Convert common NixOS config to a module
This commit is contained in:
parent
67ac31ff22
commit
88ab8e0d76
3 changed files with 265 additions and 264 deletions
467
common/nixos.nix
467
common/nixos.nix
|
@ -1,6 +1,10 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
# Module
|
||||
host = config.host;
|
||||
|
||||
# Resources
|
||||
palette = import ./resources/palette.nix;
|
||||
in
|
||||
{
|
||||
|
@ -9,230 +13,249 @@ in
|
|||
../packages/kmonad.nix
|
||||
];
|
||||
|
||||
# Overrides
|
||||
nixpkgs.overlays = [
|
||||
# Pending https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5370
|
||||
(_: pkgs: {
|
||||
gnome = pkgs.gnome.overrideScope' (_: gnome: {
|
||||
gnome-shell = gnome.gnome-shell.overrideAttrs (gnome-shell: {
|
||||
patches = gnome-shell.patches ++ [ ../patches/gnome-shell_screenshot-location.patch ];
|
||||
options.host = {
|
||||
name = lib.mkOption { type = lib.types.str; };
|
||||
local = lib.mkOption { type = lib.types.path; };
|
||||
resources = lib.mkOption { type = lib.types.path; };
|
||||
};
|
||||
|
||||
config = {
|
||||
# Overrides
|
||||
nixpkgs.overlays = [
|
||||
# Pending https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5370
|
||||
(_: pkgs: {
|
||||
gnome = pkgs.gnome.overrideScope' (_: gnome: {
|
||||
gnome-shell = gnome.gnome-shell.overrideAttrs (gnome-shell: {
|
||||
patches = gnome-shell.patches ++ [ ../patches/gnome-shell_screenshot-location.patch ];
|
||||
});
|
||||
});
|
||||
});
|
||||
})
|
||||
];
|
||||
|
||||
# Nix
|
||||
nix.autoOptimiseStore = true;
|
||||
nix.gc = { automatic = true; options = "--delete-older-than 7d"; };
|
||||
nix.extraOptions = ''
|
||||
# Recommended by nix-direnv
|
||||
keep-outputs = true
|
||||
keep-derivations = true
|
||||
'';
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# Boot
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.systemd-boot.memtest86.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
# Swap
|
||||
zramSwap.enable = true;
|
||||
|
||||
# Filesystems
|
||||
boot.initrd.luks = {
|
||||
gpgSupport = true;
|
||||
devices.pv = {
|
||||
device = "/dev/disk/by-partlabel/pv-enc";
|
||||
allowDiscards = true;
|
||||
fallbackToPassword = true;
|
||||
gpgCard.encryptedPass = ./local/resources/luks-passphrase.gpg;
|
||||
gpgCard.publicKey = ./resources/andrew.asc;
|
||||
};
|
||||
};
|
||||
fileSystems."/".options = [ "compress=zstd:2" "discard=async" "noatime" ];
|
||||
services.btrfs.autoScrub.enable = true;
|
||||
boot.cleanTmpDir = true;
|
||||
|
||||
# Time and locale
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8";
|
||||
|
||||
# Networking
|
||||
networking.domain = "home.arpa";
|
||||
networking.search = [ "home.arpa" ];
|
||||
# Workaround for `avahi-daemon[1234]: Failed to read /etc/avahi/services.`
|
||||
# Upstream: https://github.com/lathiat/avahi/blob/v0.8/avahi-daemon/static-services.c#L917-L919
|
||||
system.activationScripts.etcAvahiServices = "mkdir -p /etc/avahi/services";
|
||||
|
||||
# Console
|
||||
console.packages = with pkgs; [ terminus_font ];
|
||||
console.font = "ter-v32n";
|
||||
console.colors = map (lib.removePrefix "#") (with palette; [
|
||||
"#000000" red green yellow blue orange purple white
|
||||
gray red green yellow blue orange purple white
|
||||
]);
|
||||
|
||||
# Keyboard
|
||||
services.xserver.extraLayouts.halmakish = {
|
||||
description = "Halmakish";
|
||||
languages = [ "eng" ];
|
||||
symbolsFile = ./resources/halmakish.xkb;
|
||||
};
|
||||
services.xserver.layout = "halmakish";
|
||||
console.useXkbConfig = true;
|
||||
services.kmonad.enable = true;
|
||||
|
||||
# Power
|
||||
systemd.ctrlAltDelUnit = "poweroff.target";
|
||||
|
||||
# Authentication
|
||||
security.pam.u2f = {
