Add heaven (my server)

2024-06-07 21:21:03 +02:00
parent d917ac9f6a
commit 17f93ea60b
25 changed files with 238 additions and 17 deletions
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -0,0 +1,79 @@
+{ pkgs, config, ... }:
+let variable = import ../../variables.nix;
+in {
+  imports = [ ./hardware-configuration.nix ./openssh.nix ];
+
+  boot = {
+    loader.efi.canTouchEfiVariables = true;
+    loader.systemd-boot = {
+      enable = true;
+      consoleMode = "auto";
+    };
+    tmp.cleanOnBoot = true;
+  };
+
+  networking.hostName = variable.server.hostName;
+
+  time.timeZone = variable.timeZone;
+  i18n.defaultLocale = variable.defaultLocale;
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = variable.extraLocale;
+    LC_IDENTIFICATION = variable.extraLocale;
+    LC_MEASUREMENT = variable.extraLocale;
+    LC_MONETARY = variable.extraLocale;
+    LC_NAME = variable.extraLocale;
+    LC_NUMERIC = variable.extraLocale;
+    LC_PAPER = variable.extraLocale;
+    LC_TELEPHONE = variable.extraLocale;
+    LC_TIME = variable.extraLocale;
+  };
+
+  users.users.${variable.username} = {
+    isNormalUser = true;
+    description = "${variable.username} account";
+    extraGroups = [ "wheel" ];
+  };
+
+  console.keyMap = variable.keyboardLayout;
+
+  programs.zsh.enable = true;
+  users.defaultUserShell = pkgs.zsh;
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  security.rtkit.enable = true;
+
+  nix = {
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+    gc = if variable.server.enableAutoGarbageCollector then {
+      automatic = true;
+      persistent = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    } else
+      { };
+  };
+
+  system.autoUpgrade = if variable.server.enableAutoUpgrade then {
+    enable = true;
+    dates = "04:00";
+    flake = "${config.users.users.${variable.username}.home}/.config/nixos";
+    flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ];
+    allowReboot = false;
+  } else
+    { };
+
+  nix.settings = {
+    substituters = [ "https://hyprland.cachix.org" ];
+    trusted-public-keys =
+      [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ];
+  };
+
+  services.dbus.enable = true;
+
+  system.stateVersion = variable.server.stateVersion;
+}
--- a/hosts/server/openssh.nix
+++ b/hosts/server/openssh.nix
@@ -0,0 +1,25 @@
+{
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "no";
+    passwordAuthentication = true;
+    ports = [ 22 ];
+    banner = ''
+      HEAVEN:
+
+      This system is for the use of authorized users only. Individuals using this
+      computer system without authority, or in excess of their authority, are
+      subject to having all of their activities on this system monitored and
+      recorded by system personnel.
+
+      In the course of monitoring individuals improperly using this system, or in
+      the course of system maintenance, the activities of authorized users may also
+      be monitored.
+
+      Anyone using this system expressly consents to such monitoring and is advised
+      that if such monitoring reveals possible evidence of criminal activity,
+      system personnel may provide the evidence of such monitoring to law
+      enforcement officials.
+    '';
+  };
+}