2023-12-31 12:43:17 +10:00
|
|
|
{ inputs, pkgs, ... }:
|
2024-05-16 13:52:21 +10:00
|
|
|
let
|
|
|
|
|
authorizedKeys = {
|
|
|
|
|
keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPVjRBomWFJNNkZb0g5ymLmc3pdRddIScitmJ9yC+ap" # deployment
|
|
|
|
|
];
|
|
|
|
|
keyFiles = pkgs.lib.filesystem.listFilesRecursive "${toString inputs.self}/users/keys";
|
|
|
|
|
};
|
|
|
|
|
in
|
2023-07-17 13:53:06 +10:00
|
|
|
{
|
|
|
|
|
imports = [
|
2023-12-11 09:40:00 +10:00
|
|
|
./apfs-cleanup.nix
|
2024-07-15 11:25:07 +10:00
|
|
|
./optimise.nix
|
2023-07-21 20:12:20 +10:00
|
|
|
./reboot.nix
|
2023-07-17 13:53:06 +10:00
|
|
|
./telegraf.nix
|
2023-08-08 13:04:28 +10:00
|
|
|
./upgrade-diff.nix
|
2024-03-10 09:26:39 +10:00
|
|
|
../../shared/known-hosts.nix
|
2023-07-29 17:37:07 +10:00
|
|
|
../../shared/nix-daemon.nix
|
2024-05-05 15:01:47 +10:00
|
|
|
inputs.agenix.darwinModules.age
|
2023-07-17 13:53:06 +10:00
|
|
|
];
|
|
|
|
|
|
2023-07-31 12:17:10 +10:00
|
|
|
# TODO: refactor this to share /users with nixos
|
|
|
|
|
users.users = {
|
2024-07-24 19:05:26 +10:00
|
|
|
customer.openssh = {
|
|
|
|
|
inherit authorizedKeys;
|
|
|
|
|
};
|
2023-07-31 12:17:10 +10:00
|
|
|
};
|
|
|
|
|
|
2023-07-17 13:53:06 +10:00
|
|
|
services.nix-daemon.enable = true;
|
|
|
|
|
|
|
|
|
|
programs.zsh.enable = true;
|
|
|
|
|
|
|
|
|
|
documentation.enable = false;
|
|
|
|
|
|
|
|
|
|
programs.info.enable = false;
|
|
|
|
|
|
2024-07-24 19:05:26 +10:00
|
|
|
nix.settings.trusted-users = [ "@admin" ];
|
2023-07-17 13:53:06 +10:00
|
|
|
|
2023-09-18 08:14:53 +10:00
|
|
|
# shouldn't need to set this for a nix multi-user install
|
|
|
|
|
nix.gc.user = "root";
|
|
|
|
|
|
2023-07-29 17:37:07 +10:00
|
|
|
# srvos
|
2023-07-17 13:53:06 +10:00
|
|
|
nix.settings.builders-use-substitutes = true;
|
|
|
|
|
|
2023-07-29 17:37:07 +10:00
|
|
|
# srvos
|
2023-07-17 13:53:06 +10:00
|
|
|
nix.settings.experimental-features = [
|
|
|
|
|
"nix-command"
|
|
|
|
|
"flakes"
|
|
|
|
|
];
|
|
|
|
|
|
2024-07-24 19:05:26 +10:00
|
|
|
environment.systemPackages = with pkgs; [ htop ];
|
2023-07-17 13:53:06 +10:00
|
|
|
|
2023-11-27 13:47:18 +10:00
|
|
|
system.includeUninstaller = false;
|
|
|
|
|
|
2023-07-31 14:39:08 +10:00
|
|
|
# disable application layer firewall, telegraf needs an incoming connection
|
|
|
|
|
system.defaults.alf.globalstate = 0;
|
|
|
|
|
|
2023-07-29 19:30:32 +10:00
|
|
|
# srvos
|
|
|
|
|
environment.etc."ssh/sshd_config.d/darwin.conf".text = ''
|
2024-06-21 09:49:19 +10:00
|
|
|
AuthorizedKeysFile none
|
2024-01-25 12:42:48 +10:00
|
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
2023-07-29 19:30:32 +10:00
|
|
|
KbdInteractiveAuthentication no
|
|
|
|
|
PasswordAuthentication no
|
|
|
|
|
'';
|
|
|
|
|
|
2024-03-01 17:35:33 +01:00
|
|
|
# Make sure to disable netbios on activation
|
|
|
|
|
system.activationScripts.postActivation.text = ''
|
|
|
|
|
echo disabling netbios... >&2
|
|
|
|
|
launchctl disable system/netbiosd
|
|
|
|
|
launchctl unload -w /System/Library/LaunchDaemons/com.apple.netbiosd.plist 2>/dev/null || true
|
2024-04-19 14:27:13 +10:00
|
|
|
echo disabling spotlight indexing... >&2
|
|
|
|
|
mdutil -a -i off -d &> /dev/null
|
|
|
|
|
mdutil -a -E &> /dev/null
|
2024-03-01 17:35:33 +01:00
|
|
|
'';
|
|
|
|
|
|
2023-09-16 07:56:59 +10:00
|
|
|
time.timeZone = "GMT";
|
2023-07-17 13:53:06 +10:00
|
|
|
}
|
