infra/nixos/hosts/eidola/configuration.nix

84 lines
1.7 KiB
Nix

{
config,
pkgs,
...
}: {
imports = [
./services
./hardware.nix
./disk-config.nix
./mounts.nix
./secrets.nix
./nebula.nix
./zfs.nix
./prometheus.nix
];
networking.hostName = "eidola"; # Define your hostname.
time.timeZone = "America/New_York"; # Set your time zone.
networking.hostId = "80f64d29"; # Define the host ID. (for ZFS)
# Allow unfree packages (firmware)
nixpkgs.config.allowUnfree = true;
# Basic networking
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [5201 8081];
networking.firewall.allowedUDPPorts = [5201];
# Locales
i18n.defaultLocale = "en_US.UTF-8";
console = {
keyMap = "us";
};
# Users - eidola & root
users.users = {
root.hashedPasswordFile = config.sops.secrets."root-pw".path;
eidola = {
isNormalUser = true;
extraGroups = ["wheel"];
hashedPasswordFile = config.sops.secrets."user-pw".path;
openssh.authorizedKeys.keys = import ../../keys/ssh.nix;
};
};
# Packages
environment.systemPackages = with pkgs; [
rsync
git
vim
fastfetch
btop
];
environment.variables.EDITOR = "vim";
# Enable ssh server
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
listenAddresses = [
{
addr = "10.13.1.1";
port = 22;
}
];
};
# My modules
gen.hardening.disableSack = true;
gen.hardening.disableConsole = true;
gen.bootloader.luksSsh = {
enable = true;
useDhcp = true;
port = 48722;
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
};
system.stateVersion = "24.05";
}