41 lines
959 B
Nix
41 lines
959 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
modulesPath,
|
|
lib,
|
|
factsGenerator,
|
|
...
|
|
}:
|
|
|
|
{
|
|
system.stateVersion = "23.11";
|
|
|
|
imports = [
|
|
./disko-config.nix
|
|
./hardware-configuration.nix
|
|
./hetzner.nix
|
|
];
|
|
|
|
services.smartd.enable = true;
|
|
|
|
# root password
|
|
clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; };
|
|
users.users.root.hashedPasswordFile =
|
|
config.clan.core.facts.services.rootPassword.secret."password.root.pam".path;
|
|
|
|
# todo : use component for that
|
|
services.openssh.settings.PermitRootLogin = "prohibit-password";
|
|
services.openssh.settings.PasswordAuthentication = false;
|
|
|
|
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
|
|
|
|
boot.supportedFilesystems = [ "zfs" ];
|
|
clan.core.facts.services.zfs = factsGenerator.zfs { };
|
|
networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value;
|
|
|
|
services.zfs = {
|
|
autoSnapshot.enable = true;
|
|
autoScrub.enable = true;
|
|
};
|
|
|
|
}
|