nix-cfg/hosts/vps1/configuration.nix

166 lines
4 KiB
Nix
Raw Normal View History

{ pkgs, config, data, ... }:
2024-01-14 22:22:14 +01:00
let
2024-05-15 21:14:50 +02:00
inherit (data.host) rootDomain;
2024-01-14 22:22:14 +01:00
gtnhDomain = "gtnh.${rootDomain}";
2024-01-16 20:30:42 +01:00
discDomain = "discourse.testdrive.${rootDomain}";
2024-02-22 23:52:10 +01:00
akkoDomain = "akko429164.testdrive.${rootDomain}";
iceDomain = "ice758549.testdrive.${rootDomain}";
gitSSHPort = data.services.git.sshPort;
2024-01-14 22:22:14 +01:00
in
{
imports = [
./hardware-configuration.nix
2024-05-11 17:58:21 +02:00
./services/postgres.nix
2024-05-16 15:44:08 +02:00
./services/authentik.nix
2024-05-11 19:41:08 +02:00
./services/git.nix
2024-05-16 00:07:17 +02:00
./services/mailserver.nix
2024-02-22 23:52:10 +01:00
./akkotest.nix
(fetchTarball { url = "https://github.com/cariandrum22/nixos-vscode-server/tarball/support-for-new-dir-structure-of-vscode-server"; sha256 = "1sp4h0nb7dh7mcm8vdflihv76yz8azf5zifkcbxhq7xz48c8k5pd"; })
];
systemd.tmpfiles.rules = [
"d /shared/openvscode 2770 root ${config.services.openvscode-server.group}"
];
programs.fish.enable = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
networking.hostName = "lgm-vps1";
networking.domain = "contaboserver.net";
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.openssh = {
enable = true;
ports = [ 37163 gitSSHPort ];
settings.PermitRootLogin = "no";
settings.PasswordAuthentication = false;
extraConfig = ''
Match LocalPort ${toString gitSSHPort}
AllowUsers forgejo
'';
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "eth0";
services.endlessh-go = {
enable = true;
openFirewall = true;
port = 22;
};
services.vscode-server = {
enable = true;
nodejsPackage = pkgs.nodejs_18;
installPath = "$HOME/.vscodium-server";
};
services.openvscode-server = {
enable = true;
};
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
secrets.example_key = {
owner = config.users.users.akkoma.name;
group = config.users.users.akkoma.group;
};
2024-02-18 13:36:52 +01:00
secrets.porkbun = {
sopsFile = ../../secrets/porkbun.env;
format = "dotenv";
};
};
2024-01-14 22:22:14 +01:00
users.users.nginx.extraGroups = [ "acme" ];
2024-01-14 20:54:43 +01:00
services.nginx = {
enable = true;
2024-01-16 20:30:42 +01:00
virtualHosts."${rootDomain}80" = {
serverName = rootDomain;
rejectSSL = true;
2024-01-16 19:50:40 +01:00
default = true;
2024-01-16 20:30:42 +01:00
locations."/" = {
return = "301 https://${rootDomain}$request_uri";
};
};
virtualHosts.${rootDomain} = {
onlySSL = true;
2024-02-18 13:36:52 +01:00
useACMEHost = "${rootDomain}";
2024-01-16 19:50:40 +01:00
root = "/var/www/todo";
};
virtualHosts.${gtnhDomain} = {
forceSSL = true;
2024-01-15 02:00:18 +01:00
useACMEHost = "${rootDomain}";
2024-01-14 20:54:43 +01:00
root = "/var/www/gtnh";
};
2024-01-16 19:27:49 +01:00
virtualHosts.${discDomain} = {
forceSSL = true;
useACMEHost = "${rootDomain}";
root = "/var/www/todo";
};
2024-02-22 23:52:10 +01:00
# virtualHosts.${akkoDomain} = {
# forceSSL = true;
# useACMEHost = "${rootDomain}";
# root = "/var/www/todo";
# };
2024-01-14 22:22:14 +01:00
virtualHosts.${iceDomain} = {
2024-01-14 21:32:44 +01:00
forceSSL = true;
2024-01-15 02:00:18 +01:00
useACMEHost = "${rootDomain}";
2024-01-14 21:32:44 +01:00
root = "/var/www/todo";
};
2024-01-14 20:54:43 +01:00
};
2024-01-14 21:32:44 +01:00
security.acme = {
acceptTerms = true;
defaults.email = "lgmrszd@disroot.org";
2024-01-14 22:22:14 +01:00
certs.${rootDomain} = {
2024-02-18 13:36:52 +01:00
# domain = "*.${rootDomain}";
dnsProvider = "porkbun";
environmentFile = config.sops.secrets.porkbun.path;
2024-01-14 22:22:14 +01:00
extraDomainNames = [
2024-02-18 13:36:52 +01:00
"*.${rootDomain}"
2024-02-22 23:52:10 +01:00
"*.testdrive.${rootDomain}"
2024-02-18 13:36:52 +01:00
# gtnhDomain
# akkoDomain
# iceDomain
# discDomain
2024-01-14 22:22:14 +01:00
];
};
2024-01-14 21:32:44 +01:00
};
2024-05-11 00:00:14 +02:00
programs.nh = {
enable = true;
};
2024-01-14 21:32:44 +01:00
programs.mosh.enable = true;
2024-01-13 20:00:05 +01:00
environment.systemPackages = with pkgs; [
git
vim
tmux
sops
2024-01-13 20:00:05 +01:00
];
users.users.lgm = {
isNormalUser = true;
description = "lgm";
extraGroups = [
"wheel"
"docker"
config.services.openvscode-server.group
];
shell = pkgs.fish;
2024-01-14 20:54:43 +01:00
openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
};
system.stateVersion = "23.11";
}