{ config, lib, pkgs, ... }: { # Kernel configuration boot = { kernelPackages = pkgs.linuxPackages; kernelModules = [ "kvm-amd" ]; }; # Bootloader configuration boot.loader = { efi.canTouchEfiVariables = true; systemd-boot = { enable = true; configurationLimit = 50; }; timeout = 3; }; # Run Nix garbage collector, while avoiding compiling nix = { autoOptimiseStore = true; gc = { automatic = true; options = "--delete-older-than 7d"; }; extraOptions = '' keep-outputs = true keep-derivations = true gc-keep-outputs = true ''; }; # Clean tmp directory on shutdown boot.cleanTmpDir = true; # Rotate logs after 14 days services.journald.extraConfig = "SystemMaxFiles=14"; # Scrub zpool monthly services.zfs.autoScrub = { enable = true; interval = "monthly"; }; # Set timezone and synchronize NTP time.timeZone = "Europe/Brussels"; services.timesyncd.enable = true; # NixOS version system.stateVersion = "20.09"; # Configure basic SSH access services.openssh = { enable = true; permitRootLogin = "yes"; }; # Create coace user users.users.coace = { isNormalUser = true; home = "/home/coace"; extraGroups = [ "wheel" "libvirtd" ]; shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbHBpW1JgArO7XFr3mqMD8nCf3RjkHzso+mpNjR8iZi coolneng@panacea" ]; }; # Set shell and SSH for root user users.users.root = { shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbHBpW1JgArO7XFr3mqMD8nCf3RjkHzso+mpNjR8iZi coolneng@panacea" ]; }; # Auto-upgrade the system system.autoUpgrade = { enable = true; allowReboot = true; }; # Import other configuration modules imports = [ ./modules/hardware-configuration.nix ./modules/networking.nix ./modules/datasync.nix ]; }