nixfiles/configuration/common/default.nix

{ config, pkgs, lib, ... }:

{
  imports = [
    ../../modules

    ./web.nix
  ];

  networking.domain = "net.clerie.de";

  networking.firewall.logRefusedConnections = lib.mkDefault false;

  time.timeZone = "Europe/Berlin";

  i18n.defaultLocale = "de_DE.UTF-8";
  i18n.extraLocaleSettings = {
    LC_MESSAGES = "en_US.UTF-8";
  };
  console = {
    keyMap = "de-latin1";
  };

  security.sudo.wheelNeedsPassword = lib.mkDefault false;

  users.groups.guests = {};

  nix.settings = {
    trusted-users = [ "@wheel" "@guests" ];
    auto-optimise-store = true;
    # Keep buildtime dependencies
    keep-outputs = true;
    # Build local, when caches are broken
    fallback = true;
  };

  environment.systemPackages = with pkgs; [
    gptfdisk
    htop
    parted
    tmux
    colmena
    vim
    agenix
  ];

  programs.mtr.enable = true;

  programs.git.enable = true;

  programs.git.config = {
    user = {
      name = "clerie";
      email = "git@clerie.de";
    };
  };

  services.openssh.enable = true;
  services.openssh.settings = {
    PasswordAuthentication = false;
    KbdInteractiveAuthentication = false;
    PermitRootLogin = lib.mkDefault "no";
  };

  nix.gc = lib.mkDefault {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 30d";
  };


  nix.settings = {
    experimental-features = [
      "flakes"
      "nix-command"
      "repl-flake"
    ];
    substituters = [
      "https://nix-cache.clerie.de"
    ];
    trusted-public-keys = [
      "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="
    ];
  };

  # Pin current nixpkgs channel and flake registry to the nixpkgs version
  # the host got build with
  nix.nixPath = lib.mkForce [ "nixpkgs=${lib.cleanSource pkgs.path}" ];
  nix.registry = lib.mkForce {
    "nixpkgs" = {
       from = {
         type = "indirect";
         id = "nixpkgs";
       };
       to = {
         type = "path";
         path = lib.cleanSource pkgs.path;
       };
       exact = true;
    };
  };

  services.fstrim.enable = true;

  clerie.nixfiles.enable = true;

  clerie.backup = {
    targets = {
      cyan.serverName = "cyan.backup.clerie.de";
      magenta.serverName = "magenta.backup.clerie.de";
    };
  };

  documentation.doc.enable = false;

  nixpkgs.overlays = [
    (import ../../pkgs/overlay.nix)
  ];
}
Initial commit 2020-12-06 16:40:47 +01:00			`{ config, pkgs, lib, ... }:`

			`{`
Add module import magic 2020-12-09 22:49:42 +01:00			`imports = [`
			`../../modules`
configuration/common: Move web config to seperate file 2023-09-09 18:35:08 +02:00
			`./web.nix`
Add module import magic 2020-12-09 22:49:42 +01:00			`];`

Initial commit 2020-12-06 16:40:47 +01:00			`networking.domain = "net.clerie.de";`

configuration/common: do not log firewall anymore 2023-02-20 10:11:43 +01:00			`networking.firewall.logRefusedConnections = lib.mkDefault false;`

Initial commit 2020-12-06 16:40:47 +01:00			`time.timeZone = "Europe/Berlin";`

hosts/krypton,configuration/desktop: setup basic gnome environment 2023-06-19 22:20:47 +02:00			`i18n.defaultLocale = "de_DE.UTF-8";`
			`i18n.extraLocaleSettings = {`
			`LC_MESSAGES = "en_US.UTF-8";`
			`};`
Initial commit 2020-12-06 16:40:47 +01:00			`console = {`
			`keyMap = "de-latin1";`
			`};`

hosts/krypton: add host 2023-06-19 19:45:28 +02:00			`security.sudo.wheelNeedsPassword = lib.mkDefault false;`
Trust wheel group and disable sudo password for auto deployment 2020-12-06 18:23:51 +01:00
hosts/astatine: add guest user 2023-05-30 17:34:06 +02:00			`users.groups.guests = {};`

