{ config, pkgs, lib, ... }: { imports = [ ../../modules ]; networking.domain = "net.clerie.de"; networking.firewall.logRefusedConnections = lib.mkDefault false; time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "en_US.UTF-8"; console = { keyMap = "de-latin1"; }; security.sudo.wheelNeedsPassword = false; nix.settings = { trusted-users = [ "@wheel" ]; auto-optimise-store = true; }; users.users.clerie = { isNormalUser = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnUBblmmVoMMBftn4EnwnzqR12m9zill51LpO124hHb10K2rqxNoq8tYSc2pMkV/3briZovffpe5SzB+m2MnXbtOBstIEXkrPZQ78vaZ/nLh7+eWg30lCmMPwjf2wIjlTXkcbxbsi7FbPW7FsolGkU/0mqGhqK1Xft/g7SnCXIoGPSSrHMXEv5dPPofCa1Z0Un+98wQTVfOSKek6TnIsfLbG01UFQVkN7afE4dqSmMiWwEm2PK9l+OiBA2/QzDpbtu9wsfTol4c192vFEWR9crB2YZ1JlMbjVWHjYmB7NFsS0A6lUOikss0Y+LUWS2/QuM/kqybSo4rasZMAIazM6D clerie" ]; }; environment.systemPackages = with pkgs; [ gptfdisk htop parted tmux colmena vim ]; programs.mtr.enable = true; programs.git.enable = true; programs.git.config = { user = { name = "clerie"; email = "git@clerie.de"; }; }; services.openssh.enable = true; services.openssh.settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = lib.mkDefault "no"; }; nix.gc = lib.mkDefault { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; services.nginx = { enableReload = true; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; commonHttpConfig = '' server_names_hash_bucket_size 64; map $remote_addr $remote_addr_anon { ~(?P\d+\.\d+\.\d+)\. $ip.0; ~(?P[^:]*:[^:]*(:[^:]*)?): $ip::; default ::; } log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; access_log /var/log/nginx/access.log vcombined_anon; ''; virtualHosts = { "default" = { default = true; rejectSSL = true; locations."/" = { return = ''200 "Some piece of infrastructure\n"''; extraConfig = '' types { } default_type "text/plain; charset=utf-8"; ''; }; }; }; }; services.logrotate.settings.nginx = { frequency = "daily"; maxage = 14; }; security.acme = { defaults.email = "letsencrypt@clerie.de"; acceptTerms = true; }; nix.settings = { experimental-features = [ "nix-command" "flakes" ]; substituters = [ "https://nix-cache.clerie.de" ]; trusted-public-keys = [ "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" ]; }; services.fstrim.enable = true; clerie.nixfiles.enable = true; nixpkgs.overlays = [ (import ../../pkgs/overlay.nix) ]; }