1
0
nixfiles/configuration/common/default.nix

155 lines
3.5 KiB
Nix
Raw Normal View History

2020-12-06 16:40:47 +01:00
{ config, pkgs, lib, ... }:
{
2020-12-09 22:49:42 +01:00
imports = [
../../modules
];
2020-12-06 16:40:47 +01:00
networking.domain = "net.clerie.de";
networking.firewall.logRefusedConnections = lib.mkDefault false;
2020-12-06 16:40:47 +01:00
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_MESSAGES = "en_US.UTF-8";
};
2020-12-06 16:40:47 +01:00
console = {
keyMap = "de-latin1";
};
2023-06-19 19:45:28 +02:00
security.sudo.wheelNeedsPassword = lib.mkDefault false;
2023-05-30 17:34:06 +02:00
users.groups.guests = {};
nix.settings = {
2023-05-30 17:34:06 +02:00
trusted-users = [ "@wheel" "@guests" ];
auto-optimise-store = true;
};
2020-12-06 16:40:47 +01:00
environment.systemPackages = with pkgs; [
gptfdisk
2020-12-06 16:40:47 +01:00
htop
parted
2020-12-06 16:40:47 +01:00
tmux
colmena
vim
agenix
2020-12-06 16:40:47 +01:00
];
2020-12-08 19:26:02 +01:00
programs.mtr.enable = true;
programs.git.enable = true;
programs.git.config = {
user = {
name = "clerie";
email = "git@clerie.de";
};
};
2020-12-06 16:40:47 +01:00
services.openssh.enable = true;
services.openssh.settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = lib.mkDefault "no";
};
2020-12-09 22:42:39 +01:00
nix.gc = lib.mkDefault {
2021-06-18 12:45:26 +02:00
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
2021-02-21 21:40:05 +01:00
services.nginx = {
enableReload = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
2023-03-15 20:26:44 +01:00
commonHttpConfig = ''
server_names_hash_bucket_size 64;
2023-03-15 20:26:44 +01:00
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
default ::;
}
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log vcombined_anon;
'';
virtualHosts = {
"default" = {
default = true;
rejectSSL = true;
locations."/" = {
return = ''200 "Some piece of infrastructure\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};
2021-02-21 21:40:05 +01:00
};
services.logrotate.settings.nginx = {
frequency = "daily";
maxage = 14;
};
2021-02-21 21:40:05 +01:00
2021-01-02 18:19:11 +01:00
security.acme = {
2022-02-25 10:58:42 +01:00
defaults.email = "letsencrypt@clerie.de";
2021-01-02 18:19:11 +01:00
acceptTerms = true;
};
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://nix-cache.clerie.de"
];
trusted-public-keys = [
"nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="
];
};
# Pin current nixpkgs channel and flake registry to the nixpkgs version
# the host got build with
nix.nixPath = lib.mkForce [ "nixpkgs=${lib.cleanSource pkgs.path}" ];
nix.registry = lib.mkForce {
"nixpkgs" = {
from = {
type = "indirect";
id = "nixpkgs";
};
to = {
type = "path";
path = lib.cleanSource pkgs.path;
};
exact = true;
};
};
services.fstrim.enable = true;
2023-02-26 18:45:26 +01:00
clerie.nixfiles.enable = true;
clerie.backup = {
targets = {
cyan.serverName = "cyan.backup.clerie.de";
magenta.serverName = "magenta.backup.clerie.de";
};
};
documentation.doc.enable = false;
2020-12-09 22:42:39 +01:00
nixpkgs.overlays = [
(import ../../pkgs/overlay.nix)
];
2020-12-06 16:40:47 +01:00
}