2021-11-21 14:35:09 +01:00
|
|
|
{ config, inputs, pkgs, ... }:
|
2021-10-13 18:17:45 +02:00
|
|
|
|
|
|
|
{
|
|
|
|
imports = [
|
2021-11-21 14:35:09 +01:00
|
|
|
inputs.vault-secrets.nixosModules.vault-secrets
|
2021-10-13 18:17:45 +02:00
|
|
|
# User account definitions
|
|
|
|
./users
|
|
|
|
./services
|
|
|
|
];
|
|
|
|
|
|
|
|
# Clean /tmp on boot.
|
|
|
|
boot.cleanTmpDir = true;
|
|
|
|
|
|
|
|
# Set your time zone.
|
|
|
|
time.timeZone = "Europe/Amsterdam";
|
|
|
|
|
|
|
|
# Nix Settings
|
|
|
|
nix = {
|
|
|
|
package = pkgs.nixUnstable;
|
|
|
|
autoOptimiseStore = true;
|
2021-11-22 00:10:21 +01:00
|
|
|
binaryCaches = [
|
|
|
|
"https://cachix.cachix.org"
|
|
|
|
"https://nix-community.cachix.org"
|
|
|
|
"https://nixpkgs-review-bot.cachix.org"
|
|
|
|
];
|
2021-10-13 18:17:45 +02:00
|
|
|
binaryCachePublicKeys = [
|
|
|
|
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
|
|
|
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
|
|
"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
|
|
|
|
];
|
|
|
|
trustedUsers = [ "root" "victor" ];
|
|
|
|
extraOptions = ''
|
2021-11-16 13:51:27 +01:00
|
|
|
experimental-features = nix-command flakes ca-references
|
2021-10-13 18:17:45 +02:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
2021-11-21 21:56:17 +01:00
|
|
|
nixpkgs.overlays = [ (import ../pkgs) ];
|
2021-10-13 18:17:45 +02:00
|
|
|
|
|
|
|
# Limit the systemd journal to 100 MB of disk or the
|
|
|
|
# last 7 days of logs, whichever happens first.
|
|
|
|
services.journald.extraConfig = ''
|
|
|
|
SystemMaxUse=100M
|
|
|
|
MaxFileSec=7day
|
|
|
|
'';
|
2021-11-21 14:35:09 +01:00
|
|
|
|
|
|
|
# Enable SSH daemon support.
|
2021-11-23 17:44:00 +01:00
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
passwordAuthentication = false;
|
|
|
|
permitRootLogin = "no";
|
|
|
|
};
|
2021-11-21 14:35:09 +01:00
|
|
|
|
|
|
|
vault-secrets = {
|
2021-11-24 22:41:26 +01:00
|
|
|
vaultPrefix = "secrets/nixos";
|
2021-11-23 14:26:40 +01:00
|
|
|
vaultAddress = "http://vault.olympus:8200/";
|
2021-11-22 00:10:21 +01:00
|
|
|
approlePrefix = "olympus-${config.networking.hostName}";
|
|
|
|
};
|
2021-10-13 18:17:45 +02:00
|
|
|
}
|