|
||||
enable = true;
|
||||
control = "sufficient";
|
||||
cue = true;
|
||||
};
|
||||
|
||||
# Authorization
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
groups = [ "wheel" ];
|
||||
commands = [
|
||||
{ command = "/run/current-system/sw/bin/btrfs balance start --enqueue -dusage=50 -musage=50 /"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/nix-channel --update"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/nixos-rebuild boot"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/nixos-rebuild switch"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/poweroff"; options = [ "NOPASSWD" ]; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
# SSH
|
||||
services.openssh = { enable = true; passwordAuthentication = false; };
|
||||
|
||||
# Mail
|
||||
services.postfix = {
|
||||
enable = true;
|
||||
config = {
|
||||
relayhost = "[email-smtp.us-west-2.amazonaws.com]:587";
|
||||
smtp_use_tls = "yes";
|
||||
smtp_tls_security_level = "encrypt";
|
||||
smtp_tls_note_starttls_offer = "yes";
|
||||
smtp_sasl_auth_enable = "yes";
|
||||
smtp_sasl_security_options = "noanonymous";
|
||||
smtp_sasl_password_maps = "hash:/var/lib/postfix/conf/smtp_sasl_password_maps";
|
||||
};
|
||||
origin = "andrew.kvalhe.im";
|
||||
destination = [ ]; # Disable local delivery
|
||||
};
|
||||
systemd.services."alert@" = {
|
||||
description = "Alert of failed %I";
|
||||
serviceConfig.SyslogIdentifier = "%p";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.ExecStart = ''
|
||||
${pkgs.bash}/bin/bash -c "${pkgs.system-sendmail}/bin/sendmail -i root \
|
||||
<<< $'Subject: %I failed\n\n'\"$(systemctl --full status %I)\""
|
||||
'';
|
||||
};
|
||||
|
||||
# SMART monitoring
|
||||
services.smartd = {
|
||||
enable = true;
|
||||
notifications.mail.enable = true;
|
||||
};
|
||||
|
||||
# Firmware updates
|
||||
services.fwupd.enable = true;
|
||||
|
||||
# Audio
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa = { enable = true; support32Bit = true; };
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
# Printer
|
||||
services.printing.enable = true;
|
||||
services.printing.drivers = with pkgs; [ brgenml1cupswrapper ];
|
||||
hardware.printers = {
|
||||
ensureDefaultPrinter = "DCP-7065DN";
|
||||
ensurePrinters = [{
|
||||
name = "DCP-7065DN";
|
||||
description = "Brother DCP-7065DN";
|
||||
model = "brother-BrGenML1-cups-en.ppd";
|
||||
deviceUri = "lpd://lumberjack/binary_p1";
|
||||
}];
|
||||
};
|
||||
|
||||
# Scanner
|
||||
hardware.sane.enable = true;
|
||||
hardware.sane.brscan4 = {
|
||||
enable = true;
|
||||
netDevices.DCP-7065DN = { model = "DCP-7065DN"; nodename = "lumberjack"; };
|
||||
};
|
||||
|
||||
# Graphical environment
|
||||
services.xserver.enable = true;
|
||||
services.xserver.displayManager.gdm.enable = true;
|
||||
services.xserver.desktopManager.gnome.enable = true;
|
||||
|
||||
# Applications
|
||||
environment.gnome.excludePackages = with pkgs; [
|
||||
gnome.epiphany
|
||||
gnome.geary
|
||||
gnome.gnome-calculator
|
||||
gnome.gnome-maps
|
||||
gnome.gnome-music
|
||||
gnome.gnome-weather
|
||||
gnome-photos
|
||||
];
|
||||
services.pcscd.enable = true;
|
||||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
virtualisation = {
|
||||
containers.registries.search = [ "docker.io" ];
|
||||
docker = { enable = true; enableOnBoot = false; autoPrune.enable = true; };
|
||||
podman.enable = true;
|
||||
libvirtd.enable = true;
|
||||
};
|
||||
programs.zsh.enable = true;
|
||||
environment.localBinInPath = true;
|
||||
|
||||
# Users
|
||||
users.mutableUsers = false;
|
||||
users.groups.ak.gid = 1000;
|
||||
users.users.ak = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
group = "ak";
