{ config, pkgs, lib, inputs, modulesPath, ... }: { nix = { settings.experimental-features = [ "nix-command" "flakes" ]; settings.trusted-users = [ "root" "@wheel" ]; }; networking = { firewall = { enable = true; allowedTCPPorts = [ 22 9002 ]; }; }; time.timeZone = "Europe/Paris"; console.keyMap = "fr"; i18n.defaultLocale = "fr_FR.UTF-8"; environment.sessionVariables = rec { TERM = "xterm-256color"; }; nix.gc = { automatic = true; dates = "daily"; options = "--delete-old"; }; security.sudo.wheelNeedsPassword = false; users = { users.tbarnouin = { isNormalUser = true; extraGroups = [ "wheel" ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICf1B0nxNMvPWSR9pStdtx2x6Iw+JUeCCt1CKWoD8dsr" ]; }; users.root = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos" ]; }; }; programs = { zsh = { enable = true; shellAliases = { ll = "ls -l"; lla = "ls -lah"; }; ohMyZsh = { enable = true; plugins = [ "git" ]; theme = "bira"; }; }; tmux = { enable = true; }; }; nixpkgs.config.allowUnfree = true; environment = { localBinInPath = true; systemPackages = with pkgs; [ vim bash wget curl git htop tree dig ncdu nmap iperf3 netcat-openbsd ]; }; services = { cloud-init.network.enable = true; openssh = { enable = true; settings.PasswordAuthentication = false; settings.KbdInteractiveAuthentication = false; settings.PermitRootLogin = "prohibit-password"; hostKeys = [ { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } ]; }; fail2ban = { enable = true; }; rsyslogd = { enable = true; extraConfig = "*.*@192.168.1.27:514;RSYSLOG_SyslogProtocol23Format"; }; prometheus = { exporters = { node = { enable = true; enabledCollectors = [ "systemd" ]; port = 9002; }; }; }; }; system = { stateVersion = "24.11"; activationScripts.ensure-ssh-key-dir.text = "mkdir -p /etc/ssh"; }; }