nix-config/hosts/sesame/configuration.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
      # Supporting
      ./buckets.nix
      # Services
      ./suite.nix
      ./bois-ar.nix
      ./forgejo.nix
      ./transmission.nix
      ./lemorillon.nix
    ];

  # Boot configuration
  boot.loader.systemd-boot.enable = true;
  boot.loader.systemd-boot.configurationLimit = 10;
  boot.loader.efi.canTouchEfiVariables = true;

  # Networking
  networking.hostName = "sesame";
  networking.domain = "hemono.fr";

  # Set your time zone.
  time.timeZone = "Europe/Paris";

  # Console
  console = {
    keyMap = "fr";
  };

  # User account
  users.users.jhemono = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    openssh = {
      authorizedKeys.keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8Q2lWsqvoqoIxqb8HM96IpvZkFhnwcPdEo+m5peH5N/0PZloEp/NfLbzktXGNACe+bwfweR1Kokjs/Ep0tQQggGtgqB0jAopd1Yw0wzlFWYGqJsGyuFBGP4SljsQvGhU2IwgvuJFIRrOVu+gRTIM1DYGQOveNqlRU/QoqOZDQPvHsoQCLvwmZBzzi7DLktBQZ7h/CJ3GrzD2YUuIyulZGbhfM86i0p7NQ5+TSxuo7Yotbwzrzi7hAROO22ghRfv0vxAPip9SCF1SKIZpSDd8s7Nk6dkDE+95N5cMOkFwokWWsxaTM+EgZfTjQZon1L1/X3UC3hK6C+7GLusoNe8xdjm14e9LA5qG5ZRtLrmIrI2bW5KBj/8iTxRmXpE9x70d2Hl6jtHBQv4rQOAO3BET0TjlNAXchNDOcDbNX1ZqEwyImoF4c3kbr5M2ezWCDltAdvd74mMMiaenxwYkZeZbR3EJPbtC1v//9QQ9S7OzKa5utwjhZFlh0g79GKq8DiU6W8IzzmD7pGi8MIV3wOh1NGlcIlPaIyJY60XN0iRNI9NhMASAF493xPfMlVWl7Tly1VDVcPp5pC47vHU6/2mBbx5tnVShNPnkf4OwF3nC8i0DT+dRKXAxjfpoM5iYIrSHrNj9EKKFE4qNbqtAPTNGGtxJ0fUdWOgXLf5BMfYmaiQ== jhemono@gwiad"
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFWZ1MF5Srp1AkfgzO/19RCeYfCU+HtJFYESS9PhQrQYhUwZtoHExHYyD1nf71+jGFu6HJjXAPDD5ZW1XqYEh8kFvkx8uXw+kKHOVwuVhkcIYduQlsR8e8kbu8y6OABPe3SWmmtiA2HdWCwlZNoyTL1X4+LsA+Hbs0EHn1p+RQ4YeOSuZV/5VETt1Mcu/d0GyFBlnoCtu3VwexBdZgsVkw/kOpjNrY0RhqEwiO7P9J+jXT6HB8wvus6MzgvNPzoFo6hAXqRGu3SvCQJnVkE/AulHBfWLFCwdIrekGCKMv9v51dUJ5pgHxWyZZQhYNFpE2qTj8meExBDfnnYl7MFQ3j termbot"
      ];
    };
  #   packages = with pkgs; [
  #     firefox
  #     tree
  #   ];
  };

  # System packages
  environment.systemPackages = with pkgs; [
    git
    htop
    jq
    ncdu
    tmux
    tree
    unzip
    vim
  ];

  environment.variables.EDITOR = "vim";

  # Nix configuration
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 1w";
  };
  nix.settings.auto-optimise-store = true;

  # OpenSSH
  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "no";
      PasswordAuthentication = false;
    };
  };

  # HTTPS
  security.acme = {
    acceptTerms = true;   
    defaults.email = "julien@hemono.fr"; 
  };

  # Firewall
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  # networking.firewall.allowedUDPPorts = [ ... ];

  system.stateVersion = "23.11";

}