{ config, pkgs, ... }: let net = { # TODO: hardcoding (this module *may* be a good place to store values like this, though) address = "107.152.41.67"; prefixLength = 24; subnet = "255.255.255.0"; gateway = "107.152.41.1"; interface = "eth0"; }; in { imports = [ ./services ./hardware.nix ./disk-config.nix ./mounts.nix ./secrets.nix ./prometheus.nix ]; networking.hostName = "silver"; # Define your hostname. time.timeZone = "America/Chicago"; # Set your time zone. # Allow unfree packages (firmware) nixpkgs.config.allowUnfree = true; # Basic networking networking.firewall.enable = true; # Networking - IP configuration networking = { enableIPv6 = false; defaultGateway = { address = net.gateway; inherit (net) interface; }; interfaces.${net.interface} = { useDHCP = false; ipv4.addresses = [ {inherit (net) address prefixLength;} ]; }; }; boot.kernelParams = [ # Manual IP configuration for initrd "ip=${net.address}::${net.gateway}:${net.subnet}::${net.interface}:off" ]; # Locales i18n.defaultLocale = "en_US.UTF-8"; console = { keyMap = "us"; }; # Users - silver & root users.users = { root.hashedPasswordFile = config.sops.secrets."root-pw".path; silver = { isNormalUser = true; extraGroups = ["wheel"]; hashedPasswordFile = config.sops.secrets."user-pw".path; openssh.authorizedKeys.keys = import ../../keys/ssh.nix; }; }; # Packages environment.systemPackages = with pkgs; [ rsync git vim fastfetch btop tmux speedtest-cli ]; environment.variables.EDITOR = "vim"; networking.firewall.allowedTCPPorts = [5201]; networking.firewall.allowedUDPPorts = [5201]; # Enable ssh server services.openssh = { enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; listenAddresses = [ { addr = "10.13.0.1"; port = 22; } ]; }; # My modules gen.hardening.disableSack = true; gen.bootloader.luksSsh = { enable = true; port = 48722; hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"]; }; # Periodically optimise & collect garbage nix = { gc = { automatic = true; dates = "daily"; options = "--delete-older-than 30d"; }; optimise = { automatic = true; dates = ["daily"]; }; }; system.stateVersion = "24.05"; }