2023-07-17 13:53:06 +10:00
|
|
|
{ pkgs, ... }:
|
|
|
|
|
{
|
|
|
|
|
imports = [
|
2023-09-13 16:34:24 +10:00
|
|
|
./deploy.nix
|
2023-07-28 18:21:24 +10:00
|
|
|
./flake-inputs.nix
|
2023-07-21 20:12:20 +10:00
|
|
|
./reboot.nix
|
2023-07-17 13:53:06 +10:00
|
|
|
./telegraf.nix
|
2023-08-08 13:04:28 +10:00
|
|
|
./upgrade-diff.nix
|
2023-07-29 17:37:07 +10:00
|
|
|
../../shared/nix-daemon.nix
|
2023-07-17 13:53:06 +10:00
|
|
|
];
|
|
|
|
|
|
2023-07-31 12:17:10 +10:00
|
|
|
# TODO: refactor this to share /users with nixos
|
|
|
|
|
# if user is removed the keys need to be removed manually from /etc/ssh/authorized_keys.d
|
|
|
|
|
users.users = {
|
|
|
|
|
hetzner.openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE" # mic92
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuiDoBOxgyer8vGcfAIbE6TC4n4jo8lhG9l01iJ0bZz" # zimbatm
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbCYwWByGE46XHH4Q0vZgQ5sOUgbH50M8KO2xhBC4m/" # zowoq
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
2023-07-17 13:53:06 +10:00
|
|
|
services.nix-daemon.enable = true;
|
|
|
|
|
|
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
|
|
|
|
|
|
documentation.enable = false;
|
|
|
|
|
|
|
|
|
|
programs.info.enable = false;
|
|
|
|
|
|
|
|
|
|
nix.settings.trusted-users = [
|
|
|
|
|
"@admin"
|
|
|
|
|
];
|
|
|
|
|
|
2023-09-18 08:14:53 +10:00
|
|
|
# shouldn't need to set this for a nix multi-user install
|
|
|
|
|
nix.gc.user = "root";
|
|
|
|
|
|
2023-07-29 17:37:07 +10:00
|
|
|
# srvos
|
2023-07-17 13:53:06 +10:00
|
|
|
nix.settings.builders-use-substitutes = true;
|
|
|
|
|
|
2023-07-29 17:37:07 +10:00
|
|
|
# srvos
|
2023-07-17 13:53:06 +10:00
|
|
|
nix.settings.experimental-features = [
|
|
|
|
|
"nix-command"
|
|
|
|
|
"flakes"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
htop
|
|
|
|
|
];
|
|
|
|
|
|
2023-07-31 14:39:08 +10:00
|
|
|
# disable application layer firewall, telegraf needs an incoming connection
|
|
|
|
|
system.defaults.alf.globalstate = 0;
|
|
|
|
|
|
2023-07-29 19:30:32 +10:00
|
|
|
# srvos
|
|
|
|
|
services.openssh.authorizedKeysFiles = pkgs.lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
|
|
|
|
|
|
|
|
|
|
# srvos
|
|
|
|
|
environment.etc."ssh/sshd_config.d/darwin.conf".text = ''
|
|
|
|
|
KbdInteractiveAuthentication no
|
|
|
|
|
PasswordAuthentication no
|
2023-10-27 13:43:31 +10:00
|
|
|
StrictModes no
|
2023-07-29 19:30:32 +10:00
|
|
|
'';
|
|
|
|
|
|
2023-09-16 07:56:59 +10:00
|
|
|
time.timeZone = "GMT";
|
2023-07-17 13:53:06 +10:00
|
|
|
}
|
