{ ... }: { imports = [ ./hardware-configuration.nix # Add further modules here later, e.g.: ./programs.nix # ./modules/nextcloud.nix # ./modules/wireguard.nix # ./modules/docker.nix ]; # ============================================================ # WORKAROUNDS / FIXES # ============================================================ # Workaround for https://github.com/NixOS/nix/issues/8502 services.logrotate.checkConfig = false; # ============================================================ # BOOT # ============================================================ # Clear /tmp on every boot boot.tmp.cleanOnBoot = true; # ============================================================ # MEMORY # ============================================================ # zram swap (compressed RAM swap, good for small VPS) zramSwap.enable = true; # ============================================================ # NETWORKING # ============================================================ networking = { hostName = "nixos"; domain = "system"; # Firewall – only explicitly allowed ports are open firewall = { enable = true; allowedTCPPorts = [ 2405 # SSH # 80 # HTTP (uncomment when needed) # 443 # HTTPS (uncomment when needed) ]; }; }; services.nginx = { recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; recommendedProxySettings = true; }; security.acme = { acceptTerms = true; defaults.email = "nio24@pm.me"; }; # ============================================================ # TIMEZONE & LOCALISATION # ============================================================ time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; LC_MEASUREMENT = "de_DE.UTF-8"; LC_MONETARY = "de_DE.UTF-8"; LC_NAME = "de_DE.UTF-8"; LC_NUMERIC = "de_DE.UTF-8"; LC_PAPER = "de_DE.UTF-8"; LC_TELEPHONE = "de_DE.UTF-8"; LC_TIME = "de_DE.UTF-8"; }; # ============================================================ # SSH # ============================================================ services.openssh = { enable = true; ports = [ 2405 ]; settings = { # Only SSH key authentication, no password login PasswordAuthentication = false; # Root login only allowed via SSH key PermitRootLogin = "prohibit-password"; # Disconnect idle connections after 10 minutes ClientAliveInterval = 300; ClientAliveCountMax = 2; }; }; # ============================================================ # USERS # ============================================================ users.users.root = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhH+p950yRQHwznrvswAhD9aOMF+UjOFZVJgG0vOv2B" ]; }; # ============================================================ # NIX / SYSTEM # ============================================================ nix.settings = { # Automatically deduplicate the nix store auto-optimise-store = true; # Enable flakes experimental-features = [ "nix-command" "flakes" ]; }; # Automatically delete old generations (older than 14 days) nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 14d"; }; # Rebuild alias programs.bash.shellAliases = { rebuild = "sudo nixos-rebuild switch --flake /etc/nixos#nixos"; }; programs.zsh.shellAliases = { rebuild = "sudo nixos-rebuild switch --flake /etc/nixos#nixos"; }; # ============================================================ # STATE VERSION – DO NOT CHANGE # Indicates with which NixOS version this system was initialised. # Affects certain default settings. # ============================================================ system.stateVersion = "23.11"; }