about summary refs log tree commit diff stats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/default.nix1
-rw-r--r--system/services/dconf/default.nix10
-rw-r--r--system/services/default.nix9
-rw-r--r--system/services/nix/default.nix28
-rw-r--r--system/services/openssh/default.nix19
-rw-r--r--system/services/printing/default.nix19
-rw-r--r--system/services/snapper/default.nix47
7 files changed, 133 insertions, 0 deletions
diff --git a/system/default.nix b/system/default.nix
index 85971ba5..13386a6d 100644
--- a/system/default.nix
+++ b/system/default.nix
@@ -10,6 +10,7 @@
     ./users # the position of this item is fully arbitrary
     ./polkit
     ./graphics
+    ./services
   ];
     # TODO does this really remove all the bloatware, nixos installs by default?
     environment = {
diff --git a/system/services/dconf/default.nix b/system/services/dconf/default.nix
new file mode 100644
index 00000000..db35208e
--- /dev/null
+++ b/system/services/dconf/default.nix
@@ -0,0 +1,10 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  # needed to make home-manager play nice with some apps. See:
+  # https://nix-community.github.io/home-manager/index.html#_why_do_i_get_an_error_message_about_literal_ca_desrt_dconf_literal_or_literal_dconf_service_literal
+  programs.dconf.enable = true;
+}
diff --git a/system/services/default.nix b/system/services/default.nix
new file mode 100644
index 00000000..36cf9763
--- /dev/null
+++ b/system/services/default.nix
@@ -0,0 +1,9 @@
+{config, ...}: {
+  imports = [
+    ./printing
+    ./nix
+    ./snapper
+    ./dconf
+    ./openssh
+  ];
+}
diff --git a/system/services/nix/default.nix b/system/services/nix/default.nix
new file mode 100644
index 00000000..15c3a026
--- /dev/null
+++ b/system/services/nix/default.nix
@@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  pkgs,
+  nixpkgs,
+  ...
+}: {
+  nix = {
+    # Flakes settings
+    package = pkgs.nixVersions.stable;
+    # this can't be in nix settings because of some "type error". See:
+    # https://discourse.nixos.org/t/flakes-error-error-attribute-outpath-missing/18044
+    registry.nixpkgs.flake = nixpkgs;
+    gc = {
+      automatic = true;
+      dates = "weekly";
+      options = "--delete-older-than 7d";
+    };
+    settings = {
+      auto-optimise-store = true;
+      experimental-features = ["nix-command" "flakes"];
+      fallback = true;
+
+      keep-failed = true; #keep failed tmp build dirs
+      pure-eval = true; # restrict file system and network access to  hash
+    };
+  };
+}
diff --git a/system/services/openssh/default.nix b/system/services/openssh/default.nix
new file mode 100644
index 00000000..5ee48a0c
--- /dev/null
+++ b/system/services/openssh/default.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  pkg,
+  ...
+}: {
+  services.openssh = {
+    enable = true;
+    hostKeys = [
+      {
+        path = "/srv/sshd/ssh_host_ed25519_key";
+        rounds = 1000;
+        type = "ed25519";
+      }
+    ];
+    settings = {
+      PasswordAuthentication = false;
+    };
+  };
+}
diff --git a/system/services/printing/default.nix b/system/services/printing/default.nix
new file mode 100644
index 00000000..3b193eab
--- /dev/null
+++ b/system/services/printing/default.nix
@@ -0,0 +1,19 @@
+# vim: ts=2
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services.printing = {
+    enable = true;
+    webInterface = false; # don't enable the webinterface
+    drivers = with pkgs; [
+      gutenprint
+    ];
+  };
+  hardware.sane = {
+    # TODO this properly won't work like this
+    enable = true;
+    extraBackends = [pkgs.sane-airscan];
+  };
+}
diff --git a/system/services/snapper/default.nix b/system/services/snapper/default.nix
new file mode 100644
index 00000000..547ee3f5
--- /dev/null
+++ b/system/services/snapper/default.nix
@@ -0,0 +1,47 @@
+# vim: ts=2
+{config, ...}: {
+  services.snapper = {
+    configs = {
+      srv = {
+        subvolume = "/srv";
+        fstype = "btrfs";
+        extraConfig = ''
+          # users and groups allowed to work with config
+          ALLOW_GROUPS="wheel"
+
+          # sync users and groups from ALLOW_USERS and ALLOW_GROUPS to .snapshots
+          # directory
+          SYNC_ACL="yes"
+
+
+          # run daily number cleanup
+          NUMBER_CLEANUP="no"
+
+          # limit for number cleanup
+          NUMBER_MIN_AGE="1800"
+          NUMBER_LIMIT="50"
+          NUMBER_LIMIT_IMPORTANT="10"
+
+
+          # create hourly snapshots
+          TIMELINE_CREATE="yes"
+
+          # cleanup hourly snapshots after some time
+          TIMELINE_CLEANUP="yes"
+
+          # limits for timeline cleanup
+          TIMELINE_MIN_AGE="1800"
+          TIMELINE_LIMIT_HOURLY="7"
+          TIMELINE_LIMIT_DAILY="3"
+          TIMELINE_LIMIT_WEEKLY="0"
+          TIMELINE_LIMIT_MONTHLY="0"
+          TIMELINE_LIMIT_YEARLY="0"
+
+
+          # cleanup empty pre-post-pairs
+          EMPTY_PRE_POST_CLEANUP="yes"
+        '';
+      };
+    };
+  };
+}