dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions 1
nix-config/hosts/ifrit/default.nix
dadada e1c562191b
Move vim packages to pkgs 
Add system config

Split up modules into home and system sets

Update

Cleanup

Move home config

Add module attrs

Fix empty LUKS device UUID

Import local secrets
2020-12-28 18:35:15 +01:00

150 lines
3.8 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
let
hostAliases = [
"ifrit.dadada.li"
"vpn.dadada.li"
"media.dadada.li"
"media.local"
];
backups = "/mnt/storage/backup";
this = import ../.. {};
keys = ../../pkgs/keys/keys;
in {
imports = (lib.attrValues this.modules) ++ [
../../modules/profiles/base
<nixpkgs/nixos/modules/profiles/minimal.nix>
];
dadada = {
admin.enable = true;
fileShare.enable = true;
admin.users = {
"dadada" = [ "${keys}/dadada.pub" ];
};
vpnServer.enable = true;
vpnServer.peers = {
"metis" = {
id = "1";
key = "u+HCYDbK0zwbIEfGf+LVQErlJ0vchf5ZYj0N93NB5ns=";
};
"morax" = {
id = "2";
key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE=";
};
"gorgon" = {
id = "3";
key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
};
};
weechat.enable = true;
};
services.borgbackup.repos = {
"metis" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
path = "${backups}/metis";
quota = "1T";
};
"gorgon" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
path = "${backups}/gorgon";
quota = "1T";
};
"wohnzimmerpi" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
path = "${backups}/wohnzimmerpi";
quota = "50G";
};
};
networking.hostName = "ifrit";
networking.domain = "dadada.li";
networking.hosts = {
"127.0.0.1" = hostAliases;
"::1" = hostAliases;
};
networking.nameservers = [
"1.1.1.1"
"1.0.0.1"
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
networking.useDHCP = false;
networking.interfaces.ens3.useDHCP = true;
fileSystems."/mnt/storage" = {
device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7";
mountPoint = "/mnt/storage";
neededForBoot = false;
options = [ "nofail" ];
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
22 # SSH
80 443 # HTTP(S)
111 2049 # NFS
137 138 139 445 # SMB
];
allowedUDPPorts = [
137 138 139 445 # SMB
111 2049 # NFS
51234 # Wireguard
];
};
security.acme = {
email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
acceptTerms = true;
certs."webchat.dadada.li" = {
credentialsFile = "/var/lib/lego/acme-joker.env";
dnsProvider = "joker";
postRun = "systemctl reload nginx.service";
};
certs."weechat.dadada.li" = {
credentialsFile = "/var/lib/lego/acme-joker.env";
dnsProvider = "joker";
postRun = "systemctl reload nginx.service";
};
};
users.users."mist" = {
isNormalUser = true;
};
services.ddclient = {
enable = true;
configFile = /var/lib/dyndns/config;
};
services.avahi = {
enable = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
}
Reference in a new issue View git blame Copy permalink