{ config, lib, pkgs, inputs, ... }: { imports = [ ./hardware-configuration.nix ./network.nix ./nginx-nextcloud.nix ../../config/base.nix ]; my = import ./toggles.nix { inherit config inputs lib; } // { secureHost = true; users.nixremote = { enable = true; authorizedKeys = inputs.self.lib.getSshKeys [ "nixworkstation" "nixserver" "nixminiserver" ]; }; }; image.modules.linode = { }; environment.systemPackages = [ ]; security.sudo-rs.extraRules = [ { users = [ "nixremote" ]; commands = [ { options = [ "NOPASSWD" ]; command = "/run/current-system/sw/bin/nixos-rebuild"; } ]; } ]; systemd.tmpfiles.rules = [ "d /var/www/html 2775 deploy www-data -" "d /var/www/html/portfolio 2775 deploy www-data -" "d /var/www/html/blog 2775 deploy www-data -" "d /var/www/html/lidarr-mb-gap 2775 lidarr-reports lidarr-reports -" ]; sops.age = { generateKey = true; keyFile = "/var/lib/sops-nix/key.txt"; sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; }; networking.hostName = "vps"; services = { smartd.enable = lib.mkForce false; openssh.ports = [ config.my.ports.ssh ]; }; users = { groups = { deploy = { }; lidarr-reports = { }; www-data = { }; }; users = { nginx = lib.mkIf config.my.secureHost { extraGroups = [ "www-data" "lidarr-reports" ]; }; deploy = { isSystemUser = true; group = "deploy"; home = "/var/lib/deploy"; createHome = true; shell = pkgs.bashInteractive; extraGroups = [ "www-data" ]; openssh.authorizedKeys.keyFiles = [ ../../secrets/ssh/ed25519_deploy.pub ]; }; lidarr-reports = { isSystemUser = true; group = "lidarr-reports"; home = "/var/lib/lidarr-reports"; createHome = true; shell = pkgs.bashInteractive; openssh.authorizedKeys.keyFiles = [ ../../secrets/ssh/ed25519_lidarr-reports.pub ]; }; }; }; }