2024-05-12 12:01:04 +02:00
|
|
|
{ pkgs, config, data, ... }:
|
2024-01-14 22:22:14 +01:00
|
|
|
let
|
2024-05-15 21:14:50 +02:00
|
|
|
inherit (data.host) rootDomain;
|
2024-01-14 22:22:14 +01:00
|
|
|
gtnhDomain = "gtnh.${rootDomain}";
|
2024-01-16 20:30:42 +01:00
|
|
|
discDomain = "discourse.testdrive.${rootDomain}";
|
2024-02-22 23:52:10 +01:00
|
|
|
akkoDomain = "akko429164.testdrive.${rootDomain}";
|
|
|
|
iceDomain = "ice758549.testdrive.${rootDomain}";
|
2024-05-12 12:01:04 +02:00
|
|
|
gitSSHPort = data.services.git.sshPort;
|
2024-05-19 01:18:21 +02:00
|
|
|
|
|
|
|
robots_disallow_all = pkgs.writeText "robots.txt" ''
|
|
|
|
User-agent: *
|
|
|
|
Disallow: /
|
|
|
|
'';
|
|
|
|
|
2024-01-14 22:22:14 +01:00
|
|
|
in
|
|
|
|
{
|
2024-01-12 21:09:13 +01:00
|
|
|
imports = [
|
|
|
|
./hardware-configuration.nix
|
2024-06-12 01:03:07 +02:00
|
|
|
./config/ssh.nix
|
2024-05-11 17:58:21 +02:00
|
|
|
./services/postgres.nix
|
2024-05-16 15:44:08 +02:00
|
|
|
./services/authentik.nix
|
2024-05-11 19:41:08 +02:00
|
|
|
./services/git.nix
|
2024-05-16 00:07:17 +02:00
|
|
|
./services/mailserver.nix
|
2024-11-28 19:03:04 +01:00
|
|
|
./services/factorio.nix
|
2024-02-22 23:52:10 +01:00
|
|
|
./akkotest.nix
|
|
|
|
|
2024-02-18 11:07:09 +01:00
|
|
|
(fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; })
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
"d /shared/openvscode 2770 root ${config.services.openvscode-server.group}"
|
2024-01-12 21:09:13 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
programs.fish.enable = true;
|
|
|
|
|
|
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
|
|
|
|
|
|
boot.tmp.cleanOnBoot = true;
|
|
|
|
zramSwap.enable = true;
|
|
|
|
networking.hostName = "lgm-vps1";
|
|
|
|
networking.domain = "contaboserver.net";
|
2024-01-14 21:10:59 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
2024-06-12 01:03:07 +02:00
|
|
|
|
2024-01-12 21:09:13 +01:00
|
|
|
|
2024-02-18 11:07:09 +01:00
|
|
|
networking.nat.enable = true;
|
|
|
|
networking.nat.internalInterfaces = ["ve-+"];
|
|
|
|
networking.nat.externalInterface = "eth0";
|
|
|
|
|
|
|
|
services.vscode-server = {
|
|
|
|
enable = true;
|
|
|
|
nodejsPackage = pkgs.nodejs_18;
|
|
|
|
installPath = "$HOME/.vscodium-server";
|
|
|
|
};
|
|
|
|
|
|
|
|
services.openvscode-server = {
|
2024-05-19 01:17:47 +02:00
|
|
|
enable = false;
|
2024-02-18 11:07:09 +01:00
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
sops = {
|
|
|
|
defaultSopsFile = ../../secrets/secrets.yaml;
|
|
|
|
defaultSopsFormat = "yaml";
|
|
|
|
secrets.example_key = {
|
|
|
|
owner = config.users.users.akkoma.name;
|
|
|
|
group = config.users.users.akkoma.group;
|
|
|
|
};
|
2024-02-18 13:36:52 +01:00
|
|
|
secrets.porkbun = {
|
|
|
|
sopsFile = ../../secrets/porkbun.env;
|
|
|
|
format = "dotenv";
|
|
|
|
};
|
2024-02-18 11:07:09 +01:00
|
|
|
};
|
|
|
|
|
2024-01-14 22:22:14 +01:00
|
|
|
users.users.nginx.extraGroups = [ "acme" ];
|
|
|
|
|
2024-01-14 20:54:43 +01:00
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
2024-01-16 20:30:42 +01:00
|
|
|
virtualHosts."${rootDomain}80" = {
|
|
|
|
serverName = rootDomain;
|
|
|
|
rejectSSL = true;
|
