{ config, lib, pkgs, outputs, ... }: { imports = [ # TODO: auto-import via `outputs.modules.nixos` outputs.modules.global.nix-config ./containers ./system ./services ./users ] ++ (builtins.attrValues outputs.modules.nixos); security.sudo.wheelNeedsPassword = false; users.groups.keys = { }; # Services configuration services = { openssh = { enable = true; openFirewall = true; settings = { PasswordAuthentication = false; PermitRootLogin = "no"; X11Forwarding = false; }; }; nullmailer = { enable = true; setSendmail = true; remotesFile = config.age.secrets."odin/services/nullmailer".path; config = { me = "odin.t5.st"; defaulthost = "odin.t5.st"; defaultdomain = "odin.t5.st"; allmailfrom = "odin@t5.st"; adminaddr = "odin@t5.st"; }; }; }; systemd.tmpfiles.rules = [ # Format: type path mode user group age argument "z /etc/ssh/ssh_host_rsa_key 0640 root keys - -" "z /etc/ssh/ssh_host_ed25519_key 0640 root keys - -" ]; programs.fish = { enable = true; vendor = { completions.enable = true; config.enable = true; functions.enable = true; }; }; environment.shells = [ config.programs.fish.package ]; # System packages # nixos-container create grist --flake .#grist --host-address "192.168.1.1" --local-address environment.systemPackages = with pkgs; [ # System utilities git htop btop iotop powertop lsof pciutils usbutils # Network tools curl wget rsync # File system tools btrfs-progs xfsprogs smartmontools hdparm # # Container tools # docker-compose # Monitoring lm_sensors nvme-cli ]; # System identification networking.hostName = "odin"; networking.useDHCP = lib.mkDefault true; # Time synchronization services.timesyncd.enable = true; time.timeZone = "Europe/Vienna"; # System state version system.stateVersion = "25.05"; }