control
/
home


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110
							{
  config,
  lib,
  pkgs,
  outputs,
  ...
}:
{
  imports = [
    # TODO: auto-import via `outputs.modules.nixos`
    outputs.modules.global.nix-config

    ./containers
    ./system
    ./services
    ./users
  ]
  ++ (builtins.attrValues outputs.modules.nixos);

  security.sudo.wheelNeedsPassword = false;
  users.groups.keys = { };

  # Services configuration
  services = {
    openssh = {
      enable = true;
      openFirewall = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
        X11Forwarding = false;
      };
    };

    nullmailer = {
      enable = true;
      setSendmail = true;
      remotesFile = config.age.secrets."odin/services/nullmailer".path;
      config = {
        me = "odin.t5.st";
        defaulthost = "odin.t5.st";
        defaultdomain = "odin.t5.st";
        allmailfrom = "[email protected]";
        adminaddr = "[email protected]";
      };
    };
  };

  systemd.tmpfiles.rules = [
    # Format: type  path                          mode  user  group      age  argument
    "z      /etc/ssh/ssh_host_rsa_key             0640  root  keys       -    -"
    "z      /etc/ssh/ssh_host_ed25519_key         0640  root  keys       -    -"
  ];

  programs.fish = {
    enable = true;
    vendor = {
      completions.enable = true;
      config.enable = true;
      functions.enable = true;
    };
  };

  environment.shells = [
    config.programs.fish.package
  ];

  # System packages
  # nixos-container create grist --flake .#grist --host-address "192.168.1.1" --local-address

  environment.systemPackages = with pkgs; [
    # System utilities
    git
    htop
    btop
    iotop
    powertop
    lsof
    pciutils
    usbutils

    # Network tools
    curl
    wget
    rsync

    # File system tools
    btrfs-progs
    xfsprogs
    smartmontools
    hdparm

    # # Container tools
    # docker-compose

    # Monitoring
    lm_sensors
    nvme-cli
  ];

  # System identification
  networking.hostName = "odin";
  networking.useDHCP = lib.mkDefault true;
  # Time synchronization
  services.timesyncd.enable = true;
  time.timeZone = "Europe/Vienna";

  # System state version
  system.stateVersion = "25.05";
}