configuration/common: enable auto-optimise-store by default 2022-10-16 12:56:07 +02:00			`nix.settings = {`
hosts/astatine: add guest user 2023-05-30 17:34:06 +02:00			`trusted-users = [ "@wheel" "@guests" ];`
configuration/common: enable auto-optimise-store by default 2022-10-16 12:56:07 +02:00			`auto-optimise-store = true;`
configuration/common: keep builtime dependencies 2023-09-09 16:39:49 +02:00			`# Keep buildtime dependencies`
			`keep-outputs = true;`
configuration/common: Handle broken nix caches properly 2023-09-09 18:45:13 +02:00			`# Build local, when caches are broken`
			`fallback = true;`
configuration/common: enable auto-optimise-store by default 2022-10-16 12:56:07 +02:00			`};`
Trust wheel group and disable sudo password for auto deployment 2020-12-06 18:23:51 +01:00
Initial commit 2020-12-06 16:40:47 +01:00			`environment.systemPackages = with pkgs; [`
Add tools to partition disk for cases the drive is full again 2022-05-26 01:05:17 +02:00			`gptfdisk`
Initial commit 2020-12-06 16:40:47 +01:00			`htop`
Add tools to partition disk for cases the drive is full again 2022-05-26 01:05:17 +02:00			`parted`
Initial commit 2020-12-06 16:40:47 +01:00			`tmux`
configuration/common: add colmena to global packages 2022-10-03 13:14:39 +02:00			`colmena`
configuration/common: add more system packages 2022-10-17 22:14:49 +02:00			`vim`
configuration/common: add agenix to environment 2023-05-01 12:29:55 +02:00			`agenix`
Initial commit 2020-12-06 16:40:47 +01:00			`];`

Enable mtr 2020-12-08 19:26:02 +01:00			`programs.mtr.enable = true;`

configuration/common: set git config globally 2023-02-28 19:41:03 +01:00			`programs.git.enable = true;`

			`programs.git.config = {`
			`user = {`
			`name = "clerie";`
			`email = "git@clerie.de";`
			`};`
			`};`

Initial commit 2020-12-06 16:40:47 +01:00			`services.openssh.enable = true;`
configuration/common: Migrate sshd options 2023-04-16 15:31:07 +02:00			`services.openssh.settings = {`
configuration/common: fix ssh settings option names 2023-04-21 20:41:49 +02:00			`PasswordAuthentication = false;`
			`KbdInteractiveAuthentication = false;`
			`PermitRootLogin = lib.mkDefault "no";`
configuration/common: Migrate sshd options 2023-04-16 15:31:07 +02:00			`};`
Add package import magic 2020-12-09 22:42:39 +01:00
hosts/osmium: Set custom garbage collector interval 2022-09-29 17:44:05 +02:00			`nix.gc = lib.mkDefault {`
Automatic garbage collection 2021-06-18 12:45:26 +02:00			`automatic = true;`
			`dates = "weekly";`
			`options = "--delete-older-than 30d";`
			`};`

Serve bubblesort on web-2 2021-01-02 18:19:11 +01:00
configuration/common: use nix-cache.clerie.de as a substituter 2022-11-19 00:06:33 +01:00			`nix.settings = {`
configuration/common: Enable repl flake 2023-09-09 16:34:01 +02:00			`experimental-features = [`
			`"flakes"`
			`"nix-command"`
			`"repl-flake"`
			`];`
configuration/common: use nix-cache.clerie.de as a substituter 2022-11-19 00:06:33 +01:00			`substituters = [`
			`"https://nix-cache.clerie.de"`
			`];`
			`trusted-public-keys = [`
			`"nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="`
			`];`
			`};`
configuration/common: Enable nix flakes 2022-09-29 17:49:25 +02:00
configuration/common: pin nixpkgs to host version for nix commands 2023-05-19 10:06:47 +02:00			`# Pin current nixpkgs channel and flake registry to the nixpkgs version`
			`# the host got build with`
			`nix.nixPath = lib.mkForce [ "nixpkgs=${lib.cleanSource pkgs.path}" ];`
configuration/common: force reigistry pinning for nixpkgs 2023-05-19 16:15:28 +02:00			`nix.registry = lib.mkForce {`
configuration/common: pin nixpkgs to host version for nix commands 2023-05-19 10:06:47 +02:00			`"nixpkgs" = {`
			`from = {`
			`type = "indirect";`
			`id = "nixpkgs";`
			`};`
			`to = {`
			`type = "path";`
			`path = lib.cleanSource pkgs.path;`
			`};`
			`exact = true;`
			`};`
			`};`

configuration/common: enable fstrim on all hosts 2023-02-25 03:06:08 +01:00			`services.fstrim.enable = true;`

add custom nixos install iso 2023-02-26 18:45:26 +01:00			`clerie.nixfiles.enable = true;`

modules/backup: add backup module using restic 2023-05-16 12:21:11 +02:00			`clerie.backup = {`
			`targets = {`
			`cyan.serverName = "cyan.backup.clerie.de";`
			`magenta.serverName = "magenta.backup.clerie.de";`
			`};`
			`};`

hosts/krypton,configuration/desktop: setup basic gnome environment 2023-06-19 22:20:47 +02:00			`documentation.doc.enable = false;`

Add package import magic 2020-12-09 22:42:39 +01:00			`nixpkgs.overlays = [`
			`(import ../../pkgs/overlay.nix)`
			`];`
Initial commit 2020-12-06 16:40:47 +01:00			`}`