Files organization update

templates/nix-config/configuration.nix

@@ -0,0 +1,176 @@
+{ modulesPath, config, lib, pkgs, inputs, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    inputs.sops-nix.nixosModules.sops
+    ./disks/disko.nix
+    ./misc/activation.nix
+    ./misc/mail.nix
+    ./misc/networking.nix
+    ./misc/smart.nix
+#    ./disks/pcr-check.nix
+#    ./disks/snapraid.nix
+#    ./pcie-coral/coral.nix
+  ];
+
+  # Enable email notifications
+  email.enable = true;
+
+  # Hardware settings
+  hardware.enableRedistributableFirmware = true;
+  hardware.cpu.intel.updateMicrocode = true;
+  hardware.cpu.amd.updateMicrocode = true;
+
+  # Secrets management
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/home/numbus-admin/.ssh/id_ed25519" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+  sops.secrets."ssh_public_keys" = { owner = "numbus-admin"; path = "/etc/ssh/authorized_keys.d/numbus-admin"; };
+  sops.secrets."sender_email_address_password" = {};
+  sops.secrets."podman/frigate" = { owner = "numbus-admin"; path = "/etc/podman/frigate/.env"; };
+  sops.secrets."podman/gitea" = { owner = "numbus-admin"; path = "/etc/podman/gitea/.env"; };
+  sops.secrets."podman/home_assistant" = { owner = "numbus-admin"; path = "/etc/podman/home-assistant/.env"; };
+  sops.secrets."podman/immich" = { owner = "numbus-admin"; path = "/etc/podman/immich/.env"; };
+  sops.secrets."podman/it_tools" = { owner = "numbus-admin"; path = "/etc/podman/it-tools/.env"; };
+  sops.secrets."podman/nextcloud" = { owner = "numbus-admin"; path = "/etc/podman/nextcloud/.env"; };
+  sops.secrets."podman/passbolt" = { owner = "numbus-admin"; path = "/etc/podman/passbolt/.env"; };
+  sops.secrets."podman/pi_hole" = { owner = "numbus-admin"; path = "/etc/podman/pi-hole/.env"; };
+  sops.secrets."podman/traefik" = { owner = "numbus-admin"; path = "/etc/podman/traefik/.env"; };
+
+  # Bootloader options
+  boot.initrd.systemd.enable = true;
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.swraid.mdadmConf = "MAILADDR ${config.email.userAddress},${config.email.adminAddress}";
+#  boot.initrd.systemd.tpm2.enable = true;
+
+  # TPM2 PCR check
+#  systemIdentity.enable = true;
+#  systemIdentity.pcr15 = "PCR_HASH"; 
+
+  # Timezone
+  time.timeZone = "Europe/Paris";
+
+  # Internationalisation properties.
+  i18n.defaultLocale = "fr_FR.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "fr_FR.UTF-8";
+    LC_IDENTIFICATION = "fr_FR.UTF-8";
+    LC_MEASUREMENT = "fr_FR.UTF-8";
+    LC_MONETARY = "fr_FR.UTF-8";
+    LC_NAME = "fr_FR.UTF-8";
+    LC_NUMERIC = "fr_FR.UTF-8";
+    LC_PAPER = "fr_FR.UTF-8";
+    LC_TELEPHONE = "fr_FR.UTF-8";
+    LC_TIME = "fr_FR.UTF-8";
+  };
+
+  # Keyboard mapping
+  console.keyMap = "fr";
+  services.xserver.xkb = {
+    layout = "fr";
+    variant = "";
+  };
+
+  # Enable SSH
+  services.openssh.enable = true;
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # Install packages
+  environment.systemPackages = with pkgs; [
+    git
+    ncdu
+    fastfetch
+    tpm2-tss
+    sops
+    age
+    powertop
+    pciutils
+    hdparm
+    hd-idle
+    hddtemp
+    smartmontools
+    cpufrequtils
+    intel-gpu-tools
+    podman
+    podman-compose
+    podman-tui
+    snapraid
+    mergerfs
+    mergerfs-tools
+  ];
+
+  # Power savings
+  services.autoaspm.enable = true;
+  powerManagement.powertop.enable = true;
+  boot.kernelParams = [
+    "pcie_aspm=force"
+    "consoleblank=60"
+  ];
+
+  # Enable cron service
+  services.cron = {
+    enable = true;
+    systemCronJobs = [
+    ];
+  };
+
+  # Enable Podman
+  virtualisation.podman.enable = true;
+  virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
+
+  # Enable libvirt
+#  virtualisation.libvirtd.enable = true;
+#  programs.virt-manager.enable = true;
+
+  # User account
+  users.users.numbus-admin = {
+    isNormalUser = true;
+    description = "Numbus Admin";
+    extraGroups = [ "wheel" ];
+    uid = 1000;
+    initialPassword = "changeMe!";
+    # required for auto start before user login
+    linger = true;
+    # required for rootless container with multiple users
+    autoSubUidGidRange = true;
+  };
+
+  # Login message
+  environment.loginShellInit = ''
+    if [ "$(id -u)" -eq 1000 ]; then
+      if [ -n "$SSH_TTY" ]; then
+        fastfetch
+	      echo -e "\n\nWelcome to numbus.eu server !\n\n- This system is managed by NixOS\n- All changes are futile\n- Please consider buying support if you can't get your server running\n- Have a nice day and enjoy !"
+      fi
+    fi
+  '';
+
+  # Enable auto updates
+  system.autoUpgrade = {
+    enable = true;
+    allowReboot = true;
+    flake = inputs.self.outPath;
+    flags = [ "--print-build-logs" ];
+    dates = "02:00";
+    randomizedDelaySec = "45min";
+  };
+
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 7d";
+  };
+
+  # Enable NixOS flakes
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  # Enable auto nix-store optimization
+  nix.settings.auto-optimise-store = true;
+
+  system.stateVersion = "25.05";
+}