configuration.nix

{
    self,
    inputs,
    modulesPath,
    lib,
    pkgs,
    ...
}:
{
    imports = [
        (modulesPath + "/profiles/qemu-guest.nix")
        ./modules/disk-config.nix

        ./modules/nginx.nix
        ./modules/gitea.nix
        ./modules/pds.nix
        ./modules/mail.nix
        ./modules/restic.nix
    ];

    nix.settings.experimental-features = [ "nix-command" "flakes" ];

    system.autoUpgrade = {
        enable = true;
        flake = inputs.self.outPath;
        flags = [
            "-L"
        ];

        allowReboot = true;
        rebootWindow = {
            lower = "03:00";
            upper = "05:00";
        };

        dates = "02:00";
        randomizedDelaySec = "45min";
    };

    system.stateVersion = "25.11";
    nixpkgs.hostPlatform = "x86_64-linux";
    hardware.enableRedistributableFirmware = true;
    networking.hostName = "garden";
    time.timeZone = "UTC";

    networking.useDHCP = true;
    boot.kernelParams = [ "net.ifnames=0" ];
    networking.firewall = {
        enable = true;
        allowedTCPPorts = [ 22 80 443 ];
        allowedUDPPorts = [ 22 ];
        allowedUDPPortRanges = [
            { from = 4000; to = 4007; }
            { from = 8000; to = 8010; }
        ];
    };

    boot.loader.grub = {
        efiSupport = true;
        efiInstallAsRemovable = true;
    };

    users.users.admin = {
        isNormalUser = true;
        shell = pkgs.zsh;
        openssh.authorizedKeys.keys = [
            "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBEyvP3QsMUk8k+h/gjmHUZvic/lKVfQDNISIhwiJ4OArcvo8Y1c9Hg+wagVkSw3xA+ggBQw/E7VYoMvx/JtcAQsAAAAEc3NoOg== ssh:"
        ];
        extraGroups = [ "wheel" ];
    };

    services.openssh = {
        enable = true;
        settings = {
            PermitRootLogin = "no";
            PasswordAuthentication = false;
        };
    };

    # Global packages
    environment.systemPackages = with pkgs; [
        zsh
        fish
        neovim
        nano
        git
    ];

    programs.zsh.enable = true;
    programs.bash.completion.enable = true;

    security.sudo = {
        enable = true;
        wheelNeedsPassword = false;
    };
}
Initial server configuration 2026-01-22 10:50:59 -05:00			`{`
			`self,`
			`inputs,`
			`modulesPath,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`{`
			`imports = [`
			`(modulesPath + "/profiles/qemu-guest.nix")`
			`./modules/disk-config.nix`

			`./modules/nginx.nix`
			`./modules/gitea.nix`
Add atproto PDS server 2026-01-22 18:42:41 -05:00			`./modules/pds.nix`
Add smtp and imap email server 2026-02-10 13:08:43 -05:00			`./modules/mail.nix`
Implement basic backups with restic 2026-01-24 01:13:32 -05:00			`./modules/restic.nix`
Initial server configuration 2026-01-22 10:50:59 -05:00			`];`

			`nix.settings.experimental-features = [ "nix-command" "flakes" ];`

Enable automatic updates 2026-02-07 23:34:11 -05:00			`system.autoUpgrade = {`
			`enable = true;`
			`flake = inputs.self.outPath;`
			`flags = [`
			`"-L"`
			`];`

			`allowReboot = true;`
			`rebootWindow = {`
			`lower = "03:00";`
			`upper = "05:00";`
			`};`

			`dates = "02:00";`
			`randomizedDelaySec = "45min";`
			`};`

Initial server configuration 2026-01-22 10:50:59 -05:00			`system.stateVersion = "25.11";`
			`nixpkgs.hostPlatform = "x86_64-linux";`
			`hardware.enableRedistributableFirmware = true;`
			`networking.hostName = "garden";`
			`time.timeZone = "UTC";`

			`networking.useDHCP = true;`
			`boot.kernelParams = [ "net.ifnames=0" ];`
			`networking.firewall = {`
			`enable = true;`
			`allowedTCPPorts = [ 22 80 443 ];`
			`allowedUDPPorts = [ 22 ];`
			`allowedUDPPortRanges = [`
			`{ from = 4000; to = 4007; }`
			`{ from = 8000; to = 8010; }`
			`];`
			`};`

			`boot.loader.grub = {`
			`efiSupport = true;`
			`efiInstallAsRemovable = true;`
			`};`

			`users.users.admin = {`
			`isNormalUser = true;`
Implement basic backups with restic 2026-01-24 01:13:32 -05:00			`shell = pkgs.zsh;`
Initial server configuration 2026-01-22 10:50:59 -05:00			`openssh.authorizedKeys.keys = [`
			`"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBEyvP3QsMUk8k+h/gjmHUZvic/lKVfQDNISIhwiJ4OArcvo8Y1c9Hg+wagVkSw3xA+ggBQw/E7VYoMvx/JtcAQsAAAAEc3NoOg== ssh:"`
			`];`
			`extraGroups = [ "wheel" ];`
			`};`

			`services.openssh = {`
			`enable = true;`
			`settings = {`
			`PermitRootLogin = "no";`
			`PasswordAuthentication = false;`
			`};`
			`};`

			`# Global packages`
			`environment.systemPackages = with pkgs; [`
Implement basic backups with restic 2026-01-24 01:13:32 -05:00			`zsh`
			`fish`
Initial server configuration 2026-01-22 10:50:59 -05:00			`neovim`
			`nano`
			`git`
			`];`

Implement basic backups with restic 2026-01-24 01:13:32 -05:00			`programs.zsh.enable = true;`
Initial server configuration 2026-01-22 10:50:59 -05:00			`programs.bash.completion.enable = true;`

			`security.sudo = {`
			`enable = true;`
			`wheelNeedsPassword = false;`
			`};`
			`}`