control
/
home


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151
							{ config
, lib
, pkgs
, outputs
, ...
}:
let
  age = config.age;
in
{
  imports = [
    # TODO: auto-import via `outputs.modules.nixos`
    outputs.modules.global.nix-config

    ./system
    ./services
    ./users
  ]
  ++ (builtins.attrValues outputs.modules.nixos);

  security.sudo.wheelNeedsPassword = false;

  # Services configuration
  services = {
    openssh = {
      enable = true;
      openFirewall = true;
      settings = {
        PasswordAuthentication = false;
        PermitRootLogin = "no";
        X11Forwarding = false;
      };
    };

    nullmailer = {
      enable = true;
      setSendmail = true;
      remotesFile = config.age.secrets."odin/services/nullmailer".path;
      config = {
        me = "odin.t5.st";
        defaulthost = "odin.t5.st";
        defaultdomain = "odin.t5.st";
        allmailfrom = "[email protected]";
        adminaddr = "[email protected]";
      };
    };
  };

  # # Container runtime
  # virtualisation = {
  #   docker = {
  #     enable = true;
  #     storageDriver = "btrfs";
  #     autoPrune = {
  #       enable = true;
  #       dates = "weekly";
  #       flags = [ "--all" "--force" "--volumes" ];
  #     };
  #   };
  # };

  containers.grist-latest = {
    autoStart = false;
    privateNetwork = true;
    hostAddress = "192.168.1.1";
    localAddress = "192.168.1.2";
    specialArgs = { inherit outputs; };
    config = import ./containers/grist.nix;
  };

  containers.gogs = {
    autoStart = false;
    privateNetwork = true;
    hostAddress = "192.168.1.1";
    localAddress = "192.168.1.3";
    specialArgs = { inherit outputs; };

    bindMounts = {
      "/run/secrets/gogs-admin" = {
        hostPath = config.age.secrets."odin/services/gogs-admin".path;
        isReadOnly = true;
      };
    };

    config = import ./containers/gogs.nix;
  };

  services.caddy.virtualHosts.grist = {
    hostName = "grist.{$DOMAIN}";
    extraConfig = ''
      encode gzip zstd
      reverse_proxy 192.168.1.2:8484
    '';
  };

  programs.fish = {
    enable = true;
    vendor = {
      completions.enable = true;
      config.enable = true;
      functions.enable = true;
    };
  };

  environment.shells = [
    config.programs.fish.package
  ];

  # System packages
  # nixos-container create grist --flake .#grist --host-address "192.168.1.1" --local-address

  environment.systemPackages = with pkgs; [
    # System utilities
    git
    htop
    btop
    iotop
    powertop
    lsof
    pciutils
    usbutils

    # Network tools
    curl
    wget
    rsync

    # File system tools
    btrfs-progs
    xfsprogs
    smartmontools
    hdparm

    # # Container tools
    # docker-compose

    # Monitoring
    lm_sensors
    nvme-cli
  ];

  # System identification
  networking.hostName = "odin";
  networking.useDHCP = lib.mkDefault true;
  # Time synchronization
  services.timesyncd.enable = true;
  time.timeZone = "Europe/Vienna";

  # System state version
  system.stateVersion = "25.05";
}