Raphaël Numbus
35 lines
1.2 KiB
Nix
35 lines
1.2 KiB
Nix
{ modulesPath, config, lib, pkgs, inputs, ... }:
|
|
|
|
{
|
|
imports = [
|
|
(modulesPath + "/installer/scan/not-detected.nix")
|
|
(modulesPath + "/profiles/qemu-guest.nix")
|
|
];
|
|
|
|
# System
|
|
system.stateVersion = "25.11";
|
|
|
|
# Secrets management
|
|
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
|
sops.age.sshKeyPaths = [ "/home/numbus-admin/.ssh/id_ed25519" ];
|
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
|
sops.secrets."authorizedSshPublicKeys" = { owner = "numbus-admin"; path = "/home/numbus-admin/.ssh/authorized_keys"; mode = "0600"; };
|
|
sops.secrets."smtpPassword" = { owner = "numbus-admin"; mode = "0600"; };
|
|
sops.secrets."cloudflareDnsApiToken" = { owner = "numbus-admin"; mode = "0600"; };
|
|
|
|
# # TPM2 PCR check
|
|
# systemIdentity.enable = true;
|
|
# systemIdentity.pcr15 = "PCR_HASH";
|
|
|
|
# Server
|
|
time.timeZone = "Europe/Paris";
|
|
config.numbus.owner = "Raphael";
|
|
|
|
# Enable email notifications
|
|
config.numbus.mail.enable = true;
|
|
config.numbus.mail.userAddress = "user@tunea.eu";
|
|
config.numbus.mail.adminAddress = "admin@tunea.eu";
|
|
config.numbus.mail.smtpUsername = "raphaels.server@gmail.com";
|
|
config.numbus.mail.smtpPasswordPath = config.sops.secrets.smtpPassword.path;
|
|
|