2024-01-16 19:50:40 +01:00
|
|
|
default = true;
|
2024-01-16 20:30:42 +01:00
|
|
|
locations."/" = {
|
|
|
|
return = "301 https://${rootDomain}$request_uri";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
virtualHosts.${rootDomain} = {
|
|
|
|
onlySSL = true;
|
2024-02-18 13:36:52 +01:00
|
|
|
useACMEHost = "${rootDomain}";
|
2024-05-19 01:18:21 +02:00
|
|
|
root = "/var/www/root";
|
2024-05-19 01:25:25 +02:00
|
|
|
locations."=/robots.txt" = {
|
2024-05-19 01:18:21 +02:00
|
|
|
alias = robots_disallow_all;
|
|
|
|
extraConfig = ''
|
|
|
|
add_header Content-Type text/plain;
|
|
|
|
'';
|
|
|
|
};
|
2024-01-16 19:50:40 +01:00
|
|
|
};
|
|
|
|
virtualHosts.${gtnhDomain} = {
|
|
|
|
forceSSL = true;
|
2024-01-15 02:00:18 +01:00
|
|
|
useACMEHost = "${rootDomain}";
|
2024-01-14 20:54:43 +01:00
|
|
|
root = "/var/www/gtnh";
|
|
|
|
};
|
2024-01-16 19:27:49 +01:00
|
|
|
virtualHosts.${discDomain} = {
|
|
|
|
forceSSL = true;
|
|
|
|
useACMEHost = "${rootDomain}";
|
|
|
|
root = "/var/www/todo";
|
|
|
|
};
|
2024-02-22 23:52:10 +01:00
|
|
|
# virtualHosts.${akkoDomain} = {
|
|
|
|
# forceSSL = true;
|
|
|
|
# useACMEHost = "${rootDomain}";
|
|
|
|
# root = "/var/www/todo";
|
|
|
|
# };
|
2024-01-14 22:22:14 +01:00
|
|
|
virtualHosts.${iceDomain} = {
|
2024-01-14 21:32:44 +01:00
|
|
|
forceSSL = true;
|
2024-01-15 02:00:18 +01:00
|
|
|
useACMEHost = "${rootDomain}";
|
2024-01-14 21:32:44 +01:00
|
|
|
root = "/var/www/todo";
|
|
|
|
};
|
2024-01-14 20:54:43 +01:00
|
|
|
};
|
|
|
|
|
2024-01-14 21:32:44 +01:00
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
defaults.email = "lgmrszd@disroot.org";
|
2024-01-14 22:22:14 +01:00
|
|
|
certs.${rootDomain} = {
|
2024-02-18 13:36:52 +01:00
|
|
|
# domain = "*.${rootDomain}";
|
|
|
|
dnsProvider = "porkbun";
|
|
|
|
environmentFile = config.sops.secrets.porkbun.path;
|
2024-01-14 22:22:14 +01:00
|
|
|
extraDomainNames = [
|
2024-02-18 13:36:52 +01:00
|
|
|
"*.${rootDomain}"
|
2024-02-22 23:52:10 +01:00
|
|
|
"*.testdrive.${rootDomain}"
|
2024-02-18 13:36:52 +01:00
|
|
|
# gtnhDomain
|
|
|
|
# akkoDomain
|
|
|
|
# iceDomain
|
|
|
|
# discDomain
|
2024-01-14 22:22:14 +01:00
|
|
|
];
|
|
|
|
};
|
2024-01-14 21:32:44 +01:00
|
|
|
};
|
|
|
|
|
2024-07-11 01:21:08 +02:00
|
|
|
services.fail2ban.enable = true;
|
|
|
|
|
2024-05-11 00:00:14 +02:00
|
|
|
programs.nh = {
|
|
|
|
enable = true;
|
|
|
|
};
|
|
|
|
|
2024-01-14 21:32:44 +01:00
|
|
|
|
2024-01-12 21:09:13 +01:00
|
|
|
programs.mosh.enable = true;
|
2024-01-13 20:00:05 +01:00
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
git
|
|
|
|
vim
|
2024-02-18 11:07:09 +01:00
|
|
|
tmux
|
|
|
|
sops
|
2024-01-13 20:00:05 +01:00
|
|
|
];
|
2024-01-12 21:09:13 +01:00
|
|
|
|
|
|
|
users.users.lgm = {
|
|
|
|
isNormalUser = true;
|
|
|
|
description = "lgm";
|
2024-02-18 11:07:09 +01:00
|
|
|
extraGroups = [
|
|
|
|
"wheel"
|
|
|
|
"docker"
|
|
|
|
config.services.openvscode-server.group
|
|
|
|
];
|
2024-01-12 21:09:13 +01:00
|
|
|
shell = pkgs.fish;
|
|
|
|
};
|
|
|
|
|
2024-11-28 19:03:04 +01:00
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
|
|
|
2024-01-12 21:09:13 +01:00
|
|
|
system.stateVersion = "23.11";
|
|
|
|
}
|