diff options
author | stuebinm | 2021-03-03 00:51:39 +0100 |
---|---|---|
committer | stuebinm | 2021-03-03 00:51:39 +0100 |
commit | d96fbd63510048bf56d3d600a65f7983096c1bb1 (patch) | |
tree | 192afecb97bcdb829e1461bebc283cc86fb99586 /common/default.nix |
migrating config
This deploy logic is primarily based on hxchn's deploy lib [1], with some
slight modifications to make it work with my setup. Everything seems to work
fine for now.
However, I am unsure about the usage of niv — the config doesn't seem to gain
much from it, apart from (some) additional complexity.
[1] https://gitlab.com/hexchen/nixfiles
Diffstat (limited to '')
-rw-r--r-- | common/default.nix | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/common/default.nix b/common/default.nix new file mode 100644 index 0000000..69c6309 --- /dev/null +++ b/common/default.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +let + sources = import ../nix/sources.nix; + +in { + imports = [ + ../modules + ]; + + networking.domain = lib.mkDefault "stuebinm.eu"; + + services.journald.extraConfig = "MaxRetentionSec=48h"; + nix.gc = { + automatic = lib.mkDefault true; + options = lib.mkDefault "--delete-older-than 1w"; + }; + + + i18n.defaultLocale = "en_US.UTF-8"; + time.timeZone = "Europe/Amsterdam"; + + environment.systemPackages = with pkgs; [ + wget vim htop + ]; + + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCTeuG1alKNNqoT2d5nUAlH0Otsk0NHM7nmkYC5Yfk8qcLsgY4v2dXlyrMzieajYgDjndEApgO3/S/V0EQGhvHc0UugC6LU84jHPwsgYVABRmFS74v/ww8NigaNIAevwWl+DxlnK4nnWdB1lo4xS69ooQdvoAjbubk16dP04LsAbH8Z+3cPB5WKAaayNx62DUwObzDSpztqCagCZzlqpwKG1UGJngrqEhk7B5Q0v9iCk91gqVkLSPllsB00+bqIimgkMVIZnoLLh7pcEgOvbG0yP2EG3ttDNN3jPpqE6mu+znfLq+ua/MwJy5hjmY5R54yPlcvFdsIU34jrdMCDvWqpV49VrLwVvkFN3lRZln/9eifkXXJciP4Ber3xEl8JltysV1PE5iJunWfbcOy0fwsYvBChDeyR5G3CLG2c25jKL9f1Iq95QBBMVYgIxq/dpGy0tjB+24w1JzsorvElsmz5etXLXCydLP07ic9PfSu1Wmwu7F0tweIk52x97sra6ePhtY+TTRffjjDz0DEho1bWDfrPV0xfPPAWXWTKYisVO4VVmMQsJbtXrfxUJbappM5vIXcJ+2JpT2Oh7Kiy3rjm+pd7rukgoCp7yN5z8v+2vuOfHqBuKUwlaRg/XNMyPrbnGGzVR1xzUuhwdOnjAyMmAr95Ne9hRBPwfVo2NR/ZZw==" + ]; + + services.openssh = { + enable = true; + permitRootLogin = "prohibit-password"; + passwordAuthentication = false; + }; + + security.sudo.enable = false; + + security.acme = { + acceptTerms = true; + email = "stuebinm@disroot.org"; + }; + +} |