NixOS/hosts/linode/configuration.nix

{
  pkgs,
  config,
  inputs,
  ...
}:
{
  imports = [
    ./hardware-configuration.nix
    ./wireguard-linode.nix
    ../../config/base.nix
  ];
  my = import ./toggles.nix { inherit config inputs; } // {
    nix.cores = 2;
    users.nixremote.enable = false;
    network.firewall = {
      enabledServicePorts = true;
      additionalPorts = [ ];
    };
  };
  networking.hostName = "linode";
  services.openssh = {
    enable = true;
    openFirewall = true;
    startWhenNeeded = false;
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "prohibit-password";
      KbdInteractiveAuthentication = false;
    };
  };
  security.fail2ban = {
    enable = true;
    maxretry = 5;
    bantime = "1h";
  };
  environment.systemPackages = builtins.attrValues {
    inherit (pkgs)
      htop
      iotop
      tcpdump
      wireguard-tools
      ;
  };
  system.autoUpgrade = {
    enable = true;
    dates = "weekly";
    allowReboot = true;
  };
}