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
"lp"
|
||||
"scanner"
|
||||
"podman"
|
||||
"docker"
|
||||
"libvirtd"
|
||||
})
|
||||
];
|
||||
description = "Andrew";
|
||||
hashedPassword = builtins.readFile ./local/resources/ak.passwd;
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./resources/andrew.pub) ];
|
||||
};
|
||||
|
||||
# Backup
|
||||
systemd.services.mirror = {
|
||||
description = "Mirror to closet";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.Nice = 10;
|
||||
onFailure = [ "alert@%n.service" ];
|
||||
path = with pkgs; [ netcat openssh rsync ];
|
||||
};
|
||||
systemd.timers.mirror = {
|
||||
timerConfig.OnCalendar = "00,12,17:00 America/Los_Angeles";
|
||||
timerConfig.Persistent = true;
|
||||
wantedBy = [ "timers.target" ];
|
||||
# Nix
|
||||
nix.autoOptimiseStore = true;
|
||||
nix.gc = { automatic = true; options = "--delete-older-than 7d"; };
|
||||
nix.extraOptions = ''
|
||||
# Recommended by nix-direnv
|
||||
keep-outputs = true
|
||||
keep-derivations = true
|
||||
'';
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# Boot
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.systemd-boot.memtest86.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
# Swap
|
||||
zramSwap.enable = true;
|
||||
|
||||
# Filesystems
|
||||
boot.initrd.luks = {
|
||||
gpgSupport = true;
|
||||
devices.pv = {
|
||||
device = "/dev/disk/by-partlabel/pv-enc";
|
||||
allowDiscards = true;
|
||||
fallbackToPassword = true;
|
||||
gpgCard.encryptedPass = ./local/resources/luks-passphrase.gpg;
|
||||
gpgCard.publicKey = ./resources/andrew.asc;
|
||||
};
|
||||
};
|
||||
fileSystems."/".options = [ "compress=zstd:2" "discard=async" "noatime" ];
|
||||
services.btrfs.autoScrub.enable = true;
|
||||
boot.cleanTmpDir = true;
|
||||
|
||||
# Time and locale
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8";
|
||||
|
||||
# Networking
|
||||
networking.hostName = host.name;
|
||||
networking.domain = "home.arpa";
|
||||
networking.search = [ "home.arpa" ];
|
||||
# Workaround for `avahi-daemon[1234]: Failed to read /etc/avahi/services.`
|
||||
# Upstream: https://github.com/lathiat/avahi/blob/v0.8/avahi-daemon/static-services.c#L917-L919
|
||||
system.activationScripts.etcAvahiServices = "mkdir -p /etc/avahi/services";
|
||||
|
||||
# Console
|
||||
console.packages = with pkgs; [ terminus_font ];
|
||||
console.font = "ter-v32n";
|
||||
console.colors = map (lib.removePrefix "#") (with palette; [
|
||||
"#000000" red green yellow blue orange purple white
|
||||
gray red green yellow blue orange purple white
|
||||
]);
|
||||
|
||||
# Keyboard
|
||||
services.xserver.extraLayouts.halmakish = {
|
||||
description = "Halmakish";
|
||||
languages = [ "eng" ];
|
||||
symbolsFile = ./resources/halmakish.xkb;
|
||||
};
|
||||
services.xserver.layout = "halmakish";
|
||||
console.useXkbConfig = true;
|
||||
services.kmonad = {
|
||||
enable = true;
|
||||
keyboards.default = {
|
||||
config = builtins.readFile (host.resources + "/halmakish.kbd");
|
||||
fallthrough = true;
|
||||
allowCommands = false;
|
||||
};
|
||||
};
|
||||
|
||||
# Power
|
||||
systemd.ctrlAltDelUnit = "poweroff.target";
|
||||
|
||||
# Authentication
|
||||
security.pam.u2f = {
|
||||
enable = true;
|
||||
appId = "pam://${host.name}";
|
||||
control = "sufficient";
|
||||
cue = true;
|
||||
};
|
||||
|
||||
# Authorization
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
groups = [ "wheel" ];
|
||||
commands = [
|
||||
{ command = "/run/current-system/sw/bin/btrfs balance start --enqueue -dusage=50 -musage=50 /"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/nix-channel --update"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/nixos-rebuild boot"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/nixos-rebuild switch"; options = [ "NOPASSWD" ]; }
