server

2025-04-13 14:46:32 -04:00 · 2025-04-13 14:46:32 -04:00 · 23e3b9d76b
commit 23e3b9d76b
parent 375c19ff26
7 changed files with 136 additions and 10 deletions
--- a/hosts/emenel-services/configuration.nix
+++ b/hosts/emenel-services/configuration.nix
@ -2,19 +2,61 @@

  imports = with nix-config.nixosModules; [
    ./hardware-configuration.nix
-    ./networking.nix # generated at runtime by nixos-infect
    ./disko-config.nix

    forgejo
  ];

+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+    };
+    overlays = builtins.attrValues nix-config.overlays ++ [
+      inputs.nh.overlays.default
+    ];
+  };
+
+  nix = {
+    settings = {
+      experimental-features = [
+        "nix-command"
+        "flakes"
+      ];
+      substituters = [
+        "https://nix-community.cachix.org"
+        "https://cache.garnix.io"
+      ];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+      ];
+    };
+
+    channel.enable = false; # remove nix-channel related tools & configs, we use flakes instead.
+  };
+
+  sops = {
+    age.keyFile = "/home/emenel/.config/sops/age/keys.txt"; # must have no password!
+    age.generateKey = true;
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      forgejo_emenel = {};
+    };
+  };
+
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_CA.UTF-8";
+
  boot.tmp.cleanOnBoot = true;
  boot.loader.grub.enable = true;
  zramSwap.enable = true;
  networking.hostName = "services-nixos";
  networking.domain = "";
+  networking.useDHCP = true;
  services.openssh.enable = true;
-  users.users.root.openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbzcaEyzlGJkDL8EMcVmrAWRlyYtilTjpIR2VGxkMHo'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvtBCUQEi7r6mXdaULEaMMvGH1IWZBX9tXpjbIECar2'' ];

  environment.systemPackages = with pkgs; [
    wget
@ -24,9 +66,9 @@
    rsync
    gnupg
    util-linux
+    git
  ];

-
  users.users.emenel = {
    openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbzcaEyzlGJkDL8EMcVmrAWRlyYtilTjpIR2VGxkMHo'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvtBCUQEi7r6mXdaULEaMMvGH1IWZBX9tXpjbIECar2'' ];

@ -43,6 +85,25 @@
    ];
  };

+  security.sudo = {
+    enable = true;
+    wheelNeedsPassword = false;
+  };
+
+  programs.nh = {
+    enable = true;
+    clean = {
+      enable = true;
+      dates = "daily";
+      extraArgs = "--keep 4";
+    };
+    flake = "/home/emenel/source/nixos-config";
+    package = pkgs.nh;
+  };
+
+
+
+

  system.stateVersion = "25.05"; # Did you read the comment?