nix-config/hosts/franz/default.nix
GHOSCHT 26591d2175
Franz: Disable FTP
only SFTP is still supported, plain ftp is too unsafe
2024-06-13 23:30:20 +02:00

79 lines
1.7 KiB
Nix

{
inputs,
outputs,
lib,
config,
pkgs,
...
}: let
vars = import ../../vars.nix;
in {
imports = [
inputs.hardware.nixosModules.common-pc-ssd
inputs.disko.nixosModules.default
./hardware-configuration.nix
(import ../../disko/btrfs-swap.nix {device = "/dev/nvme0n1";})
./disko/zfs.nix
../common/global
../common/optional/systemd-boot.nix
../common/optional/gnome-keyring.nix
../common/optional/docker.nix
./sops.nix
./restic.nix
./arion
./hydra.nix
./samba.nix
];
# Enable ZFS
boot.supportedFilesystems = ["zfs"];
networking.hostId = "f014fc43";
systemd.enableEmergencyMode = false;
networking.firewall.enable = true;
# Prevent zfs from being automounted by fstab auto discovery & zfs
fileSystems."/storage/dataset".options = ["noauto"];
fileSystems."/storage".options = ["noauto"];
users.mutableUsers = true;
users.users.${vars.user} = {
password = "changeme";
openssh.authorizedKeys.keys = [
#Desktop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJd6Gut34abkwlZ4tZVBO4Qt7CkIpPm/Z8R6JCisjnYy openpgp:0xBD0CFCA0"
#Convertible
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlRsnLqm6Ap3yKEEhtFiWavo72df/X5Il1ZCmENUqev openpgp:0xDE189CA5"
];
};
security.pam.enableSSHAgentAuth = true;
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
networking.hostName = "franz";
programs = {
dconf.enable = true;
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.11";
}