{ config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ./services/acme.nix ./services/coturn.nix ./services/nginx.nix ./services/postgres.nix ./services/synapse.nix ./services/ttrss.nix ./services/gitea.nix ./services/restic.nix ./services/sshguard.nix ./data/secrets/secrets.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.device = "/dev/sda"; boot.supportedFilesystems = ["zfs"]; services.zfs.autoSnapshot.enable = true; services.zfs.autoScrub.enable = true; networking.hostName = "wind"; networking.hostId = "929e7fb7"; time.timeZone = "Europe/Copenhagen"; networking.useDHCP = false; networking.interfaces.ens3.useDHCP = true; networking.interfaces.ens3.ipv6.addresses = [ { address = "2a01:4f9:c010:34cb::1"; prefixLength = 64; } ]; networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; users.users.emelie = { isNormalUser = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICO4LyBsW1YuUA6i3EL/IZhchSvk7reO4qgRmR/tdQPU emelie@flap" ]; }; security.sudo.wheelNeedsPassword = false; environment.systemPackages = with pkgs; [ vim htop iotop ]; nix = { autoOptimiseStore = true; trustedUsers = [ "root" "@wheel" ]; }; services.openssh = { enable = true; passwordAuthentication = false; permitRootLogin = "no"; challengeResponseAuthentication = false; }; # Use hetzner firewall instead networking.firewall.enable = false; # networking.firewall.allowedTCPPorts = [ 22 80 443 3478 5349 ]; # networking.firewall.allowedUDPPorts = [ 3478 5349 ] # networking.firewall.allowedUDPPortsRanges = [ { from = 49152; to = 49999; } ]; users.groups.acme.members = [ "nginx" "turnserver" "gitea" ]; users.groups.postgres.members = [ "restic" ]; users.groups.gitea.members = [ "restic" ]; users.groups.matrix-synapse.members = [ "restic" ]; system.stateVersion = "21.05"; }