athens/hosts/socrates/configuration.nix

81 lines
2.0 KiB
Nix
Raw Normal View History

2022-05-03 21:00:37 -04:00
{ pkgs, ... }: {
2021-03-07 22:05:33 -05:00
imports = [
./hardware-configuration.nix
./networking.nix # generated at runtime by nixos-infect
../../users
2022-11-09 23:24:40 -05:00
../../modules/base
2023-03-18 23:40:44 -04:00
../../modules/akkoma
../../modules/akkoma/nginx.nix
2021-07-09 22:59:33 -04:00
../../modules/coredns
2021-07-27 19:42:11 -04:00
../../modules/code-server/nginx.nix
2022-06-30 17:43:11 -04:00
../../modules/drone/nginx.nix
2021-10-13 21:11:36 -04:00
../../modules/gitea/nginx.nix
2021-07-14 22:49:45 -04:00
../../modules/home-assistant/nginx.nix
2021-10-30 23:33:26 -04:00
../../modules/ipfs/gateway.nix
2021-06-07 21:15:08 -04:00
../../modules/matrix/nginx.nix
../../modules/minecraft/proxy.nix
2023-03-18 23:40:44 -04:00
../../modules/sops
2021-03-07 22:05:33 -05:00
];
2021-11-19 22:59:43 -05:00
nixpkgs.overlays = [ (import ../../overlays) ];
2021-03-07 22:05:33 -05:00
boot.cleanTmpDir = true;
# Set your time zone.
time.timeZone = "America/Toronto";
networking.hostName = "socrates";
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
2021-10-30 23:33:26 -04:00
networking.firewall.trustedInterfaces = [ "tailscale0" ];
2022-05-13 16:55:34 -04:00
networking.firewall.checkReversePath = "loose";
nix = {
2022-07-22 14:53:19 -04:00
settings.trusted-users = [ "@wheel" "root" ];
2022-05-13 16:55:34 -04:00
};
2021-03-07 22:05:33 -05:00
security.sudo.wheelNeedsPassword = false;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
];
2021-06-07 21:15:08 -04:00
system.autoUpgrade.enable = false;
2022-03-02 22:29:38 -05:00
environment.systemPackages = with pkgs; [ ipfs-migrator ];
2021-03-07 22:05:33 -05:00
security.acme.acceptTerms = true;
security.acme.defaults.email = "walkah@walkah.net";
2021-03-07 22:05:33 -05:00
2021-07-09 22:59:33 -04:00
walkah.coredns = {
enable = true;
addr = "100.103.57.96";
};
services = {
nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
openssh = { enable = true; };
prometheus = {
enable = true;
port = 9090;
listenAddress = "100.103.57.96";
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
openFirewall = true;
port = 9100;
listenAddress = "100.103.57.96";
};
};
};
tailscale = { enable = true; };
2021-03-07 22:05:33 -05:00
};
}