86 lines
1.7 KiB
Nix
86 lines
1.7 KiB
Nix
{
|
|
modulesPath,
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
pubkeys,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib.my) mkVHost;
|
|
in
|
|
{
|
|
imports = [
|
|
(modulesPath + "/profiles/qemu-guest.nix")
|
|
./disk-config.nix
|
|
./container-root.nix
|
|
./rustypaste
|
|
./forgejo
|
|
./headscale.nix
|
|
../../modules
|
|
];
|
|
|
|
age.secrets = {
|
|
couchdb.file = ../../secrets/couchdb.age;
|
|
rustypaste.file = ../../secrets/rustypaste.age;
|
|
};
|
|
|
|
boot.loader.grub = {
|
|
efiSupport = true;
|
|
efiInstallAsRemovable = true;
|
|
};
|
|
services.headscale.enable = true;
|
|
networking.firewall = lib.mkForce {
|
|
enable = true;
|
|
allowedTCPPorts = [
|
|
22
|
|
80 # for acme challenges
|
|
443
|
|
3000 # forgejo
|
|
8000 # rustypaste
|
|
] ++ config.services.openssh.ports ++ [ config.services.endlessh.port ];
|
|
};
|
|
|
|
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
|
|
security.acme.defaults.email = "admin@ccnlc.eu";
|
|
security.acme.acceptTerms = true;
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
clientMaxBodySize = "50M";
|
|
virtualHosts = builtins.listToAttrs [
|
|
(mkVHost "rusty.ccnlc.eu" 8000 true)
|
|
(mkVHost "git.ccnlc.eu" 3000 true)
|
|
];
|
|
};
|
|
|
|
services.openssh = {
|
|
enable = true;
|
|
ports = [ 56528 ];
|
|
};
|
|
|
|
services.endlessh-go = {
|
|
enable = true;
|
|
port = 22;
|
|
prometheus = {
|
|
enable = true;
|
|
listenAddress = "127.0.0.1";
|
|
port = 9090;
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = map lib.lowPrio [
|
|
pkgs.curl
|
|
pkgs.gitMinimal
|
|
];
|
|
|
|
users.users = {
|
|
root.openssh.authorizedKeys.keys = [ pubkeys.ny ];
|
|
ny.openssh.authorizedKeys.keys = [ pubkeys.ny ];
|
|
};
|
|
|
|
system.stateVersion = "24.11";
|
|
}
|