{ flake, pkgs, lib, ... }: { imports = with flake.nixosModules.systemProfiles; [ openssh rebuild-machines initrd-all-crypto-modules ]; config = { nixpkgs = { system = "x86_64-linux"; }; networking.hostId = "1e7ddd78"; environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e"; boot = { loader.grub = { enable = true; version = 2; device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0"; }; kernelPackages = pkgs.linuxPackages_latest; tmpOnTmpfs = true; supportedFilesystems = [ "zfs" ]; zfs = { enableUnstable = true; }; initrd.kernelModules = [ "dm_raid" ]; }; fileSystems = { "/" = { fsType = "tmpfs"; options = [ "mode=0755" ]; }; }; networking = { hostName = "vidhar"; domain = "asgard.yggdrasil"; search = [ "asgard.yggdrasil" "yggdrasil" ]; useDHCP = false; useNetworkd = true; interfaces."eno1".useDHCP = true; firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 22 # ssh ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh ]; }; }; services.timesyncd.enable = false; services.chrony = { enable = true; servers = []; extraConfig = '' pool time.cloudflare.com iburst nts pool nts.ntp.se iburst nts server nts.sth1.ntp.se iburst nts server nts.sth2.ntp.se iburst nts server ptbtime1.ptb.de iburst nts server ptbtime2.ptb.de iburst nts server ptbtime3.ptb.de iburst nts makestep 0.1 3 cmdport 0 ''; }; services.openssh = { enable = true; passwordAuthentication = false; challengeResponseAuthentication = false; extraConfig = '' AllowGroups ssh ''; }; users.groups."ssh" = { members = ["root"]; }; security.sudo.extraConfig = '' Defaults lecture = never ''; nix.gc = { automatic = true; options = "--delete-older-than 30d"; }; }; }