|
||||
{ command = "/run/current-system/sw/bin/poweroff"; options = [ "NOPASSWD" ]; }
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
# SSH
|
||||
services.openssh = { enable = true; passwordAuthentication = false; };
|
||||
|
||||
# Mail
|
||||
services.postfix = {
|
||||
enable = true;
|
||||
config = {
|
||||
relayhost = "[email-smtp.us-west-2.amazonaws.com]:587";
|
||||
smtp_use_tls = "yes";
|
||||
smtp_tls_security_level = "encrypt";
|
||||
smtp_tls_note_starttls_offer = "yes";
|
||||
smtp_sasl_auth_enable = "yes";
|
||||
smtp_sasl_security_options = "noanonymous";
|
||||
smtp_sasl_password_maps = "hash:/var/lib/postfix/conf/smtp_sasl_password_maps";
|
||||
};
|
||||
origin = "andrew.kvalhe.im";
|
||||
destination = [ ]; # Disable local delivery
|
||||
mapFiles.smtp_sasl_password_maps = (host.local + "/resources/smtp-sasl-password-maps");
|
||||
};
|
||||
systemd.services."alert@" = {
|
||||
description = "Alert of failed %I";
|
||||
serviceConfig.SyslogIdentifier = "%p";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.ExecStart = ''
|
||||
${pkgs.bash}/bin/bash -c "${pkgs.system-sendmail}/bin/sendmail -i root \
|
||||
<<< $'Subject: %I failed\n\n'\"$(systemctl --full status %I)\""
|
||||
'';
|
||||
};
|
||||
|
||||
# SMART monitoring
|
||||
services.smartd = {
|
||||
enable = true;
|
||||
notifications.mail.enable = true;
|
||||
};
|
||||
|
||||
# Firmware updates
|
||||
services.fwupd.enable = true;
|
||||
|
||||
# Audio
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa = { enable = true; support32Bit = true; };
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
# Printer
|
||||
services.printing.enable = true;
|
||||
services.printing.drivers = with pkgs; [ brgenml1cupswrapper ];
|
||||
hardware.printers = {
|
||||
ensureDefaultPrinter = "DCP-7065DN";
|
||||
ensurePrinters = [{
|
||||
name = "DCP-7065DN";
|
||||
description = "Brother DCP-7065DN";
|
||||
model = "brother-BrGenML1-cups-en.ppd";
|
||||
deviceUri = "lpd://lumberjack/binary_p1";
|
||||
}];
|
||||
};
|
||||
|
||||
# Scanner
|
||||
hardware.sane.enable = true;
|
||||
hardware.sane.brscan4 = {
|
||||
enable = true;
|
||||
netDevices.DCP-7065DN = { model = "DCP-7065DN"; nodename = "lumberjack"; };
|
||||
};
|
||||
|
||||
# Graphical environment
|
||||
services.xserver.enable = true;
|
||||
services.xserver.displayManager.gdm.enable = true;
|
||||
services.xserver.desktopManager.gnome.enable = true;
|
||||
|
||||
# Applications
|
||||
environment.gnome.excludePackages = with pkgs; [
|
||||
gnome.epiphany
|
||||
gnome.geary
|
||||
gnome.gnome-calculator
|
||||
gnome.gnome-maps
|
||||
gnome.gnome-music
|
||||
gnome.gnome-weather
|
||||
gnome-photos
|
||||
];
|
||||
services.pcscd.enable = true;
|
||||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
|
||||
virtualisation = {
|
||||
containers.registries.search = [ "docker.io" ];
|
||||
docker = { enable = true; enableOnBoot = false; autoPrune.enable = true; };
|
||||
podman.enable = true;
|
||||
libvirtd.enable = true;
|
||||
};
|
||||
programs.zsh.enable = true;
|
||||
environment.localBinInPath = true;
|
||||
|
||||
# Users
|
||||
users.mutableUsers = false;
|
||||
users.groups.ak.gid = 1000;
|
||||
users.users.ak = {
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
group = "ak";
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
"lp"
|
||||
"scanner"
|
||||
"podman"
|
||||
"docker"
|
||||
"libvirtd"
|
||||
];
|
||||
description = "Andrew";
|
||||
hashedPassword = builtins.readFile ./local/resources/ak.passwd;
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [ (builtins.readFile ./resources/andrew.pub) ];
