{ config, lib, pkgs, ... }: { # Kernel configuration boot = { kernelPackages = pkgs.linuxPackages; kernelModules = [ "kvm-amd" ]; }; # Bootloader configuration boot.loader = { efi.canTouchEfiVariables = true; systemd-boot = { enable = true; configurationLimit = 50; }; timeout = 3; }; # Packages environment.systemPackages = with pkgs; [ htop vim zip unzip ]; # Run Nix garbage collector, while avoiding compiling nix = { autoOptimiseStore = true; gc = { automatic = true; options = "--delete-older-than 14d"; }; extraOptions = '' keep-outputs = true keep-derivations = true gc-keep-outputs = true ''; }; # Clean tmp directory on shutdown boot.cleanTmpDir = true; # Rotate logs after 14 days services.journald.extraConfig = "SystemMaxFiles=14"; # Scrub zpool monthly services.zfs.autoScrub = { enable = true; interval = "monthly"; }; # Set timezone and synchronize NTP time.timeZone = "Europe/Brussels"; services.timesyncd.enable = true; # NixOS version system.stateVersion = "20.09"; # Configure basic SSH access services.openssh = { enable = true; permitRootLogin = "yes"; macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" "umac-128-etm@openssh.com" "hmac-sha2-512" "hmac-sha2-256" "umac-128@openssh.com" "hmac-sha1" ]; kexAlgorithms = [ "curve25519-sha256@libssh.org" "diffie-hellman-group-exchange-sha256" "diffie-hellman-group1-sha1" ]; }; # Create coace user users.users.coace = { isNormalUser = true; home = "/home/coace"; extraGroups = [ "wheel" "libvirtd" ]; shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbHBpW1JgArO7XFr3mqMD8nCf3RjkHzso+mpNjR8iZi coolneng@panacea" "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAstGGn6Ri+LtR6ffPrRgFcLF1fJFRIyz2WrbYMjQRNGdYyr/01TSmh0N2DLapDPhHAiKk7M5qHc9ltSZxWS4zQIkKAVWhyeGbvc/Yya/T8Yy04ltm2XZQEKx92dFhQMBUhDKc/Sp/JQy+jmvzWDL/bt7tmAOzXvVElEaeapvlhaihlwrH1EqTgV44x08MVlOcDJLSEJqCwj1OsD6zT1D58TCc/VawNh9DXJm7MK/1OhesziRFXKR9Wzr0zYcTjYe78ISpILZeilxFA08TQrua51kHIEL/BznXN+IRRIXrhDqQIWkdJTEMIC83//jbOoePvJ7sjrrS2VZwEOg0N+zt+Q== root@sica" ]; }; # Set shell and SSH for root user users.users.root = { shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbHBpW1JgArO7XFr3mqMD8nCf3RjkHzso+mpNjR8iZi coolneng@panacea" ]; }; # Auto-upgrade the system system.autoUpgrade = { enable = true; allowReboot = true; }; # Import other configuration modules imports = [ ./modules/hardware-configuration.nix ./modules/networking.nix ./modules/datasync.nix ./modules/virtualization.nix ./modules/monitoring.nix ./modules/periodic.nix ./modules/webstack.nix ]; }