{ config, pkgs, ... }: let luaPam = pkgs.callPackage ./custom/luaPam.nix {}; in { imports = [ ./ymir-hw.nix ./custom/zsh.nix ./users.nix ]; boot.loader.grub = { enable = true; version = 2; device = "/dev/vda"; }; nixpkgs.config.packageOverrides = pkgs: (rec { prosody = pkgs.callPackage ./customized/prosody.nix { extraModules = ["mod_auth_pam"]; extraLibs = [luaPam]; }; }); environment.systemPackages = with pkgs; [ git mosh rsync tmux zsh ]; networking = { hostName = "ymir"; hostId = "1c5c994e"; firewall = { enable = true; allowPing = true; allowedTCPPorts = [ 22 5222 5269 ]; allowedUDPPortRanges = [ { from = 60000; to = 61000; } # mosh ]; }; enableIPv6 = true; defaultGateway6 = "fe80::1"; interfaces."enp0s3" = { ipv6Address = "2a03:4000:6:d004::"; ipv6PrefixLength = 64; }; }; users.extraUsers.root = let template = (import users/gkleen.nix); in { inherit (template) shell; openssh.authorizedKeys.keyFiles = template.openssh.authorizedKeys.keyFiles; }; services.ntp = { enable = false; }; # List services that you want to enable: services.openssh = { enable = true; passwordAuthentication = false; }; services.fcron = { enable = true; systab = '' %weekly * * nix-collect-garbage --delete-older-than '7d' ''; }; services.chrony = { enable = true; }; services.prosody = { enable = true; admins = [ "gkleen@xmpp.li" ]; allowRegistration = false; extraModules = [ "private" ]; extraConfig = '' authentication="pam" ''; virtualHosts.default = { enabled = true; domain = "xmpp.li"; ssl = { key = "certs/xmpp.li.key"; cert = "certs/xmpp.li.crt"; }; }; }; }