{ config, pkgs, ... }: { imports = [ ./services ./hardware.nix ./disk-config.nix ./mounts.nix ./secrets.nix ./nebula.nix ./zfs.nix ./prometheus.nix ]; networking.hostName = "eidola"; # Define your hostname. time.timeZone = "America/New_York"; # Set your time zone. networking.hostId = "80f64d29"; # Define the host ID. (for ZFS) # Allow unfree packages (firmware) nixpkgs.config.allowUnfree = true; # Basic networking networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [5201 8081]; networking.firewall.allowedUDPPorts = [5201]; # Locales i18n.defaultLocale = "en_US.UTF-8"; console = { keyMap = "us"; }; # Users - eidola & root users.users = { root.hashedPasswordFile = config.sops.secrets."root-pw".path; eidola = { isNormalUser = true; extraGroups = ["wheel"]; hashedPasswordFile = config.sops.secrets."user-pw".path; openssh.authorizedKeys.keys = import ../../keys/ssh.nix; }; }; # Packages environment.systemPackages = with pkgs; [ rsync git vim fastfetch btop ]; environment.variables.EDITOR = "vim"; # Enable ssh server services.openssh = { enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; listenAddresses = [ { addr = "10.13.1.1"; port = 22; } ]; }; # My modules gen.hardening.disableSack = true; gen.hardening.disableConsole = true; gen.bootloader.luksSsh = { enable = true; useDhcp = true; port = 48722; hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"]; }; system.stateVersion = "24.05"; }