|
||||
};
|
||||
|
||||
# Backup
|
||||
systemd.services.mirror = {
|
||||
description = "Mirror to closet";
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig.Nice = 10;
|
||||
onFailure = [ "alert@%n.service" ];
|
||||
path = with pkgs; [ netcat openssh rsync ];
|
||||
script = builtins.readFile (host.local + "/resources/mirror.sh");
|
||||
};
|
||||
systemd.timers.mirror = {
|
||||
timerConfig.OnCalendar = "00,12,17:00 America/Los_Angeles";
|
||||
timerConfig.Persistent = true;
|
||||
wantedBy = [ "timers.target" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,7 +9,16 @@
|
|||
./local/nixos.nix
|
||||
];
|
||||
|
||||
# Host parameters
|
||||
host = {
|
||||
name = "main";
|
||||
local = ./local;
|
||||
resources = ./resources;
|
||||
};
|
||||
|
||||
# Hardware
|
||||
services.fstrim.enable = true;
|
||||
services.kmonad.keyboards.default.device = "/dev/input/by-path/platform-i8042-serio-0-event-kbd";
|
||||
systemd.tmpfiles.rules = [ "w /sys/class/sound/ctl-led/mic/mode - - - - follow-route" ];
|
||||
|
||||
# Nix
|
||||
|
@ -17,7 +26,6 @@
|
|||
nixpkgs = import ./nixpkgs.nix;
|
||||
|
||||
# Filesystems
|
||||
services.fstrim.enable = true;
|
||||
# TODO: Set `chattr +i` on intermittent mount points
|
||||
fileSystems = {
|
||||
"/home/ak/annex" = {
|
||||
|
@ -53,32 +61,12 @@
|
|||
};
|
||||
|
||||
# Networking
|
||||
networking.hostName = "main";
|
||||
networking.domain = "home.arpa";
|
||||
networking.search = [ "home.arpa" ];
|
||||
systemd.network.links = {
|
||||
"10-dock".linkConfig.Name = "dock";
|
||||
"10-jack".linkConfig.Name = "jack";
|
||||
"10-wifi".linkConfig.Name = "wifi";
|
||||
};
|
||||
|
||||
# Keyboard
|
||||
services.kmonad.keyboards.default = {
|
||||
device = "/dev/input/by-path/platform-i8042-serio-0-event-kbd";
|
||||
config = builtins.readFile ./resources/halmakish.kbd;
|
||||
fallthrough = true;
|
||||
allowCommands = false;
|
||||
};
|
||||
|
||||
# Authentication
|
||||
security.pam.u2f.appId = "pam://main";
|
||||
|
||||
# Mail
|
||||
services.postfix.mapFiles.smtp_sasl_password_maps = ./local/resources/smtp-sasl-password-maps;
|
||||
|
||||
# Backup
|
||||
systemd.services.mirror.script = builtins.readFile ./local/resources/mirror.sh;
|
||||
|
||||
# Wireshark
|
||||
programs.wireshark.enable = true;
|
||||
users.users.ak.extraGroups = [ "wireshark" ];
|
||||
|
|
|
@ -8,33 +8,23 @@
|
|||
./local/nixos.nix
|
||||
];
|
||||
|
||||
# Host parameters
|
||||
host = {
|
||||
name = "wrangler";
|
||||
local = ./local;
|
||||
resources = ./resources;
|
||||
};
|
||||
|
||||
# Hardware
|
||||
services.fstrim.enable = true;
|
||||
services.kmonad.keyboards.default.device = "/dev/input/by-path/platform-i8042-serio-0-event-kbd";
|
||||
|
||||
# Nix
|
||||
system.stateVersion = "21.11"; # Permanent
|
||||
nixpkgs = import ./nixpkgs.nix;
|
||||
|
||||
# Filesystems
|
||||
services.fstrim.enable = true;
|
||||
|
||||
# Networking
|
||||
networking.hostName = "wrangler";
|
||||
systemd.network.links = {
|
||||
"10-wifi".linkConfig.Name = "wifi";
|
||||
};
|
||||
|
||||
# Keyboard
|
||||
services.kmonad.keyboards.default = {
|
||||
device = "/dev/input/by-path/platform-i8042-serio-0-event-kbd";
|
||||
config = builtins.readFile ./resources/halmakish.kbd;
|
||||
fallthrough = true;
|
||||
allowCommands = false;
|
||||
};
|
||||
|
||||
# Authentication
|
||||
security.pam.u2f.appId = "pam://wrangler";
|
||||
|
||||
# Mail
|
||||
services.postfix.mapFiles.smtp_sasl_password_maps = ./local/resources/smtp-sasl-password-maps;
|
||||
|
||||
# Backup
|
||||
systemd.services.mirror.script = builtins.readFile ./local/resources/mirror.sh;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue