nixfiles/configuration/common/default.nix

{ config, pkgs, lib, ... }:

{
  imports = [
    ../../modules
  ];

  networking.domain = "net.clerie.de";

  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "en_US.UTF-8";
  console = {
    keyMap = "de-latin1";
  };

  security.sudo.wheelNeedsPassword = false;

  nix.settings = {
    trusted-users = [ "@wheel" ];
    auto-optimise-store = true;
  };

  users.users.clerie = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie"
    ];
  };

  environment.systemPackages = with pkgs; [
    gptfdisk
    htop
    parted
    tmux
    colmena
    git
    vim
  ];

  programs.mtr.enable = true;

  services.openssh.enable = true;
  services.openssh.passwordAuthentication = false;
  services.openssh.kbdInteractiveAuthentication = false;
  services.openssh.permitRootLogin = lib.mkDefault "no";

  nix.gc = lib.mkDefault {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 30d";
  };

  services.nginx = {
    enableReload = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    appendHttpConfig = ''
      server_names_hash_bucket_size 64;
    '';

    virtualHosts = {
      "default" = {
        default = true;
        rejectSSL = true;
        locations."/" = {
          return = ''200 "Some piece of infrastructure\n"'';
          extraConfig = ''
            types { } default_type "text/plain; charset=utf-8";
          '';
        };
      };
    };
  };

  security.acme = {
    defaults.email = "letsencrypt@clerie.de";
    acceptTerms = true;
  };

  nix.settings = {
    experimental-features = [ "nix-command" "flakes" ];
    substituters = [
      "https://nix-cache.clerie.de"
    ];
    trusted-public-keys = [
      "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="
    ];
  };

  nixpkgs.overlays = [
    (import ../../pkgs/overlay.nix)
  ];
}
Initial commit 2020-12-06 16:40:47 +01:00			`{ config, pkgs, lib, ... }:`

			`{`
Add module import magic 2020-12-09 22:49:42 +01:00			`imports = [`
			`../../modules`
			`];`

Initial commit 2020-12-06 16:40:47 +01:00			`networking.domain = "net.clerie.de";`

			`time.timeZone = "Europe/Berlin";`

			`i18n.defaultLocale = "en_US.UTF-8";`
			`console = {`
			`keyMap = "de-latin1";`
			`};`

Trust wheel group and disable sudo password for auto deployment 2020-12-06 18:23:51 +01:00			`security.sudo.wheelNeedsPassword = false;`

configuration/common: enable auto-optimise-store by default 2022-10-16 12:56:07 +02:00			`nix.settings = {`
			`trusted-users = [ "@wheel" ];`
			`auto-optimise-store = true;`
			`};`
Trust wheel group and disable sudo password for auto deployment 2020-12-06 18:23:51 +01:00
Initial commit 2020-12-06 16:40:47 +01:00			`users.users.clerie = {`
			`isNormalUser = true;`
Add ssh pubkey for clerie 2020-12-06 17:46:47 +01:00			`extraGroups = [ "wheel" ];`
			`openssh.authorizedKeys.keys = [`
			`"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie"`
			`];`
Initial commit 2020-12-06 16:40:47 +01:00			`};`

			`environment.systemPackages = with pkgs; [`
Add tools to partition disk for cases the drive is full again 2022-05-26 01:05:17 +02:00			`gptfdisk`
Initial commit 2020-12-06 16:40:47 +01:00			`htop`
Add tools to partition disk for cases the drive is full again 2022-05-26 01:05:17 +02:00			`parted`
Initial commit 2020-12-06 16:40:47 +01:00			`tmux`
configuration/common: add colmena to global packages 2022-10-03 13:14:39 +02:00			`colmena`
configuration/common: add more system packages 2022-10-17 22:14:49 +02:00			`git`
			`vim`
Initial commit 2020-12-06 16:40:47 +01:00			`];`

Enable mtr 2020-12-08 19:26:02 +01:00			`programs.mtr.enable = true;`

Initial commit 2020-12-06 16:40:47 +01:00			`services.openssh.enable = true;`
			`services.openssh.passwordAuthentication = false;`
Migrate renamed options 2022-02-25 10:58:42 +01:00			`services.openssh.kbdInteractiveAuthentication = false;`
Initial commit 2020-12-06 16:40:47 +01:00			`services.openssh.permitRootLogin = lib.mkDefault "no";`
Add package import magic 2020-12-09 22:42:39 +01:00
hosts/osmium: Set custom garbage collector interval 2022-09-29 17:44:05 +02:00			`nix.gc = lib.mkDefault {`
Automatic garbage collection 2021-06-18 12:45:26 +02:00			`automatic = true;`
			`dates = "weekly";`
			`options = "--delete-older-than 30d";`
			`};`

Set some useful nginx options globally 2021-02-21 21:40:05 +01:00			`services.nginx = {`
			`enableReload = true;`
			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`
			`recommendedTlsSettings = true;`
configuration/common: Define a global default virtual host for nginx 2022-09-28 21:09:32 +02:00
configuration/common: Tweak nginx default vhost 2022-09-28 22:09:16 +02:00			`appendHttpConfig = ''`
			`server_names_hash_bucket_size 64;`
			`'';`

configuration/common: Define a global default virtual host for nginx 2022-09-28 21:09:32 +02:00			`virtualHosts = {`
			`"default" = {`
			`default = true;`
configuration/common: Tweak nginx default vhost 2022-09-28 22:09:16 +02:00			`rejectSSL = true;`
configuration/common: Define a global default virtual host for nginx 2022-09-28 21:09:32 +02:00			`locations."/" = {`
			`return = ''200 "Some piece of infrastructure\n"'';`
			`extraConfig = ''`
			`types { } default_type "text/plain; charset=utf-8";`
			`'';`
			`};`
			`};`
			`};`
Set some useful nginx options globally 2021-02-21 21:40:05 +01:00			`};`

Serve bubblesort on web-2 2021-01-02 18:19:11 +01:00			`security.acme = {`
Migrate renamed options 2022-02-25 10:58:42 +01:00			`defaults.email = "letsencrypt@clerie.de";`
Serve bubblesort on web-2 2021-01-02 18:19:11 +01:00			`acceptTerms = true;`
			`};`

configuration/common: use nix-cache.clerie.de as a substituter 2022-11-19 00:06:33 +01:00			`nix.settings = {`
			`experimental-features = [ "nix-command" "flakes" ];`
			`substituters = [`
			`"https://nix-cache.clerie.de"`
			`];`
			`trusted-public-keys = [`
			`"nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="`
			`];`
			`};`
configuration/common: Enable nix flakes 2022-09-29 17:49:25 +02:00
Add package import magic 2020-12-09 22:42:39 +01:00			`nixpkgs.overlays = [`
			`(import ../../pkgs/overlay.nix)`
			`];`
Initial commit 2020-12-06 16:40:47 +01:00			`}`