home-server/common.nix

{ lib, ... }:

{
  nix.gc = {
    automatic = true;
    dates = "weekly";
    options = "--delete-older-than 7d";
  };

  time.timeZone = "America/Vancouver";

  i18n.defaultLocale = "en_US.UTF-8";

  nix.settings.experimental-features = "nix-command flakes";
  nix.settings.trusted-public-keys = lib.mkAfter [
    "local.yesod.ellie:3cAK/At9uVQq5kNrZco1cuthpgoPy7JfEvd+sBs80fk="
  ];

  networking.useDHCP = true;

  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = "no";
      AllowUsers = [ "ellie" ];
    };
  };

  services.fail2ban = {
    enable = true;
    maxretry = 5;
    bantime = "1h";
    bantime-increment.enable = true;
    jails = {
      sshd.settings = {
        enabled = true;
        maxretry = 3;
      };
      nginx-botsearch.settings = {
        enabled = true;
        filter = "nginx-botsearch";
        backend = "systemd";
        maxretry = 2;
      };
      nginx-http-auth.settings = {
        enabled = true;
        filter = "nginx-http-auth";
        backend = "systemd";
      };
      nginx-bad-request.settings = {
        enabled = true;
        filter = "nginx-bad-request";
        backend = "systemd";
      };
    };
  };

  users.mutableUsers = true;
  security.sudo.wheelNeedsPassword = true;

  users.users.ellie = {
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOv7i4ChPUm+DmELG6uRx0co4quhQ+h7QB4fgcxcC3qx contact@elliehigh.com"
    ];

    isNormalUser = true;
    description = "Ellie";
    extraGroups = [ "wheel" ];
    initialPassword = "install";
  };

  system.autoUpgrade = {
    enable = true;
    allowReboot = true;
    dates = "04:00";
  };

  system.stateVersion = "25.05";
}
Initial commit Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-02-15 14:57:00 -08:00			`{ lib, ... }:`

			`{`
			`nix.gc = {`
			`automatic = true;`
			`dates = "weekly";`
			`options = "--delete-older-than 7d";`
			`};`

			`time.timeZone = "America/Vancouver";`

			`i18n.defaultLocale = "en_US.UTF-8";`

			`nix.settings.experimental-features = "nix-command flakes";`
			`nix.settings.trusted-public-keys = lib.mkAfter [`
			`"local.yesod.ellie:3cAK/At9uVQq5kNrZco1cuthpgoPy7JfEvd+sBs80fk="`
			`];`

			`networking.useDHCP = true;`

			`services.openssh = {`
			`enable = true;`
			`settings = {`
			`PasswordAuthentication = false;`
			`KbdInteractiveAuthentication = false;`
			`PermitRootLogin = "no";`
			`AllowUsers = [ "ellie" ];`
			`};`
			`};`

			`services.fail2ban = {`
			`enable = true;`
			`maxretry = 5;`
			`bantime = "1h";`
			`bantime-increment.enable = true;`
			`jails = {`
			`sshd.settings = {`
			`enabled = true;`
			`maxretry = 3;`
			`};`
			`nginx-botsearch.settings = {`
			`enabled = true;`
			`filter = "nginx-botsearch";`
			`backend = "systemd";`
			`maxretry = 2;`
			`};`
			`nginx-http-auth.settings = {`
			`enabled = true;`
			`filter = "nginx-http-auth";`
			`backend = "systemd";`
			`};`
			`nginx-bad-request.settings = {`
			`enabled = true;`
			`filter = "nginx-bad-request";`
			`backend = "systemd";`
			`};`
			`};`
			`};`

			`users.mutableUsers = true;`
			`security.sudo.wheelNeedsPassword = true;`

			`users.users.ellie = {`
			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOv7i4ChPUm+DmELG6uRx0co4quhQ+h7QB4fgcxcC3qx contact@elliehigh.com"`
			`];`

			`isNormalUser = true;`
			`description = "Ellie";`
			`extraGroups = [ "wheel" ];`
			`initialPassword = "install";`
			`};`

			`system.autoUpgrade = {`
			`enable = true;`
			`allowReboot = true;`
			`dates = "04:00";`
			`};`

			`system.stateVersion = "25.05";`
			`}`