{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; # Secret management sops.age.keyFile = "/var/lib/sops-nix/key.txt"; sops.secrets."nextcloud-admin-pass" = { sopsFile = ../../secrets/harbor/nextcloud.yaml; owner = "nextcloud"; key = "admin-pass"; }; sops.secrets."wg-priv" = { sopsFile = ../../secrets/harbor/wg.yaml; key = "privateKey"; }; sops.secrets."gitea-db-pass" = { sopsFile = ../../secrets/harbor/gitea.yaml; owner = config.services.gitea.user; key = "databasePassword"; }; # Configure nix and garbage collection nix = { settings = { experimental-features = ["nix-command" "flakes"]; auto-optimise-store = true; }; gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; }; # user with ssh access users.users.jonas = { isNormalUser = true; description = "Jonas"; extraGroups = ["wheel"]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyCyYsMSiy7shcehlzJEbCyRiHk+cicFB35Bc2uc4PjjkCjswLh01fRAV2QcplrNkH/5F4GBTbOoZHHc7/AVLyUxgwDC9ffD2i7fevuGpfBFy9D30uz6jDekxXkmRmIlidXLdG1Fh4zwVejGlwdhUu/Zb7PonO/dktx3EFdf1SpnW+y75anN85zoGsld7KQk42wEd0zXtCgx4CKI6Vvt6heWCEiJ9wyw1sLpTJr4H8In236CUj1/r1qY9Gfa8n9NA0J9XCpcwSCEWGRKQNicoQIpnp5txrgzaUq4r6qBKHmImYXmSTVnDZ9dJLRYNu2lDvBtTXP4ztlR6Lpxs873fPg51qgaX9rRVMMo/gGjq8fOFWsDVaJZab9VY3hZYNCKIbWFqo4GKyCQs9Xfzr2AUACm09HWiYMTefwEypOzvUb4z+LF2B/0c5XmghLF/TOzLVgDXzAgWMH4mCnPh9EDLHTtoJaGNURler9VRV8yQyLH6oK9UpHZovCFs7HpFN+WPv2QVFfkK8aHg7tnklFsT78z154bjuspiEI/fFGmTxoQUGufmHlRy/9GQDusgNfe24ZEB2hHBVjKv29XdIfvFAhoPVpA6+O/N3feSlmVISaU+8QraVQEf/TuQjopDUWpJTmqSxKvQSTPwcyWDy6NtcJ85bGAu6jSUGC3ouH4Rb2Q== cardno:000609618602" ]; }; users.defaultUserShell = pkgs.zsh; programs.zsh.enable = true; services.openssh = { enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; }; # hive modules hive.gitea-instance.enable = true; hive.gitea-instance.instanceFQDN = "git.jroeger.de"; hive.gitea-instance.databasePasswordFile = config.sops.secrets.gitea-db-pass.path; hive.nextcloud-instance.enable = true; hive.nextcloud-instance.ssl = true; hive.nextcloud-instance.adminPasswordFile = config.sops.secrets.nextcloud-admin-pass.path; hive.nextcloud-instance.instanceFQDN = "nextcloud.jroeger.de"; hive.nix-scripts.enable = true; hive.borg-server.enable = true; hive.borg-server.repositories.comfy-station.ssh_public_key = builtins.readFile (../../static/keys + "/borg-jonas@comfy-station.pub"); hive.wg.server.enable = true; hive.wg.server.privateKeyFile = config.sops.secrets.wg-priv.path; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "24.11"; # Did you read the comment? # VPS compat boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; boot.loader.grub.version = 2; boot.kernelParams = ["net.ifnames=0"]; # ensure iface is called eth0 networking.networkmanager.enable = true; networking = { # Static network configuration hostName = "harbor"; domain = "jroeger.de"; defaultGateway = "173.249.42.1"; nameservers = ["8.8.8.8"]; interfaces.eth0.ipv4.addresses = [ { address = "173.249.42.252"; prefixLength = 24; } ]; }; # Set your time zone. time.timeZone = "Europe/Berlin"; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; console.keyMap = "de"; }