{ config, pkgs, lib, ... }: { imports = [ ../../modules ./web.nix ]; networking.domain = "net.clerie.de"; networking.firewall.logRefusedConnections = lib.mkDefault false; time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "de_DE.UTF-8"; i18n.extraLocaleSettings = { LC_MESSAGES = "en_US.UTF-8"; }; console = { keyMap = "de-latin1"; }; security.sudo.wheelNeedsPassword = lib.mkDefault false; users.groups.guests = {}; nix.settings = { trusted-users = [ "@wheel" "@guests" ]; auto-optimise-store = true; # Keep buildtime dependencies keep-outputs = true; # Build local, when caches are broken fallback = true; }; environment.systemPackages = with pkgs; [ gptfdisk htop parted tmux colmena vim agenix ]; programs.mtr.enable = true; programs.git.enable = true; programs.git.config = { user = { name = "clerie"; email = "git@clerie.de"; }; }; services.openssh.enable = true; services.openssh.settings = { PasswordAuthentication = false; KbdInteractiveAuthentication = false; PermitRootLogin = lib.mkDefault "no"; }; nix.gc = lib.mkDefault { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; nix.settings = { experimental-features = [ "flakes" "nix-command" "repl-flake" ]; substituters = [ "https://nix-cache.clerie.de" ]; trusted-public-keys = [ "nix-cache.clerie.de:bAt1GJTS9BOTcXFWj3nURrSlcjqikCev9yDvqArMP5g=" ]; }; # Pin current nixpkgs channel and flake registry to the nixpkgs version # the host got build with nix.nixPath = lib.mkForce [ "nixpkgs=${lib.cleanSource pkgs.path}" ]; nix.registry = lib.mkForce { "nixpkgs" = { from = { type = "indirect"; id = "nixpkgs"; }; to = { type = "path"; path = lib.cleanSource pkgs.path; }; exact = true; }; }; services.fstrim.enable = true; clerie.nixfiles.enable = true; clerie.backup = { targets = { cyan.serverName = "cyan.backup.clerie.de"; magenta.serverName = "magenta.backup.clerie.de"; }; }; documentation.doc.enable = false; nixpkgs.overlays = [ (import ../../pkgs/overlay.nix) ]; }