Used agenix to manage secrets, 4 services up, ssh

hosts/lazyworkhorse/configuration.nix

@@ -2,30 +2,27 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, self, paths, keys, ... }:
 
 {
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ./../../modules/default.nix
-      ./../../users/gortium.nix
-    ];
+  # NAS Mounting
+  hoardingcow-mount.enable = true;
 
   # Flakesss
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   nix.settings.trusted-users = [ "root" "gortium" ];
 
+  # Garbage collection
   nix.gc = {
     automatic = true;
-    dates = "weekly";  # You can also use "daily" or a cron-like spec
+    dates = "daily";  # You can also use "daily" or a cron-like spec
     options = "--delete-older-than 7d";  # Keep only 7 days of unreferenced data
   };
 
   nix.settings = {
-    auto-optimise-store = true;  # Deduplicate identical files
-    keep-derivations = false;
-    keep-outputs = false;
+    keep-derivations = true;
+    keep-outputs = true;
+    auto-optimise-store = true;
   };
 
   # Use the systemd-boot EFI boot loader.
@@ -41,7 +38,11 @@
   # Set your time zone.
   time.timeZone = "America/Montreal";
 
+  # Locales
   i18n.defaultLocale = "en_CA.UTF-8";
+  i18n.supportedLocales = [
+    "en_CA.UTF-8/UTF-8"
+  ];
   i18n.extraLocaleSettings = {
     LC_ADDRESS = "en_CA.UTF-8";
     LC_IDENTIFICATION = "en_CA.UTF-8";
@@ -52,8 +53,34 @@
     LC_PAPER = "en_CA.UTF-8";
     LC_TELEPHONE = "en_CA.UTF-8";
     LC_TIME = "en_CA.UTF-8";
+    LC_CTYPE = "en_CA.UTF-8";
   };
 
+  # Private host ssh key
+  age = {
+    identityPaths = paths.identities;
+    secrets = {
+      lazyworkhorse_host_ssh_key = {
+        file = "${self}/secrets/lazyworkhorse_host_ssh_key.age";
+        owner = "root";
+        group = "root";
+        mode = "0600";
+        path = "/etc/ssh/ssh_host_ed25519_key";
+      };
+    };
+  };
+
+  # Public host ssh key
+  environment.etc."ssh/ssh_host_ed25519_key.pub".text = keys.hosts.lazyworkhorse.main;
+
+  # Prevent sshd from generating new keys and use this one
+  services.openssh.hostKeys = [
+    {
+      path = "/etc/ssh/ssh_host_ed25519_key";
+      type = "ed25519";
+    }
+  ];
+
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@@ -81,21 +108,28 @@
     pulse.enable = true;
   };
 
+  environment.sessionVariables = {
+    NH_FLAKE = paths.flake;
+  };
+
   # Enable touchpad support (enabled default in most desktopManager).
   # services.libinput.enable = true;
 
   # nvim please
-  environment.variables.EDITOR = "neovim";
+  environment.variables.EDITOR = "nvim";
 
   # programs.firefox.enable = true;
 
   # List packages installed in system profile.
-  # You can use https://search.nixos.org/ to find more packages (and options).
+  # You can use https://Search.nixos.org/ to find more packages (and options).
   environment.systemPackages = with pkgs; [
+    agenix
     neovim
+    docker-compose
     wget
     age
     git
+    nh
   ];
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -114,7 +148,7 @@
     settings.PermitRootLogin = "no";
   };
 
-  # Open ports in the firewall.
+ # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.