894e7241f1
- Add speckit workflow infrastructure (.claude, .specify) - Create NixOS configuration skeleton (flake.nix, configuration.nix, hosts/ops-jrz1.nix) - Add sanitization scripts with 22 rules for personal info removal - Add validation scripts with gitleaks integration - Configure git hooks (pre-commit, pre-push) for security validation - Add project documentation (README, LICENSE) - Add comprehensive .gitignore for Nix, secrets, staging Phase 1 and Phase 2 complete. Foundation ready for module extraction from ops-base.
47 lines
1.1 KiB
Nix
47 lines
1.1 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
# Main NixOS configuration for ops-jrz1 server
|
|
# Imports host-specific configuration from hosts/ops-jrz1.nix
|
|
|
|
# Boot loader configuration (placeholder - will be customized for actual server)
|
|
boot.loader.grub.enable = true;
|
|
boot.loader.grub.device = "/dev/sda"; # REPLACE_ME with actual device
|
|
|
|
# Network configuration
|
|
networking.useDHCP = false;
|
|
networking.interfaces.eth0.useDHCP = true; # REPLACE_ME with actual interface
|
|
|
|
# Time zone
|
|
time.timeZone = "UTC";
|
|
|
|
# Internationalization
|
|
i18n.defaultLocale = "en_US.UTF-8";
|
|
|
|
# System packages
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
git
|
|
htop
|
|
curl
|
|
];
|
|
|
|
# SSH configuration
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "prohibit-password";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
|
|
# Firewall (will be configured for Matrix services)
|
|
networking.firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 22 80 443 ]; # SSH, HTTP, HTTPS
|
|
};
|
|
|
|
# This value determines the NixOS release compatibility
|
|
system.stateVersion = "24.05";
|
|
}
|