD=85
|
|
|
|
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
|
|
${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
|
|
Your /boot partition remaining free space is critically low. Used: $CURRENT%
|
|
EOF
|
|
fi
|
|
''
|
|
);
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.timers = {
|
|
check_boot = {
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
};
|
|
wantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.services = {
|
|
check_root = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
Environment = "PATH=/run/current-system/sw/bin";
|
|
ExecStart = toString (
|
|
pkgs.writeShellScript "check_root.sh" ''
|
|
CURRENT=$(df / | grep / | awk '{ print $5}' | sed 's/%//g')
|
|
THRESHOLD=85
|
|
|
|
if [ "$CURRENT" -gt "$THRESHOLD" ] ; then
|
|
${pkgs.mailutils}/bin/mail -s '/boot Disk Space Alert' harald << EOF
|
|
Your root partition remaining free space is critically low. Used: $CURRENT%
|
|
EOF
|
|
fi
|
|
''
|
|
);
|
|
};
|
|
wantedBy = [ "default.target" ];
|
|
};
|
|
};
|
|
|
|
systemd.timers = {
|
|
check_root = {
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
};
|
|
wantedBy = [ "timers.target" ];
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|