infrastructure/nixos/common/default.nix

{ config, lib, pkgs, inputs, ... }:

{
  imports = [
    inputs.vault-secrets.nixosModules.vault-secrets
    # User account definitions
    ./users
    ./modules
  ];

  # Clean /tmp on boot.
  boot.cleanTmpDir = true;

  # Set your time zone.
  time.timeZone = lib.mkDefault "Europe/Amsterdam";

  # Systemd OOMd
  # Fedora enables these options by default. See the 10-oomd-* files here:
  # https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255
  systemd.oomd = {
    enableRootSlice = true;
    enableUserServices = true;
  };

  # Nix Settings
  nix = {
    nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
    package = pkgs.nixUnstable;
    registry.nixpkgs.flake = inputs.nixpkgs;
    settings = {
      auto-optimise-store = true;
      trusted-users = [ "root" "victor" ];
      substituters = [
        "https://cachix.cachix.org"
        "https://nix-community.cachix.org"
        "https://nixpkgs-review-bot.cachix.org"
        "https://colmena.cachix.org"
        "https://hyprland.cachix.org"
        "https://0x76-infra.cachix.org"
        "https://webcord.cachix.org"
      ];
      trusted-public-keys = [
        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
        "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
        "0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="
        "webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="
      ];
    };
    optimise = {
      automatic = true;
      dates = [ "weekly" ];
    };
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };

  nixpkgs.config.allowUnfree = true;

  # Limit the systemd journal to 100 MB of disk or the
  # last 7 days of logs, whichever happens first.
  services.journald.extraConfig = ''
    SystemMaxUse=100M
    MaxFileSec=7day
  '';

  # Enable SSH daemon support.
  services.openssh = {
    enable = true;
    passwordAuthentication = false;
    permitRootLogin = "no";
  };

  vault-secrets = lib.mkIf (config.networking.domain == "olympus") {
    vaultPrefix = "olympus_secrets/nixos";
    vaultAddress = "http://vault.olympus:8200/";
    approlePrefix = "olympus-${config.networking.hostName}";
  };
}
minor change 2022-09-26 14:08:44 +02:00			`{ config, lib, pkgs, inputs, ... }:`
add common config 2021-10-13 18:17:45 +02:00
			`{`
			`imports = [`
colmena last touches 2022-07-30 18:02:40 +02:00			`inputs.vault-secrets.nixosModules.vault-secrets`
add common config 2021-10-13 18:17:45 +02:00			`# User account definitions`
			`./users`
dns module 2022-09-27 14:05:24 +02:00			`./modules`
add common config 2021-10-13 18:17:45 +02:00			`];`

			`# Clean /tmp on boot.`
			`boot.cleanTmpDir = true;`

			`# Set your time zone.`
more laptop config 2022-08-20 12:16:29 +02:00			`time.timeZone = lib.mkDefault "Europe/Amsterdam";`
add common config 2021-10-13 18:17:45 +02:00
update 2022-09-29 21:14:34 +02:00			`# Systemd OOMd`
			`# Fedora enables these options by default. See the 10-oomd-* files here:`
			`# https://src.fedoraproject.org/rpms/systemd/tree/acb90c49c42276b06375a66c73673ac3510255`
			`systemd.oomd = {`
			`enableRootSlice = true;`
			`enableUserServices = true;`
			`};`

add common config 2021-10-13 18:17:45 +02:00			`# Nix Settings`
			`nix = {`
minor change 2022-09-26 14:08:44 +02:00			`nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];`
add common config 2021-10-13 18:17:45 +02:00			`package = pkgs.nixUnstable;`
dconf 2022-08-23 22:31:19 +02:00			`registry.nixpkgs.flake = inputs.nixpkgs;`
minor updates 2022-03-31 12:25:45 +02:00			`settings = {`
			`auto-optimise-store = true;`
			`trusted-users = [ "root" "victor" ];`
			`substituters = [`
			`"https://cachix.cachix.org"`
			`"https://nix-community.cachix.org"`
			`"https://nixpkgs-review-bot.cachix.org"`
colmena last touches 2022-07-30 18:02:40 +02:00			`"https://colmena.cachix.org"`
initial version of my new laptop setup 2022-08-24 18:17:29 +02:00			`"https://hyprland.cachix.org"`
gha: added free-disk-space task 2022-09-09 20:48:13 +02:00			`"https://0x76-infra.cachix.org"`
minor updates 2022-09-18 10:59:15 +02:00			`"https://webcord.cachix.org"`
minor updates 2022-03-31 12:25:45 +02:00			`];`
			`trusted-public-keys = [`
			`"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="`
			`"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="`
			`"nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="`
colmena last touches 2022-07-30 18:02:40 +02:00			`"colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="`
initial version of my new laptop setup 2022-08-24 18:17:29 +02:00			`"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="`
gha: added free-disk-space task 2022-09-09 20:48:13 +02:00			`"0x76-infra.cachix.org-1:dC1qp+VEN3jj5pdK4URlXR9hf3atT+MnpKGu6PZjMc8="`
minor updates 2022-09-18 10:59:15 +02:00			`"webcord.cachix.org-1:l555jqOZGHd2C9+vS8ccdh8FhqnGe8L78QrHNn+EFEs="`
minor updates 2022-03-31 12:25:45 +02:00			`];`
colmena last touches 2022-07-30 18:02:40 +02:00			`};`
			`optimise = {`
			`automatic = true;`
start set up for multi-location nixos flake 2022-07-30 22:16:44 +02:00			`dates = [ "weekly" ];`
colmena last touches 2022-07-30 18:02:40 +02:00			`};`
add common config 2021-10-13 18:17:45 +02:00			`extraOptions = ''`
minor updates 2022-03-31 12:25:45 +02:00			`experimental-features = nix-command flakes`
add common config 2021-10-13 18:17:45 +02:00			`'';`
			`};`

			`nixpkgs.config.allowUnfree = true;`

			`# Limit the systemd journal to 100 MB of disk or the`
			`# last 7 days of logs, whichever happens first.`
			`services.journald.extraConfig = ''`
			`SystemMaxUse=100M`
			`MaxFileSec=7day`
			`'';`
nixos: invert common dependency 2021-11-21 14:35:09 +01:00
			`# Enable SSH daemon support.`
Harden OpenSSH 2021-11-23 17:44:00 +01:00			`services.openssh = {`
			`enable = true;`
			`passwordAuthentication = false;`
			`permitRootLogin = "no";`
			`};`
nixos: invert common dependency 2021-11-21 14:35:09 +01:00
final changes for tonight 2022-07-30 23:35:52 +02:00			`vault-secrets = lib.mkIf (config.networking.domain == "olympus") {`
prep vault geo HA 2022-09-25 15:17:55 +02:00			`vaultPrefix = "olympus_secrets/nixos";`
nixos: add dhcp server 2021-11-23 14:26:40 +01:00			`vaultAddress = "http://vault.olympus:8200/";`
add minio 2021-11-22 00:10:21 +01:00			`approlePrefix = "olympus-${config.networking.hostName}";`
			`};`
add common config 2021-10-13 18:17:45 +02:00			`}`