1
0

configuration/common: split common into seperate files

This commit is contained in:
clerie 2023-09-22 21:11:15 +02:00
parent c2b1697fb5
commit 04638f4edf
8 changed files with 149 additions and 108 deletions

View File

@ -0,0 +1,12 @@
{ ... }:
{
clerie.backup = {
targets = {
cyan.serverName = "cyan.backup.clerie.de";
magenta.serverName = "magenta.backup.clerie.de";
};
};
}

View File

@ -4,119 +4,17 @@
imports = [ imports = [
../../modules ../../modules
./backup.nix
./locale.nix
./nix.nix
./programs.nix
./ssh.nix
./user.nix
./web.nix ./web.nix
]; ];
networking.domain = "net.clerie.de";
networking.firewall.logRefusedConnections = lib.mkDefault false;
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_MESSAGES = "en_US.UTF-8";
};
console = {
keyMap = "de-latin1";
};
security.sudo.wheelNeedsPassword = lib.mkDefault false;
users.groups.guests = {};
nix.settings = {
trusted-users = [ "@wheel" "@guests" ];
auto-optimise-store = true;
# Keep buildtime dependencies
keep-outputs = true;
# Build local, when caches are broken
fallback = true;
};
environment.systemPackages = with pkgs; [
gptfdisk
htop
parted
tmux
colmena
vim
agenix
];
programs.mtr.enable = true;
programs.git.enable = true;
programs.git.config = {
user = {
name = "clerie";
email = "git@clerie.de";
};
};
services.openssh.enable = true;
services.openssh.settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = lib.mkDefault "no";
};
services.openssh.hostKeys = lib.mkForce [
# Only create ed25519 host keys
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
nix.gc = lib.mkDefault {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
nix.settings = {
experimental-features = [
"flakes"
"nix-command"
"repl-flake"
];
substituters = [
"https://nix-cache.clerie.de"
];
trusted-public-keys = [
"nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="
];
};
# Pin current nixpkgs channel and flake registry to the nixpkgs version
# the host got build with
nix.nixPath = lib.mkForce [ "nixpkgs=${lib.cleanSource pkgs.path}" ];
nix.registry = lib.mkForce {
"nixpkgs" = {
from = {
type = "indirect";
id = "nixpkgs";
};
to = {
type = "path";
path = lib.cleanSource pkgs.path;
};
exact = true;
};
};
services.fstrim.enable = true; services.fstrim.enable = true;
clerie.nixfiles.enable = true;
clerie.backup = {
targets = {
cyan.serverName = "cyan.backup.clerie.de";
magenta.serverName = "magenta.backup.clerie.de";
};
};
documentation.doc.enable = false;
nixpkgs.overlays = [ nixpkgs.overlays = [
(import ../../pkgs/overlay.nix) (import ../../pkgs/overlay.nix)
]; ];

View File

@ -0,0 +1,15 @@
{ ... }:
{
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_MESSAGES = "en_US.UTF-8";
};
console = {
keyMap = "de-latin1";
};
}

View File

@ -0,0 +1,9 @@
{ ... }:
{
networking.domain = "net.clerie.de";
networking.firewall.logRefusedConnections = lib.mkDefault false;
}

View File

@ -0,0 +1,56 @@
{ lib, pkgs, ... }:
{
clerie.nixfiles.enable = true;
nix.settings = {
trusted-users = [ "@wheel" "@guests" ];
auto-optimise-store = true;
# Keep buildtime dependencies
keep-outputs = true;
# Build local, when caches are broken
fallback = true;
};
nix.gc = lib.mkDefault {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
nix.settings = {
experimental-features = [
"flakes"
"nix-command"
"repl-flake"
];
substituters = [
"https://nix-cache.clerie.de"
];
trusted-public-keys = [
"nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g="
];
};
# Pin current nixpkgs channel and flake registry to the nixpkgs version
# the host got build with
nix.nixPath = lib.mkForce [ "nixpkgs=${lib.cleanSource pkgs.path}" ];
nix.registry = lib.mkForce {
"nixpkgs" = {
from = {
type = "indirect";
id = "nixpkgs";
};
to = {
type = "path";
path = lib.cleanSource pkgs.path;
};
exact = true;
};
};
documentation.doc.enable = false;
}

View File

@ -0,0 +1,26 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gptfdisk
htop
parted
tmux
colmena
vim
agenix
];
programs.mtr.enable = true;
programs.git.enable = true;
programs.git.config = {
user = {
name = "clerie";
email = "git@clerie.de";
};
};
}

View File

@ -0,0 +1,16 @@
{ lib, ... }:
{
services.openssh.enable = true;
services.openssh.settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = lib.mkDefault "no";
};
services.openssh.hostKeys = lib.mkForce [
# Only create ed25519 host keys
{ type = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; }
];
}

View File

@ -0,0 +1,9 @@
{ lib, ... }:
{
security.sudo.wheelNeedsPassword = lib.mkDefault false;
users.groups.guests = {};
}