athens/hosts/socrates/configuration.nix

{ pkgs, ... }:

let
  dotfiles = builtins.fetchTarball
    "https://github.com/walkah/dotfiles/archive/main.tar.gz";
in {
  imports = [
    ./hardware-configuration.nix
    ./networking.nix # generated at runtime by nixos-infect
    <home-manager/nixos>

    ../../modules/coredns
    ../../modules/code-server/nginx.nix
    ../../modules/gitea/nginx.nix
    ../../modules/home-assistant/nginx.nix
    ../../modules/ipfs/gateway.nix
    ../../modules/matrix/nginx.nix
  ];

  nixpkgs.overlays = [ (import ../../overlays) ];

  boot.cleanTmpDir = true;

  # Set your time zone.
  time.timeZone = "America/Toronto";

  networking.hostName = "socrates";
  networking.firewall.allowPing = true;
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.trustedInterfaces = [ "tailscale0" ];

  security.sudo.wheelNeedsPassword = false;

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
  ];
  users.users = {
    walkah = {
      extraGroups = [ "wheel" "docker" ];
      isNormalUser = true;
      shell = pkgs.zsh;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"
      ];
    };
  };
  home-manager.users.walkah = import "${dotfiles}/home.nix";

  system.autoUpgrade.enable = false;
  environment.systemPackages = with pkgs; [ ];

  programs.mosh.enable = true;
  programs.zsh.enable = true;

  security.acme.acceptTerms = true;
  security.acme.email = "walkah@walkah.net";

  walkah.coredns = {
    enable = true;
    addr = "100.103.57.96";
  };

  services = {
    nginx = {
      enable = true;
      recommendedTlsSettings = true;
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
    };
    openssh = { enable = true; };
    prometheus = {
      enable = true;
      port = 9090;
      listenAddress = "100.103.57.96";
      exporters = {
        node = {
          enable = true;
          enabledCollectors = [ "systemd" ];
          openFirewall = true;
          port = 9100;
          listenAddress = "100.103.57.96";
        };
      };
    };
    tailscale = { enable = true; };
  };
}
✨ socrates: enable morph deploy 2021-06-06 22:08:32 -04:00			`{ pkgs, ... }:`

			`let`
			`dotfiles = builtins.fetchTarball`
			`"https://github.com/walkah/dotfiles/archive/main.tar.gz";`
			`in {`
🔧 socrates: initial config 2021-03-07 22:05:33 -05:00			`imports = [`
			`./hardware-configuration.nix`
			`./networking.nix # generated at runtime by nixos-infect`
			`<home-manager/nixos>`
💬 matrix-synapse server 2021-06-07 21:15:08 -04:00
🔍 coredns updates 2021-07-09 22:59:33 -04:00			`../../modules/coredns`
💻 code server 2021-07-27 19:42:11 -04:00			`../../modules/code-server/nginx.nix`
📦 add gitea 2021-10-13 21:11:36 -04:00			`../../modules/gitea/nginx.nix`
🏠 initial home-assistant setup 2021-07-14 22:49:45 -04:00			`../../modules/home-assistant/nginx.nix`
📦 ipfs: adding my own gateway 2021-10-30 23:33:26 -04:00			`../../modules/ipfs/gateway.nix`
💬 matrix-synapse server 2021-06-07 21:15:08 -04:00			`../../modules/matrix/nginx.nix`
🔧 socrates: initial config 2021-03-07 22:05:33 -05:00			`];`

📌 overlay for tailscale 2021-11-19 22:59:43 -05:00			`nixpkgs.overlays = [ (import ../../overlays) ];`

🔧 socrates: initial config 2021-03-07 22:05:33 -05:00			`boot.cleanTmpDir = true;`

			`# Set your time zone.`
			`time.timeZone = "America/Toronto";`

			`networking.hostName = "socrates";`
			`networking.firewall.allowPing = true;`
			`networking.firewall.allowedTCPPorts = [ 80 443 ];`
📦 ipfs: adding my own gateway 2021-10-30 23:33:26 -04:00			`networking.firewall.trustedInterfaces = [ "tailscale0" ];`
🔧 socrates: initial config 2021-03-07 22:05:33 -05:00
			`security.sudo.wheelNeedsPassword = false;`

			`users.users.root.openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"`
			`];`
			`users.users = {`
			`walkah = {`
			`extraGroups = [ "wheel" "docker" ];`
			`isNormalUser = true;`
			`shell = pkgs.zsh;`
			`openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11"`
			`];`
			`};`
			`};`
✨ socrates: enable morph deploy 2021-06-06 22:08:32 -04:00			`home-manager.users.walkah = import "${dotfiles}/home.nix";`
🔧 socrates: initial config 2021-03-07 22:05:33 -05:00
💬 matrix-synapse server 2021-06-07 21:15:08 -04:00			`system.autoUpgrade.enable = false;`
🔧 socrates: initial config 2021-03-07 22:05:33 -05:00			`environment.systemPackages = with pkgs; [ ];`

			`programs.mosh.enable = true;`
			`programs.zsh.enable = true;`

			`security.acme.acceptTerms = true;`
			`security.acme.email = "walkah@walkah.net";`

🔍 coredns updates 2021-07-09 22:59:33 -04:00			`walkah.coredns = {`
			`enable = true;`
			`addr = "100.103.57.96";`
			`};`

📊 socrates: prometheus node exporter 2021-06-30 22:12:21 -04:00			`services = {`
			`nginx = {`
			`enable = true;`
			`recommendedTlsSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedGzipSettings = true;`
			`recommendedProxySettings = true;`
			`};`
			`openssh = { enable = true; };`
			`prometheus = {`
			`enable = true;`
			`port = 9090;`
			`listenAddress = "100.103.57.96";`
			`exporters = {`
			`node = {`
			`enable = true;`
			`enabledCollectors = [ "systemd" ];`
			`openFirewall = true;`
			`port = 9100;`
			`listenAddress = "100.103.57.96";`
			`};`
			`};`
			`};`
			`tailscale = { enable = true; };`
🔧 socrates: initial config 2021-03-07 22:05:33 -05:00			`};`
			`}`