{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ./data/secrets/secrets.nix ../../common/services/ssh.nix ./services/acme.nix ./services/nextcloud.nix ./services/nginx.nix ./services/postgres.nix ./services/redis.nix ./services/restic.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; boot.supportedFilesystems = ["zfs"]; services.zfs.autoSnapshot.enable = true; services.zfs.autoScrub.enable = true; time.timeZone = "Europe/Copenhagen"; networking = { hostName = "rudiger"; hostId = "8c7b66a4"; useDHCP = false; tempAddresses = "disabled"; interfaces = { "ens3" = { ipv4.addresses = [ { address = "202.61.202.170"; prefixLength = 22; } ]; ipv6.addresses = [ { address = "2a03:4000:5a:c61::1"; prefixLength = 64; } ]; }; }; defaultGateway = "202.61.200.1"; defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ]; }; nix = { autoOptimiseStore = true; trustedUsers = [ "root" "@wheel" ]; }; users.users.emelie = { isNormalUser = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO4LyBsW1YuUA6i3EL/IZhchSvk7reO4qgRmR/tdQPU emelie@flap" ]; }; environment.systemPackages = with pkgs; [ vim wget htop iotop dig ]; security.sudo.wheelNeedsPassword = false; systemd.services."nextcloud-setup" = { requires = [ "postgresql.service" "redis.service" ]; after = [ "postgresql.service" "redis.service" ]; }; users.groups.redis.members = [ "nextcloud" ]; users.groups.backup.members = [ "nextcloud" "postgres" ]; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # networking.firewall.allowedUDPPorts = [ ... ]; system.stateVersion = "21.05"; }