nix-cfg/hosts/vps1/configuration.nix

{ pkgs, ... }:
let
  rootDomain = "lgmrszd.xyz";
  gtnhDomain = "gtnh.${rootDomain}";
  discDomain = "discource.testdrive.${rootDomain}";
  akkoDomain = "akko.testdrive.${rootDomain}";
  iceDomain = "ice.testdrive.${rootDomain}";
in
{
  imports = [
    ./hardware-configuration.nix
    
    
  ];

  programs.fish.enable = true;

  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  boot.tmp.cleanOnBoot = true;
  zramSwap.enable = true;
  networking.hostName = "lgm-vps1";
  networking.domain = "contaboserver.net";
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  services.openssh = {
    enable = true;
    ports = [ 37163 ];
    settings.PermitRootLogin = "no";
    settings.PasswordAuthentication = false;
  };

  services.endlessh-go = {
    enable = true;
    openFirewall = true;
    port = 22;
  };

  users.users.nginx.extraGroups = [ "acme" ];

  services.nginx = {
    enable = true;
    virtualHosts.${gtnhDomain} = {
      # addSSL = true;
      forceSSL = true;
      # enableACME = true;
      useACMEHost = "${rootDomain}";
      root = "/var/www/gtnh";
    };
    virtualHosts.${discDomain} = {
      forceSSL = true;
      useACMEHost = "${rootDomain}";
      root = "/var/www/todo";
    };
    virtualHosts.${akkoDomain} = {
      forceSSL = true;
      useACMEHost = "${rootDomain}";
      root = "/var/www/todo";
    };
    virtualHosts.${iceDomain} = {
      forceSSL = true;
      useACMEHost = "${rootDomain}";
      root = "/var/www/todo";
    };
    virtualHosts."acmechallenge.${rootDomain}" = {
      # Catchall vhost, will redirect users to HTTPS for all vhosts
      serverAliases = [ "*.${rootDomain}" ];
      locations."/.well-known/acme-challenge" = {
        root = "/var/lib/acme/.challenges";
      };
      locations."/" = {
        return = "301 https://$host$request_uri";
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "lgmrszd@disroot.org";
    certs.${rootDomain} = {
      group = "nginx";
      webroot = "/var/lib/acme/.challenges";
      extraDomainNames = [
        gtnhDomain
        akkoDomain
        iceDomain
        discDomain
      ];
    };
  };


  programs.mosh.enable = true;

  environment.systemPackages = with pkgs; [
    git
    vim
  ];
  
  users.users.lgm = {
    isNormalUser = true;
    description = "lgm";
    extraGroups = [ "wheel""docker"];
    shell = pkgs.fish;
    openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
  };

  system.stateVersion = "23.11";
}
acme settings 2024-01-14 22:22:14 +01:00			`{ pkgs, ... }:`
			`let`
update domain name 2024-01-16 19:27:49 +01:00			`rootDomain = "lgmrszd.xyz";`
acme settings 2024-01-14 22:22:14 +01:00			`gtnhDomain = "gtnh.${rootDomain}";`
update domain name 2024-01-16 19:27:49 +01:00			`discDomain = "discource.testdrive.${rootDomain}";`
acme settings 2024-01-14 22:22:14 +01:00			`akkoDomain = "akko.testdrive.${rootDomain}";`
			`iceDomain = "ice.testdrive.${rootDomain}";`
			`in`
			`{`
Added vps config, rearranged current one 2024-01-12 21:09:13 +01:00			`imports = [`
			`./hardware-configuration.nix`


			`];`

			`programs.fish.enable = true;`

			`nix.settings.experimental-features = [ "nix-command" "flakes" ];`

			`boot.tmp.cleanOnBoot = true;`
			`zramSwap.enable = true;`
			`networking.hostName = "lgm-vps1";`
			`networking.domain = "contaboserver.net";`
change ssh settings, open http(s) ports 2024-01-14 21:10:59 +01:00			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
			`services.openssh = {`
			`enable = true;`
			`ports = [ 37163 ];`
			`settings.PermitRootLogin = "no";`
			`settings.PasswordAuthentication = false;`
			`};`
Added vps config, rearranged current one 2024-01-12 21:09:13 +01:00
			`services.endlessh-go = {`
			`enable = true;`
			`openFirewall = true;`
			`port = 22;`
			`};`

