|
|
@@ -5,11 +5,11 @@
|
|
|
{ config.facter.reportPath = ./facter.json; }
|
|
|
|
|
|
outputs.modules.global.nix-config
|
|
|
+ inputs.sops-nix.nixosModules.sops
|
|
|
inputs.impermanence.nixosModules.impermanence
|
|
|
inputs.disko.nixosModules.disko
|
|
|
|
|
|
./disko.nix
|
|
|
- # ./secrets.nix
|
|
|
# ./services
|
|
|
];
|
|
|
|
|
|
@@ -17,6 +17,11 @@
|
|
|
networking.hostName = "odin";
|
|
|
networking.useDHCP = lib.mkDefault true;
|
|
|
|
|
|
+ sops.defaultSopsFile = ./secrets.yaml;
|
|
|
+ sops.secrets."thomas/password".neededForUsers = true;
|
|
|
+ sops.secrets."nullmailer/remotes".owner = config.services.nullmailer.user;
|
|
|
+
|
|
|
+
|
|
|
# Boot configuration
|
|
|
boot = {
|
|
|
# Use systemd-boot for UEFI systems
|
|
|
@@ -125,7 +130,6 @@
|
|
|
};
|
|
|
};
|
|
|
|
|
|
- # SSH configuration is managed in secrets.nix
|
|
|
openssh = {
|
|
|
enable = true;
|
|
|
openFirewall = true;
|
|
|
@@ -134,25 +138,40 @@
|
|
|
PermitRootLogin = "no";
|
|
|
X11Forwarding = false;
|
|
|
};
|
|
|
- # hostKeys = [ ];
|
|
|
};
|
|
|
|
|
|
# System monitoring
|
|
|
- # smartd = {
|
|
|
- # enable = true;
|
|
|
- # autodetect = true;
|
|
|
- # notifications.mail.enable = false; # Configure if you want email alerts
|
|
|
- # };
|
|
|
-
|
|
|
- # # Time synchronization
|
|
|
- # timesyncd.enable = true;
|
|
|
- #
|
|
|
- # # Btrfs maintenance
|
|
|
- # btrfs.autoScrub = {
|
|
|
- # enable = true;
|
|
|
- # interval = "monthly";
|
|
|
- # fileSystems = [ "/" ];
|
|
|
- # };
|
|
|
+ smartd = {
|
|
|
+ enable = true;
|
|
|
+ autodetect = true;
|
|
|
+ notifications.test = true;
|
|
|
+ notifications.mail.enable = true;
|
|
|
+ notifications.mail.sender = "[email protected]";
|
|
|
+ notifications.mail.recipient = "I <[email protected]>";
|
|
|
+ };
|
|
|
+
|
|
|
+ nullmailer = {
|
|
|
+ enable = true;
|
|
|
+ setSendmail = true;
|
|
|
+ remotesFile = config.sops.secrets."nullmailer/remotes".path;
|
|
|
+ config = {
|
|
|
+ me = "odin.t5.st";
|
|
|
+ defaulthost = "odin.t5.st";
|
|
|
+ defaultdomain = "odin.t5.st";
|
|
|
+ allmailfrom = "[email protected]";
|
|
|
+ adminaddr = "[email protected]";
|
|
|
+ };
|
|
|
+ };
|
|
|
+
|
|
|
+ # Time synchronization
|
|
|
+ timesyncd.enable = true;
|
|
|
+
|
|
|
+ # Btrfs maintenance
|
|
|
+ btrfs.autoScrub = {
|
|
|
+ enable = true;
|
|
|
+ interval = "monthly";
|
|
|
+ fileSystems = [ "/" ];
|
|
|
+ };
|
|
|
|
|
|
# Drive spin-down management
|
|
|
# hdparm.devices = [
|
|
|
@@ -174,16 +193,6 @@
|
|
|
# ];
|
|
|
};
|
|
|
|
|
|
- # # Automatic garbage collection
|
|
|
- # nix = {
|
|
|
- # gc = {
|
|
|
- # automatic = true;
|
|
|
- # dates = "weekly";
|
|
|
- # options = "--delete-older-than 30d";
|
|
|
- # };
|
|
|
- # optimise.automatic = true;
|
|
|
- # };
|
|
|
-
|
|
|
# # Container runtime
|
|
|
# virtualisation = {
|
|
|
# docker = {
|
|
|
@@ -238,7 +247,7 @@
|
|
|
thomas = {
|
|
|
isNormalUser = true;
|
|
|
extraGroups = [ "wheel" "users" ];
|
|
|
- hashedPassword = "$6$jO/t4PtMb4Ky.goy$2diW2qZjswUAVAzRQqOJ7wfGwD9QInJtUfQYEOOp8hkdhAy6wcccYfIG.gEQniStx7ZkxADNQxQ7pyfUiOqll.";
|
|
|
+ hashedPasswordFile = config.sops.secrets."thomas/password".path;
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5o7LT5wPYWgI8Mvr6RKOv+BcsbQgU7PCw2hheVu17alwF1uFUsAYV5BVQu+uv9uEm/UDsCNhfM6TwI0A1prdmtBz4pKiwXbj7fcdp6DcVOgTsPfawbXEpivtJvlhEatyTsR26MjHKnqpT0BxPvj6Ug6pvRkCYW5d2bWXiY9murmAX6Q5kSyNunkB8PdRTH+S47f7eOdCJY63VBOkkiG8M7XyPwFCDTYiHhbMZcejIdY9mB6kYnMQVRHDznQWiQxrcaE1fD/TY3db9GDcOVoo2aDBOZX7WT2+me67sU8dEK9+nSyhWDzBbEs8knu87ZlKPFwhl4slenRniKhbf22OpicXArtEcjEj0GyDJH5e+ZCIQ4eSQanA7TxnKFlDuaf+Qqx55UT+ya4vJJeik7nkzbRHaE9IoWhhiOaOnaN6kHIxuxB6z7EL3Gk7f78+I/qBaj5df6fgnXM3JBXKa5bRH2wqoSetJAo6EGpEgmU2huB1ktiGlO7BlF5XwSw6cb/KT7NSIXhncgLkCzsDVXxecVQv1FnPISBcp3+ti01ADVf2trgpPDbNTWV40Rgiefie0o2fc6KWAFfum1j5N3WWU+XVVmRjDmKKHiEJBLNKDAe0rQf+tryPW4c5GIN7aFoB+8dYFAuUyLd7Fu3vhZdmcckN5ryHunEc0dKPIiuoVZw=="
|
|
|
];
|
