{ config, pkgs, lib, ... }: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ./acme-dns.nix ./acme-ssl.nix ./backups.nix # ./dex.nix ./dns.nix ./dokuwiki.nix ./gitea.nix ./headscale.nix ./keycloak.nix ./matterbridge.nix ./monitoring.nix ./netboot-server.nix ./network.nix ./nginx.nix ./nur.nix ./oauth2_proxy.nix ./programs.nix ./qemu.nix ./rz.nix ./secrets ./snipe-it.nix ./system.nix ./tunnels.nix # TODO push to gitea # TODO ./gotify.nix # TODO(Raito): ./backups.nix # TODO(Raito): ./snmp.nix # TODO(Raito): ./sflow.nix? ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.initrd.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ]; networking.hostName = "core-services-01"; networking.hostId = "64838310"; time.timeZone = "Europe/Paris"; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; # Adieu, hackENS — networking.interfaces.ens18.useDHCP = true; networking.interfaces.ens19.useDHCP = true; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; console = { font = "Lat2-Terminus16"; keyMap = "us"; }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.mtr.enable = true; programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; # List services that you want to enable: services.zfs.autoScrub.enable = true; # Enable the OpenSSH daemon. services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keyFiles = [ ../pubkeys/gdd.keys ../pubkeys/raito.keys ../pubkeys/mrf.keys ../pubkeys/hubrecht.keys ]; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? environment.variables.NIX_PATH = lib.mkForce "/var/src"; }