acme settings 2024-01-14 22:22:14 +01:00			`users.users.nginx.extraGroups = [ "acme" ];`

vps stuff testing 2024-01-14 20:54:43 +01:00			`services.nginx = {`
			`enable = true;`
acme settings 2024-01-14 22:22:14 +01:00			`virtualHosts.${gtnhDomain} = {`
Enable SSL, add more vhosts 2024-01-14 21:32:44 +01:00			`# addSSL = true;`
			`forceSSL = true;`
acme settings 2024-01-14 22:22:14 +01:00			`# enableACME = true;`
change domain 2024-01-15 02:00:18 +01:00			`useACMEHost = "${rootDomain}";`
vps stuff testing 2024-01-14 20:54:43 +01:00			`root = "/var/www/gtnh";`
			`};`
update domain name 2024-01-16 19:27:49 +01:00			`virtualHosts.${discDomain} = {`
			`forceSSL = true;`
			`useACMEHost = "${rootDomain}";`
			`root = "/var/www/todo";`
			`};`
acme settings 2024-01-14 22:22:14 +01:00			`virtualHosts.${akkoDomain} = {`
Enable SSL, add more vhosts 2024-01-14 21:32:44 +01:00			`forceSSL = true;`
change domain 2024-01-15 02:00:18 +01:00			`useACMEHost = "${rootDomain}";`
Enable SSL, add more vhosts 2024-01-14 21:32:44 +01:00			`root = "/var/www/todo";`
			`};`
acme settings 2024-01-14 22:22:14 +01:00			`virtualHosts.${iceDomain} = {`
Enable SSL, add more vhosts 2024-01-14 21:32:44 +01:00			`forceSSL = true;`
change domain 2024-01-15 02:00:18 +01:00			`useACMEHost = "${rootDomain}";`
Enable SSL, add more vhosts 2024-01-14 21:32:44 +01:00			`root = "/var/www/todo";`
			`};`
acme settings 2024-01-14 22:22:14 +01:00			`virtualHosts."acmechallenge.${rootDomain}" = {`
			`# Catchall vhost, will redirect users to HTTPS for all vhosts`
			`serverAliases = [ "*.${rootDomain}" ];`
			`locations."/.well-known/acme-challenge" = {`
			`root = "/var/lib/acme/.challenges";`
			`};`
			`locations."/" = {`
			`return = "301 https://$host$request_uri";`
			`};`
			`};`
vps stuff testing 2024-01-14 20:54:43 +01:00			`};`

Enable SSL, add more vhosts 2024-01-14 21:32:44 +01:00			`security.acme = {`
			`acceptTerms = true;`
			`defaults.email = "lgmrszd@disroot.org";`
acme settings 2024-01-14 22:22:14 +01:00			`certs.${rootDomain} = {`
			`group = "nginx";`
			`webroot = "/var/lib/acme/.challenges";`
			`extraDomainNames = [`
			`gtnhDomain`
			`akkoDomain`
			`iceDomain`
update domain name 2024-01-16 19:27:49 +01:00			`discDomain`
acme settings 2024-01-14 22:22:14 +01:00			`];`
			`};`
Enable SSL, add more vhosts 2024-01-14 21:32:44 +01:00			`};`


Added vps config, rearranged current one 2024-01-12 21:09:13 +01:00			`programs.mosh.enable = true;`
vps packages 2024-01-13 20:00:05 +01:00
			`environment.systemPackages = with pkgs; [`
			`git`
			`vim`
			`];`
Added vps config, rearranged current one 2024-01-12 21:09:13 +01:00
			`users.users.lgm = {`
			`isNormalUser = true;`
			`description = "lgm";`
vps packages 2024-01-13 20:00:05 +01:00			`extraGroups = [ "wheel""docker"];`
Added vps config, rearranged current one 2024-01-12 21:09:13 +01:00			`shell = pkgs.fish;`
vps stuff testing 2024-01-14 20:54:43 +01:00			`openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];`
Added vps config, rearranged current one 2024-01-12 21:09:13 +01:00			`};`

			`system.stateVersion = "23.11";`
			`}`