2024-08-29 03:26:04 +02:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
modulesPath,
|
|
|
|
|
lib,
|
|
|
|
|
factsGenerator,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2023-12-09 17:15:50 +01:00
|
|
|
|
|
|
|
|
{
|
2024-03-02 12:57:01 +01:00
|
|
|
system.stateVersion = "23.11";
|
2024-02-28 23:17:23 +01:00
|
|
|
|
2024-02-29 00:32:48 +01:00
|
|
|
imports = [
|
2024-02-28 23:17:23 +01:00
|
|
|
./disko-config.nix
|
|
|
|
|
./hardware-configuration.nix
|
2024-08-07 21:51:43 +02:00
|
|
|
./hetzner.nix
|
2024-02-29 00:32:48 +01:00
|
|
|
];
|
2024-02-28 23:17:23 +01:00
|
|
|
|
2024-03-03 14:56:49 +01:00
|
|
|
services.smartd.enable = true;
|
|
|
|
|
|
2024-07-04 19:22:20 +02:00
|
|
|
# root password
|
|
|
|
|
clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; };
|
2024-08-29 03:26:04 +02:00
|
|
|
users.users.root.hashedPasswordFile =
|
|
|
|
|
config.clan.core.facts.services.rootPassword.secret."password.root.pam".path;
|
2024-07-04 19:22:20 +02:00
|
|
|
|
2024-08-08 00:14:52 +02:00
|
|
|
# todo : use component for that
|
2023-12-09 17:15:50 +01:00
|
|
|
services.openssh.settings.PermitRootLogin = "prohibit-password";
|
|
|
|
|
services.openssh.settings.PasswordAuthentication = false;
|
|
|
|
|
|
2024-03-02 21:19:12 +01:00
|
|
|
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
|
2023-12-09 17:15:50 +01:00
|
|
|
|
2024-03-02 21:19:12 +01:00
|
|
|
boot.supportedFilesystems = [ "zfs" ];
|
2024-06-19 13:19:55 +02:00
|
|
|
clan.core.facts.services.zfs = factsGenerator.zfs { };
|
|
|
|
|
networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value;
|
2023-12-09 17:15:50 +01:00
|
|
|
|
2024-09-15 00:29:33 +02:00
|
|
|
services.zfs = {
|
|
|
|
|
autoSnapshot.enable = true;
|
|
|
|
|
autoScrub.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-03-02 12:57:01 +01:00
|
|
|
}
|
