{ config, pkgs, ... }: let luaPam = pkgs.callPackage ./custom/luaPam.nix {}; luaPosix = pkgs.callPackage ./custom/luaPosix.nix {}; in { imports = [ ./ymir-hw.nix ./custom/zsh.nix ./users.nix ]; boot.loader.grub = { enable = true; version = 2; device = "/dev/vda"; }; boot.kernel.sysctl = { "net.ipv4.tcp_keepalive_time" = 60; "net.ipv4.tcp_keepalive_intvl" = 10; "net.ipv4.tcp_keepalive_probes" = 6; }; nixpkgs.config.packageOverrides = pkgs: rec { prosody = pkgs.callPackage ./customized/prosody.nix ({ inherit (pkgs.lua51Packages) luasocket luasec luaexpat luafilesystem luabitop luaevent luazlib; lua5 = pkgs.lua5_1; extraModules = ["mod_auth_pam"]; extraLibs = [luaPam luaPosix]; }); }; environment.systemPackages = with pkgs; [ git mosh rsync tmux zsh ]; networking = { hostName = "ymir"; hostId = "1c5c994e"; firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 22 5222 5269 ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh ]; }; enableIPv6 = true; defaultGateway6 = "fe80::1"; interfaces."enp0s3" = { ipv6Address = "2a03:4000:6:d004::"; ipv6PrefixLength = 64; }; }; users.extraUsers.root = let template = (import users/gkleen.nix); in { inherit (template) shell; openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; services.ntp = { enable = false; }; # List services that you want to enable: services.openssh = { enable = true; passwordAuthentication = false; }; services.fcron = { enable = true; systab = '' %weekly * * nix-collect-garbage --delete-older-than '7d' ''; }; services.chrony = { enable = true; }; services.prosody = { enable = true; admins = [ "gkleen@xmpp.li" ]; allowRegistration = false; extraModules = [ "private" "auth_pam" ]; extraConfig = '' authentication="pam" ''; virtualHosts.default = { enabled = true; domain = "xmpp.li"; ssl = { key = "certs/xmpp.li.key"; cert = "certs/xmpp.li.crt"; }; }; }; security.pam.services."xmpp".text = '' auth required pam_warn.so audit auth required pam_succeed_if.so user ingroup xmpp audit auth [success=1 default=ignore] pam_unix.so obscure sha512 nodelay audit auth requisite pam_deny.so audit auth required pam_permit.so audit ''; users.groups."xmpp" = { members = [ "gkleen" ]; }; }